IDEAS home Printed from https://ideas.repec.org/a/pal/gpprii/v43y2018i2d10.1057_s41288-018-0081-8.html
   My bibliography  Save this article

Emerging IT Risks: Insights from German Banking

Author

Listed:
  • Simon Ashby

    (University of Plymouth)

  • Trevor Buck

    (Glasgow University)

  • Stephanie Nöth-Zahn

    (Edinburgh Napier University)

  • Thomas Peisl

Abstract

How do German banks manage the emerging risks stemming from IT innovations such as cyber risk? With a focus on process, roles and responsibilities, field data from ten banks participating in the 2014 ECB stress test were collected by interviewing IT managers, risk managers and external experts. Current procedures for handling emerging risks in German banks were identified from the interviews and analysed, guided by the extant literature. A clear gap was found between enterprise risk management (ERM) as a general approach to risks threatening firms’ objectives and ERM’s neglect of emerging risks, such as those associated with IT innovations. The findings suggest that ERM should be extended towards the collection and sharing of knowledge to allow for an initial understanding and description of emerging risks, as opposed to the traditional ERM approach involving estimates of impact and probability. For example, as cyber risks emerge from an IT innovation, the focus may need to switch towards reducing uncertainty through knowledge acquisition. Since individual managers seldom possess all relevant knowledge of an IT innovation, various stakeholders may need to be involved to exploit their expertise.

