Search results for: risk management framework (RMF)

Authors: Wan Noorul Hafilah Binti Wan Ariffin

Abstract:

Dam safety management is the crucial infrastructure as dam failure has a catastrophic effect on the community. Dam safety management is the effective framework of key actions and activities for the dam owner to manage the safety of the dam for its entire life cycle. However, maintaining dam safety is a challenging task as there are changes in current dam states. These changes introduce new risks to the dam's safety, which had not been considered when the dam was designed. A new framework has to be developed to adapt to the changes in the dam risk and make the dams resilient. This study proposes a risk-based decision-making adaptation framework for dam safety management. The research focuses on climate change's impact on hydrological situations as it causes floods and damages the dam structure. The risk analysis framework is adopted to improve the dam management strategies. The proposed study encompasses four phases. To start with, measuring the effect by assessing the impact of climate change on embankment dam, the second phase is to analyze the potential embankment dam failures. The third is analyzing the different components of risks related to the dam and, finally, developing a robust decision-making framework.

Keywords: climate change, embankment dam, failure, risk-informed decision making

Procedia PDF Downloads 111

Authors: Ali Abdullah Albezaghi

Abstract:

This article aims to introduce a conceptual framework that can facilitate investigations concerning the role of risk management practices in the relationship between construction risks and the construction project's performance. This article is structured based on the extant literature; it reviews theoretical perspectives, highlights the gaps, and illustrates the significance of developing a framework of suggested relationships. Despite growing interest in the role of risks in construction project performance, previous studies have paid little attention to investigating the moderating role of risk management practices on the risk-performance link. This has left researchers and construction project managers with minimal information to explain the conditions under which risk management practices can reduce the impact of project-related risks and improve performance. In this context, this article suggests a viable research model with propositions that assess risk-performance relationships and discusses the potential moderating effects on the domain relationship. This paper adds to the risk management literature by focusing on risk variables that directly impact performance. Further, it also considers the moderating role of risk management practices in such relationships.

Keywords: risk management practices, external risks, internal risks, project risks, project performance

Procedia PDF Downloads 94

Authors: Negar Ganjouhaghighi, Amirali Dolatshahi

Abstract:

The origin of most risks of a mega project usually takes place in the phases before closing the contract. As a practical point of view, using project risk management techniques for preparing a proposal is not a total solution for managing the risks of a contract. The objective of this paper is to cover all those activities associated with risk management of a mega project sale’s processes; from entrance to a new market to awarding activities and the review of contract performance. In this study, the risk management happens in six consecutive steps that are divided into three distinct but interdependent phases upstream of the award of the contract: pre-tendering, tendering and closing. In the first step, by preparing standard market risk report, risks of the new market are identified. The next step is the bid or no bid decision making based on the previous gathered data. During the next three steps in tendering phase, project risk management techniques are applied for determining how much contingency reserve must be added or reduced to the estimated cost in order to put the residual risk to an acceptable level. Finally, the last step which happens in closing phase would be an overview of the project risks and final clarification of residual risks. The sales experience of more than 20,000 MW turn-key power plant projects alongside this framework, are used to develop a software that assists the sales team to have a better project risk management.

Keywords: project marketing, risk management, tendering, project management, turn-key projects

Procedia PDF Downloads 300

Authors: Magid Maatallah

Abstract:

The problem is, investment management in modern conditions boils down to risk management which is very underdeveloped in Islamic financial theory and practice. Add to this the fact that, in Islamic perception, this is one of the areas of conventional finance in need of drastic reforms. This need was recently underlined by the story of Long Term Capital Management (LTCM ), ( told by Roger Lowenstein in his book, When Genius Failed, Random House, 2000 ). So we face a double challenge, to develop Islamic techniques of risk management and to see that these new techniques are free from the ills with which conventional methods are suffering. This is different from the challenge faced in the middle of twentieth century, to develop a method of financial intermediation free of interest.Risk was always there, especially in business. But industrialization brought risks unknown in trade and agriculture. Industrial production often involves long periods of time .The longer the period of production the more the uncertainty. The scope of the market has expanded to cover the whole world, introducing new kinds of risk. More than a thousand years ago, when Islamic laws were being written, the nature and scope of risk and uncertainty was different. However, something can still be learnt which, in combination with the modern experience, should enable us to realize the Shariah objectives of justice, fairness and efficiency.

