ABSTRACT

Operational risk is the risk of losses arising from the failure or inadequate internal processes, human resources, systems, and external events that affect the bank's operations as defined by Basel Committee on Banking Supervision. Defining a suitable set of risk measurement metrics is considered one of the most important issues for any risk analysis. It enables the quantitative evaluation of the risk exposure level and the effectiveness of internal control system. Risk measurement is needed to provide an effective means to quantify the risk of existing or planned systems to enable understanding of the overall security level and to guide decision making. Given the number of successful attacks against financial Institutions and the sophistication of the tactics used by attackers, existing classical measurement approaches are no longer enough. This study focuses on fuzzy logic-based metric identification to measurement of the risk exposure level, to enable financial institutions to see the overall risk level and security state of their E-banking systems and to assist with decision making. This will provide a newer dimension to risk management by shifting from risk measurement based on probability and classical set theory to Fuzzy Logic (FL) measurement. In this paper fuzzy logic-based metrics is presented and expressed as a function of six factors (triggering events, avoidance, recovery, Undesirable Operational State (UOS), cost of Undesirable Operational State (UOS) occurrence and severity of risk occurrence) as proposed by [1].

Keywords: Risk Assessment, Operational Risk, Fuzzy Logic.