The market value impact of operational loss events for US banks and insurers

This paper conducts an event study analysis of the impact of operational loss events on the market values of banks and insurance companies, using the OpVar database. We focus on financial institutions because of the increased market and regulatory scrutiny of operational losses in these industries. The analysis covers all publicly reported banking and insurance operational risk events affecting publicly traded US institutions from 1978 to 2003 that caused operational losses of at least $10 million – a total of 403 bank events and 89 insurance company events. The results reveal a strong, statistically significant negative stock price reaction to announcements of operational loss events. On average, the market value response is larger for insurers than for banks. Moreover, the market value loss significantly exceeds the amount of the operational loss reported, implying that such losses convey adverse implications about future cash flows. Losses are proportionately larger for institutions with higher Tobin’s Q ratios, implying that operational loss events are more costly in market value terms for firms with strong growth prospects.     

Banks' interest rate risk: the net interest income perspective versus the market value perspective

We use portfolios of passive investment strategies to replicate the interest risk of banks' banking books. The following empirical statements are derived. (i) Changes in banks' market value and in their net interest income are highly correlated, irrespective of the banks' portfolio composition. (ii) However, banks' portfolio composition has a huge impact on the ratio of changes in net interest income relative to changes in market value. These results are important for the design and interpretation of interest rate stress tests for banks.     

建立有效内控体系强化操作风险管理

内部控制的失效往往是商业银行操作风险频发的最主要原因,应通过建立有效的内控体系加以控制和防范,并在此基础上构建全面的操作风险管理体系。     

Decoupled earnings: An institutional perspective of the consequences of maximizing shareholder value

Recent accounting scandals have brought focus on the role of management in financial statement manipulation. This focus on micro-behavior does not capture the complexities of earnings management. Taking an institutional rather than agency theory approach, earnings management is posited as a decoupled behavior. A behavior that results from not only agency-based motivations of self-interests, but also regulative, normative, and cultural-cognitive legitimacy pressures. Conformity to the central logic of “maximizing shareholder value” found in the “US financial market” institutional field provides the context in which to explore earnings management as a decoupled behavior. Insights for earnings management include the blending of agency and institutional theory perspectives to gain a more complete understanding of the behavior and the positing of a continuum of earnings management conducive to this merger. Institutional theory benefits from exploring the nesting in multiple institutional fields.     

IT internal control weaknesses and firm performance: An organizational liability lens

The information systems literature and the public press have called for organizations to more closely scrutinize their information technology (IT) controls; however, little more than anecdotal evidence exists on the business value of quality IT internal control, beyond regulatory compliance. In this paper, we (a) advance an organizational liability perspective to the question of IT internal control value; and (b) use the unique setting provided by the enactment of the Sarbanes–Oxley Act of 2002 (SOX) to investigate the relationship between IT internal control weaknesses (ICWs) and both accounting earnings (a contemporaneous measure of firm performance) and market value (a forward looking, risk-adjusted measure of firm performance). Using a data set that provides audited annual assessments of the effectiveness of both IT and non-IT internal controls for a cross-section of companies as mandated by SOX, we find that firms that report an IT ICW have lower accounting earnings compared to firms with strong IT internal controls. We also find that IT ICW moderates the association between accounting earnings and market valuation, with firms reporting weak IT internal controls having a lower earnings multiple. These results are sustained even after controlling for non-IT ICWs and firm-specific factors that are known determinants of ICWs, and are reinforced using an inter-temporal changes analysis in which we use each firm as its own control at a different point in time. Overall, our results provide empirical evidence which suggests that IT internal controls are a strategic necessity and that information systems risk is priced by the capital markets. The implications of these findings for theory and practice are discussed.     