Keywords: financial markets, Islamic framework, risk management, investment

Procedia PDF Downloads 517

Authors: Bouba Oumarou Aboubakar, HongXia Li, Sardar Annes Farooq

Abstract:

The Belt and Road Initiative’s success strongly depends on the safety of all the million workers on construction projects sites. As the new BRI is directed toward Africa and meets a completely different culture from the Chinese project managers, maintaining low risk for workers risks shall be closely related to cultural sharing and mutual understanding. This is why this work introduces a cultural-wise safety management framework for Chinese Construction projects in Africa. The theoretical contribution of this paper is an improved risk assessment framework that integrates language, culture and difficulty of controlling risk factors into one approach. Practically, this study provides not only a useful tool for project safety management practitioners but the full understanding of all risks that may arise in the BRI projects in Africa.

Keywords: cultural-wise, safety culture, risk assessment, Chinese construction, BRI projects, Africa

Procedia PDF Downloads 57

Authors: Umesh Kumar Singh, Chanchala Joshi

Abstract:

With increasing dependency on IT infrastructure, the main objective of a system administrator is to maintain a stable and secure network, with ensuring that the network is robust enough against malicious network users like attackers and intruders. Security risk management provides a way to manage the growing threats to infrastructures or system. This paper proposes a framework for risk level estimation which uses vulnerability database National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS). The proposed framework measures the frequency of vulnerability exploitation; converges this measured frequency with standard CVSS score and estimates the security risk level which helps in automated and reasonable security management. In this paper equation for the Temporal score calculation with respect to availability of remediation plan is derived and further, frequency of exploitation is calculated with determined temporal score. The frequency of exploitation along with CVSS score is used to calculate the security risk level of the system. The proposed framework uses the CVSS vectors for risk level estimation and measures the security level of specific network environment, which assists system administrator for assessment of security risks and making decision related to mitigation of security risks.

Keywords: CVSS score, risk level, security measurement, vulnerability category

Procedia PDF Downloads 294

Authors: Ruchi Agarwal, Jake Ansell

Abstract:

Austerity impacts on all aspects of society. Companies into the future will have to be more capable of dealing with the risks they face. Enterprise Risk Management (ERM) has widely been accepted in recent years as an approach to manage risks within businesses. ERM attempts to tackle risk holistically with gains from opportunities in a managing risk and reduction in the risk of failure. The paper reviews merits and demerits of approaches to risk management in regard to antifragility. A qualitative study has investigated current practices and the problems with ERM implementation by interviewing over 25 chief risk officers and senior management. The findings indicate the gap in ERM description, understanding, and implementation. The paper suggests risk learning and expertise knowledge supports development of effective enterprise risk management by designing systems with inherent resilience.

Keywords: risk management, interviews, antifragility, failure

Procedia PDF Downloads 520

Authors: Gerhard Grebe, Johan Marx

Abstract:

The aim of the study is to assess the state of operational risk management and the adoption of an appropriate risk culture in Ghanaian banks. The Bank of Ghana (BoG) joined the Basel Consultative Group (BCG) of the Basel Committee on Bank Supervision (BCBS) in 2021 and is proceeding with the implementation of the Basel III international regulatory framework for banks. The BoG’s Directive about risk management encourages, inter alia, the creation of an appropriate risk culture by Ghanaian banks. However, it is not evident how the risk management staff of Ghanaian banks experience the risk culture and the implementation of operational risk management in the banks where they are employed. Ghana is a developing economy, and it is addressing challenges with its organisational culture. According to Transparency International, successive Ghanaian governments claim to be fighting corruption, but little success has been achieved so far. This points to a possible lack of accountability, transparency, and integrity in the environment in which Ghanaian banks operate and which could influence their risk culture negatively. Purposive sampling was used for the survey, and the questionnaire was completed byGhanaian bank personnel who specializesin operational risk management, risk governance, and compliance, bank supervision, risk analyses, as well as the implementation of the operational risk management requirements of the Basel regulatory frameworks. The respondents indicated that they are fostering a risk culture and implementing monitoring and reporting procedures; the three lines of defence (3LOD); compliance; internal auditing; disclosure of operational risk information; and receiving guidance from the bank supervisor in an attempt to improve their operational risk management practices. However, the respondents reported the following challenges with staff members who are not inside the risk management departments(in order of priority), namelydemonstrating a risk culture, training and development; communication; reporting and disclosure; roles and responsibilities; performance appraisal; and technological and environmental barriers. Recommendations to address these challenges are provided

