Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Slides:



Advertisements
Similar presentations
Options appraisal, the business case & procurement
Advertisements

Internal Control–Integrated Framework
Planning: Processes and Techniques
Basic Concepts of Strategic Management
Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Auditing Computer-Based Information Systems
1.
Planning and Strategic Management
CISB444 - Strategic Information Systems Planning
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Chapter 1 Accounting Information Systems: An Overview Copyright © 2012 Pearson Education 1-1.
Implementing and Auditing Ethics Programs
Introduction to Accounting Information Systems. Learning Objectives To appreciate the complex, dynamic environment in which accounting is practiced. To.
Accounting Information Systems: An Overview
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Planning and Strategic Management
Planning and Strategic Management
Accounting Information Systems: An Overview
CHAPTER NO. 8 STRATEGIC HUMAN RESOURCE MANAGEMENT HUMAN RESOURCE
Chapter 4 Internal Controls McGraw-Hill/Irwin
Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems 1-1 Lecture 1 Introduction to Managerial Accounting.
Information Technology Audit
Internal Auditing and Outsourcing
Slide 2-1.
McGraw-Hill/Irwin Copyright 2006 by The McGraw-Hill Companies, Inc.
Chapter 3 Internal Controls.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
Copyright © 2011 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Planning and Strategic Management Chapter 04.
Copyright © 2005 by South-Western, a division of Thomson Learning All rights reserved 1 Chapter 7 Planning and Strategy.
The Chicken or the Egg: A study of Risk Management and Strategic Planning Presented by Raven Henderson Raven Lane, LLC.
Internal Control in a Financial Statement Audit
Internal Control in a Financial Statement Audit
Chapter 1 Accounting Information Systems: An Overview Copyright © 2012 Pearson Education 1-1.
1 © 2012 John Wiley & Sons, Ltd, Accounting for Managers, 4th edition, Chapter 2 Accounting and its Relationship to Shareholder Value and.
Evaluation of Internal Control System
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Chapter 1 Accounting Information Systems: An Overview Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 1-1.
Chapter 1 Accounting Information Systems: An Overview Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 1-1.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
Chapter 9: Introduction to Internal Control Systems
Copyright © 2007 Pearson Education Canada 7-1 Chapter 7: Audit Planning and Documentation.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Kathy Corbiere Service Delivery and Performance Commission
12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)
Chapter Nine Building Customer Relationships Through Effective Marketing.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO.
Governance, Risk and Ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
The Role of the CRO in ERM Networking Evening Colin Ledlie 12/05/08.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
Company LOGO Chapter4 Internal control systems. Internal control  It is any action taken by management to enhance the likelihood that established objectives.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 4 Enterprise Systems
Policies and Planning Premises: Strategic Management
Chapter 9 Control, security and audit
Building Customer Relationships Through Effective Marketing
MGT 498 Education for Service-- snaptutorial.com.
MGT 498 TUTORIAL Lessons in Excellence -- mgt498tutorial.com.
MGT 498 Education for Service-- snaptutorial.com
MGT 498 TUTORIAL Education for Service--mgt498tutorial.com.
MGT 498 Teaching Effectively-- snaptutorial.com
MGT 498 EDU Education for Service-- mgt498edu.com.
Adding Value Across the Board
Define Your IT Strategy
Presentation transcript:

Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007

Chapter One Objectives 1. Describe the nature and characteristics of business. 2. Interpret the role of external environment and internal processes in achieving business objectives. 3. Explain the relationship between a business and its information systems. 4. Comprehend industry risk, business strategy risk, business process risk, and business outcomes risk. 5. Describe the nature and role of information systems assurance. 6. Understand management’s role in information systems assurance..

It’s all about Risk Risk can be described as the difference between business objectives and actual performance. Risk = Objectives – Actual performance Objectives- What you thought you would achieve. Actual performance- What you actually achieved.

