The Austrian food retail sector is part of the critical infrastructure and is legally obligated to ensure the supply of essential goods to the citizens. According to the Allianz Risk Barometer 2025, IT outages and business interruptions have ranked among the most significant risks for companies in Europe for the fourth consecutive year. A study has shown that food retail companies in Austria are only partially protected against power outages. Numerous business processes are directly dependent on an intact IT infrastructure. Consequently, the food retail sector is challenged to adapt business processes to operate without an available power grid and to implement preventive measures. The objective of this thesis is to examine suitable cause-effect methods for the identification, analysis and assessment of IT risks within the framework of risk management. Central terms, such as the concept of risk, are analyzed and risk management is differentiated from crisis management and business continuity management. This thesis describes the risk management process according to ÖNORM ISO 31000:2018 and demonstrates how risks can be systematically addressed using the risk management cycle. As part of the risk assessment phase, selected causeeffect analysis methods are presented and evaluated using a standardized assessment framework with regard to their suitability for addressing uncontrollable IT risks. It was found that while all analyzed methods are appropriate for specific application areas, the Bow-Tie Analysis is particularly suitable for IT risks due to its structured methodology and clear visual representation. In the final chapter of this thesis, the Bow-Tie Analysis is practically applied using a case study involving the analysis of a top IT risk faced by an Austrian food retailer. First, the causes and consequences of the considered IT risk were identified, and existing barriers were recorded. The probability of occurrence was assessed using a developed frequency matrix, both with and without barriers. To validate the results, independent evaluations were conducted by subject-matter experts. Based on the findings, it was shown that in this case study, preventive measures lead to a delay in IT outages.
| Date of Award | 2025 |
|---|
| Original language | German (Austria) |
|---|
| Supervisor | Günter Hoffellner (Supervisor) |
|---|
Möglichkeit zur Risikobewertung eines IT-Ausfalls mit Hilfe von ausgewählten Ursache-Wirkungs-Analysen am Beispiel eines Handelsunternehmens
Stotz, F. (Author). 2025
Student thesis: Bachelor's Thesis