Keywords: ghana, operational risk, risk culture, risk management

Procedia PDF Downloads 82

Authors: Olakunle Felix Adekunle

Abstract:

Risk management is recognised as an essential tool to tackle the inevitable uncertainty associated with business and projects at all levels. But it frequently fails to meet expectations, with projects continuing to run late, over budget or under performing, and business is not gaining the expected benefits. The evident disconnect which often occurs between strategic vision and tactical project delivery typically arises from poorly defined project objectives and inadequate attention to the proactive management of risks that could affect those objectives. One of the main failings in the traditional approach to risk management arises from a narrow focus on the downside, restricted to the technical or operational field, addressing tactical threats to processes, performance or people. This shortcoming can be overcome by widening the scope of risk management to encompass both strategic risks and upside opportunities, creating an integrated approach which can bridge the gap between strategy and tactics. Integrated risk management addresses risk across a variety of levels in the organisation, including strategy and tactics, and covering both opportunity and threat. Effective implementation of integrated risk management can produce a number of benefits to the organisation which are not available from the typical limited-scope risk process. This paper explores how to expand risk management to deliver strategic advantage while retaining its use as a tactical tool.

Keywords: risk management, success, organization, strategy, project, tactis, vision

Procedia PDF Downloads 360

Authors: Olaniyi O. Omoyajowo

Abstract:

To be successful in today’s competitive global environment, manufacturing industry must be able to respond quickly to changes in technology. These changes in technology introduce new risks and hazards. The management of risk/hazard in a manufacturing process recommends method through which the success rate of an organization can be increased. Thus, there is a continual need for manufacturing industries to invest significant amount of resources in risk management, which in turn optimizes the production output and profitability of any manufacturing industry (if implemented properly). To help improve the existing risk prevention and mitigation practices in Small and Medium Enterprise (SME) in Nigeria Manufacturing Industries (NMI), the researcher embarks on this research to develop a systematic Risk Management process.

Keywords: manufacturing management, risk, risk management, SMEs

Procedia PDF Downloads 359

Authors: Alexander Kelíšek, Denisa Janasová, Veronika Mitašová

Abstract:

Weak signals using is often associated with early warning. It is possible to find a link between early warning, respectively early problems detection and risk management. The idea of early warning is very important in the context of crisis management because of the risk prevention possibility. Weak signals are likened to risk symptoms. Nowadays, their usefulness as a tool of proactive problems solving is emphasized. Based on it, it is possible to use weak signals not only in strategic planning, project management, or early warning system, but also as a subsidiary element in risk management. The main question is how to effectively integrate weak signals into risk management. The main aim of the paper is to point out the possibilities of weak signals using in small and medium enterprises risk management.

Keywords: early warning system, weak signals, risk management, small and medium enterprises (SMEs)

Procedia PDF Downloads 388

Authors: Heba Abdelmotaal, Magdy Abdel-Kader

Abstract:

Purpose: This study explores whether a firm’s effective political risk management is preventing real and accrual earnings management . Design/methodology/approach: Based on a sample of 130 firms operating in Egypt during the period 2008-2013, two hypotheses are tested using the panel data regression models. Findings: The empirical findings indicate a significant relation between real and accrual earnings management and political risk. Originality/value: This paper provides a statistically evidence on the effects of the political risk management failure on the mangers’ engagement in the real and accrual earnings management practices, and its impact on the firm’s performance.

Keywords: political risk, risk management failure, real activities manipulation, accrual earnings management

Procedia PDF Downloads 403

Authors: Willie Eselebor

Abstract:

Environmental governance is not new, but may consist of a series of actions taken to establish sanity and ensure sustainable environment. While there is a growing accord linking disaster risk reduction with the management of environment and natural resources, little is known about failure to act which constitute vulnerability and how improved governance reduces risk globally. The paper reviews emerging trends in the field of application of governance tools and approaches for reducing disaster risk. The Hyogo Framework for Action (HFA) enjoin all stakeholders to stimulate the sustainable use and management of ecosystems, which promote the implementation of integrated environmental and natural resource planning that incorporate disaster risk reduction, including structural and non-structural measures, such as integrated management of fragile ecosystems. The methodology adopted is a case study of disaster-prone sites, prompting guided analysis on which hazards are traceable to environmental degradation, why a degraded environment reduces community resilience; how healthy ecosystems provide natural defense, and which opportunities exist to address gaps in reduction of disasters in Nigeria. The paper further analyses the interaction between disaster risk and environmental change. It is established that environmental governance remains a challenge; which implies that there is the need for a shift in traditional approaches to disaster risk management; exploring new initiatives and allowing environmental managers to be docketed as disaster risk managers in context, potentially opening up a window of dialogue on disaster risk management.

