Ifac papersOnLine 52-25 (2019) 148-153 ScienceDirect
Yüklə 0,55 Mb. Pdf görüntüsü
|
| 33(1-2)
, 59-72. Ashenden, D. (2008). Information Security management: A human challenge? Information Security Technical Report, 13(4) , 195-201. Central Bank of Ireland (2018). Behaviour and Culture of Irish Retail Banking Burrell, G. and Morgan, G. (1979). Sociological Paradigms and Organisational Analysis: Elements of the Sociology of Corporate Life, Heinemann Educational Books, UK. Ciborra, C. (2002). The Labyrinths of Information: Challenging the Wisdom of Systems, Oxford University Press, UK. Ciborra, C. (2007). Digital Technologies and Risk: A Critical Review. In: Hanseth, O. & Ciborra, C. (eds.) Risk, Complexity and ICT. Edward Elgar, UK. Coles-Kemp, L. (2009). Information security management: An entangled research challenge. Information Security Technical Report, 14(4), 181-185. Jones, A. and Ashenden, D. (2005). Risk Management for Computer Security: Protecting Your Network and Information Assets, Butterworth-Heinemann, Amsterdam. Lacey, D. (2009). Managing the Human Factor in Information Security: How to Win Over Staff and Influence Business Managers, Wiley, USA. Mingers, J., Mutch, A. and Willcocks, L. (2013). Critical Realism in Information Systems Research. MIS Quarterly, 37(3) , 795-802. Organ, J. and Stapleton, L. (2012) 'Information Systems Risk through a Socio-Technical Lens: Future directions in Systems Risk Research', Proceedings of the International Federation of Automation and Control International Conference on International Stability and Systems Engineering . Waterford, Elsevier, pp. 138-143. John Organ et al. / IFAC PapersOnLine 52-25 (2019) 148–153 153 framework which addresses interoperability issues in the management of risk in the international financial domain and provide a basis for new standards which address more holistically human factors in financial systems. 4.2 Academic Contribution The academic contribution is the recasting of systemic risk theory into a human centred systems framework. First, the study used a social technical approach informed by social and organisational paradigms as the theoretical approach. This study provides support for the premise that socio-technical theory to risk in the financial domain, in financial institutions must consider the human element when examining risk issues. Second, the results of this study suggest that current conceptions about risk do not correspond with the needs of practice. 4.3 Policy Contribution Policy frameworks as set out, for example, by Central Banks and Regulators traditionally lacked a focus on social technical and related factors such as knowledge, culture etc. They also lacked a rich appreciation of the risk context. The Central Bank of Ireland (2018) use thematic inspections as a tool for the identification of conduct risks that effect customers. Those inspections have focused on the nature and scope of banking products and how they affect customers. However, the Central Bank of Ireland (2018) has recognised customers can be exposed to risk from other sources including the banks business model, culture, governance, or systems and processes therefore the theoretical framework set out in figure 2, can be used as an additional tool to inform policy and reframe risk management in Irish banking more generally. 4.4 Methodological Contribution The methodology adapted here, involving text analysis using NVivo software has not received much attention as a way of analysing systemic risk factors in the financial services sector. The depth of insight derived from the expert testimony using this methodology would have been difficult to achieve using more traditional quantitative techniques such as online survey. Furthermore, the analysis of expert testimony made publicly available through the various proceedings of the banking tribunal overcame potential ethical difficulties associated with personal interviews. Finally, this paper demonstrates how society at large can draw formal, scientifically reliable and rich insights from testimonies and reports which are very costly to produce. The methodology used here can be replicated for other banks to draw out deep lessons that need to be learned from catastrophic failure such as the banking crisis of 2008- 2009. 4.5 Future Research A direction that future research could take concerns the framework developed in this research and whether the findings can be applied beyond the single bank chosen in this case. Further research could be undertaken to refine, modify or confirm the framework by replicating or expanding this study to include the other Irish banks covered in the banking inquiry. The framework can be formalised into a semantic web model as proposed in an academic paper published at the IFAC World Congress in 2017 (see Organ and Stapleton, 2017). Future research will further formalise this framework as a machine readable, semantic system using Protégé or other knowledge engineering framework. 5. CONCLUDING REMARKS The financial crisis was a disaster for the Irish economy. Ireland took ten years to recover. It is critical that lessons are learned and that policy makers reframe their risk management principles and policies. If the lessons are not learned sadly history is likely to repeat itself. ACKNOWLEDGEMENTS The authors would like to acknowledge the work of The Houses of the Oireachtas. They encourage the re-use of the information they produced for the banking inquiry including for research and study purposes. REFERENCES Ardalan, K. (2011). Globalization and information technology: Four paradigmatic views. Technology in Society, Yüklə 0,55 Mb. Dostları ilə paylaş:
|