Board composition and operational risk events of financial institutions

We investigate the relation between board composition and operational risk events of financial institutions in the period from 1996 to 2010. Drawing from corporate governance literature, we consider the impact of board characteristics on the likelihood of operational risk events. Overall, our findings suggest that board size is negatively and non-linearly associated with the possibility of operational risk events. For the event types of “Clients, Products, and Business Practices,” and “Internal Fraud and External Fraud,” firms with a higher proportion of independent directors are less likely to suffer from fraud or failure to comply with professional obligations to clients. Our results on age and tenure heterogeneity also indicate that having a more diverse board can have an adverse impact on the board monitoring function. These results can shed new light on board demographics and operational risk management in financial institutions.     

An agency-based perspective on the performance consequences of COO adoption

The aim of this study is to explain the performance consequences of the adoption of a Chief Operating Officer (COO) position by drawing from agency theory. Although, prior research has documented a performance penalty associated with the use of this position, we currently have an incomplete understanding of the factors explaining this penalty. This study suggests that the delegation of CEO decision rights to the COO is explained by information transfer and agency considerations. Largely consistent with agency theory, our empirical analysis suggests information transfer considerations are related to the likelihood of COO adoption, while CEO ownership and board characteristics mitigate the related performance penalty.     

价值链内部控制模型研究

内部控制是价值链企业开展全面业务合作,实现价值链管理目标的保证。本文用现代控制理论的思想对价值链内部控制问题进行了深入研究,提出了价值链内部控制、价值链内部控制系统及其相关概念;并从价值链内部控制的特点出发构建了价值链内部控制模型,同时详细分析了价值链内部控制的机理和过程。     

Transitional credit modelling and its relationship to market value at risk: an Australian sectoral perspective

Internal credit risk modelling is important for banks for the calculation of capital adequacy in terms of the Basel Accords, and for the management of sectoral exposure. We examine Credit Value at Risk (VaR), Conditional Credit Value at Risk (Credit CVaR) and the relationship between market and credit risk. Significant association is found between different Credit CVaR methods, and between market and credit risk. Simpler Credit CVaR methods are found to be viable alternatives to more complex methodology. The relationship between market and credit risk is used to develop a new model that allows banks to incorporate industry risk into transition modelling, without macroeconomic analysis.     

银行IT外包及其风险控制

随着金融信息化的深入发展，IT外包服务在银行信息化建设中所处的地位日益显著，它可以使银行业整合利用信息技术服务提供商的专业技能和先进的管理经验，从而降低成本、提高效率、集中优势资源、充分发挥自身核心竞争力和增强银行对环境的迅速应变能力，是金融信息化进程中不可或缺的板块。     

An evidential reasoning approach to Sarbanes-Oxley mandated internal control risk assessment

In response to the enactment of the Sarbanes-Oxley Act 2002 and of the release of the Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5, this study develops a risk-based evidential reasoning approach for assessing the effectiveness of internal controls over financial reporting (ICoFR). This approach provides a structured methodology for assessing the effectiveness of ICoFR by considering relevant factors and their interrelationships. The Dempster-Shafer theory of belief functions is utilized for representing risk.First, we develop a generic ICoFR assessment model based upon a Big 4 audit firm's approach and apply it to a real-world example. Then, based on this model, we develop a quantitative representation of various levels of ICoFR effectiveness and related risk-assessment as defined by the PCAOB and contrast these representations with levels implied by Auditing Standard No. 5. In doing so, we demonstrate the potential value of formal risk assessment models in both facilitating the assessment of risks in an individual engagement and in assessing the effects of different regulations.     

Sudden crash or long torture: The timing of market reactions to operational loss events

An emerging literature investigating market responses to operational loss announcements concludes that financial markets tend usually to overreact to loss events. This overreaction is commonly interpreted as reputational damage. We revisit this issue by focusing on the timing of markets’ reactions and highlight two variables: the start and the speed of stock markets’ responses. It appears that when operational losses are caused by internal fraud the negative market reaction materializes earlier and faster. Industry sectors and prevailing market conditions influence the timing of market reactions as well. Our empirical findings reveal moreover that a higher initial grading of the company is associated with a later stock market reaction to the announcement. While the relative magnitude and the length of markets’ overreactions is positively correlated to the concomitant downgrading our study shows that overreaction magnitudes are also strongly correlated to our estimate of the total duration of the reaction.     