Keywords: disaster, ecosystem, environment, risk

Procedia PDF Downloads 319

Authors: Pırıl Tekin, Rızvan Erol

Abstract:

Risk management has become very important and popular in developing countries in recent years. Especially making patient and employee health and safety issues compulsory in the hospitals, raised the number of studies in Turkey. Also risk management become more important for hospital senior management from clinics to the laboratories. Because quality is really important to be chosen for both patients to consult and employees to prefer to work. And also risk management studies can lead to hospital management team about future works and methods. By this point of view, this study is the risk assessment carried out in the biggest dental hospital in the south part of Turkey. This study was conducted as a research case study, covering two different health care place; A Clinic and A Laboratory. It shows that the problems in this dental hospital and how it can solve all.

Keywords: risk management, healthcare, dental hospital, quality management

Procedia PDF Downloads 342

Authors: Rashid Masoud Ali Al-Mazrui, Ramadhani Mashaka Shabani

Abstract:

Islamic banks and financial institutions are exposed to the same risks as conventional banking. These risks include the rate return risk, credit or market risk, liquidity risk, and operational risk among others. However, being a financial institution that operates Islamic banking and finance operations, there is additional risk associated with its operations different from conventional finance, such as displacing commercial risk. They face Shari'ah compliance risks because of their failure to follow Shari'ah principles. To have proper mitigation and risk management, banks should have proper risk management policies to mitigate risks. This paper aims to study the risk management taken by Islamic banks in comparison with conventional banks. Also, the study evaluates the provisions for risk management taken by selected Islamic banks and conventional banks. The study employs qualitative analysis using secondary data by applying a content analysis approach with a sample size of 4 Islamic banks and four conventional banks ranging from 2010 to 2020. We find that these banks all use the same technique, except for the associated risk. The extra ways are used, but only for additional risks that are available to Islamic banking and finance.

Keywords: emerging risk, risk management, Islamic banking, conventional bank

Procedia PDF Downloads 39

Authors: Qiang Fu, Abu Saleh

Abstract:

Research studies are highly fragmented when an innovation management framework is being discussed. With the aim to identify an innovation management framework/assessment tool suitable for small & medium enterprises (SMEs) in the service industry, this researcher critically reviewed existing innovation management frameworks and assessment models/tools and discovered a number of literature gaps. It is established that existing literature lacks generally agreed innovation management dimensions, commonly accepted knowledge creation through empirical studies on innovation management in SMEs, effective innovation management performance measurements, and studies on innovation management in the service industry, in particular in retail SMEs. As such, there is a dire need to develop an appropriate firm-level innovation management framework suitable for SMEs in the service industry for a future research project and further study. In addition, this researcher also discussed the significance of establishing such an innovation management framework.

Keywords: innovation management, innovation management framework, innovation management assessment tools, SMEs, service industry

Procedia PDF Downloads 160

Authors: Nguyen Quang Kim, Nguyen Thu Hien, Nguyen Thien Dung

Abstract:

Flood disasters are increasing worldwide in both frequency and magnitude. Every year in Vietnam, flood causes great damage to people, property, and environmental degradation. The flood risk management policy in Vietnam is currently updated. The planning of flood mitigation strategies is reviewed to make a decision how to reach sustainable flood risk reduction. This paper discusses the basic approach where the measures of flood protection are chosen based on minimizing the present value of expected monetary expenses, total residual risk and costs of flood control measures. This approach will be proposed and demonstrated in a case study for flood risk management in Vinh Phuc province of Vietnam. Research also proposed the framework to find a solution of optimal protection level and optimal measures of the flood. It provides an explicit economic basis for flood risk management plans and interactive effects of options for flood damage reduction. The results of the case study are demonstrated and discussed which would provide the processing of actions helped decision makers to choose flood risk reduction investment options.

