Global ETD Search

1	Management of operational risks related to information security in financial organizations Mehmood, Furhan, Rafique, Rajia January 2010 (has links) <p><strong>Date</strong>: 30<sup>th</sup> May 2010</p><p><strong>Authors</strong>: Rajia Rafique, Furhan Mehmood</p><p><strong>Tutor:</strong> Dr. Michael Le Duc, Dr. Deepak Gupta</p><p><strong>Title:</strong> Management of Operational Risks related to Information Security in Financial Organizations</p><p><strong>Introduction: </strong>Information security is very significant for organizations, especially for financial organizations where customer information and their satisfaction are considered the most important assets for financial organizations. Therefore customer information must be sustained from information security breaches in order to satisfy customers. Financial organizations use their customer’s information several times a day to deal with different operations. These operations contain several types of risks. Operational risks related to information security are becoming sensational for financial organizations. Financial organizations concentrate to reduce the exposure of operational risk related to information security because these risks can affect the business to a great extent. Financial organizations need such policies and techniques which can be used to reduce the exposure of operational risk and to enhance information security. Several authors discuss about several types of operational risk related to information security, and several authors discuss about the techniques to avoid these risks in order to enhance information security.</p><p><strong>Problem:</strong> Investigate the concept of Operational Risks related to Information Security and how it is perceived in Financial Organization?<strong><em> </em></strong></p><p><strong>Purpose: </strong>The aspiration of writing this report is to describe and analyze operational risks related to information security in financial organizations and then to present some suggestions in form of polices or techniques which can be used by financial organizations to enhance their information security.</p><p><strong>Method:</strong> Since the type of our thesis is Qualitative based, therefore exploratory research approach is used to carry out research. Authors tried to use secondary source of information as well as primary source of information in order to get maximum knowledge about the topic and to come up with maximum possible output.</p><p><strong>Target Audience</strong></p><p>The target audience in our mind for this paper consists of both, academic readers and professionals who have interest and some knowledge about information security and operational risks. Target audience for this research work includes professionals, academic readers and both investigated organizations (NCCPL and CDC).</p><p><strong>Conclusion</strong></p><p>By critically analyzing the literature written by various authors and the worthy information provided by our primary sources gave us the opportunity to develop a solution to keep the operations secure from risks and to fix the current problems related to information security. We found that there are different types of operational risks related to information security which can affect the business of financial organizations and there are various techniques which can be used by financial organizations to solve the current issue related to operational risks in order to enhance information security. It was also found that top management in financial organizations is interested in issues about information security operational risk and they showed their keen interest in adopting new effective techniques.</p><p><strong>Keywords:</strong> Information Security, Information Security Risks, Operational Risks, Operational Risk Management, Operational Risks in Financial Organizations.</p> Operational risks information security
2	Management of operational risks related to information security in financial organizations Mehmood, Furhan, Rafique, Rajia January 2010 (has links) Date: 30th May 2010 Authors: Rajia Rafique, Furhan Mehmood Tutor: Dr. Michael Le Duc, Dr. Deepak Gupta Title: Management of Operational Risks related to Information Security in Financial Organizations Introduction: Information security is very significant for organizations, especially for financial organizations where customer information and their satisfaction are considered the most important assets for financial organizations. Therefore customer information must be sustained from information security breaches in order to satisfy customers. Financial organizations use their customer’s information several times a day to deal with different operations. These operations contain several types of risks. Operational risks related to information security are becoming sensational for financial organizations. Financial organizations concentrate to reduce the exposure of operational risk related to information security because these risks can affect the business to a great extent. Financial