Risk Mitigation, Vulnerability Management and Resilience under Disasters

The Special Issue (SI) discusses the topic of Disaster Risk Management and its cornerstones: vulnerability reduction and resilience building. The focus of the SI is the impact of risk information, communication and representation, risk knowledge as related to science and practice, risk perception and awareness, and risk culture on multi-faceted vulnerability and several aspects of resilience

The impact of regulation, ownership and business culture on managing corporate risk within the water industry

Although the specifics of water utility ownership, regulation and management culture have been explored in terms of their impact on economic and customer value, there has been little meaningful engagement with their influence on the risk environment and risk management. Using a literature review as the primary source of information, this paper maps the existing knowledge base onto two critical questions: what are the particular features of regulation, ownership and management culture which influence the risk dynamic, and what are the implications of these relationships in the context of ambitions for resilient organizations? In addressing these queries, the paper considers the mindful choices and adjustments a utility must make to its risk management strategy to manage strategic tensions between efficiency, risk and resilience. The conclusions note a gap in understanding of the drivers required for a paradigm shift within the water sector from a re-active to a pro-active risk management culture. A proposed model of the tensions between reactive risk management and pro-active, adaptive risk management provides a compelling case for measured risk management approaches which are informed by an appreciation of regulation, ownership and business culture. Such approaches will support water authorities in meeting corporate aspirations to become "high reliability" services while retaining the capacity to out-perform financial and service level targets

Cyber risk management frameworks for the South African banking industry

Abstract : Information technology (IT) has proven to be critical in the operation of businesses today. The banking industry is one of the industries that are most reliant on IT. The banking industry has enjoyed greater efficiency and effectiveness in their operations owing to the widespread use of IT. However, due to IT and continuous technological advancements, new threats such as cyber risk have surfaced, and the banking industry has experienced the most cybercrime incidents. In addition to the banking industry being the most targeted by cyber-criminals, cybercrime incidents have detrimental impacts on the industry. As a result, it is crucial for banks to employ effective cyber risk management processes. The South African banking industry is required by the South African Reserve Bank (SARB) to align their cyber risk management processes to the cyber resilience guidance document issued by the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO). The CPMI–IOSCO cyber resilience guidance contains guidelines that should be addressed within a bank’s cyber risk management framework. This study seeks to establish whether the Improving Critical Infrastructure Cybersecurity (ICIC) framework addresses the guidelines contained in the CPMI–IOSCO cyber resilience guidance. The ICIC framework is effective for managing cyber risk and allows an organisation to modify it to suit its specific needs and objectives. The objective of the study is to recommend to the South African banking industry, a framework for managing cyber risks that is effective and that addresses the CPMI–IOSCO cyber resilience guidelines. The results were gathered by analysing the ICIC framework and mapping it against the CPMI–IOSCO cyber resilience guidelines. The results revealed that the ICIC framework addresses up to 71 percent of the CPMI –IOSCO cyber resilience guidelines. The study therefore recommends that instead of building a new cyber risk management framework, the South African banking industry should adopt the ICIC framework and modify it by adding the 29 percent of the CPMI –IOSCO cyber resilience guidelines not addressed by the ICIC framework. All the guidelines contained in the CPMI–IOSCO cyber resilience guidance will then be addressed within the modified ICIC framework. South African banks will also achieve effective management of cyber risks through the ICIC framework.M.Com. (Computer Auditing

Managing cyber and information risks in supply chains: insights from an exploratory analysis