Keywords: drainage plan, flood planning, flood risk, residual risk, risk optimization

Procedia PDF Downloads 197

Authors: Hotlan Siagian, Han Tae Hee

Abstract:

This study aims to examine the effect of supplier trust and top management involvement on the supply chain risk management through buyer-supplier relationship. The population of the research is 44 Korean companies domiciled in East and Central Java of Indonesia. The respondent consists of a top management level from each company. Data collection used a questionnaire designed with five-item Likert scale. Collected data were analyzed using structural equation modeling (SEM) technique with SmartPLS software version 3.0 to examine the hypotheses. The result revealed that supplier trust has an effect on supply chain risk management, top management involvement affects supply chain risk management, supplier trust influences buyer-supplier relationship, top management involvement affects the buyer-supplier relationship, and buyer-supplier relationship affects supply chain risk management. The last finding is that buyer-supplier relationship empirically mediates the effect of supplier trust and top management involvement.

Keywords: buyer supplier relationship, supplier trust, supply chain risk management, top management involvement

Procedia PDF Downloads 176

Authors: Najeebah Almahmeed

Abstract:

Risk Management is an evolving subject among organizations that include corporations, governments, non-governmental organizations, and not-for-profit corporations. In order to enhance awareness around the importance of Risk Management and make sure everyone is using it in their day-to-day job, the Risk Culture topic has emerged and gained importance not only in the Finance Sector but also in the National Oil Companies in Kuwait. Risk Culture can be defined as the shared beliefs, attitudes, and behaviors within a company that guide its approach to managing risks. It acts as a connecting force that links policies, procedures, and individuals, influencing how risks are understood and tackled through activities. In this research, benefits of Risk Culture are shared, guidelines are presented to promote a risk aware culture, and fully embed and enforce Risk-based processes and procedures. Moreover, this research demonstrates methodologies of measuring the Risk Culture using specific dimensions and clusters.

Keywords: clusters, dimensions, national oil companies, risk culture, risk management

Procedia PDF Downloads 39

Authors: Masoud Ghahvechi Pour

Abstract:

Risk management is a systematic and regular process of identifying, analyzing and responding to risks throughout the project's life cycle in order to achieve the optimal level of elimination, reduction or control of risk. The purpose of project risk management is to increase the probability and effect of positive events and reduce the probability and effect of unpleasant events on the project. Risk management is one of the most fundamental parts of project management, so that unmanaged or untransmitted risks can be one of the primary factors of failure in a project. Effective risk management does not apply to risk regression, which is apparently the cheapest option of the activity. However, the main problem with this option is the economic sensitivity, because what is potentially profitable is by definition risky, and what does not pose a risk is economically interesting and does not bring tangible benefits. Therefore, in relation to the implemented project, effective risk management is finding a "middle ground" in its management, which includes, on the one hand, protection against risk from a negative direction by means of accurate identification and classification of risk, which leads to analysis And it becomes a comprehensive analysis. On the other hand, management using all mathematical and analytical tools should be based on checking the maximum benefits of these decisions. Detailed analysis, taking into account all aspects of the company, including stakeholder analysis, will allow us to add what will become tangible benefits for our project in the future to effective risk management. Identifying the risk of the project is based on the theory that which type of risk may affect the project, and also refers to specific parameters and estimating the probability of their occurrence in the project. These conditions can be divided into three groups: certainty, uncertainty, and risk, which in turn support three types of investment: risk preference, risk neutrality, specific risk deviation, and its measurement. The result of risk identification and project analysis is a list of events that indicate the cause and probability of an event, and a final assessment of its impact on the environment.

Keywords: risk, management, knowledge, risk management

Procedia PDF Downloads 26

Authors: Seyed Vahid Kamal Alavi

Abstract:

Italy has experienced a notable quantity and impact of disasters due to natural hazards and technological accidents caused by diverse risk sources on its physical, technological, and human/sociological infrastructures during past decade. This study discusses the frequency and impacts of the most three physical devastating natural hazards in Italy for the period 2000–2013. The approach examines the reliability of a range of open source WebGIS techniques versus a proposed multi-hazard risk management methodology. Spatial and attribute data which include USGS publically available hazard data and thirteen years Munich RE recorded data for Italy with different severities have been processed, visualized in a GIS (Geographic Information System) framework. Comparison of results from the study showed that the multi-hazard risk maps generated using open source techniques do not provide a reliable system to analyze the infrastructures losses in respect to national risk sources while they can be adopted for general international risk management purposes. Additionally, this study establishes the possibility to critically examine and calibrate different integrated techniques in evaluating what better protection measures can be taken in an area.