organizations need such policies and techniques which can be used to reduce the exposure of operational risk and to enhance information security. Several authors discuss about several types of operational risk related to information security, and several authors discuss about the techniques to avoid these risks in order to enhance information security. Problem: Investigate the concept of Operational Risks related to Information Security and how it is perceived in Financial Organization? Purpose: The aspiration of writing this report is to describe and analyze operational risks related to information security in financial organizations and then to present some suggestions in form of polices or techniques which can be used by financial organizations to enhance their information security. Method: Since the type of our thesis is Qualitative based, therefore exploratory research approach is used to carry out research. Authors tried to use secondary source of information as well as primary source of information in order to get maximum knowledge about the topic and to come up with maximum possible output. Target Audience The target audience in our mind for this paper consists of both, academic readers and professionals who have interest and some knowledge about information security and operational risks. Target audience for this research work includes professionals, academic readers and both investigated organizations (NCCPL and CDC). Conclusion By critically analyzing the literature written by various authors and the worthy information provided by our primary sources gave us the opportunity to develop a solution to keep the operations secure from risks and to fix the current problems related to information security. We found that there are different types of operational risks related to information security which can affect the business of financial organizations and there are various techniques which can be used by financial organizations to solve the current issue related to operational risks in order to enhance information security. It was also found that top management in financial organizations is interested in issues about information security operational risk and they showed their keen interest in adopting new effective techniques. Keywords: Information Security, Information Security Risks, Operational Risks, Operational Risk Management, Operational Risks in Financial Organizations. Operational risks information security
3	Operational risk events in banks and practices for collecting internal loss data Bostander, D.E. 30 November 2007 (has links) This research study had two distinct objectives. The first objective was to determine in which areas in South African banks the most severe operational risk losses are likely to occur (based on the Basel II seven loss event types and eight business lines). Severity was assessed based on single operational risk events that might have significant monetary values attached to them. The likely frequency of single operational risk events was also assessed. The investigation of the aforementioned research problem was explorative and quantitative of nature, as the researcher made extensive use of survey research in the form of a questionnaire to all registered banks. The second part of the research study’s objective was to assess the range of practices in collecting internal loss data for operational risk purposes as required by Basel II. This part was approached from a qualitative perspective, by benchmarking the research findings against the Basel II text, the researcher’s experience in risk management in banks, the Basel Committee on Banking Supervision’s Sound Practices for the Management and Supervision of Operational Risk, and related literature. The literature review, including reference to certain surveys and studies, focuses on the main concepts of operational risk within banks that are pertinent to the research problem. The literature review also includes several references to the Basel II text and other relevant publications and papers issued by the Basel Committee on Banking Supervision. The research results revealed that respondents in South African banks believed that ‘business disruption and system failures’ is the loss event type that is likely to result in the most severe single operational risk loss. ‘Trading and sales’ scored the same high average rating as ‘business disruption and system failures’ as the business line where the most severe single operational risk loss is likely to occur in South African banks. ‘External fraud’ and ‘execution, delivery and process management’ scored the highest average ratings as the loss event types where the most frequent operational risk losses are likely to occur. Respondents indicated that ‘retail banking’ is the business line where the most frequent single operational risk losses are likely to occur in South African banks. Based on the above-mentioned findings the researcher recommends that these high-risk areas be highlighted to the Bank Supervision Department of the South African Reserve Bank, the