IFAC PapersOnLine 52-25 (2019) 148–153
ScienceDirect
Available
online at
www.sciencedirect.com
2405-8963
©
2019, IFAC (International Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved.
Peer review under responsibility of International Federation of Automatic Control.
10.1016/j.ifacol.2019.12.463
©
2019, IFAC (International Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved.
10.1016/j.ifacol.2019.12.463
2405-8963
A socio-technical systems framework for risk management in financial services:
Some empirical evidence from a case study of the Irish Banking Crisis
John Organ*, Larry Stapleton**
*INSYTE Centre, Waterford Institute of Technology, Cork Rd, Waterford Ireland (e-mail: john.organ@postgrad.wit.ie).
**INSYTE Centre, Waterford Institute of Technology, Cork Rd, Waterford Ireland (e-mail: lstapleton@wit.ie).
Abstract: This paper describes a framework which addresses predominant failure to incorporate human
factors in systemic financial systems. This framework recognizes the additional human factors brought to
an already complicated financial technological environment. The contribution of this paper is to set out a
framework which can be used to inform policy and reframe risk management in Irish banking more
generally. Its shows how society at large can draw formal, scientifically reliable and rich insights from
costly public inquiries to learn lessons from catastrophic failures such as the banking crisis of 2008-2009.
Keywords:
risk, financial stability, information systems.
1. INTRODUCTION
Too often a technical failure is greatly exacerbated by human
factors as the failure unfolds. In one such case, a company had
set out a technical disaster plan which meant that the
technical
infrastructure would be available within thirty minutes
following a natural disaster (Westerman and Hunter, 2007).
When a disaster actually happened, the firm was able to bring
its technical infrastructure online within thirty minutes.
However, because they had not planned for how they would
re-establish the organisational and management procedures
associated with using the new infrastructure in the event of a
catastrophe, the business itself got into great difficulties. The
plans had focussed exclusively upon technology but had not
adequately prepared the organisation for using the technology
in the event of an actual disaster recovery situation. The
technology recovery was a success, but the system
(organisation and technology) recovery failed.
Resolving
these issues as systems (rather than technology) problem add
considerably to the work of systems engineering research,
especially in international stability. The International
Federation of Automation and Control technical committee for
technology, culture and international stability has identified
this kind of systems approach as very important in dealing with
natural disasters such as experienced in Japan (Organ and
Stapleton, 2018;2017), as well as other kinds of systems failure
namely, the contribution of technological risk factors to the
recent financial crisis.
What is needed going forward is a new systematic approach to
IT risk that incorporates both the social and technical (Socio-
technical). The approach developed in this paper incorporates
social and technical processes that affect the management of
systems risk. They are formulated into a systematic knowledge
framework of systems risk. This paper makes
make a
substantial contribution to our theoretical understanding of
systems risk within organisations as well as a methodological
contribution that can be used in practice in industry.
2. RISK
METHODOLOGY
Risk management is a complex and sensitive area of scientific
research, consequently it required creativity in tailoring a
research methodology to circumvent the difficulties and
provide a rich case in which to study (Mingers et al., 2013).
The type of research questions are exploratory in nature and
required a flexible research design that allows for an
exploration of the issues around risk management. Case
studies are a proven technique for studying risk, Yu et al.,
(2015) used case studies to develop a framework of risks in the
development and implementation of executive information
systems. Case studies allow multiple sources of evidence to be
used (Yin, 2003). Practical constraints also influenced the
methodological choice chosen. The main difficulty was
gaining access to companies and individuals with experience
of risk management. This meant techniques such as grounded
theory were inappropriate for this study. Whilst every effort
was made to ensure the confidentiality of those whom