Keywords: multi-hazard risk mapping, risk management, GIS, Italy

Procedia PDF Downloads 335

Authors: Tio Novita Efriani

Abstract:

Public sector organizations work in a complex and risky environment. Since the beginning of 2000s, the public sector has paid attention to the need for an effective risk management. The Indonesian public sector has also concerned about this issue and in 2008 it enacted the Government Regulation that gives mandate for the implementation of risk management in government organizations. This paper investigates risk management implementation in the Indonesian public sector organizations and the role of transformational leadership and internal audit activities. Data was collected via survey. A total of 202 effective responses (30% response rate) from employees in 34 government ministries were statistically analyzed by using Partial least square structural equation modelling (PLS-SEM) and the software was SmartPLS 3.0. All the constructs were lower order, except for the risk management implementation construct, which was treated as a second-order construct. A two-stage approach was employed in the analysis of the higher order component. The findings revealed that transformational leadership positively influence risk management implementation. The findings also found that the core and legitimate roles of internal audit in risk management positively affect the implementation of risk management. The final finding showed that internal auditing mediates a relationship between transformational leadership and risk management implementation. These results suggest that the implementation of risk management in the Indonesian public sector was significantly supported by internal auditors and leadership. The findings confirm the importance of transformational leadership and internal audit in the public sector risk management strategies.

Keywords: Indonesian public sector, internal audit, risk management, transformational leadership

Procedia PDF Downloads 168

Authors: Pitsanu Tongkhow, Pichet Jiraprasertwong

Abstract:

This research investigates risk factors for defective products in autoparts factories. Under a Bayesian framework, a generalized linear mixed model (GLMM) in which the dependent variable, the number of defective products, has a Poisson distribution is adopted. Its performance is compared with the Poisson GLM under a Bayesian framework. The factors considered are production process, machines, and workers. The products coded RT50 are observed. The study found that the Poisson GLMM is more appropriate than the Poisson GLM. For the production Process factor, the highest risk of producing defective products is Process 1, for the Machine factor, the highest risk is Machine 5, and for the Worker factor, the highest risk is Worker 6.

Keywords: defective autoparts products, Bayesian framework, generalized linear mixed model (GLMM), risk factors

Procedia PDF Downloads 543

Authors: Aparna Viswanath

Abstract:

Electricity spot prices are highly volatile under optimal generation capacity scenarios due to factors such as non-storability of electricity, peak demand at certain periods, generator outages, fuel uncertainty for renewable energy generators, huge investments and time needed for generation capacity expansion etc. As a result market participants are exposed to price and volume risk, which has led to the development of risk management practices. This paper provides an overview of risk management practices by market participants in electricity markets using financial derivatives.

Keywords: financial derivatives, forward, futures, options, risk management

Procedia PDF Downloads 447

Authors: E. Cenderelli, E. Bruno, G. Iacoviello, A. Lazzini

Abstract:

The financial sector is exposed to the risk of cyber-attacks like any other industrial sector. Furthermore, the topic of CybeRisk (cyber risk) has become particularly relevant given that Information Technology (IT) attacks have increased drastically in recent years, and cannot be stopped by single organizations requiring a response at international and national level. IT risk is never a matter purely for the IT manager, although he clearly plays a key role. A bank's risk management function requires a thorough understanding of the evolving risks as well as the tools and practical techniques available to address them. Upon the request of European and national legislation regarding CybeRisk in the financial system, banks are therefore called upon to strengthen the operational model for CybeRisk management. This will require an important change with a more intense collaboration with the structures that deal with information security for the development of an ad hoc system for the evaluation and control of this type of risk. The aim of the work is to propose a framework for the management and control of CybeRisk that will bridge the gap in the literature regarding the understanding and consideration of CybeRisk as an integral part of business management. The IT function has a strong relevance in the management of CybeRisk, which is perceived mainly as operational risk, but with a positive tendency on the part of risk management to the identification of CybeRisk assessment methods that are increasingly complete, quantitative and able to better describe the possible impacts on the business. The paper provides answers to the research questions: Is it possible to define a CybeRisk governance structure able to support the comparison between risk and security? How can the relationships between IT assets be integrated into a cyberisk assessment framework to guarantee a system of protection and risks control? From a methodological point of view, this research uses a case study approach. The choice of “Monte dei Paschi di Siena” was determined by the specific features of one of Italy’s biggest lenders. It is chosen to use an intensive research strategy: an in-depth study of reality. The case study methodology is an empirical approach to explore a complex and current phenomenon that develops over time. The use of cases has also the advantage of allowing the deepening of aspects concerning the "how" and "why" of contemporary events, on which the scholar has little control. The research bases on quantitative data and qualitative information obtained through semi-structured interviews of an open-ended nature and questionnaires to directors, members of the audit committee, risk, IT and compliance managers, and those responsible for internal audit function and anti-money laundering. The added value of the paper can be seen in the development of a framework based on a mapping of IT assets from which it is possible to identify their relationships for purposes of a more effective management and control of cyber risk.

Keywords: bank, CybeRisk, information technology, risk management

Procedia PDF Downloads 207

Authors: Gregory Michael McMahon

Abstract:

Risk management for the purposes of minimizing the damages from the operations of dams has met with opposition emerging from organisations and authorities, and their practitioners. It appears that the cause may be a misunderstanding of risk management arising from exchanges that mix deterministic thinking with risk-centric thinking and that do not separate uncertainty from reliability and accuracy from probability. This paper sets out those misunderstandings that arose from dam operations at Wivenhoe in 2011, using a comparison of outcomes that have been based on the methodology and its rules and those that have been operated by applying misunderstandings of the rules. The paper addresses the performance of one risk-centric Flood Manual for Wivenhoe Dam in achieving a risk management outcome. A mixture of engineering, administrative, and legal factors appear to have combined to reduce the outcomes from the risk approach. These are described. The findings are that a risk-centric Manual may need to assist administrations in the conduct of scenario training regimes, in responding to healthy audit reporting, and in the development of decision-support systems. The principal assistance needed from the Manual, however, is to assist engineering and the law to a good understanding of how risks are managed – do not assume that risk management is understood. The wider findings are that the critical profession for decision-making downstream of the meteorologist is not dam engineering or hydrology, or hydraulics; it is risk management. Risk management will provide the minimum flood damage outcome where actual rainfalls match or exceed forecasts of rainfalls, that therefore risk management will provide the best approach for the likely history of flooding in the life of a dam, and provisions made for worst cases may be state of the art in risk management. The principal conclusion is the need for training in both risk management as a discipline and also in the application of risk management rules to particular dam operational scenarios.

Keywords: risk management, flood control, dam operations, deterministic thinking

Procedia PDF Downloads 47

Authors: Gampel Alexander, Mazzuchi Thomas, Sarkani Shahram

Abstract:

The cybersecurity landscape is constantly evolving, and organizations must adapt to the changing threat environment to protect their assets. The implementation of the NIST Risk Management Framework (RMF) has become critical in ensuring the security and safety of industrial control and automation systems. However, cybersecurity professionals are facing challenges in implementing RMF, leading to systems operating without authorization and being non-compliant with regulations. The current approach to RMF implementation based on business practices is limited and insufficient, leaving organizations vulnerable to cyberattacks resulting in the loss of personal consumer data and critical infrastructure details. To address these challenges, this research proposes a Model-Based Systems Engineering (MBSE) approach to implementing cybersecurity controls and assessing risk through the RMF process. The study emphasizes the need to shift to a modeling approach, which can streamline the RMF process and eliminate bloated structures that make it difficult to receive an Authorization-To-Operate (ATO). The study focuses on the practical application of MBSE in industrial control and automation systems to improve the security and safety of operations. It is concluded that MBSE can be used to solve the implementation challenges of the NIST RMF process and improve the security of industrial control and automation systems. The research suggests that MBSE provides a more effective and efficient method for implementing cybersecurity controls and assessing risk through the RMF process. The future work for this research involves exploring the broader applicability of MBSE in different industries and domains. The study suggests that the MBSE approach can be applied to other domains beyond industrial control and automation systems.

