FinTech innovation, ESG reporting quality, and information systems risk: Panel data evidence from financial institutions in emerging markets

Modern enterprises have ever-increasing dependence on the complex information system, and they are also faced with the enormous risks of the application information system. This paper proposes the significance of enterprise complex information system in the first place. Meantime, it analyzes various risks appeared in the enterprise complex information system, constructs risk hierarchical model of complex information system based on infrastructure risks, project risks, application risks, asset risks of information, business continuity risks, strategic risks of information system, supplier and outsourcing risks of the information system, external enterprise risks of the information system. Finally it gives a detailed analysis of the conduction relation of project risks, service supplier and outsourcing risks, application risks and infrastructure risks, strategic risks of the information system, and interaction among various risks.

Information System (IS) risk management implementation is a program that enables an organizations capture, manage and analyses the risks that are peculiar to IS adoption in a secure system. By implementing IS risk management organizations can improve operation efficiencies and save cost of risk investment. Meanwhile, bank is an institution that relies heavily on information technology for the network of business activities therefore; there is need to be aware of various risks associated with the usage of information system such as criminal threat and natural disasters. The present study examines the effect of perceived critical success factors for information system risk management implementation in the bank sector. Data were obtained from top executives of the selected banks using questionnaire instrument. The study employed descriptive correctional research design. The study population comprises of banks located in Oyo State South- Western part of Nigeria. Overall, 30 banks were selected for the study with four respondents from each bank. The questionnaire was pre-tested prior to actual distribution to the respondents. SPSS software was employed as analytical tool to test the study hypotheses using correlation and multiple regression analysis. Three factors were employed in the study; organization culture, organization structure and trust. The finding revealed that only organization culture was perceived to be positive critical factor for IS risk management implementation in the bank sector, while organizational structure and trust are in weak positions. Therefore, culture as an internal factor should be given priority in IS risk management implementation in the bank sector.

PurposeThe purpose of this paper is to examine the potential of cultural theory as a tool for identifying patterns in the stakeholders' perception of risk and its effect on information system (IS) risk management.Design/methodology/approachRisk management involves a number of human activities which are based on the way the various stakeholders perceive risk associated with IS assets. Cultural theory claims that risk perception within social groups and structures is predictable according to group and individual worldviews; therefore this paper examines the implications of cultural theory on IS risk management as a means for security experts to manage stakeholders perceptions.FindingsA basic theoretical element of cultural theory is the grid/group typology, where four cultural groups with differentiating worldviews are identified. This paper presents how these worldviews affect the process of IS risk management and suggests key issues to be considered in developing strategies of risk management according to the different perceptions cultural groups have.Research limitations/implicationsThe findings of this research are based on theoretical analysis and are not supported by relevant empirical research. Further research is also required for incorporating the identified key issues into information security management systems (ISMS).Originality/valueIS security management overlooks stakeholders' risk perception; for example, there is no scheme developed to understand and manage the perception of IS stakeholders. This paper proposes some key issues that should be taken into account when developing strategies for addressing the issue of understanding and managing the perception of IS stakeholders.

The proliferation of digital technology has resulted in the growing utilization of applications to facilitate the execution of organizational business activities. This has a direct influence on the growing likelihood of cybercrime. To mitigate cybercrime, it is imperative to ascertain the present state of security of the IT infrastructure. Multiple paradigms exist for assessing the present security of IT infrastructure. Nevertheless, these frameworks still exhibit deficiencies, as none of them offer a comprehensive elucidation of the execution of security evaluation. Consequently, the author of this research paper presents a more comprehensive framework for evaluating the existing condition of IT infrastructure. The implementation of security evaluation consists of two distinct phases: penetration testing and risk measurement. The initial stage involves the utilization of the Web Security Testing Guide, a penetration testing framework developed by OWASP to enhance the security of web-based applications. The second phase employs the OWASP Risk Rating Methodology, a systematic approach for assessing the anticipated level of risk. The research yielded the discovery of 7 vulnerabilities, with 4 vulnerabilities classified as having a medium risk level and 3 vulnerabilities classified as having a low risk level. Security evaluation is conducted on vulnerabilities categorized as having a medium risk level due to their potential to cause losses and harm to IT infrastructure. The assessment is conducted by offering suggestions for enhancement. These recommendations are anticipated to serve as a guide for enhancing security on IT infrastructure in the future.

About Our Authors

The risk management is an indispensable discipline for any organisation to acheive its objectives. As the IS (Information Systems) are key assets for organisations, managing IS risks becomes more and more important especially within a world in perpetual change. Since IS risk management creates plus value, it must follow a process of continuous improvement orchestrated by a model of maturity indicating in every time the runways of improvement. The studied literature shows the lack of a model that treat the maturity of the IS risk management and that consider all IS components. The present article has for purpose to initiate reflexion around this area and deliver a model of IS risk management maturity. First, we indicate IS definition that will fix the scope (All things concerned by IS risk management). Second, we define the IS risk management process that will fix the way (Activities used in IS risk manaegement). Third, we develop the maturity model for IS risk management. At the end, we conclude with perspectives opened to this work.

FinTech regulation: Evolutionary game model, numerical simulation, and recommendations

Since the outbreak of the global financial crisis, forestalling and defusing systemic financial risks has been a hot topic of social concerns. In China, with constant development and innovation of the financial system, higher level financial deepening and openness, and economic downside pressure under new normal” economy, risk-prevention becomes much more complicated. In this case, the financial system should better serve the real economy, reduce financial risks and deepen financial reforms—three tasks of China’s financial work. The report of the 19th National Congress of the Communist Party of China further emphasized that the government should improve the financial regulatory system to forestall systemic financial risks. Therefore, ensuring China’s financial stability and preventing systemic risks have become the priority and major challenges for China’s financial regulatory authorities. Accurate measurement of systemic risks is the basis for risk prevention, the improvement of financial regulations, and any effective regulatory actions. However, existing domestic studies measure financial institutions’ systemic risks from only one aspect—systemic risk contribution or systemic risk exposure, and lack a clear distinction between the two measures in theoretical and policy implications. Some scholars even use systemic risk exposure metrics to measure the systemic risk contribution of financial institutions and assess its systemic importance. Actually, the aggregate risks of financial institutions include both risk contribution and risk exposure—the former focuses on systemic importance while the latter underlines systemic vulnerability, so we should take both sides into risk measurement. This paper uses ΔCoVaR and Exposure-ΔCoVaR to comprehensively measure the systemic risks of financial institutions from both sides—systemic importance and systemic vulnerability. This paper finds no significant correlation between the systemic importance and vulnerability of financial institutions in the cross-sectional dimension, but significant correlation in the time-series dimension, which means the systemic importance and vulnerability of financial institutions change simultaneously and periodically. The results imply that, in China, the systemic importance of bank and insurance industry exceed that of securities industry, while the latter’s systemic vulnerability exceeds that of the former. These differences exist persistently in the time-series dimension. The big four” banks have high systemic importance but low systemic vulnerability, while a handful of financial institutions have both significantly high systemic importance and vulnerability. Furthermore, the size of financial institutions’ asset is an important influencing factor of systemic importance, and the leverage is an important influencing factor of systemic vulnerability, while the margin trading of securities has a significant positive effect on systemic vulnerability but no significant effect on systemic importance. This paper accurately measures the systemic risks of 33 listed financial institutions in China from two aspects—risk contribution and risk exposure, and makes a precise assessment on their systemic importance and vulnerability. We also investigate the influencing factors of financial institutions’ systemic importance and vulnerability. These findings help to understand the systemic risks of China’s financial institutions in cross-sectional and time-series dimensions and correct some wrong perceptions in existing academic studies, and further provide useful empirical references and policy suggestions to China’s financial regulatory authorities to forestall systemic risks and improve macro-regulation. The policy implications of the results are mainly reflected in the following three aspects. First, regulators need to select targeted regulatory objectives and policy tools to make differential regulations based on the features of institutions in systemic importance and vulnerability. Second, different institutions are different in systemic importance and vulnerability, so regulatory authorities should pick out key financial institutions through their performance in systemic importance and vulnerability, and enhance the supervision of key institutions. Third, financial regulators are able to choose proper and effective regulatory tools according to the main drivers of systemic importance and vulnerability.

The article highlights the aspects of risk management in the information system. According to the analysis of the work of Russian and foreign scientists and world practices in the field of risk management, it is stated that there is a need to improve the effectiveness of risk management of information system and to develop a method for managing the risks of the information system. As a solution to the problem of effective risk management of the information system, there has been proposed a formalized procedure for managing the risks of the information system. The scientific novelty of this solution is the use of decision space and optimization space to reduce risks. This procedure allows to assess the damage, risk and effectiveness of risk management of the information system. The risks of the information system are determined and analyzed; a pyramidal risk diagram is developed. This diagram allows you to describe the relationship of risks with the components of the information system. The negative consequences to which these risks can lead are given. The analysis of methods and approaches to risk management has been carried out. Based on the results of the analysis, the methods GRAMM, CORAS, GOST R ISO / IEC scored to the maximum. The weak points of these methods and the difficulty of applying these methods in practice are described. The developed formalized risk management procedure to control the risks of information system can be used as management system’s element of the information security quality that complies with the recommendations of GOST R ISO / IEC 27003-2012. The prospect of further development of the research results is the development of management systems of risk of information system.

This article is the second of two whose goal is to advance the discussion of IS risk by addressing limitations of the current IS risk literature. The first article [Alter and Sherer, 2004] presented a general, but broadly adaptable model of system-related risk that addressed the limited usefulness of existing IS risk models for business managers. In this article, we focus on organizing risk factors to make them more useful and meaningful for business managers. This article shows how the nine elements of the work system framework can be used to organize the hundreds of risk factors in the IS risk literature. It also shows that many of the most important and most commonly cited risk factors for IS in operation and IS projects are actually risk factors for work systems in general. Furthermore, risk factors initially associated with one type of system (e.g. ERP implementation) are often equally relevant at other levels (e.g., information systems projects or work systems in general). Over half of the risk factors in a representative sample of the IS risk literature are valid for work systems in general. This conclusion is a step toward useful risk diagnostic tools based on an organized set of risk factors that are meaningful to business managers and IT professionals.