How is eBay managing risk? eBay’s core capability: auctioning platform To manage risk of slow growth or heavy competition from Google, eBay wants to diversify. Through its online reach, eBay plans to connect local users with local businesses. eBay’s first move into the local market is a way to manage its business risk.

Enterprise Risk Management Enterprise risk management (ERM) is a process, effected by an entity’s board of directors, management, and other personnel, applied in strategic setting and across the enterprise, designed to: Identify potential events that may affect the entity, and Manage risk to be within its appetite To provide reasonable assurance regarding the achievement of entity objectives.

Example: First time issue of corporate credit card It is a potential event – a decision that the company needs to make Both risk and opportunity: Risk: Potential for fraud, abuse Opportunity: Transaction processing efficiency, accountability, reduced need for cash disbursements Risk category: Control risk – mainly financial Risk response: Credit Card Use Policy Decision to use corporate credit cards Assurance: Do the benefits materialize? Are risks managed well?

Risk Components in Enterprise Risk Business risk from enviornment and strategy Business enviornment risk Business strategy risk Control risk from systems and operations Business process risk Financial performance risk Operational risk Compliance and financial reporting risk

Business risk from enviornment and strategy Business environment risk emerges from the very nature of industry and its enviornment. Business strategy risk emanates from ineffective or poorly executed strategy. A company’s business model should be aligned to its strategy.

Control risk from systems and operations Business process Is a series of related activities or tasks that collectively add value. Is one critical member of the triad: processes, structure, and information. Business process risk is an internal risk of mismanagement of a critical process. This is a risk that is mostly within the company’s control. Financial performance risk Operational risk Compliance and financial reporting risk

Business Processes and Information Systems Within a structure, people add value through processes. Processes can be at top-, mid-, or micro-levels. They can be classified also by function (procurement, human resource, etc.) or by long term impact (strategic, tactical, operational). Processes allow a business to create predictability in behavior. Processes are intertwined with information processing. People in a process use information and at the same time, generate additional data. Thus, business processes, supported by organization structure, depend on information systems. They also generate inputs for the information systems.

The triad – structure, processes, and information – warrants control. Business model chosen by the firm Influences the triad. To manage risk, the triad should be subject to control and security. This is management’s responsibility.

Information Systems Assurance Assurance: To establish with little doubt the state of something. Seeking assurance would require that objectives of assurance are determined first. Assurance requires systematic investigation of processes and their results. Information system assurance refers to seeking assurance on any aspect of an information system Example: An assurance that information assets are protected from an external or internal threat.

IS assurance is critical to most companies. Because business processes are closely intertwined with information systems processes. Therefore, doing business and keeping information systems running smoothly needs to happen concurrently. Because of business model of the firm links its systems to the outside world. Because information systems are complex and integrated, such in the case of enterprise resource planning (ERP).

Assurance and Risk Management One can seek assurance for any situation (or event) that entails risk. Security and control of information assets is about managing risk. In fact, it can be argued that in most cases such assurance is a component of overall plan for control and security of information assets. An effective assurance service should meet the following criteria: The provider must have knowledge of the field involved. There should be specific criteria for evaluation of the situation. The provider must be independent of the situation and should conduct a separate investigation.

An IS Assurance Approach 1. Outline assurance objectives. 2. Obtain a solid grasp of the context of assurance. Systems, processes, structure, types of transactions, information outputs. 3. Analyze the nature and types of risks involved. 4. Assess relevant control and security measures in place. 5. Conduct tests of effectiveness for these measures. 6. Analyze findings to grasp how well the risks are mitigated. 7. Provide a report of objectives, evidence, findings, and conclusions.

Management’s Role in IS Assurance Risk management is the responsibility of top management. To mitigate risk, the management should implement a control system. A key purpose of a control system is to ensure that behaviors and decisions of people are consistent with the entity’s objectives. A control system has several layers: Management control system System controls Application controls

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.