Skip to main content
SpringerLink
Log in

Emerging IT Risks: Insights from German Banking

  • Published:
The Geneva Papers on Risk and Insurance - Issues and Practice Aims and scope Submit manuscript

Abstract

How do German banks manage the emerging risks stemming from IT innovations such as cyber risk? With a focus on process, roles and responsibilities, field data from ten banks participating in the 2014 ECB stress test were collected by interviewing IT managers, risk managers and external experts. Current procedures for handling emerging risks in German banks were identified from the interviews and analysed, guided by the extant literature. A clear gap was found between enterprise risk management (ERM) as a general approach to risks threatening firms’ objectives and ERM’s neglect of emerging risks, such as those associated with IT innovations. The findings suggest that ERM should be extended towards the collection and sharing of knowledge to allow for an initial understanding and description of emerging risks, as opposed to the traditional ERM approach involving estimates of impact and probability. For example, as cyber risks emerge from an IT innovation, the focus may need to switch towards reducing uncertainty through knowledge acquisition. Since individual managers seldom possess all relevant knowledge of an IT innovation, various stakeholders may need to be involved to exploit their expertise.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2

Similar content being viewed by others

Notes

  1. Ali et al. (2014); Bhargava (2014); COSO (2017); Roland Berger (2015).

  2. Price and Adams (2015).

  3. Medcraft (2015).

  4. Ruan (2017).

  5. Aven (2016); Feduzi and Runde (2014); Flage and Aven (2015).

  6. Wilson et al. (2010).

  7. Anginer et al. (2014); COSO (2017); RIMS (2010).

  8. COSO (2017).

  9. Kloman (1992, p. 302).

  10. Aven (2012); Jäger (2009).

  11. Arena et al. (2010).

  12. Emblemsvåg (2010).

  13. Mikes (2009).

  14. Beasley et al. (2016); Köhler and Som (2014).

  15. IAA (2008); Jäger (2009); Munich Re (2016).

  16. Smith and Fischbacher (2009).

  17. IAA (2008).

  18. Beasley et al. (2016); Diaz-Rainey et al. (2015); RBS (2014).

  19. Diaz-Rainey et al. (2015); Häckel et al. (2015).

  20. Aven (2016); Flage and Aven (2015).

  21. Hayne and Free (2014).

  22. Paape and Speklé (2012).

  23. Babb (2013).

  24. Ridley et al. (2008).

  25. Jovanovi and Löscher (2013).

  26. García-Granero et al. (2015).

  27. e.g., Bowers and Khorakian (2014); Köhler and Som (2014); Maynard (2015); Praeg (2014).

  28. Gollier et al. (2013); Mikes (2011); Power (2009); Zhao et al. (2015).

  29. Krane et al. (2014).

  30. Perminova et al. (2008).

  31. Aven (2010a); Bjerga and Aven (2015).

  32. Feduzi and Runde (2014).

  33. Aven (2010b).

  34. Aven (2010a); Bromiley and Rau (2014); March and Shapira (1987).

  35. Klüppelberg et al. (2014).

  36. Gollier et al. (2013).

  37. Bromiley and Rau (2014).

  38. Dombret (2015); Maynard (2015).

  39. Mikes (2009); Paape and Speklé (2012).

  40. Beasley et al. (2015).

  41. Mikes and Kaplan (2015).

  42. Keith (2014).

  43. Liebenberg and Hoyt (2003).

  44. EBA (2014).

  45. Bessis (2010).

  46. Acharya et al. (2014).

  47. Deutsche Bundesbank (2014b).

  48. Gioia et al. (2013).

  49. Jacks and Palvia (2014).

  50. Davis and Eisenhardt (2011).

  51. Beasley et al. (2015); COSO (2004); Deutsche Bundesbank (2014a); FFSA (2014); IRGC (2011); Kleffner et al. (2003); Teece (2012); Wilson et al. (2010).

