forked from hwyler/HernanHuwylerRiskManagement
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathRITComplianceImpacts
More file actions
106 lines (85 loc) · 4.98 KB
/
RITComplianceImpacts
File metadata and controls
106 lines (85 loc) · 4.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# Project Risk quantification in R. A repository for simulating and analyzing risk losses in cyber and compliance.
# Status This project is actively being developed and is in the production stage.
# Tags/Topics - Risk management - Data Analysis - R - Convolve - Convolution - Monte Carlo Simulation - IT Risks - AI Risks - Cyber Risks
# License This project is open source, originally provided by Prof. Hernan Huwyler, MBA CPA.
# Data input
Simulations <- 100000 # Number of scenarios to simulate
Events <- 4 # Number of expected annual events to materialize (Poisson distribution)
it_lower <- 10000 # Lower value of the IT losses
it_upper <- 20000 # Upper value of the IT losses
compliance_lower <- 25000 # Lower value of the compliance losses
compliance_upper <- 75000 # Upper value of the compliance losses
confidence_level <- 0.8 # Confidence level that the IT losses will be in the lower and upper range
Reserve <- 0.8 # Percentile measure of risk exposure
it_compliance_percentage <- 0.2 # Percentage of IT scenarios also causing a compliance loss
control_effectiveness <- 0.5 # Control effectiveness, reduces the Poisson distribution by 50%
set.seed(123) # Set random seed for replicability
# Simulate Poisson-distributed random variables (number of events)
Prob <- rpois(Simulations, lambda = Events * (1 - control_effectiveness))
# Calculate the error margin for the specified confidence level
error <- (1 - confidence_level) / 2
# Calculate the lower and upper quantiles for the confidence level
it_lowerq <- qlnorm(error) # Lower quantile for the confidence level
it_upperq <- qlnorm(1 - error) # Upper quantile for the confidence level
compliance_lowerq <- qlnorm(error) # Lower quantile for the compliance losses
compliance_upperq <- qlnorm(1 - error) # Upper quantile for the compliance losses
# Log-transform the lower and upper bounds for IT losses
it_log_lower <- log(it_lower)
it_log_upper <- log(it_upper)
# Log-transform the lower and upper bounds for compliance losses
compliance_log_lower <- log(compliance_lower)
compliance_log_upper <- log(compliance_upper)
# Calculate the true mean and standard deviation of the log-transformed values for IT losses
it_true_mean_log <- (it_log_lower + it_log_upper) / 2
it_true_sd_log <- (it_log_upper - it_log_lower) / (2 * qnorm(1 - error))
# Calculate the true mean and standard deviation of the log-transformed values for compliance losses
compliance_true_mean_log <- (compliance_log_lower + compliance_log_upper) / 2
compliance_true_sd_log <- (compliance_log_upper - compliance_log_lower) / (2 * qnorm(1 - error))
# Simulate Lognormal-distributed random variables for IT losses (financial loss per event)
IT_Impact <- rlnorm(n = Simulations, meanlog = it_true_mean_log, sdlog = it_true_sd_log)
# Simulate Lognormal-distributed random variables for compliance losses (financial loss per event)
Compliance_Impact <- numeric(Simulations)
compliance_occurrence <- sample(c(0, 1), Simulations, replace = TRUE, prob = c(1 - it_compliance_percentage, it_compliance_percentage))
for (i in 1:Simulations) {
if (compliance_occurrence[i] == 1) {
Compliance_Impact[i] <- rlnorm(n = 1, meanlog = compliance_true_mean_log, sdlog = compliance_true_sd_log)
} else {
Compliance_Impact[i] <- 0
}
}
# Combine distributions using convolution for each scenario separately for IT losses
combined_distribution_IT <- lapply(1:Simulations, function(i) {
conv <- numeric(length(Prob[[i]]) + length(IT_Impact[[i]]) - 1)
for (j in seq_along(Prob[[i]])) {
for (k in seq_along(IT_Impact[[i]])) {
conv[j + k - 1] <- conv[j + k - 1] + Prob[[i]][j] * IT_Impact[[i]][k]
}
}
conv
})
# Combine distributions using convolution for each scenario separately for compliance losses
combined_distribution_Compliance <- lapply(1:Simulations, function(i) {
conv <- numeric(length(Prob[[i]]) + length(Compliance_Impact[i]) - 1)
for (j in seq_along(Prob[[i]])) {
for (k in seq_along(Compliance_Impact[i])) {
conv[j + k - 1] <- conv[j + k - 1] + Prob[[i]][j] * Compliance_Impact[i][k]
}
}
conv
})
# Calculate the total loss for each scenario (IT losses)
x_IT <- sapply(1:Simulations, function(i) sum(combined_distribution_IT[[i]]))
# Calculate the total loss for each scenario (compliance losses)
x_Compliance <- sapply(1:Simulations, function(i) sum(combined_distribution_Compliance[[i]]))
# Total loss combining IT and compliance losses
total_loss <- x_IT + x_Compliance
# Display a summary of the simulated data
summary(total_loss)
print(quantile(total_loss, probs = Reserve))
# Calculate the given percentile of the simulated losses
loss_at_reserve <- quantile(total_loss, probs = Reserve)
print(paste0(Reserve * 100, "th Percentile Loss: ", loss_at_reserve))
# Graph a Loss Exceedance Curve
number_sequence <- seq(0.01, 1, by = 0.001)
y <- sapply(number_sequence, function(i) quantile(total_loss, probs = i))
plot(number_sequence, y, type = "l", xlab = "Percentile", ylab = "Loss", main = "Loss Exceedance Curve")