An Aggregated Information Technology Checklist for Operational Risk Management

Abstract

This study addresses the issue of the Information Technology (IT) Governance frameworks and standards that respond to different levels of operational risks, especially those caused by the information systems and technology infrastructure. A requirement analysis regarding Basel II is conducted, a gap analysis between the Information Control Models (ICMs) is performed, and the aggregated IT checklist for Operational Risk Management (ORM) is proposed by mapping the control objectives in ICMs to the operational risk categories described in Basel II as loss event types. The validity and reliability of the study is based on the focus group assessment of the mappingsBasel II, Operational Risk Management, Information Control Model, Information Technology Governance.