  52. Graebner and Eisenhardt (2004).

  53. Wu and Olson (2008).

  54. Allan et al. (2011).

  55. Allan et al. (2011, p. 189).

  56. COSO (2004).

  57. Khoo (2012).

  58. Christiansen and Thrane (2014).

  59. Power (2004a).

  60. Taylor et al. (2012).

  61. O'Connor et al. (2008).

  62. IRCG (2011).

  63. Aven (2012).

  64. RIMS (2010).

  65. COSO (2004); Moeller (2007).

  66. Conforti et al. (2013).

  67. Yeo (1995).

  68. Bromiley and Rau (2014).

  69. March and Shapira (1987).

  70. Bjerga and Aven (2015).

  71. Kasperson et al. (1988).

  72. Perminova et al. (2008); Renn et al. (2011).

  73. Häckel et al. (2015).

  74. White (1995).

  75. Blockley (2013).

  76. BCBS (2014).

  77. Beasley et al. (2015); Subramaniam et al. (2015).

  78. Dombret (2015).

  79. Hall et al. (2015).

  80. Aven (2016).

  81. Flage and Aven (2015).

  82. Power (2004b).

  83. Power (2004b); Rodriguez and Edwards (2014).

  84. e.g., Rosati et al. (2017).

References

  • Acharya, V., Engle, R. and Pierret, D. (2014) ‘Testing macroprudential stress tests: the risk of regulatory risk weights’, Journal of Monetary Economics 65: 36–53.

    Google Scholar 

  • Aebi, V., Sabato, G. and Schmid, M. (2012) ‘Risk management, corporate governance, and bank performance in the financial crisis’, Journal of Banking & Finance 36(12): 3213–3226.

    Google Scholar 

  • Ali, R., Barrdear, J., Clews, R. and Southgate, J. (2014) ‘Innovations in payment technologies and the emergence of digital currencies’, Bank of England Quarterly Bulletin 54(3): 262–275.

    Google Scholar 

  • Allan, N., Cantle, N., Godfrey, P. and Yin, Y. (2011) A review of the use of complex systems applied to risk appetite and emerging risks in ERM practice. Retrieved from http://www.actuaries.org.uk/research-and-resources/documents/review-use-complex-systems-applied-risk-appetite-and-emerging-ris-0.

  • Anginer, D., Demirguc-Kunt, A. and Zhu, M. (2014) ‘How does competition affect bank systemic risk?’, Journal of Financial Intermediation 23(1): 1–26.

    Google Scholar 

  • Arena, M., Arnaboldi, M. and Azzone, G. (2010) ‘The organizational dynamics of enterprise risk management’, Accounting, Organizations and Society 35(7): 659–675.

    Google Scholar 

  • Aven, T. (2010a) ‘Some reflections on uncertainty analysis and management’, Reliability Engineering & System Safety 95(3): 195–201.

    Google Scholar 

  • Aven, T. (2010b) ‘On how to define, understand and describe risk’, Reliability Engineering & System Safety 95(6): 623–631.

    Google Scholar 

  • Aven, T. (2012) ‘The risk concept—historical and recent development trends’, Reliability Engineering & System Safety 99: 33–44.

    Google Scholar 

  • Aven, T. (2016) ‘Risk assessment and risk management: review of recent advances on their foundation’, European Journal of Operational Research 253(1): 1–13.

    Google Scholar 

  • Babb, S. (2013) ‘Using COBIT 5 for risk management’, COBIT Focus 4: 3.

    Google Scholar 

  • Basel Committee on Banking Supervision (2014) Basel committee on banking supervision review of the principles for the sound management of operational risk. Retrieved from http://www.bis.org/publ/bcbs292.pdf.

  • Beasley, M., Branson, B. and Pagach, D. (2015) ‘An analysis of the maturity and strategic impact of investments in ERM’, Journal of Accounting and Public Policy 34(3): 219–243.

    Google Scholar 

  • Beasley, M., Branson, B., Pagach, D., Scott, P., Christensen, B., DeLoach, J. and Donahue, K. (2016) Executive perspectives on top risks for 2016: key issues being discussed in the boardroom and C-suite. Retrieved from https://erm.ncsu.edu/az/erm/i/chan/library/NC-State-Protiviti-Survey-Top-Risks-2016.pdf.

  • Bessis, J. (2010) Risk management in banking, 3rd ed. Chichester: John Wiley.

