Table of contents for Library of Congress control number 2005275525

Table of contents for Maasailand ecology : pastoralist development and wildlife conservation in Ngorongoro, Tanzania / K.M. Homewood and W.A. Rodgers.

Bibliographic record and links to related information available from the Library of Congress catalog. Note: Electronic data is machine generated. May be incomplete or contain other coding.




1 The problem of risk management for information systems in the bank-
ing industry                                                 1
1.1 Business drivers for operational risk management ..........  2
1.2 Research questions .............................. 16
1.3 Objectives ................................. 17
1.4 Relevance for the research field of information systems ........... 20
1.5 Structure of the thesis ... ....................... 22

2 Core concepts and review of current research - IS risks in the context
of banks' business processes                                25
2.1 Business processes of banks under changing conditions ....... 27
2.1.1  Business processes of banks ................... 27
2.2 Risk, IS risks, and operational risk ................... . 44
2.2.1  The concept of risk ........................... 44
2.2.2 IS risks and operational risks .................. 50
2.3 Risk management ..............................           56
2.3.1  Origins and definition of risk management ...........  56
2.3.2  Risk management in the context of bank management . . . 60
2.3.2.1  Legal foundations of banks' risk management ... 60
2.3.2.2  Banks'risk management ............... 64
2.3.3  Risk management in the context of information systems . . 76
2.3.4  The risk management process .................. 80
2.4 Review of current research .......................    . 84
2.4.1  Project management research .................. 87
2.4.2  Outsourcing research . ......................    90
2.4.3  System development research  ..................  92
2.4.4  Security research .......................... 95
2.4.5  Closer review of a selected approach .............. 96
2.5 Basic research theses ............................      105

3 Three key perspectives of investigation                     119
3.1 Exploring the field - Mobile banking .................. 121
3.2 Methodological aspects of key perspective 1 - Risk management
profiles of existing approaches  ..................... 135



3.2.1  Selection of approaches for the analysis .......... .. 136
3.2.2  Development of a set of analysis criteria ............. . 147
3.3  Methodological aspects of key perspective 2 - Current risk man-
agement procedures and tools ....................... 153
3.3.1  Ontological and epistemological perspective .........  154
3.3.2  Selection of participants ..................... 157
3.3.3  Data types and assessment of data ...............  160
3.3.4  Operationalisation and design of a measurement instrument 164
3.3.4.1  Operationalisation  ................... 164
3.3.4.2  Interview design ...................     . 165
3.3.4.3  Interview guidelines .................   . 170
3.3.5  Administration of the research study  ............. 172
3.3.5.1  A personal cover letter ................   174
3.3.5.2  Timeliness and continuity  .............. . 182
3.3.5.3  Information and expertise  ............. 184
3.3.6  Data collection ......................... .188
3.4 Methodological aspects of key perspective 3 - Requirements speci-
fications .................................             . 197

4 Results of the study - The demand for new developments In the field
of IS risk management                                         203
4.1 Key perspective 1 - Risk management profiles of existing approaches204
4.1.1  Analysis of approaches from the IS discipline .........  205
4.1.1.1  System development and software improvement . 206
4.1.1.2  Security .......................... 224
4.1.1.3  Project management .................. 228
4.1.1.4  Controlling of information systems .......... . 231
4.1.2  Deliverables of KP1: Analysis instrument and risk manage-
ment profiles  ....................... ....           233
4.2  Key perspective 2 - Current risk management procedures and tools 238
4.2.1  Data analysis ........................... .238
4.2.1.1  Univariate analysis for investigating the research
theses ..........................        . 239
4.2.1.2  Bivariate analysis for investigating the research the-
ses .............................240
4.2.2  Research thesis KP2-T1: IS risks, system risks, and opera-
tional risks ............................        . 241
4.2.3  Research thesis KP2-T2: Outsourcing and IS risk management250
4.2.4  Research thesis KP2-T3: Organisational aspects of opera-
tional risk management ..................... 251
4.2.5  Research thesis KP2-T4: The risk management process ... 253
4.2.6  Research thesis KP2-T5: Current use of software tools .... 257
4.2.7  Research thesis KP2-T6: IS risk management and supervi-
sory recommendations ....................... 259



4.3 Key perspective 3 - Requirement specifications for future develop-
ments .      ................................... 261
4.3.1  Research thesis KP3-T1: IS risks and the changing banking
business ...............................262
4.3.2  Research thesis KP3-T2:Difficulties with identifying and as-
sessing operational risks .....................  . 264
4.3.3  Research thesis KP3-T3: Contribution of existing IS approaches
to IS risk management ...................... 267
4.3.4  Research thesis KP3-T4: Requirements for IS risk manage-
ment and changing business conditions ........... . 271
4.3.5  Research thesis KP3-T5: Demand for a software tool .... 275
4.3.6  Research thesis KP3-T6: Preference for software tools to sup-
port IS risk management .....................    . 277
4.3.7  Research thesis KP3-T7: Relationship between different risk
categories for expected loss and estimated probability of oc-
currence (Question 1.3) .....................    . 279
4.3.8  Research thesis KP3-T8: Relationship between risk categories
and system life cycle (Question 1.5)  .............. 283
4.3.9  Research thesis KP3-T9: Relationship between expected loss
and probability of occurrence, on the one hand, and the im-
portance of a risk category, on the other (Questions 1.3 and
1.5) ................................. 286
4.3.10 Research thesis KP3-T10: Relationship between various in-
fluence factors on IS risks (Question 1.7) .......... . 292
4.3.11 Research thesis KP3-T11: Relationship between difficulties
and requirements, on the one hand, and applied methods,
on the other (Questions 3.3,3.4, and 4.4) ...........  293
4.3.12 Research thesis KP3-T12: Relationship between difficulties
of identifying and assessing risks, on the one hand, and the
evaluation of existing approaches, on the other (Questions
3.4 and 4.1) ............................ .        300
4.3.13 Deliverables of KP3: Requirements specifications ...... 301
4.4  Revision of the research theses .....................  . 306

5 Interpretation of the results - Suggestions for new developments and
future research                                               315
5.1 Suggestions for new developments ................... 317
5.1.1  Suggestion 1: Checking for sufficient comprehensiveness,
life cycle coverage, and IS risk sensitivity ........... 317
5.1.2  Suggestion 2: Improving the common understanding of op-
erational risks ............................ 320
5.1.3  Suggestion 3: Linking operational risk management as a
formal requirement with actual IS risk management activities323
Library of Congress Subject Headings for this publication: