Abstract
Risks and the business impact of a critical event are often difficult to quantify. In many cases, the strategic decisions with regard to mitigating risk and minimising financial damage must be taken on the basis of qualitative estimates and expert opinion. However, formulating a continuity and security strategy requires quantitative support across several dimensions: temporal, financial and systemic thresholds must be defined to ensure the optimum level of investment. The paper outlines a strategic decision support model for quantifying risk and business impact. It is further shown how the resulting risk management decisions of the firm can be optimised, and how typical problems of event (disaster) frequency and severity can be resolved. The paper builds on earlier research in audit, insurance and business continuity management to present an innovative approach towards this well-known problem.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bamberg, G., A. G. Coenenberg. Betriebswirtschaftliche Entscheidungslehre. [Economic Decision Theory] 9th ed., Munich 1996.
Bank for International Settlements. Overview of The New Basel Capital Accord. Consultative Paper, April 2003.
Bank for International Settlements. Sound Practices for the Management and Supervision of Operational Risk. February 2003.
Brühwiler, B. Internationale Industrieversicherung: Risk-Management, Unternehmensführung, Erfolgsstrategien. [International Industrial Insurance: Risk Management, Corporate Leadership, Success Strategies] Karlsruhe, 1994.
Danielsson, J., P. et. al. An Academic Response to Basel EL Special Paper 130, LSE Financial Markets Group and ESRC Research Centre, May 2001.
Embrechts, P. Extreme Value Theory in Finance and Insurance. Zurich, 1999.
[EmKS02] Embrechts, P., R. Kaufmann, G. Samorodnitsky. Ruin theory revisited: stochastic models for operational risk. Zurich, 2002.
Embrechts, P., S. I. Resnick, G. Samorodnitsky. Extreme value theory as a risk management tool. Zurich, 1998.
Garz, H. S. Günther, C. Moriabadi. Portfolio-Management: Theorie und Anwendung [Portfolio Management: Theory and Applications]. Frankfurt: Bankakademie e. V., 1997.
Gartner Group. Business Continuity Benchmarking Program, 2000.
Haller, M. Risiko-Management — Eckpunkte eines integrierten Konzepts [Risk Management — Boundaries of an Integrated Concept], in Jacob, H. (ed.): Risiko-Management, vol. 33, Wiesbaden, 1986.
Imboden, C. Risikohandhabung: Ein entscheidungsbezogenes Verfahren. [Risk Handling: A Decision-oriented Method] Stuttgart / Bern, 1983
Kahneman, D., A. Tversky. Prospect Theory: An Analysis of Decision Under Risk. Econometrica, 47, 1979.
Kless, T. Beherrschung der Unternehmensrisiken: Aufgaben und Prozesse des Risikomanagements [Control of Corporate Risks: Tasks and Processes in Risk Management]. DStR, vol. 3, 1998.
Kreikebaum, H. Strategische Unternehmensplanung. [Corporate Strategic Planning] 6th ed., Stuttgart, 1997.
Küpper, H.-U. Controlling: Konzeption, Aufgaben und Instramente. [Controlling: Concepts, Tasks and Instruments] 2nd ed., Stuttgart 1997.
Lindeiner-Wildau, K. v. Risiken und Risikomanagement im Anlagenbau [Risks and Risk Management in Plant Engineering], in Funk, J., G. Laßmann. Langfristiges Anlagengeschäft — Risiko-Management und Controlling. ZfbF, Sonderheft Nr. 20, Düsseldorf 1986.
Linneweber, V. Zur veränderten Sozialpsychologie der Katastrophenprävention [On the Changed Social Psychology of Catastrophe Prevention], in Linneweber (Hrsg.), Zukünftige Bedrohungen durch (anthropogene) Naturkatastrophen. Deutsches Komitee für Katastrophenvorsorge e.V., 2001.
Myatt, P. B. Business Continuity: Going in for Analysis. Huntington Beach: Comdisco, 1999.
Neubürger, K. W. Chancen-und Risikobeurteilung im strategischen Management: die informatorische Lücke. [Evaluation of Opportunities and Risks in Strategic Management: The Information Gap] Stuttgart, 1989.
Pollner, J. D. Catastrophe Risk Management: Using Alternative Risk Financing and Insurance Pooling Mechanisms. World Bank Policy Research Paper 2560, 2001.
Hommel, U., G. Pritsch. Notwendigkeit des unternehmerischen Risikomanagements aus Shareholder-Value-Sicht [Corporate Risk Management Requirements from a Shareholder Value Perspective], in Achleitner, A.-K., G. Thoma (eds.). Handbuch Corporate Finance, Cologne 1997.
Renn, O. Risikowahrnehmung der Kernenergie [Risk Perception of Nuclear Power], Frankfurt: Campus, 1984.
Renn, O. Zur Soziologie von Katastrophen: Bewusstsein, Organisation und soziale Verarbeitung [On the Sociology of Catastrophes: Awareness, Organisation and Social Process], in Proceedings of the 2nd DKKV Forum on Catastrophe Prevention, September 2001.
Roessing, R. v. Robustheit und Kontinuität elektronischer Geschäftsprozesse [Robustness and Continuity in Electronic Business Processes]. Arbeitskonferenz Elektronische Geschäftsprozesse, St. Leon-Rot, 2002.
Runzheimer, B. Operations Research: Lineare Planungsrechnung, Netzplantechnik, Simulation und Warteschlangentheorie. [Operations Research: Linear Programming, Critical Path Analysis, Simulation and Queuing Theory] 7th ed., Wiesbaden 1999.
Streffer, C. et. al. Umweltstandards. Kombinierte Expositionen und ihre Auswirkungen auf den Menschen und seine Umwelt [Environmental Standards. Combined Exposures and their Impact on Man and Environment]. Wissenschaftsethik und Technikfolgenbeurteilung vol. 5. Berlin etc.: Springer, 2000.
Schlienkamp, C. Grundlagen der Asset Allocation [Fundamentals of Asset Allocation], in Eller, R. (ed.). Handbuch des Risikomanagements: Analyse, Quantifizierung und Steuerung von Marktrisiken in Banken und Sparkassen. Stuttgart, 1998.
Schuy, A. Risiko-Management: eine theoretische Analyse zum Risiko und Risikowirkungsprozeß unter besonderer Berücksichtigung des Marketing. Frankfurt, 1989.
Simon, H. Administrative Behavior. New York: Free Press, 1957.
Smith, D., A. Irwin. Public attitudes to technological risk: the contribution of survey data to public policy-making. Trans. Inst. Br. Geogr. N. S. 9: 419–26, 1984.
Smith, D. Business Continuity Management Good Practice Guide. Worcester: The Business Continuity Institute, 2003.
Smith, D., C. Sipika. Back from the Brink — Post-Crisis Management. Long Range Planning, vol. 26 no. 1, 1993.
Turner, B. A. The Organizational and Interorganizational Development of Disasters. Administrative Science Quarterly, vol. 21, September 1976.
Strategy Unit. Risk: Improving government’s capability to handle risk and uncertainty. United Kingdom Cabinet Office, November 2002.
Wolf, K. B. Runzheimer. Risikomanagement und KonTraG. [Risk Management and the Business Control and Transparency Act 1998] 2nd ed., Stuttgart: Gabler, 2000.
[Wrob98] Wrobel, L. A. Conduct a Hard-Hitting Business Impact Analysis: Proven Tips for Success! Disaster Recovery Journal, 1998.
Yokomatsu, M., K. Kobayashi. Physical Asset Loss and Economic Benefits of Disaster Risk Mitigation. IIASA Laxenburg, 2001.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2004 Friedr. Vieweg & Sohn Verlagsgesellschaft/GWV Fachverlage GmbH,Wiesbaden
About this chapter
Cite this chapter
von Roessing, R. (2004). A Quantitative Decision Support Model for Security and Business Continuity Management. In: Securing Electronic Business Processes. Vieweg+Teubner Verlag. https://doi.org/10.1007/978-3-322-84982-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-322-84982-3_1
Publisher Name: Vieweg+Teubner Verlag
Print ISBN: 978-3-528-05887-6
Online ISBN: 978-3-322-84982-3
eBook Packages: Springer Book Archive