boards of directors and senior management of banks in order for them to strengthen banks’ internal controls. The researcher recommends the inclusion of near misses and opportunity cost in operational risk loss databases. Banks should at least capture the date of the discovery of an operational risk event as this represents acceptable practice among the majority of banks. Operational risk losses should be assigned to the multiple business activities in which it occurred on a pro-rata basis. All recoveries of operational risk losses should be processed separately, but associated with the original loss event. Replacement cost is seen as the most appropriate way to capture gross loss amounts for the damage to fixed assets. The researcher encourages the recording of overtime cost for fixing systems failures. Market risk losses due to operational risk events should be treated as market risk losses, while loan-related losses due to operational risk failures should be treated as credit risk losses by banks. The researcher’s view is that banks should set different thresholds for the collection of operational risk losses for its various business units based on each business unit’s operations and nature of business. Banks should, as a starting point, map operational risk events to the Basel II 8x7 matrix. Operational risk losses should be assessed by both legal entity and on a consolidated basis. Operational risks Banks Collecting internal loss data
4	Operational risk events in banks and practices for collecting internal loss data Bostander, D.E. 30 November 2007 (has links) This research study had two distinct objectives. The first objective was to determine in which areas in South African banks the most severe operational risk losses are likely to occur (based on the Basel II seven loss event types and eight business lines). Severity was assessed based on single operational risk events that might have significant monetary values attached to them. The likely frequency of single operational risk events was also assessed. The investigation of the aforementioned research problem was explorative and quantitative of nature, as the researcher made extensive use of survey research in the form of a questionnaire to all registered banks. The second part of the research study’s objective was to assess the range of practices in collecting internal loss data for operational risk purposes as required by Basel II. This part was approached from a qualitative perspective, by benchmarking the research findings against the Basel II text, the researcher’s experience in risk management in banks, the Basel Committee on Banking Supervision’s Sound Practices for the Management and Supervision of Operational Risk, and related literature. The literature review, including reference to certain surveys and studies, focuses on the main concepts of operational risk within banks that are pertinent to the research problem. The literature review also includes several references to the Basel II text and other relevant publications and papers issued by the Basel Committee on Banking Supervision. The research results revealed that respondents in South African banks believed that ‘business disruption and system failures’ is the loss event type that is likely to result in the most severe single operational risk loss. ‘Trading and sales’ scored the same high average rating as ‘business disruption and system failures’ as the business line where the most severe single operational risk loss is likely to occur in South African banks. ‘External fraud’ and ‘execution, delivery and process management’ scored the highest average ratings as the loss event types where the most frequent operational risk losses are likely to occur. Respondents indicated that ‘retail banking’ is the business line where the most frequent single operational risk losses are likely to occur in South African banks. Based on the above-mentioned findings the researcher recommends that these high-risk areas be highlighted to the Bank Supervision Department of the South African Reserve Bank, the boards of directors and senior management of banks in order for them to strengthen banks’ internal controls. The researcher recommends the inclusion of near misses and opportunity cost in operational risk loss databases. Banks should at least capture the date of the discovery of an operational risk event as this represents acceptable practice among the majority of banks. Operational risk losses should be assigned to the multiple business activities in which it occurred on a pro-rata basis. All recoveries of operational risk losses should be processed separately, but associated with the original loss event. Replacement cost is seen as the most appropriate way to capture gross loss amounts for the damage to fixed assets. The researcher encourages the recording of overtime cost for fixing systems failures. Market risk losses due to operational risk events should be treated as market risk losses, while loan-related losses due to operational risk failures should be treated as credit risk losses by banks. The researcher’s view is that banks should set different thresholds for the collection of operational risk losses for its various business units based on each business unit’s operations and nature of business. Banks should, as a starting point, map operational risk events to the Basel II 8x7 matrix. Operational risk losses should be assessed by both legal entity and on a consolidated basis. Operational risks Banks Collecting internal loss data
