Emerging IT risks: insights from German banking

How do German banks manage the emerging risks stemming from IT innovations such as cyber risk? With a focus on process, roles and responsibilities, field data from ten banks participating in the 2014 ECB stress test were collected by interviewing IT managers, risk managers and external experts. Current procedures for handling emerging risks in German banks were identified from the interviews and analysed, guided by the extant literature. A clear gap was found between enterprise risk management (ERM) as a general approach to risks threatening firms’ objectives and ERM’s neglect of emerging risks, such as those associated with IT innovations. The findings suggest that ERM should be extended towards the collection and sharing of knowledge to allow for an initial understanding and description of emerging risks, as opposed to the traditional ERM approach involving estimates of impact and probability. For example, as cyber risks emerge from an IT innovation, the focus may need to switch towards reducing uncertainty through knowledge acquisition. Since individual managers seldom possess all relevant knowledge of an IT innovation, various stakeholders may need to be involved to exploit their expertise

Organizing risk: organization and management theory for the risk society

Risk has become a crucial part of organizing, affecting a wide range of organizations in all sectors. We identify, review and integrate diverse literatures relevant to organizing risk, building on an existing framework that describes how risk is organized in three ‘modes’ – prospectively, in real-time, and retrospectively. We then identify three critical issues in the existing literature: its fragmented nature; its neglect of the tensions associated with each of the modes; and its tendency to assume that the meaning of an object in relation to risk is singular and stable. We provide a series of new insights with regard to each of these issues. First, we develop the concept of a risk cycle that shows how organizations engage with all three modes and transition between them over time. Second, we explain why the tensions have been largely ignored and show how studies using a risk work perspective can provide further insights into them. Third, we develop the concept of risk translation to highlight the ways in the meanings of risks can be transformed and to identify the political consequences of such translations. We conclude the paper with a research agenda to elaborate these insights and ideas further

Transient and Steady-state Regime of a Family of List-based Cache Replacement Algorithms

International audienceIn this paper we study the performance of a family of cache replacement algorithms. The cache is decomposed into lists. Items enter the cache via the first list. An item enters the cache via the first list and jumps to the next list whenever a hit on it occurs. The classical policies FIFO, RANDOM, CLIMB and its hybrids are obtained as special cases. We present explicit expressions for the cache content distribution and miss probability under the IRM model. We develop an algorithm with a time complexity that is polynomial in the cache size and linear in the number of items to compute the exact miss probability. We introduce lower and upper bounds on the latter that can be computed in a time that is linear in the cache size times the number of items. We further introduce a mean field model to approximate the transient behavior of the miss probability and prove that this model becomes exact as the cache size and number of items tends to infinity. We show that the set of ODEs associated to the mean field model has a unique fixed point that can be used to approximate the miss probability in case the exact computation becomes too time consuming. Using this approximation, we provide guidelines on how to select a replacement algorithm within the family considered such that a good trade-off is achieved between the cache reactivity and its steady-state hit probability. We simulate these cache replacement algorithms on traces of real data and show that they can outperform LRU. Finally, we also disprove the well-known conjecture that the CLIMB algorithm is the optimal finite-memory replacement algorithm under the IRM model