    Google Scholar 

  • Bhargava, A. (2014) ‘Examining best practices in operational risk management’, The RMA Journal 97(2): 64–69.

    Google Scholar 

  • Bjerga, T. and Aven, T. (2015) ‘Adaptive risk management using new risk perspectives—an example from the oil and gas industry’, Reliability Engineering & System Safety 134: 75–82.

    Google Scholar 

  • Blockley, D. (2013) ‘Analysing uncertainties: towards comparing Bayesian and interval probabilities’, Mechanical Systems and Signal Processing 37(1–2): 30–42.

    Google Scholar 

  • Bowers, J. and Khorakian, A. (2014) ‘Integrating risk management in the innovation project’, European Journal of Innovation Management 17(1): 25–40.

    Google Scholar 

  • Bromiley, P. and Rau, D. (2014) ‘Looking under the lamppost? A research agenda for increasing enterprise risk management’s usefulness to practitioners’, in T.J. Andersen (ed.) Contemporary Challenges in Risk Management. Palgrave Macmillan, pp 50–62.

  • Christiansen, U. and Thrane, S. (2014) ‘The prose of action: the micro dynamics of reporting on emerging risks in operational risk management’, Scandinavian Journal of Management 30(4): 427–443.

    Google Scholar 

  • Conforti, R., La Rosa, M., Fortino, G., ter Hofstede, A.H.M., Recker, J. and Adams, M. (2013) ‘Real-time risk monitoring in business processes: a sensor-based approach’, Journal of Systems and Software 86(11): 2939–2965.

    Google Scholar 

  • COSO (2004) Enterprise risk managementintegrated framework. Retrieved from https://www.coso.org/Documents/COSO-ERM-Executive-Summary.pdf.

  • COSO (2017) Enterprise risk managementintegrating with strategy and performance. Retrieved from https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf.

  • Davis, J.P. and Eisenhardt, K.M. (2011) ‘Rotating Leadership and Collaborative Innovation: Recombination Processes in Symbiotic Relationships’, Administrative Science Quarterly 56(2): 159–201.

    Google Scholar 

  • Deutsche Bundesbank (2014a) Annual report 2014. Retrieved from https://www.bundesbank.de/Redaktion/EN/Downloads/Publications/Annual_Report/2014_annual_report.pdf?__blob=publicationFile.

  • Deutsche Bundesbank (2014b) The German banks in the comprehensive assessment: an overview of the results. Retrieved from http://www.bafin.de/SharedDocs/Downloads/EN/dl_141026_pm_comprehensive_assessment_anlage_en.pdf?__blob=publicationFile.

  • Diaz-Rainey, I., Ibikunle, G. and Mention, A.-L. (2015) ‘The technological transformation of capital markets’, Technological Forecasting and Social Change 99: 277–284.

    Google Scholar 

  • Dombret, A. (2015) Totally digital? The future of banking business: the opportunities and challenges of digitalisation for banks and insurers. Retrieved from http://www.bundesbank.de/Redaktion/EN/Reden/2015/2015_10_26_dombret.html?nsc=true.

  • Eckles, D.L., Hoyt, R.E. and Miller, S.M. (2014) ‘The impact of enterprise risk management on the marginal cost of reducing risk: evidence from the insurance industry’, Journal of Banking & Finance 43: 247–261.

    Google Scholar 

  • Emblemsvåg, J. (2010) ‘The augmented subjective risk management process’, Management Decision 48(2): 248–259.

    Google Scholar 

  • European Banking Authority (EBA) (2014) 2014 EU-wide stress test results. Retrieved from http://www.eba.europa.eu/risk-analysis-and-data/eu-wide-stress-testing/2014/results.

  • Farrell, M. and Gallagher, R. (2015) ‘The valuation implications of enterprise risk management maturity’, Journal of Risk and Insurance 82(3): 625–657.

    Google Scholar 

  • Federal Financial Supervisory Authority (FFSA) (2014) Banking supervision in Germany. Retrieved from https://www.bafin.de/EN/DieBaFin/AufgabenGeschichte/Bankenaufsicht/bankenaufsicht_artikel_en.html.