Suggested Citation

  • Simon Ashby & Trevor Buck & Stephanie Nöth-Zahn & Thomas Peisl, 2018. "Emerging IT Risks: Insights from German Banking," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 43(2), pages 180-207, April.
    • Handle: RePEc:pal:gpprii:v:43:y:2018:i:2:d:10.1057_s41288-018-0081-8
    DOI: 10.1057/s41288-018-0081-8
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1057/s41288-018-0081-8
    File Function: Abstract
    Download Restriction: Access to full text is restricted to subscribers.
    File URL: https://libkey.io/10.1057/s41288-018-0081-8?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. García-Granero, Ana & Llopis, Óscar & Fernández-Mesa, Anabel & Alegre, Joaquín, 2015. "Unraveling the link between managerial risk-taking and innovation: The mediating role of a risk-taking climate," Journal of Business Research, Elsevier, vol. 68(5), pages 1094-1104.
    2. Rosati, Pierangelo & Cummins, Mark & Deeney, Peter & Gogolin, Fabian & van der Werff, Lisa & Lynn, Theo, 2017. "The effect of data breach announcements beyond the stock price: Empirical evidence on market activity," International Review of Financial Analysis, Elsevier, vol. 49(C), pages 146-154.
    3. André P. Liebenberg & Robert E. Hoyt, 2003. "The Determinants of Enterprise Risk Management: Evidence From the Appointment of Chief Risk Officers," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 6(1), pages 37-52, February.
    4. Anginer, Deniz & Demirguc-Kunt, Asli & Zhu, Min, 2014. "How does competition affect bank systemic risk?," Journal of Financial Intermediation, Elsevier, vol. 23(1), pages 1-26.
    5. Wilson, John O.S. & Casu, Barbara & Girardone, Claudia & Molyneux, Philip, 2010. "Emerging themes in banking: Recent literature and directions for future research," The British Accounting Review, Elsevier, vol. 42(3), pages 153-169.
    6. Feduzi, Alberto & Runde, Jochen, 2014. "Uncovering unknown unknowns: Towards a Baconian approach to management decision-making," Organizational Behavior and Human Decision Processes, Elsevier, vol. 124(2), pages 268-283.
    7. Aebi, Vincent & Sabato, Gabriele & Schmid, Markus, 2012. "Risk management, corporate governance, and bank performance in the financial crisis," Journal of Banking & Finance, Elsevier, vol. 36(12), pages 3213-3226.
    8. Leen Paape & Roland F. Spekl�, 2012. "The Adoption and Design of Enterprise Risk Management Practices: An Empirical Study," European Accounting Review, Taylor & Francis Journals, vol. 21(3), pages 533-564, January.
    9. Power, Michael, 2009. "The risk management of nothing," Accounting, Organizations and Society, Elsevier, vol. 34(6-7), pages 849-855, August.
    10. Christiansen, Ulrik & Thrane, Sof, 2014. "The prose of action: The micro dynamics of reporting on emerging risks in operational risk management," Scandinavian Journal of Management, Elsevier, vol. 30(4), pages 427-443.
    11. Anette Mikes & Robert S. Kaplan, 2015. "When One Size Doesn't Fit All: Evolving Directions in the Research and Practice of Enterprise Risk Management," Journal of Applied Corporate Finance, Morgan Stanley, vol. 27(1), pages 37-40, March.
    12. Eckles, David L. & Hoyt, Robert E. & Miller, Steve M., 2014. "Reprint of: The impact of enterprise risk management on the marginal cost of reducing risk: Evidence from the insurance industry," Journal of Banking & Finance, Elsevier, vol. 49(C), pages 409-423.
    13. David J. Teece, 2012. "Dynamic Capabilities: Routines versus Entrepreneurial Action," Journal of Management Studies, Wiley Blackwell, vol. 49(8), pages 1395-1401, December.
    14. Christian Gollier & James Hammitt & Nicolas Treich, 2013. "Risk and choice: A research saga," Journal of Risk and Uncertainty, Springer, vol. 47(2), pages 129-145, October.
    15. Aven, Terje, 2016. "Risk assessment and risk management: Review of recent advances on their foundation," European Journal of Operational Research, Elsevier, vol. 253(1), pages 1-13.
    16. Eckles, David L. & Hoyt, Robert E. & Miller, Steve M., 2014. "The impact of enterprise risk management on the marginal cost of reducing risk: Evidence from the insurance industry," Journal of Banking & Finance, Elsevier, vol. 43(C), pages 247-261.
    17. Acharya, Viral & Engle, Robert & Pierret, Diane, 2014. "Testing macroprudential stress tests: The risk of regulatory risk weights," Journal of Monetary Economics, Elsevier, vol. 65(C), pages 36-53.
    18. Arena, Marika & Arnaboldi, Michela & Azzone, Giovanni, 2010. "The organizational dynamics of Enterprise Risk Management," Accounting, Organizations and Society, Elsevier, vol. 35(7), pages 659-675, October.
    19. Martin F. Grace & J. Tyler Leverty & Richard D. Phillips & Prakash Shimpi, 2015. "The Value of Investing in Enterprise Risk Management," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 82(2), pages 289-316, June.
    20. Anne E. Kleffner & Ryan B. Lee & Bill McGannon, 2003. "The Effect of Corporate Governance on the Use of Enterprise Risk Management: Evidence From Canada," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 6(1), pages 53-73, February.
    21. Eduardo Rodriguez & John S. Edwards, 2014. "Knowledge Management in Support of Enterprise Risk Management," International Journal of Knowledge Management (IJKM), IGI Global, vol. 10(2), pages 43-61, April.
    22. Mikes, Anette, 2011. "From counting risk to making risk count: Boundary-work in risk management," Accounting, Organizations and Society, Elsevier, vol. 36(4), pages 226-245.
    23. James G. March & Zur Shapira, 1987. "Managerial Perspectives on Risk and Risk Taking," Management Science, INFORMS, vol. 33(11), pages 1404-1418, November.
    24. Philip Bromiley & Devaki Rau, 2014. "Looking under the Lamppost? A Research Agenda for Increasing Enterprise Risk Management’s Usefulness to Practitioners," Palgrave Macmillan Books, in: Torben Juul Andersen (ed.), Contemporary Challenges in Risk Management, chapter 2, pages 50-62, Palgrave Macmillan.
    25. Mark Farrell & Ronan Gallagher, 2015. "The Valuation Implications of Enterprise Risk Management Maturity," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 82(3), pages 625-657, September.
    26. Aven, Terje, 2010. "Some reflections on uncertainty analysis and management," Reliability Engineering and System Safety, Elsevier, vol. 95(3), pages 195-201.