5	Riscos operacionais: uma proposta de modelo de gestão preventiva fundamentada a partir de aspectos da teoria econômica Fonseca, Leandro Gomes da 07 April 2015 (has links) Made available in DSpace on 2016-04-26T20:48:42Z (GMT). No. of bitstreams: 1 Leandro Gomes da Fonseca.pdf: 1711293 bytes, checksum: 21389a82deb225f387d9a3f74276a0f4 (MD5) Previous issue date: 2015-04-07 / The economic and financial market has directed attention to operational risks and their consequences, given the business processes fragility like financial losses caused by failures and errors coming from people, systems and processes with badly design about corporative goals. The recent financial crisis, largely started by the realization of operational risks which, in turn, began to have a higher incidence of exposure because of globalization and technological advancement. In the rush to protect themselves from the consequences derived from operational risks, companies in various sectors have adopted as a measure of capital retention for protection. However, this mechanism isolated proved insufficient in managing operational risks, indicating the need for further measures and actions to ensure greater security in business management and, consequently, to contribute for economic stability. In this context, this work aims to present a model of preventive and qualitative management of operational risks, as well as highlight the balanced use of capital retention mechanism in an uncertainty scenario. The management model aims to increase the efficiency of business processes to avoid losses arising from failures and people mistakes, systems and poor processes designed, which can be applied to any market segment. As bibliographic references, recent articles on operational risks are analyzed, as well as the theoretical background on some aspects related to the uncertainties of the macro and micro-economic point of view in relation to the management of corporate operational risks. Theories of principal-agent, adverse selection and moral hazard are also analyzed against the operational risk management model proposal, more precisely the conditions to improve analysis, choices and decisions in asymmetric information scenarios. The preventive and qualitative model proposal application will contribute to safer and more efficient structures and businesses processes and thus also contribute to the solvency of corporations / O mercado econômico-financeiro tem direcionado sua atenção para os riscos operacionais e suas consequências, diante da fragilidade dos processos corporativos quanto a perdas financeiras ocasionadas por falhas e erros oriundos de pessoas, sistemas e processos mal desenhados quanto aos seus objetivos. As recentes crises financeiras, em grande parte, tiveram início pela concretização de riscos operacionais que, por sua vez, passaram a ter maior exposição de ocorrência pelo fato da globalização e do avanço tecnológico. No ímpeto de se protegerem das consequências derivadas dos riscos operacionais, empresas dos mais variados setores passaram a adotar como medida de proteção a retenção de capital. No entanto, tal mecanismo isolado mostrou-se insuficiente na gestão dos riscos operacionais, indicando a necessidade de novas medidas e ações para garantir maior segurança na gestão dos negócios e, consequentemente, para contribuir para estabilidade econômica. Nesse contexto, esta dissertação tem por objetivo apresentar um modelo de gestão preventiva e qualitativa dos riscos operacionais, assim como destacar o uso equilibrado do mecanismo de retenção de capital em um cenário de incerteza. O modelo de gestão visa aumentar a eficiência dos processos corporativos por evitar perdas oriundas de falhas e erros de pessoas, sistemas e processos mal elaborados, passível de ser aplicado em qualquer segmento do mercado. Como referencial bibliográfico, recentes artigos sobre riscos operacionais são analisados, assim como o embasamento teórico sobre alguns aspectos relacionados às incertezas do ponto de vista macro e microeconômico em relação à gestão dos riscos operacionais corporativos. As teorias do principal-agente, seleção adversa e risco moral também são analisadas frente à proposta do modelo de gestão de riscos operacionais, mais precisamente nas condições de aprimorar análises, escolhas e decisões em cenários de informação assimétrica. A aplicação do modelo preventivo e qualitativo proposto contribuirá para estruturas e processos corporativos mais seguros e eficientes e, consequentemente, também contribuirá para a solvência das corporações Riscos operacionais Incerteza Gestão preventiva Retenção de capital Operational risks Uncertainty Preventive management Capital retention
