Eric Cope

Regret and Convergence Bounds for a Class of Continuum-Armed Bandit Problems

We consider a class of multi-armed bandit problems where the set of available actions can be mapped to a convex, compact region of Ropfd, sometimes denoted as the ldquocontinuum-armed banditrdquo problem. The paper establishes bounds on the efficiency of any arm-selection procedure under certain conditions on the class of possible underlying reward functions. Both finite-time lower bounds on the growth rate of the regret, as well as asymptotic upper bounds on the rates of convergence of the selected control values to the optimum are derived. We explicitly characterize the dependence of these convergence rates on the minimal rate of variation of the mean reward function in a neighborhood of the optimal control. The bounds can be used to demonstrate the asymptotic optimality of the Kiefer-Wolfowitz method of stochastic approximation with regard to a large class of possible mean reward functions.

Incorporating risk into business process models

Although business process modeling is considered as a core activity in enterprise risk management, existing process modeling languages do not include a complete notation for documenting how processes can fail. This paper develops a conceptual framework for extending standard business process metamodels to include comprehensive information that is useful for managing and quantifying operational risk in business processes. We provide formal extensions of the Business Process Modeling Notation standard, as well as a step-by-step process for creating a risk-extended process model.

Observed correlations and dependencies among operational losses in the ORX consortium database

We survey a range of correlation and dependence measures among operational losses among an international consortium (ORX) of banks. In general, we find little evidence of strong correlations, and some slight evidence of tail dependencies among quarterly aggregate loss values among business line, event type, and Basel cell (combination business line/event type) units of measure. The implications for diversification benefits when aggregating losses across units of measure are further explored through direct empirical measurement.

Managing business health in the presence of malicious attacks

Business metrics play a critical role in determining the best system-level configuration to achieve an organizational business-level goal. We present a framework for reasoning about business-level implications of malicious attacks affecting information technology (IT) systems that underlie various business processes. Through an exemplar web-based retail company scenario, we demonstrate how to quantify both the relative value of the individual business processes, and the relative cost to the business caused by breach of key security properties. The framework allows for mapping business-level metrics to IT system-level metrics, and uses a combination of those metrics to recommend optimal response actions and to guide recovery from security attacks. We validate the framework against three high-impact attack classes common in such web-based retail company situations.

Three key enablers to successful enterprise risk management

Enterprise risk management (ERM) refers to a set of processes that enables the effective management of the risks, opportunities, and expected and unexpected events that may affect the enterprise. The successful implementation of ERM is a challenging task in part because it requires collaboration among multiple business units of different sizes, scope, and capability, each facing what it perceives as unique risks. Other difficulties with ERM implementations include lack of adoption of an enterprise-wide governance model, lack of a common risk language (e.g., taxonomy), and uneven levels of maturity within an organization regarding the management of risks. This paper establishes three conceptual frameworks that provide a basis for an enterprise embarking on ERM: 1) a risk management cycle; 2) a risk-related taxonomy; and 3) an ERM maturity model. The risk management cycle provides a discipline to consistently and coherently manage virtually all risks in the enterprise. The risk taxonomy provides a foundation for clear and concise communication about risk across the enterprise to enable better risk management. The ERM maturity model, and its associated capability assessment, allows an organization to determine gaps in its current risk management processes and define ways to improve those ERM capabilities. Together, these three frameworks are key enablers for a successful ERM implementation and ongoing operation.

A publication process model to enable privacy-aware data sharing

As the Internet continues to permeate and connect communities, businesses, and things, there is an increasing demand for new approaches and technologies to analyze and synthesize data generated from diverse and distributed sources. In addition, this data must be accessible to a set of users having different analytic objectives and viewpoints. We examine these topics in light of the growing number of data consortia in sectors such as finance and healthcare, whose role is to share data among a set of contributing members. We address the need for data consortia to apply data customization and context-alignment services to make heterogeneous data relevant for its subscribers. Such services include record linkage, record selection, and scaling and homogeneity analysis. In addition, the often personal or business-sensitive nature of such data requires that privacy-preservation methods be employed to avoid improper disclosures. We provide a publication process model for data consortia that allow users to extract the maximum amount of information from these heterogeneous databases in a privacy-aware manner. We describe the Operational Riskdata eXchange (ORX) as a successful case study to illustrate these concepts.