  • Feduzi, A. and Runde, J. (2014) ‘Uncovering unknown unknowns: towards a Baconian approach to management decision-making’, Organizational Behavior and Human Decision Processes 124(2): 268–283.

    Google Scholar 

  • Flage, R. and Aven, T. (2015) ‘Emerging risk—conceptual definition and a relation to black swan type of events’, Reliability Engineering & System Safety 144: 61–67.

    Google Scholar 

  • García-Granero, A., Llopis, Ó., Fernández-Mesa, A. and Alegre, J. (2015) ‘Unraveling the link between managerial risk-taking and innovation: the mediating role of a risk-taking climate’, Journal of Business Research 68(5): 1094–1104.

    Google Scholar 

  • Gioia, D.A., Corley, K.G. and Hamilton, A.L. (2013) ‘Seeking qualitative rigor in inductive research: notes on the Gioia methodology’, Organizational Research Methods 16(1): 15–31.

    Google Scholar 

  • Gollier, C., Hammitt, J.K. and Treich, N. (2013) ‘Risk and choice: a research saga’, Journal of Risk and Uncertainty 47(2), 129–145.

    Google Scholar 

  • Grace, M.F., Leverty, J.T., Phillips, R.D. and Shimpi, P. (2015) ‘The value of investing in enterprise risk management’, Journal of Risk and Insurance, 82(2): 289–316.

    Google Scholar 

  • Graebner, M.E. and Eisenhardt, K.M. (2004) ‘The seller’s side of the story: acquisition as courtship and governance as syndicate in entrepreneurial firms’, Administrative Science Quarterly 49(3): 366–403.

    Google Scholar 

  • Häckel, B., Isakovic, V. and Moser, F. (2015) ‘Integrated long- and short-term valuation of IT innovation investments’, Electronic Markets 25(1): 73–85.

    Google Scholar 

  • Hall, M., Mikes, A. and Millo, Y. (2015) ‘How do risk managers become influential? A field study of toolmaking in two financial institutions’, Management Accounting Research 26: 3–22.

    Google Scholar 

  • Halliday, S.W. (2013) The Structure of Risk Management in Leading Australian Companies. Doctoral dissertation (unpublished), Charles Sturt University, Sydney.

  • Hayne, C. and Free, C. (2014) ‘Hybridized professional groups and institutional work: COSO and the rise of enterprise risk management’, Accounting, Organizations and Society 39(5): 309–330.

    Google Scholar 

  • Hoyt, R.E. and Liebenberg, A.P. (2011) ‘The value of enterprise risk management’, Journal of Risk and Insurance 78(4): 795–822.

    Google Scholar 

  • International Actuarial Association (IAA) (2008) Practice note on enterprise risk management for capital and solvency purposes in the insurance industry. Retrieved from http://www.actuaries.org.uk/research-and-resources/documents/practice-note-enterprise-risk-management-erm-capital-and-solvency-p.

  • International Risk Governance Council (IRGC) (2011) Improving the management of emerging risks: risks from new technologies, system interactions, and unforeseen or changing circumstances: concept note. Geneva: International Risk Governance Council. Retrieved from https://www.irgc.org/risk-governance/emerging-risk/risk-management-in-industry/.

  • Jacks, T. and Palvia, P. (2014) ‘Measuring value dimensions of IT occupational culture: an exploratory analysis’, Information Technology and Management 15(1): 19–35.

    Google Scholar 

  • Jäger, A. (2009) Risikobewertung und Risikomanagement von emerging risks in der Industrieversicherung. Einflussgrößen und Handlungsstrategien in der Versicherungsindustrie am Beispiel Nanotechnologien. Dissertation, University of Stuttgart, Stuttgart.

  • Jovanovi, A.S. and Löscher, M. (2013) iNTeg-Risk project: how much nearer are we to improved “Early Recognition, Monitoring and Integrated Management of Emerging, New Technology related Risks”? Retrieved from http://cordis.europa.eu/docs/results/213345/final1-jovanovic-integrisk2013-v15aj06092013.pdf.

