Journal of Operational Risk

Risk.net

Monitoring IT operational risks across US capital markets

Jerry Friedhoff and Mo Mansouri

ABSTRACT

Due to an increasing number of high-profile, technology-related incidents across the US financial markets, industry participants are focused on improving their operational IT risk management frameworks. This is reflected by the inclusion of IT risk guidelines in recent regulatory mandates, industry standards and enterprise risk management methodologies. IT risk is a key component of operational risk, mainly through two event types (or subcategories). One is business disruptions and system failures, which addresses the disruption of regular business due to system failures; the other is external fraud, which covers the threats from external parties trying to hack a firm's systems and computers. Across the US financial markets domain, operational IT events have been shown to have a larger impact on participants than IT security events or IT project failures (Goldstein 2009). Within this context, the monitoring of operational IT risk across the various organizations comprising an extended enterprise such as the US capital markets becomes an important element of systemic risk management for the economy. This paper suggests an approach to assessing IT risk within the operational risk context using an incident-based method for monitoring operational IT risk across an extended enterprise based on the Information Systems Audit and Control Association risk IT framework. The proposed monitoring methodology is illustrated with an example from an extended enterprise within the US capital market. Observations on the approach are also discussed and potential future research is outlined.

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to Risk.net? View our subscription options

If you already have an account, please sign in here.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: