Developing and managing information technology risk management framework case study of a commercial bank

Abstract

The aim of this research is to establish a IT risk management framework for a commercial bank by which an organization can identify, measure, manage, monitor and report a risk. Framework helps the bank to manage its IT related risk l to evaluate, response and governance of risks. In order to prepare for IT related risk, organization must understand all domain, process goal and key activities under each process goal to handle risk effectively and efficiently. This thesis is based on both qualitative and quantitative research methodology. A part of the report looks into the details of different framework and standard which are related to Information technology risk. Therefore performing gap analysis a suitable framework was selected for further usage in terms of governance, risk evaluation and risk mitigation. The author used a survey among IT officials from different financial organizations in Bangladesh to determine whether they are acquainted with different framework and which is most appropriate framework for them. Survey suggests that Risk IT framework is the most suitable framework which is aligned with the gap analysis performed earlier. The author used AHP and FAHP method to identify the most important key activities of Risk IT framework by collecting expert opinion from a commercial bank. Following the method a commercial bank can be beneficial to identify the appropriate key activities among set of activities for establishing a framework to manage, evaluate and response the IT related risk.