6	Método para análise dos riscos operacionais associados a falhas epidêmicas de novos produtos eletrônicos: uma proposta utilizando redes bayesianas Rossi Filho, Tito Armando 25 March 2011 (has links) Submitted by Mariana Dornelles Vargas (marianadv) on 2015-03-26T15:45:40Z No. of bitstreams: 1 metodo_analise.pdf: 4654494 bytes, checksum: 289c3665835291875c651023720d69af (MD5) / Made available in DSpace on 2015-03-26T15:45:40Z (GMT). No. of bitstreams: 1 metodo_analise.pdf: 4654494 bytes, checksum: 289c3665835291875c651023720d69af (MD5) Previous issue date: 2011-03-25 / Banco Santander / Banespa / A competição entre empresas e cadeias produtivas, acompanhada da crescente complexidade dos produtos e de regulações legais, tem resultado no aumento dos riscos operacionais vinculados a falhas de novos produtos. Na indústria eletrônica, especialmente no segmento de consumo, as implicações econômicas das falhas podem ser muito significativas no lucro das empresas que projetam os produtos. Isso se amplifica quando o nível de falhas é elevado, o que se denomina "falhas epidêmicas". Todavia, a avaliação dos riscos operacionais durante o projeto de novos produtos eletrônicos ainda parece carecer de métodos que abordem as incertezas de forma integrada, considerando os riscos técnicos e gerenciais, bem como o conhecimento subjetivo dos especialistas. O presente trabalho visa contribuir com o tema, apresentando a proposta de um novo método para avaliação dos riscos operacionais associados a falhas epidêmicas em novos produtos eletrônicos. Esta proposta de método foi construída através de uma pesquisa direcionada pelo método Design Research, o qual possibilitou o desenvolvimento de um conjunto de artefatos encadeados através de cinco passos. O principal artefato foi construído utilizando a abordagem de Redes Bayesianas e consiste em um modelo embasado no referencial teórico e em entrevistas com seis especialistas da indústria eletrônica. A partir da delimitação da pesquisa, o modelo foi constituído de 21 construtos, os quais são relacionados entre si e englobam riscos técnicos e gerenciais associados à cadeia de suprimentos, ao processo de projeto, aos ensaios de verificação e validação e às restrições existentes durante o projeto do produto. A avaliação do desempenho do método foi realizada através de uma tentativa de aplicação em um projeto de uma empresa multinacional instalada no Brasil. Identificaram-se três conjuntos de possíveis alterações no projeto, para os quais se estimou a redução dos riscos operacionais frente a limiares previamente estabelecidos, assim como se avaliou os potenciais resultados financeiros de tais alterações ao longo do ciclo de vida do produto. Conclui-se que o método poderá agregar melhorias no processo de avaliação de riscos da empresa, especialmente pelo fato de prever a realimentação dos cálculos probabilísticos de risco através das evidências dos projetos. Esta pesquisa, além de contribuir com uma proposta de método para suportar o processo de Gestão de Riscos durante o desenvolvimento de novos produtos, indicou potenciais melhorias nos processos de tomada de decisão e gestão do conhecimento no ambiente de projetos. / The competition between firms and supply chains, along with the increasing product complexity and existing legal regulations, have been resulting in increased operational risks due to failures of new products. In the electronics industry, especially for the consumer goods segment, the resulting economic risks of such failures may be significant to the profit of firms that design products. This is intensified when the failure rate is high, the so-called 'epidemic failures'. Nevertheless, the assessment of operational risks during the project of new electronic products seems to lack methods to address the uncertainties in a whole integrated approach, taking into consideration the technical and managerial risks, as well as the subjective knowledge of the experts. The present work aims to contribute to the topic, presenting the proposal of a new method for assessing the operational risks associated with epidemic failure of new electronic products. This proposed method was driven by the Design Research method, which enabled the development of a set of artifacts linked through five steps. The main artifact was constructed under the Bayesian Networks approach and it is comprised of a model developed through bibliographic research and interviews with six experts of the electronics industry. Based on the research delimitations, the developed model is composed by 21 constructs, which are interrelated and consider technical and managerial risks associated with Supply Chain, with Product Design, with Verification and Validation tests and with restrictions during the project. The performance evaluation of the method was carried out by a tentative application in a project being implemented at a multinational company established in Brazil. Three sets of potential changes