    27. Gail Ridley & Judy Young & Peter Carroll, 2008. "Studies to Evaluate COBIT's Contribution to Organisations: Opportunities from the Literature, 2003–06," Australian Accounting Review, CPA Australia, vol. 18(4), pages 334-342, December.
    28. Bjerga, Torbjørn & Aven, Terje, 2015. "Adaptive risk management using new risk perspectives – an example from the oil and gas industry," Reliability Engineering and System Safety, Elsevier, vol. 134(C), pages 75-82.
    29. Robert E. Hoyt & Andre P. Liebenberg, 2011. "The Value of Enterprise Risk Management," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 78(4), pages 795-822, December.
    30. Aven, Terje, 2012. "The risk concept—historical and recent development trends," Reliability Engineering and System Safety, Elsevier, vol. 99(C), pages 33-44.
    31. Ali, Robleh & Barrdear, John & Clews, Roger & Southgate, James, 2014. "Innovations in payment technologies and the emergence of digital currencies," Bank of England Quarterly Bulletin, Bank of England, vol. 54(3), pages 262-275.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Michael McShane & Trung Nguyen, 0. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-36.
    2. Kjartan Palsson & Steinn Gudmundsson & Sachin Shetty, 0. "Analysis of the impact of cyber events for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-16.
    3. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    4. Kjartan Palsson & Steinn Gudmundsson & Sachin Shetty, 2020. "Analysis of the impact of cyber events for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 564-579, October.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Therese R. Viscelli & Mark S. Beasley & Dana R. Hermanson, 2016. "Research Insights About Risk Governance," SAGE Open, , vol. 6(4), pages 21582440166, November.
    2. Evan M. Eastman & Jianren Xu, 2021. "Market reactions to enterprise risk management adoption, incorporation by rating agencies, and ORSA Act passage," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(2), pages 151-180, June.
    3. Ivana Dvorski Lacković & Nataša Kurnoga & Danijela Miloš Sprčić, 2022. "Three-factor model of Enterprise Risk Management implementation: exploratory study of non-financial companies," Risk Management, Palgrave Macmillan, vol. 24(2), pages 101-122, June.
    4. Mónica Hernández-Madrigal & Cristina Aibar-Guzmán & Beatriz Aibar-Guzmán & Élfego Ramírez-Flores, 2020. "Are external pressures always behind ERM implementation? Evidence from Spanish listed firms," International Journal of Disclosure and Governance, Palgrave Macmillan, vol. 17(2), pages 86-100, September.
    5. Muhammed Altuntas & Thomas R. Berry-Stölzle & J. David Cummins, 2021. "Enterprise risk management and economies of scale and scope: evidence from the German insurance industry," Annals of Operations Research, Springer, vol. 299(1), pages 811-845, April.
    6. Posch, Arthur, 2020. "Integrating risk into control system design: The complementarity between risk-focused results controls and risk-focused information sharing," Accounting, Organizations and Society, Elsevier, vol. 86(C).
    7. Sorin Gabriel Anton & Anca Elena Afloarei Nucu, 2020. "Enterprise Risk Management: A Literature Review and Agenda for Future Research," JRFM, MDPI, vol. 13(11), pages 1-22, November.
    8. Florio, Cristina & Leoni, Giulia, 2017. "Enterprise risk management and firm performance: The Italian case," The British Accounting Review, Elsevier, vol. 49(1), pages 56-74.
    9. Danijela Miloš Sprčić & Marina Mešin Žagar & Željko Šević & Mojca Marc, 2016. "Does enterprise risk management influence market value – A long-term perspective," Risk Management, Palgrave Macmillan, vol. 18(2), pages 65-88, August.
    10. Al-Amri, Khalid & Davydov, Yevgeniy, 2016. "Testing the effectiveness of ERM: Evidence from operational losses," Journal of Economics and Business, Elsevier, vol. 87(C), pages 70-82.
    11. Songling Yang & Muhammad Ishtiaq & Muhammad Anwar, 2018. "Enterprise Risk Management Practices and Firm Performance, the Mediating Role of Competitive Advantage and the Moderating Role of Financial Literacy," JRFM, MDPI, vol. 11(3), pages 1-17, June.
    12. Malik, Muhammad Farhan & Zaman, Mahbub & Buckby, Sherrena, 2020. "Enterprise risk management and firm performance: Role of the risk committee," Journal of Contemporary Accounting and Economics, Elsevier, vol. 16(1).
    13. Ena Pecina & Danijela Miloš Sprčić & Ivana Dvorski Lacković, 2022. "Qualitative Analysis of Enterprise Risk Management Systems in the Largest European Electric Power Companies," Energies, MDPI, vol. 15(15), pages 1-19, July.
    14. Chen, Yu-Lun & Chuang, Yi-Wei & Huang, Hong-Gia & Shih, Jhuan-Yu, 2020. "The value of implementing enterprise risk management: Evidence from Taiwan’s financial industry," The North American Journal of Economics and Finance, Elsevier, vol. 54(C).
    15. Farrell, Mark & Gallagher, Ronan, 2019. "Moderating influences on the ERM maturity-performance relationship," Research in International Business and Finance, Elsevier, vol. 47(C), pages 616-628.
    16. Sylvester Senyo Horvey & Jones Odei-Mensah, 2024. "Enterprise risk management and performance of the South African insurers: the moderating role of corporate governance," Risk Management, Palgrave Macmillan, vol. 26(4), pages 1-28, December.
    17. ŞENOL, Zekai & KARACA, Süleyman Serdar, 2017. "The Effect Of Enterprise Risk Management On Firm Performance: A Case Study On Turkey," Studii Financiare (Financial Studies), Centre of Financial and Monetary Research "Victor Slavescu", vol. 21(2), pages 6-30.
    18. Elisabetta Mafrolla & Felice Matozza, 2014. "Risk management and firm size: a survey of Italian private companies," MANAGEMENT CONTROL, FrancoAngeli Editore, vol. 2014(3), pages 87-108.
    19. Dionne, Georges & El Hraiki, Rayane & Mnasri, Mohamed, 2023. "Determinants and real effects of joint hedging: An empirical analysis of US oil and gas producers," Energy Economics, Elsevier, vol. 124(C).
    20. Alexis Catanzaro & Christine Teyssier, 2021. "Export promotion programs, export capabilities, and risk management practices of internationalized SMEs," Small Business Economics, Springer, vol. 57(3), pages 1479-1503, October.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pal:gpprii:v:43:y:2018:i:2:d:10.1057_s41288-018-0081-8. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.palgrave-journals.com/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.