Emerging IT risks: insights from German banking

How do German banks manage the emerging risks stemming from IT innovations such as cyber risk? With a focus on process, roles and responsibilities, field data from ten banks participating in the 2014 ECB stress test were collected by interviewing IT managers, risk managers and external experts. Current procedures for handling emerging risks in German banks were identified from the interviews and analysed, guided by the extant literature. A clear gap was found between enterprise risk management (ERM) as a general approach to risks threatening firms’ objectives and ERM’s neglect of emerging risks, such as those associated with IT innovations. The findings suggest that ERM should be extended towards the collection and sharing of knowledge to allow for an initial understanding and description of emerging risks, as opposed to the traditional ERM approach involving estimates of impact and probability. For example, as cyber risks emerge from an IT innovation, the focus may need to switch towards reducing uncertainty through knowledge acquisition. Since individual managers seldom possess all relevant knowledge of an IT innovation, various stakeholders may need to be involved to exploit their expertise

Formal Safety Assessment of a Marine Seismic Survey Vessel Operation, Incorporating Risk Matrix and Fault Tree Analysis

In maritime safety research, risk is assessed usually within the framework of formal safety assessment (FSA), which provides a formal and systematic methodology to improve the safety of lives, assets, and the environment. A bespoke application of FSA to mitigate accidents in marine seismic surveying is put forward in this paper, with the aim of improving the safety of seismic vessel operations, within the context of developing an economically viable strategy. The work herein takes a close look at the hazards in North Sea offshore seismic surveying, in order to identify critical risk factors, leading to marine seismic survey accidents. The risk factors leading to undesirable events are analysed both qualitatively and quantitatively. A risk matrix is introduced to screen the identified undesirable events. Further to the screening, Fault Tree Analysis (FTA) is presented to investigate and analyse the most critical risks of seismic survey operation, taking into account the lack of historical data. The obtained results show that man overboard (MOB) event is a major risk factor in marine seismic survey operation; lack of training on safe work practice, slippery deck as a result of rain, snow or water splash, sea state affecting human judgement, and poor communication are identified as the critical risk contributors to the MOB event. Consequently, the risk control options are focused on the critical risk contributors for decision-making. Lastly, suggestions for the introduction and development of the FSA methodology are highlighted for safer marine and offshore operations in general

An extended method for evaluating assumptions deviations in quantitative risk assessment and its application to external flooding risk assessment of a nuclear power plant

In quantitative risk assessment, assumptions are typically made, based on best judgement, conservative, or (sometimes) optimistic judgments. Best judgment and optimistic assumptions may result in failing to meet the quantitative safety objectives, whereas conservative assumptions may increase the margins which the objectives are met with but result in cost-ineffective design or operation. In the present paper, we develop an extended framework for the analysis of the criticality of assumptions in risk assessment by evaluating the risk that deviations from the assumptions lead to a reduction of the safety margins. The framework aims to support risk-informed decision making by identifying important assumptions and integrating the assessment of their criticality into the quantitative risk assessment (QRA). The framework is, finally applied within the quantitative risk assessment of a Nuclear Power Plant (NPP) exposed to external flooding. Compared to previous works on the subject, we consider also conservative assumptions and introduce decision flow diagrams to support the classification of the criticality of the assumptions. The framework provides a more comprehensive and transparent evaluation of the assumptions deviation risk through the decision flow diagrams that facilitate the standardization of the evaluation of the assumption deviation effects on the risk assessment