Emerging IT risks: insights from German banking

How do German banks manage the emerging risks stemming from IT innovations such as cyber risk? With a focus on process, roles and responsibilities, field data from ten banks participating in the 2014 ECB stress test were collected by interviewing IT managers, risk managers and external experts. Current procedures for handling emerging risks in German banks were identified from the interviews and analysed, guided by the extant literature. A clear gap was found between enterprise risk management (ERM) as a general approach to risks threatening firms’ objectives and ERM’s neglect of emerging risks, such as those associated with IT innovations. The findings suggest that ERM should be extended towards the collection and sharing of knowledge to allow for an initial understanding and description of emerging risks, as opposed to the traditional ERM approach involving estimates of impact and probability. For example, as cyber risks emerge from an IT innovation, the focus may need to switch towards reducing uncertainty through knowledge acquisition. Since individual managers seldom possess all relevant knowledge of an IT innovation, various stakeholders may need to be involved to exploit their expertise

An integrated risk index accounting for epistemic uncertainty in probability risk assessment

International audienceIn this paper, we present an integrated framework for quantifying epistemic uncertainty in probabilistic risk assessment. Three types of epistemic uncertainty, that is, completeness, structural and parametric uncertainties, are considered. A maturity model is developed to evaluate the management of these epistemic uncertainties in the model building process. The impact of epistemic uncertainty on the result of the risk assessment is, then, estimated based on the developed maturity model. Then, an integrated risk index is defined to reflect the epistemic uncertainty in the risk assessment results. An indifference method is developed to evaluate the index based on the maturity of epistemic uncertainty management. A case study concerning a nuclear power plant is shown to demonstrate the applicability of the overall modelling framework