IDEAS home Printed from https://ideas.repec.org/a/pal/gpprii/v43y2018i2d10.1057_s41288-018-0081-8.html
   My bibliography  Save this article

Emerging IT Risks: Insights from German Banking

Author

Listed:
  • Simon Ashby

    () (University of Plymouth)

  • Trevor Buck

    () (Glasgow University)

  • Stephanie Nöth-Zahn

    () (Edinburgh Napier University)

  • Thomas Peisl

    ()

Abstract

How do German banks manage the emerging risks stemming from IT innovations such as cyber risk? With a focus on process, roles and responsibilities, field data from ten banks participating in the 2014 ECB stress test were collected by interviewing IT managers, risk managers and external experts. Current procedures for handling emerging risks in German banks were identified from the interviews and analysed, guided by the extant literature. A clear gap was found between enterprise risk management (ERM) as a general approach to risks threatening firms’ objectives and ERM’s neglect of emerging risks, such as those associated with IT innovations. The findings suggest that ERM should be extended towards the collection and sharing of knowledge to allow for an initial understanding and description of emerging risks, as opposed to the traditional ERM approach involving estimates of impact and probability. For example, as cyber risks emerge from an IT innovation, the focus may need to switch towards reducing uncertainty through knowledge acquisition. Since individual managers seldom possess all relevant knowledge of an IT innovation, various stakeholders may need to be involved to exploit their expertise.