Keywords: authorization-to-operate (ATO), industrial control systems (ICS), model-based system’s engineering (MBSE), risk management framework (RMF)

Procedia PDF Downloads 51

Authors: Azar Baghtaghi

Abstract:

Financial risk management is critically important as it enables companies to maintain stability and profitability amidst market fluctuations and unexpected events. It involves the precise identification of risks that could impact investments, assets, and potential revenues. By implementing effective risk management strategies, companies can insure themselves against adverse market changes and prevent potential losses. In today's era, where markets are highly complex and influenced by various factors such as macroeconomic policies, exchange rate fluctuations, and natural disasters, the need for meticulous planning to cope with these uncertainties is more pronounced. Ultimately, financial risk management means being prepared for the future and the ability to sustain business in changing environments. A company capable of managing its risks not only achieves sustainable profitability but also gains the confidence of shareholders, investors, and business partners, enhancing its competitive position in the market. In this article, the types of financial risk and risk management strategies for improving financial performance were investigated. By identifying the risks stated in this article and their evaluation techniques, it is possible to improve the organization's financial performance.

Keywords: strategy, risk, risk management, financial performance

Procedia PDF Downloads 12

Authors: Malani Herath, Sohan Wijesekera, Jagath Munasingha

Abstract:

The impact of recent floods become significant, and the extraordinary flood events cause considerable damage to lives, properties, environment and negatively affect the whole development of Colombo urban region. Even though the Colombo urban region experiences recurrent flood impacts, several spatial planning interventions have been taken from time to time since early 20th century. All past plans have adopted a traditional approach to flood management, using infrastructural measures to reduce the chance of flooding together with rigid planning regulations. The existing flood risk management practices do not operate to be acceptable by the local community particular the urban poor. Researchers have constantly reported the differences in estimations of flood risk, priorities, concerns of experts and the local community. Risk-based decision making in flood management is not only a matter of technical facts; it has a significant bearing on how flood risk is viewed by local community and individuals. Moreover, sustainable flood management is an integrated approach, which highlights joint actions of experts and community. This indicates the necessity of further societal discussion on the acceptable level of flood risk indicators to prioritize and identify the appropriate flood management measures in Colombo. The understanding and evaluation of flood risk by local people are important to integrate in the decision-making process. This research questioned about the gap between the acceptable level of flood risk to spatial planners and to the local communities in Colombo. A comprehensive literature review was conducted to prepare a framework to analyze the public perception in Colombo. This research work identifies the factors that affect the variation of flood risk and acceptable levels to both local community and planning authorities.

Keywords: Colombo basin, public perception, urban flood risk, multi-criteria analysis

Procedia PDF Downloads 281

Authors: Mahalakshmi Vivekanandan S.

Abstract:

As per the recent changes happening in the global policies, climate-related changes and the impact it causes across every sector are viewed as green swan events – in essence, climate-related changes can often happen and lead to risk and a lot of uncertainty, but needs to be mitigated instead of considering them as black swan events. This brings about a question on how this risk can be computed so that the financial institutions can plan to mitigate it. Climate-related changes impact all risk types – credit risk, market risk, operational risk, liquidity risk, reputational risk and other risk types. And the models required to compute this has to consider the different industrial needs of the counterparty, as well as the factors that are contributing to this – be it in the form of different risk drivers, or the different transmission channels or the different approaches and the granular form of data availability. This brings out the suggestion that the climate-related changes, though it affects Pillar I risks, will be a Pillar II risk. This has to be modeled specifically based on the financial institution’s actual exposure to different industries instead of generalizing the risk charge. And this will have to be considered as the additional capital to be met by the financial institution in addition to their Pillar I risks, as well as the existing Pillar II risks. In this paper, the author presents a risk assessment framework to model and assess climate change risks - for both credit and market risks. This framework helps in assessing the different scenarios and how the different transition risks affect the risk associated with the different parties. This research paper delves into the topic of the increase in the concentration of greenhouse gases that in turn cause global warming. It then considers the various scenarios of having the different risk drivers impacting the Credit and market risk of an institution by understanding the transmission channels and also considering the transition risk. The paper then focuses on the industry that’s fast seeing a disruption: the automobile industry. The paper uses the framework to show how the climate changes and the change to the relevant policies have impacted the entire financial institution. Appropriate statistical models for forecasting, anomaly detection and scenario modeling are built to demonstrate how the framework can be used by the relevant agencies to understand their financial risks. The paper also focuses on the climate risk calculation for the Pillar II Capital calculations and how it will make sense for the bank to maintain this in addition to their regular Pillar I and Pillar II capital.

Keywords: capital calculation, climate risk, credit risk, pillar ii risk, scenario modeling

Procedia PDF Downloads 99