IT Operational Risk Awareness Building in Banking Organizations

The purpose of this research project is to improve banking employee risk behaviour concerning IT operational risks. Banks are confronted with an increased frequency of operational risks loss events and the extensive use of information technology in banks tightens this situation. The two-staged empirical study focuses on awareness building methods concerning IT operational risk, an effective IT risk culture and the use of internal controls in this context. In the first research stage awareness building methods and IT risk cultures of an Austrian banking group will be evaluated. The role of the internal control system and intercultural differences should be also discovered in the exploratory phase. After the first research stage, a method to build awareness of banking employees is going to be designed and developed. In the second stage, a quantitative analysis regarding the developed method of awareness building is going to take place. The findings should discover best practices of awareness building methods and guidelines to create a proactive IT risk culture which involves cultural differences between Central and Eastern Europe (CEE) economies.

ERSTE Bank der österreichischen Sparkassen