Suggested Citation

  • Simon Ashby & Trevor Buck & Stephanie Nöth-Zahn & Thomas Peisl, 2018. "Emerging IT Risks: Insights from German Banking," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 43(2), pages 180-207, April.
  • Handle: RePEc:pal:gpprii:v:43:y:2018:i:2:d:10.1057_s41288-018-0081-8
    DOI: 10.1057/s41288-018-0081-8
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1057/s41288-018-0081-8
    File Function: Abstract
    Download Restriction: Access to full text is restricted to subscribers.
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Aebi, Vincent & Sabato, Gabriele & Schmid, Markus, 2012. "Risk management, corporate governance, and bank performance in the financial crisis," Journal of Banking & Finance, Elsevier, vol. 36(12), pages 3213-3226.
    2. Christian Gollier & James Hammitt & Nicolas Treich, 2013. "Risk and choice: A research saga," Journal of Risk and Uncertainty, Springer, vol. 47(2), pages 129-145, October.
    3. Eckles, David L. & Hoyt, Robert E. & Miller, Steve M., 2014. "The impact of enterprise risk management on the marginal cost of reducing risk: Evidence from the insurance industry," Journal of Banking & Finance, Elsevier, vol. 43(C), pages 247-261.
    4. Acharya, Viral & Engle, Robert & Pierret, Diane, 2014. "Testing macroprudential stress tests: The risk of regulatory risk weights," Journal of Monetary Economics, Elsevier, vol. 65(C), pages 36-53.
    5. Aven, Terje, 2010. "Some reflections on uncertainty analysis and management," Reliability Engineering and System Safety, Elsevier, vol. 95(3), pages 195-201.
    6. García-Granero, Ana & Llopis, Óscar & Fernández-Mesa, Anabel & Alegre, Joaquín, 2015. "Unraveling the link between managerial risk-taking and innovation: The mediating role of a risk-taking climate," Journal of Business Research, Elsevier, vol. 68(5), pages 1094-1104.
    7. Arena, Marika & Arnaboldi, Michela & Azzone, Giovanni, 2010. "The organizational dynamics of Enterprise Risk Management," Accounting, Organizations and Society, Elsevier, vol. 35(7), pages 659-675, October.
    8. Leen Paape & Roland F. Spekl�, 2012. "The Adoption and Design of Enterprise Risk Management Practices: An Empirical Study," European Accounting Review, Taylor & Francis Journals, vol. 21(3), pages 533-564, January.
    9. Power, Michael, 2009. "The risk management of nothing," Accounting, Organizations and Society, Elsevier, vol. 34(6-7), pages 849-855, August.
    10. Gail Ridley & Judy Young & Peter Carroll, 2008. "Studies to Evaluate COBIT's Contribution to Organisations: Opportunities from the Literature, 2003–06," Australian Accounting Review, CPA Australia, vol. 18(4), pages 334-342, December.
    11. Martin F. Grace & J. Tyler Leverty & Richard D. Phillips & Prakash Shimpi, 2015. "The Value of Investing in Enterprise Risk Management," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 82(2), pages 289-316, June.
    12. Rosati, Pierangelo & Cummins, Mark & Deeney, Peter & Gogolin, Fabian & van der Werff, Lisa & Lynn, Theo, 2017. "The effect of data breach announcements beyond the stock price: Empirical evidence on market activity," International Review of Financial Analysis, Elsevier, vol. 49(C), pages 146-154.
    13. André P. Liebenberg & Robert E. Hoyt, 2003. "The Determinants of Enterprise Risk Management: Evidence From the Appointment of Chief Risk Officers," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 6(1), pages 37-52, February.
    14. Anette Mikes & Robert S. Kaplan, 2015. "When One Size Doesn't Fit All: Evolving Directions in the Research and Practice of Enterprise Risk Management," Journal of Applied Corporate Finance, Morgan Stanley, vol. 27(1), pages 37-40, March.
    15. Anginer, Deniz & Demirguc-Kunt, Asli & Zhu, Min, 2014. "How does competition affect bank systemic risk?," Journal of Financial Intermediation, Elsevier, vol. 23(1), pages 1-26.
    16. Eckles, David L. & Hoyt, Robert E. & Miller, Steve M., 2014. "Reprint of: The impact of enterprise risk management on the marginal cost of reducing risk: Evidence from the insurance industry," Journal of Banking & Finance, Elsevier, vol. 49(C), pages 409-423.
    17. Eduardo Rodriguez & John S. Edwards, 2014. "Knowledge Management in Support of Enterprise Risk Management," International Journal of Knowledge Management (IJKM), IGI Global, vol. 10(2), pages 43-61, April.
    18. Robert E. Hoyt & Andre P. Liebenberg, 2011. "The Value of Enterprise Risk Management," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 78(4), pages 795-822, December.
    19. Mikes, Anette, 2011. "From counting risk to making risk count: Boundary-work in risk management," Accounting, Organizations and Society, Elsevier, vol. 36(4), pages 226-245.
    20. David J. Teece, 2012. "Dynamic Capabilities: Routines versus Entrepreneurial Action," Journal of Management Studies, Wiley Blackwell, vol. 49(8), pages 1395-1401, December.
    21. Aven, Terje, 2016. "Risk assessment and risk management: Review of recent advances on their foundation," European Journal of Operational Research, Elsevier, vol. 253(1), pages 1-13.
    22. Aven, Terje, 2012. "The risk concept—historical and recent development trends," Reliability Engineering and System Safety, Elsevier, vol. 99(C), pages 33-44.
    23. Ali, Robleh & Barrdear, John & Clews, Roger & Southgate, James, 2014. "Innovations in payment technologies and the emergence of digital currencies," Bank of England Quarterly Bulletin, Bank of England, vol. 54(3), pages 262-275.
    24. James G. March & Zur Shapira, 1987. "Managerial Perspectives on Risk and Risk Taking," Management Science, INFORMS, vol. 33(11), pages 1404-1418, November.