PurposeThe purpose of this paper is to explore how companies approach the management of cyber and information risks in their supply chain, what initiatives they adopt to this aim, and to what extent along the supply chain. In fact, the increasing level of connectivity is transforming supply chains, and it creates new opportunities but also new risks in the cyber space. Hence, cyber supply chain risk management (CSCRM) is emerging as a new management construct. The ultimate aim is to help organizations in understanding and improving the CSCRM process and cyber resilience in their supply chains.Design/methodology/approachThis research relied on a qualitative approach based on a comparative case study analysis involving five large multinational companies with headquarters, or branches, in the UK.FindingsResults highlight the importance for CSCRM to shift the viewpoint from the traditional focus on companies’ internal information technology (IT) infrastructure, able to “firewall themselves” only, to the whole supply chain with a cross-functional approach; initiatives for CSCRM are mainly adopted to “respond” and “recover” without a well-rounded approach to supply chain resilience for a long-term capacity to adapt to changes according to an evolutionary approach. Initiatives are adopted at a firm/dyadic level, and a network perspective is missing.Research limitations/implicationsThis paper extends the current theory on cyber and information risks in supply chains, as a combination of supply chain risk management and resilience, and information risk management. It provides an analysis and classification of cyber and information risks, sources of risks and initiatives to managing them according to a supply chain perspective, along with an investigation of their adoption across the supply chain. It also studies how the concept of resilience has been deployed in the CSCRM process by companies. By laying the first empirical foundations of the subject, this study stimulates further research on the challenges and drivers of initiatives and coordination mechanisms for CSCRM at a supply chain network level.Practical implicationsResults invite companies to break the “silos” of their activities in CSCRM, embracing the whole supply chain network for better resilience. The adoption of IT security initiatives should be combined with organisational ones and extended beyond the dyad. Where applicable, initiatives should be bi-directional to involve supply chain partners, remove the typical isolation in the CSCRM process and leverage the value of information. Decisions on investments in CSCRM should involve also supply chain managers according to a holistic approach.Originality/valueA supply chain perspective in the existing scientific contributions is missing in the management of cyber and information risk. This is one of the first empirical studies dealing with this interdisciplinary subject, focusing on risks that are now very high in the companies’ agenda, but still overlooked. It contributes to theory on information risk because it addresses cyber and information risks in massively connected supply chains through a holistic approach that includes technology, people and processes at an extended level that goes beyond the dyad

A probabilistic approach to the evaluation of seismic resilience in road asset management

Road networks are classified as critical infrastructure systems. Their loss of functionality not only hinders residential and commercial activities, but also compromises evacuation and rescue after disasters. Dealing with risks to key strategic objectives is not new to asset management, and risk management is considered one of the core elements of asset management. Risk analysis has recently focused on understanding and designing strategies for resilience, especially in the case of seismic events that present a significant hazard to highway transportation networks. Following a review of risk and resilience concepts and metrics, an innovative methodology to stochastically assess the economic resources needed to restore damaged infrastructures, one that is a relevant and complementary element within a wider resilience-based framework, is proposed. The original methodology is based on collecting and analyzing ex post reconstruction and hazard data and was calibrated on data measured during the earthquake that struck central Italy in 2016 and collected in the following recovery phase. Although further improvements are needed, the proposed approach can be used effectively by road managers to provide useful information in developing seismic retrofitting plans

The Economics of Natural Disasters - Implications and Challenges for Food Security

A large and growing share of the world's poor lives under conditions in which high hazard risk coincides with high vulnerability. In the last decade, natural disasters claimed 79,000 lives each year and affected more than 200 million people, with damages amounting to almost US $ 70 billion annually. Experts predict that disasters will become even more frequent and their impact more severe, expecting a five-fold global cost increase over the next fifty years, mainly due to climate change and a further concentration of the world's population in vulnerable habitats. The paper argues that in order to mitigate disaster impact on poor population groups, development policy and disaster management need to become mutually supportive. Focusing on challenges disasters pose to food security, it proposes that in disaster-prone locations measures to improve disaster resilience should be an integral part of food security policies and strategies. It expands the twin-track approach to hunger reduction to a "triple track approach", giving due attention to cross-cutting disaster risk management measures. Practical areas requiring more attention include risk information and analysis; land use planning; upgrading physical infrastructures; diversification and risk transfer mechanisms. Investments in reducing disaster risk will be most needed where both hazard risk and vulnerability are high. As agriculture is particularly vulnerable to disaster risk, measures to reduce this vulnerability, i. e. protecting agricultural lands, water and other assets, should get greater weight in development strategies and food security policies. Investing in disaster resilience involves trade-offs. Identifying the costs, benefits and trade -offs involved will be a prominent task of agricultural economists.Food Security and Poverty, Resource /Energy Economics and Policy,

An Empirical Study of IT-enabled Enterprise Risk Management and Organizational Resilience

Contemporary organizations are increasingly challenged by the expanding variety of risks and threats posed by turbulent and complex business environments. This paper addresses the importance of organizations having the ability to cope with risks and uncertainties by exploring IT-enabled enterprise risk management (ERM) capability as a means of achieving organizational resilience. Based on the synthesis of prior risk management theoretical frameworks, we posit that information technology is a key enabler of enterprise risk management capability that integrate risk management into enterprise-wide business processes, with organizational commitment as a complementary enabler. By examining the relationship of IT-enabled ERM capability and organizational resilience under the moderating effect of business network structure strength, this study provides insights on how to ensure continued survival of organizations in today’s volatile operating climate where risks extend beyond the organizational boundaries. Empirical findings from a survey of 185 organizations in Singapore show that IT assets and organizational commitment play significant roles in building up IT-enabled ERM capabilities. Organizational resilience is also found to be strongly impacted by the organization’s IT-enabled ERM capabilities, while the firm’s business network structure strength negatively moderates this relationship to a small extent. Managerial implications stemming from the empirical findings are discussed and directions for future research on enterprise risk management as a burgeoning research area for IS researchers are also offered

Risk Factors On Firm Resilience In Agricultural Sector The Mediating Effect Of Supply Chain Risk Management Practices

This research is a quantitative study that discusses the effect of governance of risk factor on firm resilience in the Indonesian agriculture industry. This research was conducted because the current conditions of agricultural firms in Indonesia cannot be resilient in the facing of the risks that arise. This research discussed the relationship between risk factor governance and firm resilience, supply chain risk management practices and firm resilience, and risk factors governance and supply chain risk management practices. This research also discusses the influence of mediation risk information sharing and risk sharing mechanism (supply chain risk management practices) on the relationship of risk factor governance with firm resilience. This research was conducted empirically by using 204 agricultural firms in Indonesia which are engaged in nine basic needs of the Indonesian people. This study used Smart PLS-SEM 3.2.7 to test relationship hypotheses. Result from the data analysis, the relationship between risk factor governance and firm resilience, risk factor governance and supply chain risk management practices, is partially significant. Supply chain risk management practices is positively significant with firm resilience. From the result, supply chain risk management practices is partially mediated to the relationship risk factors with firm resilience. Therefore, agricultural firms in Indonesia must give attention to factors that can affect firm resilience

Urban gaming simulation for enhancing disaster resilience: a social learning tool for modern disaster risk management

An emergence of the disaster resilience concept broadens the idea of urban risk management and, at the same time, enhances a theoretical aspect in a way in which we can develop our cities without making it more vulnerable to natural disasters. Nevertheless, this theoretical plausibility is hardly translated into a practical implication for urban planning, as the concept of resilience remain limited to some scholars’ debate. One of substantial factors that limit the understanding of people about disaster risk an resilience is a lack of risk awareness and risk preparedness, which can be solved by restructuring social learning process that enable a process of mutual learning between experts and the public. This study, therefore, focuses on providing insights into the difficulties of disaster risk communication we face, and how gaming simulation can be taken as a communication technique in enhancing social learning, which is regarded as a fundamental step of disaster risk management prior the mitigation process takes place. The study argues that the gaming simulation can facilitate planners in acquiring risk information from the community, conceiving the multitude of complex urban physical and socio-economic components, and conceptualizing innovative solutions to cope with disaster risks mutually with the public