Finance and Credit

Abstracting and Indexing

Referativny Zhurnal VINITI RAS
LCCN Permalink
Google Scholar

Online available



Cyberleninka (12 month OA embargo)

Internal control in banks: Assessing the risk of cyber attacks

Vol. 25, Iss. 3, MARCH 2019

Received: 13 December 2018

Received in revised form: 5 February 2019

Accepted: 19 February 2019

Available online: 29 March 2019

Subject Heading: Banking

JEL Classification: G21, G32, L86

Pages: 500–513

Revenkov P.V. Financial University under Government of Russian Federation, Moscow, Russian Federation

Subject To enhance banking risk management, internal control service specialists should be able to assess risks associated with cyber attacks and promptly inform the management of credit institutions about possible consequences.
Objectives The article focuses on developing ways to assess the risk of computer attacks and their impact on automated banking systems, which can be used by specialists of internal control services for quality control of banking risk management in conditions of using electronic banking systems.
Methods I employ general scientific methods of cognition, like analysis and synthesis, induction and deduction, the analogy method. I also use the techniques of systems analysis of academic literature in the field of theoretical and applied research, and a graphic method to interpret the investigated phenomena.
Results I developed a general approach to assessing the risk of exposure to cyber attacks on banks. The said approach may be useful for internal control services specialists to improve the methodological support and enhance the performance of the entire risk management system in banks.
Conclusions and Relevance The novelty of the findings may contribute to enhancing the efficiency of the risk management system in banks under the impact of cyber attacks on automated banking systems.

Keywords: internal control, cyber attack, cybersecurity, risk assessment


  1. Rud'ko-Silivanov V.V., Lapina K.V., Kryuchkova E.A. [The Conceptual Basis and Organization of the System of Internal Control]. Den'gi i kredit = Russian Journal of Money and Finance, 2011, no. 2. 36–41. URL: Link (In Russ.)
  2. Revenkov P.V. Upravlenie riskami v usloviyakh elektronnogo bankinga: monografiya [Risk management in electronic banking: a monograph]. Moscow, ITKOR Publ., 2011, 167 p.
  3. Galligan M.E., Rau K. COSO in the Cyber Age. URL: Link
  4. Ross A. Industrii budushchego [The Industries of the Future]. Moscow, AST Publ., 2017, 352 p.
  5. Kryshkin O. Nastol'naya kniga po vnutrennemu auditu: riski i biznes-protsessy [Handbook on internal audit: Risks and business processes]. Moscow, Al'pina Pablisher Publ., 2015, 478 p.
  6. Kostikova L.V., Tsangl' N.E. Risk-orientirovannyi vnutrennii audit v banke: metodicheskoe posobie [Risk-oriented internal audit in bank: a methodological guide]. Moscow, Reglament-Media Publ., 2014, 203 p.
  7. Lyamin L.V. [Electronic banking and risks of its customers]. Banknoty stran mira = Banknotes of the World, 2018, no. 7, pp. 26–28. URL: Link (In Russ.)
  8. Roux C. Cybersecurity and Cyber Risk. URL: Link
  9. Berdyugin A.A. [Risk management of information security violation in conditions of electronic banking]. Voprosy kiberbezopasnosti = Cybersecurity Issues, 2018, no. 1, pp. 28–38. URL: Link (In Russ.)
  10. Macknight J. Cyber Security: Making Banking Safer. The Banker, 2016, vol. 166, no. 1080, pp. 110–115. URL: Link
  11. Camillo M. Cybersecurity: Risks and Management of Risks for Global Banks and Financial Institutions. Journal of Risk Management in Financial Institutions, 2017, vol. 10, no. 2, pp. 196–200. URL: Link

View all articles of issue


ISSN 2311-8709 (Online)
ISSN 2071-4688 (Print)

Journal current issue

Vol. 25, Iss. 5
May 2019