    25. Mark Farrell & Ronan Gallagher, 2015. "The Valuation Implications of Enterprise Risk Management Maturity," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 82(3), pages 625-657, September.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Therese R. Viscelli & Mark S. Beasley & Dana R. Hermanson, 2016. "Research Insights About Risk Governance," SAGE Open, , vol. 6(4), pages 21582440166, November.
    2. Posch, Arthur, 2020. "Integrating risk into control system design: The complementarity between risk-focused results controls and risk-focused information sharing," Accounting, Organizations and Society, Elsevier, vol. 86(C).
    3. Mónica Hernández-Madrigal & Cristina Aibar-Guzmán & Beatriz Aibar-Guzmán & Élfego Ramírez-Flores, 2020. "Are external pressures always behind ERM implementation? Evidence from Spanish listed firms," International Journal of Disclosure and Governance, Palgrave Macmillan, vol. 17(2), pages 86-100, September.
    4. Chen, Yu-Lun & Chuang, Yi-Wei & Huang, Hong-Gia & Shih, Jhuan-Yu, 2020. "The value of implementing enterprise risk management: Evidence from Taiwan’s financial industry," The North American Journal of Economics and Finance, Elsevier, vol. 54(C).
    5. Danijela Miloš Sprčić & Marina Mešin Žagar & Željko Šević & Mojca Marc, 2016. "Does enterprise risk management influence market value – A long-term perspective," Risk Management, Palgrave Macmillan, vol. 18(2), pages 65-88, August.
    6. Al-Amri, Khalid & Davydov, Yevgeniy, 2016. "Testing the effectiveness of ERM: Evidence from operational losses," Journal of Economics and Business, Elsevier, vol. 87(C), pages 70-82.
    7. Malik, Muhammad Farhan & Zaman, Mahbub & Buckby, Sherrena, 2020. "Enterprise risk management and firm performance: Role of the risk committee," Journal of Contemporary Accounting and Economics, Elsevier, vol. 16(1).
    8. Farrell, Mark & Gallagher, Ronan, 2019. "Moderating influences on the ERM maturity-performance relationship," Research in International Business and Finance, Elsevier, vol. 47(C), pages 616-628.
    9. Gavin Cassar & Joseph Gerakos, 2017. "Do risk management practices work? Evidence from hedge funds," Review of Accounting Studies, Springer, vol. 22(3), pages 1084-1121, September.
    10. ŞENOL, Zekai & KARACA, Süleyman Serdar, 2017. "The Effect Of Enterprise Risk Management On Firm Performance: A Case Study On Turkey," Studii Financiare (Financial Studies), Centre of Financial and Monetary Research "Victor Slavescu", vol. 21(2), pages 6-30.
    11. Sorin Gabriel Anton & Anca Elena Afloarei Nucu, 2020. "Enterprise Risk Management: A Literature Review and Agenda for Future Research," Journal of Risk and Financial Management, MDPI, Open Access Journal, vol. 13(11), pages 1-22, November.
    12. Elisabetta Mafrolla & Felice Matozza, 2014. "Risk management and firm size: a survey of Italian private companies," MANAGEMENT CONTROL, FrancoAngeli Editore, vol. 2014(3), pages 87-108.
    13. Songling Yang & Muhammad Ishtiaq & Muhammad Anwar, 2018. "Enterprise Risk Management Practices and Firm Performance, the Mediating Role of Competitive Advantage and the Moderating Role of Financial Literacy," Journal of Risk and Financial Management, MDPI, Open Access Journal, vol. 11(3), pages 1-17, June.
    14. Naciye Sekerci & Don Pagach, 2020. "Firm Ownership and Enterprise Risk Management Implementation: Evidence from the Nordic Region," Journal of Risk and Financial Management, MDPI, Open Access Journal, vol. 13(9), pages 1-21, September.
    15. David M. Pooser & Mark J. Browne & Oleksandra Arkhangelska, 2018. "Growth in the Perception of Cyber Risk: Evidence from U.S. P&C Insurers," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 43(2), pages 208-223, April.
    16. Grazia Dicuonzo & Graziana Galeone & Erika Zappimbulso & Vittorio Dell'Atti, 2019. "Risk Management 4.0: The Role of Big Data Analytics in the Bank Sector," International Journal of Economics and Financial Issues, Econjournals, vol. 9(6), pages 40-47.
    17. Danijela Miloš Sprèiæ Antonija Kožul Ena Pecina, 2017. "Managers’ Support – A Key Driver behind Enterprise Risk Management Maturity," Zagreb International Review of Economics and Business, Faculty of Economics and Business, University of Zagreb, vol. 20(SCI), pages 25-39, April.
    18. Milos Sprcic, Danijela & Pecina, Ena & Orsag, Silvije, 2017. "Enterprise Risk Management Practices In Listed Croatian Companies," UTMS Journal of Economics, University of Tourism and Management, Skopje, Macedonia, vol. 8(3), pages 219-230.
    19. Nguyen, Duc Khuong & Vo, Dinh-Tri, 2020. "Enterprise risk management and solvency: The case of the listed EU insurers," Journal of Business Research, Elsevier, vol. 113(C), pages 360-369.
    20. Leen Paape & Roland F. Spekl�, 2012. "The Adoption and Design of Enterprise Risk Management Practices: An Empirical Study," European Accounting Review, Taylor & Francis Journals, vol. 21(3), pages 533-564, January.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pal:gpprii:v:43:y:2018:i:2:d:10.1057_s41288-018-0081-8. See general information about how to correct material in RePEc.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (Sonal Shukla) or (Springer Nature Abstracting and Indexing). General contact details of provider: http://www.palgrave-journals.com/ .

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service hosted by the Research Division of the Federal Reserve Bank of St. Louis . RePEc uses bibliographic data supplied by the respective publishers.