Cybersecurity vulnerabilities of cardiac implantable electronic devices: Communication strategies for clinicians—Proceedings of the Heart Rhythm Society's Leadership Summit

Quantitative security risk evaluation of information systems is increasingly drawing more and more attention. The purpose of this paper is to propose a novel method integrated extension theory and unascertained method to classification for information systems (IS) security. The risks of information system are established on the basis of analyzing the factors affecting the risks of information system by applying the unascertained measure theory. Using matter-element theory, the extensibility of IS security is analyzed, and then the framework of matter-element models for IS security is formed. The matter element model of IS security risk evaluation is established using matter element model theory based on extension engineering method. Theoretical analysis and the design principle of the proposed method are described in detail. Some simulations are performed to demonstrate the effectiveness of the proposed extension and unascertained method. The result is believed to provide new means and ideas for the evaluation of IS security. The method is suitable for evaluating the risks of IS. Its evaluating results are reasonable. An example of practical application is given to show the effectiveness of this method. The model is more efficient than former models and can be easily realized in practice.

This study aims to see the development of research on the topic of "Fintech Innovation" and research plans that can be carried out based on journals published on the theme. This research uses an qualitative method with a bibliometric analysis approach. The data used is secondary data with the theme "Fintech Innovation" which comes from the Dimension database with a total of 3094 journal articles. Then, the data is processed and analyzed using the VosViewer application with the aim of knowing the bibliometric map of "Fintech Innovation" research development in the world. The results of the study found that in bibliometric author mapping the authors who published the most research with the theme "Fintech Innovation" were Rabbani, Mustafa Raza; Wonglimpiyarat, Jarunee; Peng, Kuan-Jung; and Mohammed, Qmichchou. Furthermore, based on bibliometric keyword mapping, there are 4 clusters with the most used words including sharia bank, financial inclusion, application, factor, adoption, country, effect, challenge, financial institution, regulation, and performance. Then, the research path topics related to Fintech Innovation are Collaboration Between Fintech Startups and Traditional Banks, Mechanisms of Green Innovation in the Fintech Sector, Value and Complexity in Fintech Application Use, and Islamic Fintech's Role in Pandemic-Era Financial Solutions.

With the rapid development of the financial market, the volume of financial data has become increasingly large and complex, and the advantages of using big data methods to analyze systemic financial risks have become increasingly prominent. This paper deeply discusses the application of financial big data in systemic risk early warning, aiming to provide theoretical support and practical guidance for improving financial risk prevention and control ability.Traditional systemic risk analysis mainly focuses on individual financial institutions, which has limitations and cannot fully capture the correlation risk exposure and the potential domino effect threat to the stability of financial markets. It is therefore crucial to assess exposures at the level of the financial system as a whole. However, the complexity of the financial system is increasing, and the financial data faced by risk analysis is characterized by huge volume, complex types and strong correlation, which brings challenges to the prevention and control of financial risks.Big data methods, including machine learning, data visualization, information extraction and other technologies, provide new solutions for systemic financial risk early warning. Information extraction technology helps to extract valuable information from unstructured text data, such as investor behavior, sentiment changes, etc. These data can reflect changes in the financial market in real time, and is an important source of supplementary information for systemic financial risk analysis. Machine learning algorithms can integrate multi-source data, automatically learn and identify different credit risk levels, and improve the accuracy and efficiency of risk assessment. Data visualization technology can clearly and intuitively show financial micro-data in the form of graphs and charts, and help analysts quickly understand the relationship and trend between data.This paper analyzes the application cases of big data technology in financial contagion mechanism analysis, financial supervision and other aspects, and demonstrates the practical effect of big data methods in systemic risk early warning. By integrating financial micro-data of various financial sectors and even different countries, and analyzing financial risks as a whole based on the data, big data methods can more comprehensively capture the potential threat of systemic risks and provide timely and accurate early warning information for financial regulators.At the same time, this paper also points out the challenges faced by big data in the early warning of financial systemic risk, such as data security and privacy protection, technical threshold and capital investment, and puts forward corresponding solutions. It is emphasized that financial institutions need to strengthen data protection measures, establish a sound risk prevention and control system, increase scientific and technological investment and personnel training, and ensure that the application of big data technology in the financial industry achieves positive results.To sum up, financial big data plays an important role in the early warning of systemic risks and provides strong support for improving the ability to prevent and control financial risks. In the future, with the continuous development and improvement of big data technology, its application prospects in financial risk early warning will be broader.

Information Systems Risk Through a Socio-Technical Lens: Future Directions in Systems Risk Research