Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Published byHugo Hodge Modified over 8 years ago

Similar presentations

Presentation on theme: "Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007."— Presentation transcript:

1 Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007

2

3 Chapter One Objectives 1. Describe the nature and characteristics of business. 2. Interpret the role of external environment and internal processes in achieving business objectives. 3. Explain the relationship between a business and its information systems. 4. Comprehend industry risk, business strategy risk, business process risk, and business outcomes risk. 5. Describe the nature and role of information systems assurance. 6. Understand management’s role in information systems assurance..

4 It’s all about Risk Risk can be described as the difference between business objectives and actual performance. Risk = Objectives – Actual performance Objectives- What you thought you would achieve. Actual performance- What you actually achieved.

5 How is eBay managing risk? eBay’s core capability: auctioning platform To manage risk of slow growth or heavy competition from Google, eBay wants to diversify. Through its online reach, eBay plans to connect local users with local businesses. eBay’s first move into the local market is a way to manage its business risk.

6 Enterprise Risk Management Enterprise risk management (ERM) is a process, effected by an entity’s board of directors, management, and other personnel, applied in strategic setting and across the enterprise, designed to: Identify potential events that may affect the entity, and Manage risk to be within its appetite To provide reasonable assurance regarding the achievement of entity objectives.

7

8

9 Example: First time issue of corporate credit card It is a potential event – a decision that the company needs to make Both risk and opportunity: Risk: Potential for fraud, abuse Opportunity: Transaction processing efficiency, accountability, reduced need for cash disbursements Risk category: Control risk – mainly financial Risk response: Credit Card Use Policy Decision to use corporate credit cards Assurance: Do the benefits materialize? Are risks managed well?

10 Risk Components in Enterprise Risk Business risk from enviornment and strategy Business enviornment risk Business strategy risk Control risk from systems and operations Business process risk Financial performance risk Operational risk Compliance and financial reporting risk

11

12 Business risk from enviornment and strategy Business environment risk emerges from the very nature of industry and its enviornment. Business strategy risk emanates from ineffective or poorly executed strategy. A company’s business model should be aligned to its strategy.

13 Control risk from systems and operations Business process Is a series of related activities or tasks that collectively add value. Is one critical member of the triad: processes, structure, and information. Business process risk is an internal risk of mismanagement of a critical process. This is a risk that is mostly within the company’s control. Financial performance risk Operational risk Compliance and financial reporting risk

14 Business Processes and Information Systems Within a structure, people add value through processes. Processes can be at top-, mid-, or micro-levels. They can be classified also by function (procurement, human resource, etc.) or by long term impact (strategic, tactical, operational). Processes allow a business to create predictability in behavior. Processes are intertwined with information processing. People in a process use information and at the same time, generate additional data. Thus, business processes, supported by organization structure, depend on information systems. They also generate inputs for the information systems.

15 The triad – structure, processes, and information – warrants control. Business model chosen by the firm Influences the triad. To manage risk, the triad should be subject to control and security. This is management’s responsibility.

16 Information Systems Assurance Assurance: To establish with little doubt the state of something. Seeking assurance would require that objectives of assurance are determined first. Assurance requires systematic investigation of processes and their results. Information system assurance refers to seeking assurance on any aspect of an information system Example: An assurance that information assets are protected from an external or internal threat.

17 IS assurance is critical to most companies. Because business processes are closely intertwined with information systems processes. Therefore, doing business and keeping information systems running smoothly needs to happen concurrently. Because of business model of the firm links its systems to the outside world. Because information systems are complex and integrated, such in the case of enterprise resource planning (ERP).

18 Assurance and Risk Management One can seek assurance for any situation (or event) that entails risk. Security and control of information assets is about managing risk. In fact, it can be argued that in most cases such assurance is a component of overall plan for control and security of information assets. An effective assurance service should meet the following criteria: The provider must have knowledge of the field involved. There should be specific criteria for evaluation of the situation. The provider must be independent of the situation and should conduct a separate investigation.

19 An IS Assurance Approach 1. Outline assurance objectives. 2. Obtain a solid grasp of the context of assurance. Systems, processes, structure, types of transactions, information outputs. 3. Analyze the nature and types of risks involved. 4. Assess relevant control and security measures in place. 5. Conduct tests of effectiveness for these measures. 6. Analyze findings to grasp how well the risks are mitigated. 7. Provide a report of objectives, evidence, findings, and conclusions.

20 Management’s Role in IS Assurance Risk management is the responsibility of top management. To mitigate risk, the management should implement a control system. A key purpose of a control system is to ensure that behaviors and decisions of people are consistent with the entity’s objectives. A control system has several layers: Management control system System controls Application controls

21

Download ppt "Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007."

Similar presentations

Options appraisal, the business case & procurement

Options appraisal, the business case & procurement
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Planning: Processes and Techniques

Planning: Processes and Techniques
Basic Concepts of Strategic Management

Basic Concepts of Strategic Management
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
1.

1.
Planning and Strategic Management

Planning and Strategic Management
CISB444 - Strategic Information Systems Planning

CISB444 - Strategic Information Systems Planning
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Chapter 1 Accounting Information Systems: An Overview Copyright © 2012 Pearson Education 1-1.

Chapter 1 Accounting Information Systems: An Overview Copyright © 2012 Pearson Education 1-1.
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs
Introduction to Accounting Information Systems. Learning Objectives To appreciate the complex, dynamic environment in which accounting is practiced. To.

Introduction to Accounting Information Systems. Learning Objectives To appreciate the complex, dynamic environment in which accounting is practiced. To.
Accounting Information Systems: An Overview

Accounting Information Systems: An Overview
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Planning and Strategic Management

Planning and Strategic Management
Planning and Strategic Management

Planning and Strategic Management

Similar presentations

Ads by Google