to the project have been identified, for which it was estimated the reduction of operational risks compared to previously established thresholds, as well as evaluated the potential financial results of such changes throughout the product lifecycle. A conclusion is that the method may enhance the firm?s risk assessment process, especially due to the fact that it allows to feedback the probabilistic risk calculations by the record of project evidences. This research, besides contributing with a method proposal to support the new product risk management, indicated potential enhancements to the decision making and knowledge management in project environments. Riscos operacionais Redes bayesianas Indústria eletrônica Confiabilidade Operational risks Bayesian networks Electronics industry Reliability
7	Análise da relação entre risco operacional e processos tecnológicos Campos, Rafael Herden 22 May 2014 (has links) Submitted by William Justo Figueiro (williamjf) on 2015-07-28T22:16:30Z No. of bitstreams: 1 33d.pdf: 6041070 bytes, checksum: c6dbddb70ba9aae55a9e5afd3175dd9a (MD5) / Made available in DSpace on 2015-07-28T22:16:30Z (GMT). No. of bitstreams: 1 33d.pdf: 6041070 bytes, checksum: c6dbddb70ba9aae55a9e5afd3175dd9a (MD5) Previous issue date: 2014-05-22 / Nenhuma / O objetivo deste estudo é analisar as relações entre risco operacional e processos tecnológicos. São analisados os 34 processos pertencentes ao modelo de governança Cobit versão 4.1 com o auxilio de recurso computacional ligado à aprendizagem de máquina para extração de conhecimento - Data Mining. O método utilizado para desenvolvimento deste estudo foi definido como Design Research. Foram coletadas 341 respostas sobre os processos de governança de TI de 140 empresas localizadas principalmente no estado do Rio Grande do Sul. Para aplicação da mineração de dados foi utilizado o software de código aberto Waikato Environment for Knowledge Analysis (Weka), com o uso de algoritmos de geração de agrupamentos, seleção de atributos, classificação e associação. Os dados obtidos evidenciam que o processo com maior nível de maturidade nas 140 empresas pesquisadas é o ES5 – Garante a segurança dos sistemas, enquanto que o de menor nível é o PO7 – Gerencia os recursos humanos de TI. Os resultados também indicam que entre os 34 processos, PO7 - Gerencia os recursos humanos de TI, PO10 – Gerencia os projetos, AI1 – Identifica soluções de automação, AI2 – Adquiri e mantém software aplicativo, PO8 – Gerencia a qualidade são os processos de governança que possuem maior relação com a avaliação e gerenciamento de riscos (PO9). / The objective of this study is to analyze the relation between operational risk and technological processes. 34 processes were analyzed belonging to the governance model COBIT version 4.1, with the aid of a computational resource associated with machine learning for knowledge extraction, known as Data Mining. The method used to conduct this study is defined as Design Research. It was collected 341 replies about the IT governance processes of 140 companies, located, mainly in the state of Rio Grande do Sul. For the application of Data Mining was used a software open source called Waikato Environment for Knowledge Analysis (Weka), using algorithms to generate clusters, attribute selection, classification and association. The obtained data show that the process with the highest level of maturity in the surveyed 140 companies is the ES5 - it ensures the security of the systems, while the lowest level is the PO7 - which Manage Human resources in IT. The results also show that between 34 processes, those which have greater relations with P09 - evaluating and managing risks, are the governance processes PO7 - Managing Human Resources in IT, PO10 - managing the projects, Al1 - Identifies automation solutions, Al2 - acquire and maintain application software, PO8 - Management the quality. Governança de TI Riscos operacionais Cobit Data mining IT governance Operational risks
8	Contribution à l’analyse critique de la norme de contrôle. : Le cas des risques opérationnels dans le secteur financier : de la normativité à l’effectivité / Risk Management Regulation : the case study of Operational Risk Management in Financial Services, form normativity to effectivity Dufour, Nicolas 04 March 2015 (has links) L'objet du présent projet de thèse porte sur l'analyse critique des normes de contrôle du risque opérationnel. Il s'agit de mettre en lumière la manière dont le Risk Management mobilise les parties prenantes des organisations pour créer et animer une culture du risque opérationnel. L'approche retenue est la triangulation méthodologique combinant deux recherche-action réalisées au sein d'un établissement bancaire et d'une compagnie d'assurance ainsi que des entretiens semi-directifs et une analyse de contenu sur un ensemble de documents internes à chacun des cas étudiés. Les résultats de la recherche font état de la nécessité de traduire les normes de contrôle prudentiel dans l'organisation et de structurer les nombreux contrôles pour mettre