Assessing Business Processes by Checking Transaction Documents for Inconsistency Risks and a Tool for Risk Assessment

2017 ◽  
pp. 70-82
Author(s):  
Takafumi Komoto ◽  
Kokichi Futatsugi ◽  
Nobukazu Yoshioka
Keyword(s):  
Risk Assessment ◽  
Business Processes

Business continuity plan

2020 ◽  
Vol 10 (2) ◽  
pp. 1-4
Author(s):  
Ashok Kumar
Keyword(s):  
Risk Assessment ◽  
Disaster Recovery ◽  
Business Processes ◽  
Business Continuity ◽  
Business Continuity Planning ◽  
Continuity Planning ◽  
Planning Methods ◽  
Multi Cloud

The Business continuity plan and strategy provide effective solutions to Multi-cloud and Microservice approach. The business continuity plan helps to maintain backup and disaster recovery. It ensures continuous business processes during disasters and emergencies. The business continuity planning methods that include risk assessment, analyze impacts, and entire business continuity strategies.

An Investigation of Factors Influencing the Use of Computer-Related Audit Procedures

2009 ◽  
Vol 23 (1) ◽  
pp. 97-118 ◽  
Author(s):  
Diane Janvrin ◽  
James Bierstaker ◽  
D. Jordan Lowe
Keyword(s):  
Risk Assessment ◽  
Firm Size ◽  
Business Processes ◽  
Internal Controls ◽  
Future Research ◽  
Audit Firm ◽  
Factors Influencing ◽  
Big 4 ◽  
Two Factors ◽  
Client System

ABSTRACT: We provide data on the extent to which computer-related audit procedures are used and whether two factors, control risk assessment and audit firm size, influence computer-related audit procedures use. We used a field-based questionnaire to collect data from 181 auditors representing Big 4, national, regional, and local firms. Results indicate that computer-related audit procedures are generally used when obtaining an understanding of the client system and business processes and testing computer controls. Furthermore, 42.9 percent of participants indicate that they relied on internal controls; however, this percentage increases significantly for auditors at Big 4 firms. Finally, our results raise questions for future research regarding computer-related audit procedure use.

Formalizing Integrity Management Workflows: Towards Integrity Process Modelling

2018 ◽  
Author(s):  
Alejandro Reyes ◽  
Otto Huisman
Keyword(s):  
Risk Assessment ◽  
Decision Making ◽  
Risk Management ◽  
Business Process ◽  
Asset Management ◽  
Process Model ◽  
Business Processes ◽  
Building Blocks ◽  
Assessment Process ◽  
Integrity Management

Workflows are the fundamental building blocks of business processes in any organization today. These workflows have attributes and outputs that make up various Operational, Management and Supporting processes, which in turn produce a specific outcome in the form of business value. Risk Assessment and Direct Assessment are examples of such processes; they define the individual tasks integrity engineers should carry out. According to ISO 55000, achieving excellence in Asset Management requires clearly defined objectives, transparent and consistent decision making, as well as a long-term strategic view. Specifically, it recommends well-defined policies and procedures (processes) to bring about performance and cost improvements, improved risk management, business growth and enhanced stakeholder confidence through compliance and improved reputation. In reality, such processes are interpreted differently all over the world, and the workflows that make up these processes are often defined by individual engineers and experts. An excellent example of this is Risk Assessment, where significant local variations in data sources, threat sources and other data elements, require the business to tailor its activities and models used. Successful risk management is about enabling transparent decision-making through clearly defined process-steps, but in practice it requires maintaining a degree of flexibility to tailor the process to the specific organizational needs. In this paper, we introduce common building blocks that have been identified to make up a Risk Assessment process and further examine how these blocks can be connected to fulfill the needs of multiple stakeholders, including data administrators, integrity engineers and regulators. Moving from a broader Business Process view to a more focused Integrity Management view, this paper will demonstrate how to formalize Risk Assessment processes by describing the activities, steps and deliverables of each using Business Process Model and Notation (BPMN) as the standard modeling technique and extending it with an integrity-specific notation we have called Integrity Modelling Language or IML. It is shown that flexible modelling of integrity processes based on existing standards and best practices is possible within a structured approach; one which guides users and provides a transparent and auditable process inside the organization and beyond, based on commonalities defined by best practice guidelines, such as ISO 55000.

Analisis Manajemen Risiko Teknologi Informasi pada Website Ecofo Menggunakan ISO 31000

2020 ◽  
Vol 1 (2) ◽  
pp. 128-146
Author(s):  
Miftakhatun Miftakhatun
Keyword(s):  
Risk Assessment ◽  
Information Technology ◽  
Risk Evaluation ◽  
Business Processes ◽  
Web Based ◽  
Medium Risk ◽  
Iso 31000 ◽  
Emerging Issues ◽  
Role Of Information

The role of information technology in the current era is becoming large in aspects of life. One of them is in the State Owned Enterprises (BUMN) in the East Banyumas KPH. The technology applied consists of a web-based information system that is used to manage ticket data designated by Ecofo. The application of technology is inseparable from the issuance of risks that arise that can hamper business processes. The purpose of this research is to study emerging issues and ways to save in order to minimize risks later on. This study uses the ISO 31000 method which is a method that specifically discusses risk management which has 5 stages of communication and consultation, determining context, risk assessment, risk analysis, risk evaluation), risk use and monitoring review. The results of this study consist of documentation found that identified 24 risks that have 3 levels of high risk, 10 levels of medium risk, and 11 levels of low risk that can be used as a reference to improve, manage and finance information technology assets in the future.