Rethinking IT governance: Designing a framework for mitigating risk and fostering internal control in a DevOps environment

An increasing amount of companies is transforming their IT departments towards cross-functional teams which are responsible for both development and operation of software and use automation to speed up their delivery process. This novel approach, which is commonly known as “DevOps”, promises many benefits such as increased speed and frequency of deployment. However, companies using DevOps are often struggling with demonstrating control of their software delivery processes to IT auditing parties, due to the decentralized decision-making structures and high degree of automation in DevOps teams. The research at hand presents a framework which aims to provide guidance to organizations in mitigating and governing risks in IT teams and departments that make use of the DevOps paradigm. We have adopted a design science research approach, building on a literature review and semi-structured interviews with seventeen employees from nine Dutch companies that are in different stages of their DevOps transition. The results suggest that two main factors which influence how departments design their DevOps environment are risk appetite and the DevOps maturity. We furthermore find that companies in practice often use a mixture of traditional, manual IT controls and the automated controls suggested in literature. Based on these insights, a situational control framework is designed which suggests suitable risk mitigation practices.     

国家文化视角的内部控制研究

本文选择国家文化作为内部控制的研究视角,以日、美企业内部控制的差异为例研究国家文化对内部控制的作用机理。在归纳中国传统文化基本内核的基础上,研究中国企业内部控制体系的构建,提出建立宏观层面的社会控制、企业层面的内部控制和个体层面的自我控制的"三位一体"的控制链体系。     

Stock market signals and consequences of securities class actions lawsuits: a microstructure perspective

Review of Quantitative Finance and Accounting - We perform a microstructure analysis of trading activities pre- and post-class period end-dates of securities class action lawsuits. We posit that...     

Estimation of tail‐related risk measures in the Indian stock market: An extreme value approach

The purpose of the study is to estimate tail-related risk measures using extreme value theory (EVT) in the Indian stock market. The study employs a two stage approach of conditional EVT originally proposed by McNeil and Frey (2000) to estimate dynamic Value at Risk (VaR) and expected shortfall (ES). The dynamic risk measures have been estimated for different percentiles for negative and positive returns. The estimates of risk measures computed under different quantile levels exhibit strong stability across a range of the selected thresholds, implying the accuracy and reliability of the estimated quantile based risk measures.     

从美日两国相关审计准则看内部控制欠缺的判断与风险管理

为了提高上市公司财务报表的信赖性,防止重大会计错报的出现,注册会计师审计增加了对企业内部控制制度的审查。2004年美国上市公司监督委员会(PCAOB)颁布了第2号审计准则(Auditing Standard No.2,AS2),要求注册会计师在进行财务报表审计时,要对企业的内部控制制度进行验证,并发表审计意见。日本的企业会计审议会也在2007年2月15日颁布了《有关财务报表的内部控制制度的评价与审计的准则》,并于2008年4月1日起正式实行内部控制报告和审计制度。这项新型审计工作增加了注册会计师审计的业务量,扩大了审计的责任。本文在概括美日两国审计准则的基础上,结合风险管理探讨内部控制的评价。     

Corporate risk management and firm value: evidence from the UK market

The paper evaluates the effect of corporate risk management activities on firm value, using a sample of large UK non-financial firms. Following recent changes in financial reporting standards, we are able to collect detailed information on risk management activities from audited financial reports. This enables us to gain a better understanding of risk management practices and to investigate value implications of different types of hedging. Overall 86.88% of the firms in the sample use derivatives to manage at least one type of price risk. The hedging premium is statistically and economically significant for foreign currency derivative users, while we provide weak evidence that interest rate hedging increases firm value. The extent of hedging and the hedging horizon have an impact on the hedging premium, whereas operational risk management activities do not significantly influence the market value of the firm.     

IT治理:管控IT风险的治本之策

本文主要以银行的IT风险管理为研究对象,阐述了IT风险的定义、范围和分类,通过分析IT治理的概念和IT风险的特点,提出了IT治理是全面管控IT风险的治本之策。