en œuvre une politique de risque effective.Les récentes évolutions règlementaires dans le domaine bancaire et en assurance (Bâle 2 et Bâle 2.5, Bâle 3, Solvabilité 2) tendent à renforcer les dispositifs de contrôle interne et de Risk Management ainsi que la communication d'informations sur ces dispositifs pour une meilleure maîtrise des risques. Ainsi, le règlement CRBF 97-02 parle de filière risque opérationnel, la directive à venir Solvabilité II évoque dans son pilier 2 la nécessité de développer un contrôle interne et un Risk Management tournés vers la prise en compte du risque dans l'organisation et non seulement comme un sujet de provisionnement de fonds propres.Cependant ces efforts n'empêchent pas la survenance et la médiatisation de scandales financiers dont l'ampleur est à la hauteur des montants financiers traités. Ainsi, de nombreux établissements financiers sont touchés par le risque opérationnel. Ce risque est avant tout un risque organisationnel, contingent du facteur humain et prenant de multiples formes (les catégories baloises du risque opérationnel en sont une illustration). Les exemples de survenance de risque opérationnel sont nombreux : les cas de JP Morgan, d'UBS, de Société Générale, de Barclays, de HSBC, de Goldman Sachs en attestent. Toutefois, le risque opérationnel n'est pas seulement le fait de banques de financement et d'investissement et n'est pas uniquement un risque extrême par ses conséquences. Il concerne également les banques de détails et les sociétés d'assurance et est le plus souvent un risque de fréquence et de faible impact (fraudes aux moyens de paiement et fraude à l'assurance par exemple). La réglementation prudentielle comprend un ensemble de normes tendant à inciter les établissements financiers à mieux prendre en compte cette catégorie encore émergente et mal connue de risque (les risques de marchés ou de crédits faisant l'objet de davantage d'études).Nous décrivons et analysons l'influence de ces évolutions normatives sur les dispositifs internes de maîtrise du risque opérationnel (Risk Management opérationnel, contrôle interne) et nous interrogeons la manière dont les établissements financiers structurent leur contrôle des risques, plus particulièrement en ce qui concerne l'effectivité de ces dispositifs. Afin d'éviter de développer des contrôles manquant d'effectivité, il devient essentiel de situer cette régulation prudentielle dans une perspective de structuration des contrôles et de traduction/compréhension de la norme de contrôle. / The aim of this thesis is to bring to light the way the Risk management mobilizes the stakeholders of organizations to create and lead a culture of the operational risk.Our research approach is the methodological triangulation, combining two action-research case studies, arising within a banking institution and within an insurance company, as well as semi-directive interviews and an analysis of contents on a set of internal documents in each of the studied cases. The research results state the necessity of translating the standards of prudential control in the organization and of structuring the numerous controls to implement an effective risk mastering policy.The recent statutory evolutions in the banking and insurance sectors (Basel 2 and Basel 2.5, Basel 3, Solvency II) tend to strengthen systems of internal control and Risk Management as well as the communication of information over these devices for a better control of the risks. So, the regulation CRBF 97-02 speaks about operational risk systems, the directive to come Solvency II evokes in its pillar 2 the necessity of developing an internal control and a Risk Management turned to the consideration of the organizational risks.However these efforts do not prevent the emergence and the mediatization of financial scandals the scale of which is as high as the financial handled amounts. So, numerous financial institutions are affected by the operational risk. This risk is before any an organizational risk, a contingent of the human factor and taking multiple forms (the Basel categories of the operational risk).There are numerous examples of extremes operational risks: the cases of JP Morgan, UBS, Société Générale, Barclays, Goldman Sachs give evidence of it. However, the operational risk is not only the fact of corporate and investment banking and is not only an extreme risk by its consequences and in low probability. It also concerns retail banks and insurance companies and is most of the time a risk of frequency and low impact (frauds in payment activities, and fraud in life and non-life the insurance for instance). The prudential regulation include a set of standards tending to incite financial institutions to take into account better this category still emergent and badly known by risk (markets risks or credits risks have being the object of more studies).We describe the influence of these normative evolutions on the internal devices of the operational risk (Operational Risk Management, Internal Control) and we question the sense given by establishments to the information onto the control of the risks, more particularly as regards the effectiveness of these devices. To avoid an informative overload regarding control, it becomes essential to place this prudent regulation in perspective of structuring of the controls and the translation / understanding of the risk control standards. Gestion des risques Risques opérationnels Politique de risque Banque Assurance Risk Management Operational risks Risk policy Banking Insurance 658