  • Kasperson, R.E., Renn, O., Slovic, P., Brown, H.S., Emel, J., Goble, R., Kasperson, J.X., Ratick, S. (1988) ‘The social amplification of risk: a conceptual framework’, Risk Analysis 8(2): 177–187.

    Google Scholar 

  • Keith, J.L. (2014) Enterprise risk management: developing a strategic ERM alignment frameworkFinance sector. Dissertatation, Brunel University, London. Retrieved from http://bura.brunel.ac.uk/handle/2438/10981.

  • Khoo, B.K. (2012) Risk managers as sensemakers and sensegivers: reconceptualising enterprise risk management (ERM) from a sensemaking perspective. Dissertation. University of Canberra, Canberra. Retrieved from http://www.canberra.edu.au/researchrepository/items/b0900aa5-23ac-26a8-6d12-aeaac4d96b95/1/.

  • Kleffner, A.E., Lee, R.B. and McGannon, B. (2003) ‘The effect of corporate governance on the use of enterprise risk management: evidence from Canada’, Risk Management and Insurance Review 6(1): 53–73.

    Google Scholar 

  • Kloman, H.F. (1992) ‘Rethinking risk management’, The Geneva Papers on Risk and InsuranceIssues and Practice 17(3): 299–313.

  • Klüppelberg, C., Straub, D. and Welpe, I.M. (eds.) (2014) RiskA Multidisciplinary Introduction. New York: Springer.

    Google Scholar 

  • Kmec, P. (2011) ‘Temporal hierarchy in enterprise risk identification’, Management Decision 49(9): 1489–1509.

    Google Scholar 

  • Köhler, A.R. and Som, C. (2014) ‘Risk preventative innovation strategies for emerging technologies the cases of nano-textiles and smart textiles’, Technovation 34(8): 420–430.

    Google Scholar 

  • Krane, H.P., Johansen, A. and Alstad, R. (2014) ‘Exploiting opportunities in the uncertainty management’, ProcediaSocial and Behavioral Sciences 119: 615–624.

  • Liebenberg, A.P. and Hoyt, R.E. (2003) ‘The determinants of enterprise risk management: evidence from the appointment of chief risk officers’, Risk Management and Insurance Review 6(1): 37–52.

    Google Scholar 

  • March, J.G. and Shapira, Z. (1987) ‘Managerial perspectives on risk and risk taking’, Management Science 33 (11): 1404–1418. https://doi.org/10.1287/mnsc.33.11.1404.

    Article  Google Scholar 

  • Maynard, A.D. (2015) ‘Why we need risk innovation’, Nature nanotechnology 10(9): 730–731.

    Google Scholar 

  • Medcraft, G. (2015) Digital disruption: harnessing the opportunities, mitigating the risks. Retrieved from http://asic.gov.au/about-asic/media-centre/speeches/digital-disruption-harnessing-the-opportunities-mitigating-the-risks/.

  • Mikes, A. (2009) ‘Risk management and calculative cultures’, Risk Management, Corporate Governance and Management Accounting 20(1): 18–40.

    Google Scholar 

  • Mikes, A. (2011) ‘From counting risk to making risk count: boundary-work in risk management’, Accounting, Organizations and Society 36(4–5): 226–245.

    Google Scholar 

  • Mikes, A. and Kaplan, R.S. (2015) ‘When one size doesn’t fit all: evolving directions in the research and practice of enterprise risk management’, Journal of Applied Corporate Finance 27(1): 37–40.

    Google Scholar 

  • Moeller, R.R. (2007) COSO enterprise risk management: understanding the new integrated ERM framework. Hoboken, NJ: John Wiley & Sons.

    Google Scholar 

  • Munich Re. (2016) Emerging risks: Die Risiken von morgen. Retrieved from http://www.munichre.com/de/group/focus/emerging-risks/index.html.

  • O’Connor, G.C., Ravichandran, T. and Robeson, D. (2008) ‘Risk management through learning: management practices for radical innovation success’, The Journal of High Technology Management Research 19(1): 70–82.

    Google Scholar 

  • Paape, L. and Speklé, R.F. (2012) ‘The adoption and design of enterprise risk management practices: an empirical study’, European Accounting Review 21(3): 1–32.