A Framework for Development of Risk-Informed Autonomous Adaptive Cyber Controllers

2019 ◽  
Vol 19 (4) ◽  
Author(s):  
Arun Veeramany ◽  
William J. Hutton ◽  
Siddharth Sridhar ◽  
Sri Nikhil Gupta Gourisetti ◽  
Garill A. Coles ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Control System ◽  
Business Processes ◽  
Assessment Methodology ◽  
Attack Graphs ◽  
Adaptive Controllers ◽  
Fault Trees ◽  
Wide Applicability ◽  
Event Trees ◽  
Risk Assessment Methodology

This article details a framework and methodology to risk-inform the decisions of an unsupervised cyber controller. A risk assessment methodology within this framework uses a combination of fault trees, event trees, and attack graphs to trace and map cyber elements with business processes. The methodology attempts to prevent and mitigate cyberattacks by using adaptive controllers that proactively reconfigure a network based on actionable risk estimates. The estimates are based on vulnerabilities and potential business consequences. A generic enterprise-control system is used to demonstrate the wide applicability of the methodology. In addition, data needs, implementation, and potential pitfalls are discussed.

scholarly journals Fermatean fuzzy TOPSIS-based approach for occupational risk assessment in manufacturing

2021 ◽  
Author(s):  
Muhammet Gul ◽  
Huai-Wei Lo ◽  
Melih Yucesan
Keyword(s):  
Risk Assessment ◽  
Fuzzy Sets ◽  
Fuzzy Set ◽  
Business Processes ◽  
Occupational Injuries ◽  
Health And Safety ◽  
Fuzzy Topsis ◽  
Occupational Risk ◽  
Uncertain Information ◽  
Process Risk

AbstractThe importance of risk assessment in the context of occupational health and safety by manufacturing operators strengthens their hands in solving the problems they may encounter in business processes related to health and safety. One of the most important phases of conducting an exhaustive occupational risk assessment is to analyze potential hazards and associated risks quantitatively. Since manufacturing is one of the industries that require workers to be highly exposed to work, creating a safer environment to reduce occupational injuries is an important task. This study proposes a novel fuzzy risk assessment approach developed by integrating Fermatean fuzzy sets (FFSs) and technique for order preference by similarity to ideal solution (TOPSIS) method for ranking potential hazards in manufacturing. FFSs are a new version of fuzzy set theory that covers the intuitionistic fuzzy sets and Pythagorean fuzzy sets. This version of the fuzzy set is crucial in the decision-making process to handle uncertain information more easily and reflect uncertainty better. A linguistic scale under Fermatean fuzzy documentation has also been developed for experts/decision makers to disclose their judgments easily. Occupational risk analysts can benefit from this approach since FFSs are used for the first time in occupational risk assessment, and the approach is presented in integration with TOPSIS. The proposed approach is applied in the aluminum plate-manufacturing process risk assessment. In the conclusion of the implementation, risks arising in the production are prioritized. In addition, this study made comparisons with other fuzzy methods to demonstrate the proposed approach’s difference and practicality. This study’s results can support practitioners and risk analysts in formulating the improvement measures to increase the safety of the work environment further.

scholarly journals Risk Assessment Driven Use of Advanced SIEM Technology for Cyber Protection of Critical e-Health Processes

2021 ◽  
Vol 3 (1) ◽  
Author(s):  
Luigi Coppolino ◽  
Luigi Sgaglione ◽  
Salvatore D’Antonio ◽  
Mario Magliulo ◽  
Luigi Romano ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Business Processes ◽  
Trusted Computing ◽  
Homomorphic Encryption ◽  
Cyber Attacks ◽  
Public Hospitals ◽  
Security Requirements ◽  
Use Case ◽  
Combined Use ◽  
Trusted Execution Environment

AbstractThe approach presented in this paper provides effective protection of critical business processes by applying advanced SIEM technology in a rigorous fashion, based on the results of accurate risk assessment. The proposed SIEM tool advances the State of The Art of the technology along two axes, specifically: privacy and integrity. The advancements are achieved via combined use of two of the most promising technologies for trusted computing, namely: Trusted Execution Environment (TTE) and Homomorphic Encryption (HE). The approach is validated with respect to a real use case of a Smart Hospital (i.e., one where IT is massively used), with challenging security requirements. The use case is contributed by one of the major public hospitals in Italy. Experiments demonstrate that, by relying on continuous monitoring of security relevant events and advanced correlation techniques, the SIEM solution proposed in this work effectively protects the critical workflows of the hospital business processes from cyber-attacks with high impact (specifically: serious harm to or even death of the patient).

SME Financial Management

2013 ◽  
pp. 330-342 ◽  
Author(s):  
Edna Stan-Maduka
Keyword(s):  
Risk Assessment ◽  
Risk Management ◽  
Financial Management ◽  
Business Processes ◽  
Small And Medium Enterprises ◽  
Risk Mitigation ◽  
Simplified Approach ◽  
Medium Enterprises ◽  
Operational Processes

Regulators’ efforts to create awareness of risk management in Small and Medium Enterprises (SMEs) have heightened since the 2008 recession which affected many economies. The objective has been to stress the fundamental role of risk assessment and mitigation in the protection of business processes and profitability of SMEs. This has been hard to achieve due to the inadequate financial and operational processes within small and medium enterprises. This chapter presents an exploration of risk management in SMEs and a simplified approach to SME risk assessment and operational risk mitigation.

Sign in / Sign up

Export Citation Format

Share Document