9	Riskhanteringens utmaning : En studie som identifierar svenska organisationers riskhantering avseende informationssäkerhet samt dess prioritering. / The challenge of Risk Management : A study on Risk Management regarding information security in Swedish organizations and their priorities Tehrani, Amir, Siwetz, Clara January 2007 (has links) <p>Background: Risk Management plays an important part of the enterprises strategic business activity. Efficient Risk Management will secure the businesses survival, assets and creates market advantages. The interest of information security has consequently gained in Swedish corporations. Corporations have realized the importance of the information which is stored in the IT systems. IT is the tool for businesses future progress and growth and therefore a source of risks. For managing these risks standards and frameworks are needed. To what extent are information security standards and frameworks used in Swedish organizations? Are information security integrated with operational Risk Management?</p><p>Purpose: The purpose of this study is to identify the Risk Management regarding information security in the studied organizations and to recognize the priority of information security.</p><p>Method: The main part of this study is based on case studies including four Swedish organizations, with the purpose to identify the Risk Management regarding information security in these organizations. The study is also added with a complementary survey carried out on Large Cap corporations on the Nordic exchange. The later survey will create a more general apprehension.</p><p>Conclusions: Findings shows that the Swedish organizations have realized the importance of standards and frameworks and the accompanying benefits. The main elements for using standards and frameworks are - better control, identification of business opportunities and gained security. The findings also suggested that the organizations should invest more resources in integrating information security with Risk Management and on the executive management involvement.</p> Risk Management Information Security Operational risks Standards Frameworks & Regulations Riskhantering Informationssäkerhet Operationella risker Standarder Ramverk Regelverk. Business studies Företagsekonomi
10	Riskhanteringens utmaning : En studie som identifierar svenska organisationers riskhantering avseende informationssäkerhet samt dess prioritering. / The challenge of Risk Management : A study on Risk Management regarding information security in Swedish organizations and their priorities Tehrani, Amir, Siwetz, Clara January 2007 (has links) Background: Risk Management plays an important part of the enterprises strategic business activity. Efficient Risk Management will secure the businesses survival, assets and creates market advantages. The interest of information security has consequently gained in Swedish corporations. Corporations have realized the importance of the information which is stored in the IT systems. IT is the tool for businesses future progress and growth and therefore a source of risks. For managing these risks standards and frameworks are needed. To what extent are information security standards and frameworks used in Swedish organizations? Are information security integrated with operational Risk Management? Purpose: The purpose of this study is to identify the Risk Management regarding information security in the studied organizations and to recognize the priority of information security. Method: The main part of this study is based on case studies including four Swedish organizations, with the purpose to identify the Risk Management regarding information security in these organizations. The study is also added with a complementary survey carried out on Large Cap corporations on the Nordic exchange. The later survey will create a more general apprehension. Conclusions: Findings shows that the Swedish organizations have realized the importance of standards and frameworks and the accompanying benefits. The main elements for using standards and frameworks are - better control, identification of business opportunities and gained security. The findings also suggested that the organizations should invest more resources in integrating information security with Risk Management and on the executive management involvement. Risk Management Information Security Operational risks Standards Frameworks & Regulations Riskhantering Informationssäkerhet Operationella risker Standarder Ramverk Regelverk. Business studies Företagsekonomi

Search results