    Google Scholar 

  • Perminova, O., Gustafsson, M. and Wikström, K. (2008) ‘Defining uncertainty in projects—a new perspective’, International Journal of Project Management 26(1): 73–79.

    Google Scholar 

  • Power, M. (2004a) The risk management of everything: rethinking the politics of uncertainty. London: Demos. Retrieved from https://www.demos.co.uk/files/riskmanagementofeverything.pdf.

  • Power, M. (2004b) ‘The risk management of everything’, The Journal of Risk Finance 5(3): 58–65.

    Google Scholar 

  • Power, M. (2009) ‘The risk management of nothing’, Accounting, Organizations and Society 34(6–7): 849–855.

    Google Scholar 

  • Praeg, C.-P. (2014) Trendstudie Bank & Zukunft 2014: Transformation der Banken - Neue Wege zu Innovation und Wachstum. Stuttgart: Fraunhofer Verlag.

    Google Scholar 

  • Price, J. and Adams, M. (2015) ASIC and financial innovation. Retrieved from http://download.asic.gov.au/media/3355015/speech-fintech-15-sep-2015.pdf?_ga=1.146705905.41621168.1454748942.

  • Renn, O., Klinke A. and van Asselt, M. (2011) ‘Coping with complexity, uncertainty and ambiguity in risk governance: a synthesis’, Ambio 40(2): 231–246.

    Google Scholar 

  • Ridley, G., Young, J. and Carroll, P. (2008) ‘Studies to evaluate COBIT’s contribution to organisations: opportunities from the literature, 2003-06’, Australian Accounting Review 18(4): 334–342.

    Google Scholar 

  • Risk and Insurance Management Society (RIMS) (2010) Emerging risks and enterprise risk management. Retrieved from https://www.rims.org/resources/ERM/Documents/EmergingRisk_ERMweb.pdf.

  • Rodriguez, E. and Edwards, J.S. (2014) ‘Knowledge management in support of enterprise risk management’, International Journal of Knowledge Management 10(2): 43–61.

    Google Scholar 

  • Roland Berger (2015) Digital revolution in retail banking: chances in the new multi-channel world from a customers’ perspective. Retrieved from https://www.rolandberger.com/en/Publications/pub_digital_revolution_in_retail_banking.html.

  • Rosati, P., Cummins, M., Deeney, P., Gogolin, F., van der Werff, L. and Lynn, T. (2017) ‘The effect of data breach announcements beyond the stock price: empirical evidence on market activity’, International Review of Financial Analysis 49: 146–154.

    Google Scholar 

  • Royal Bank of Scotland (RBS) (2014) Annual report and subsidiary results: RBS Group Annual Report and Accounts year ending 31 December 2013. Retrieved from https://investors.rbs.com/~/media/Files/R/RBS-IR/annual-reports/natwest-ra-25042014.pdf.

  • Ruan, K. (2017) ‘Introducing cybernomics: a unifying economic framework for measuring cyber risk’, Computers & Security 65: 77–89.

    Google Scholar 

  • Smith, D. and Fischbacher, M. (2009) ‘The changing nature of risk and risk management: the challenge of borders, uncertainty and resilience’, Risk Management 11(1): 1–12.

    Google Scholar 

  • Subramaniam, N., Wahyuni, D., Cooper, B.J., Leung, P. and Wines, G. (2015) ‘Integration of carbon risks and opportunities in enterprise risk management systems: evidence from Australian firms’, Journal of Cleaner Production 96: 407–417.

    Google Scholar 

  • Taylor, H., Artman, E. and Woelfer, J.P. (2012) ‘Information technology project risk management: bridging the gap between research and practice’, Journal of Information Technology 27(1): 17–34.

    Google Scholar 

  • Teece, D.J. (2012) ‘Dynamic capabilities: routines versus entrepreneurial action’, Journal of Management Studies 49(8): 1395–1401.

    Google Scholar 

  • Tekathen, M. and Dechow, N. (2013) ‘Enterprise risk management and continuous re-alignment in the pursuit of accountability: a German case’, Management Accounting Research 24(2): 100–121.

    Google Scholar 

  • White, D. (1995) ‘Application of systems thinking to risk management: a review of literature’, Management Decision 33(10): 35.

    Google Scholar 

  • Wilson, J.O.S., Casu, B., Girardone, C. and Molyneux, P. (2010) ‘Emerging themes in banking: recent literature and directions for future research’, The British Accounting Review 42(3): 153–169.

    Google Scholar 

  • Wu, D. and Olson, D.L. (2008) ‘Enterprise risk management: financial and accounting perspectives’, in D.L. Olson and D. Wu (eds.) New Frontiers in Enterprise Risk Management. Berlin: Springer, pp. 25–38. Retrieved from https://link.springer.com/chapter/10.1007/978-3-540-78642-9_3.

  • Yeo, K.T. (1995) ‘Strategy for risk management through problem framing in technology acquisition’, International Journal of Project Management 13(4): 219–224.

    Google Scholar 

  • Zhao, X., Hwang, B.G. and Low, S.P. (2015) ‘Understanding enterprise risk management maturity in construction firms’, in L. Shen, K. Ye, C. Mao (eds.) Proceedings of the 19 th International Symposium on Advancement of Construction Management and Real Estate. Berlin: Springer.

Download references

Author information

Authors and Affiliations

  1. Plymouth Business School, University of Plymouth, Drakes Circus, Plymouth, PL4 8AA, UK

    Simon Ashby

  2. Adam Smith Business School, Glasgow University, Glasgow, G12 8QQ, UK

    Trevor Buck

  3. Edinburgh Napier University, Edinburgh, UK

    Stephanie Nöth-Zahn

  4. Am Stadtpark 20, 81243, Munich, Germany

    Thomas Peisl

Authors
  1. Simon Ashby
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Trevor Buck
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stephanie Nöth-Zahn
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thomas Peisl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stephanie Nöth-Zahn.

Appendix: Interview guide

Appendix: Interview guide

The appendix includes the semi-structured interview guide to provide a better understanding of the data from the interviews.

General question: What key meanings are currently attached to emerging risks from IT innovations within the German banking sector?

  1. 1.1

    How would you define emerging risks from IT innovations?

    1. 1.1.1

      Does your organisation have a common definition?

  2. 1.2

    Can you give me an example of an emerging risk from IT innovation that your organisation is currently facing?

General question: How does uncertainty influence the ERM of emerging risks from IT innovations?

  1. 2.1

    What roles does uncertainty play in the management of emerging risks from IT innovations?

    1. 2.1.1

      Do you have an example where uncertainty had an impact on the management of emerging risks from IT innovations?

  2. 2.2

    Do you see uncertainty as an advantage or disadvantage in the management of emerging risks from IT innovations?

    1. 2.2.1

      Can you please elaborate why you see it as an advantage/disadvantage?

General question: Who should be involved in the ERM of emerging risks from IT innovations?

  1. 3.1

    Who in your organisation is involved in the management of emerging risks from IT innovations?

  2. 3.2

    Is this a static group of people or can the people involved vary?

    1. 3.2.1

      If the groups vary, what factors cause variations?

    2. 3.2.2

      Should further people/departments be involved in the management of emerging risks?

    3. 3.2.3

      Who has the overall responsibility for the management of emerging risks?

General question: Which ERM components are critical to the ERM of emerging risks from IT innovations?

  1. 4.1

    Does your organisation manage emerging risks from IT innovations?

    1. 4.1.1

      If it is managed, can you please explain in detail how?

  2. 4.2

    Does your organisation manage emerging risks per department or throughout the entire organisation?

  3. 4.3

    Which risk management aspects and components do you find especially important in the management of emerging risks?

    1. 4.3.1

      Why do you find them important?

    2. 4.3.2

      Is your view shared among your organisation members?

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ashby, S., Buck, T., Nöth-Zahn, S. et al. Emerging IT Risks: Insights from German Banking. Geneva Pap Risk Insur Issues Pract 43, 180–207 (2018). https://doi.org/10.1057/s41288-018-0081-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1057/s41288-018-0081-8

Keywords

Search

Navigation