Study Guides (248,683)
Canada (121,693)
York University (10,209)
ADMS 4552 (7)
N A (6)

Chapter 10 notes.docx

9 Pages
64 Views

Department
Administrative Studies
Course Code
ADMS 4552
Professor
N A

This preview shows pages 1,2 and half of page 3. Sign up to view the full 9 pages of the document.
Description
ADMS 4552 Chapter 10 Corporate Governance Strategies and Risk Assessment Frameworks - Information systems steering committee - composed of executives whose role would include oversight of IT - Codified set of business ethics and code of conduct help promote an honest, ethical environment - Enterprise risk management - has embodied risk management into the culture so that every employee is aware of it - organizational process that assists the organization in providing reasonable assurance of achieving its objectives o Manage organizational risk - COSO - risk management framework - Audit of overall effectiveness of corporate governance needs to consider the organizational structure of the organization o Consider management attitudes and the ethical environment of the organization o Also look at the alignment of each of the strategies with the business mission and purpose COSO Enterprise Risk Examples of Effective Audit Techniques to Audit Management Component and Corporate Governance of the the Components Corporate Example component Governance Internal environment - Mandatory training for - Inspect board ERM - Risk culture, attitudes and board members on the training program behaviours, management concepts of ERM - Inspect board meetings philosophy, ethical values, - Board approval of ERM and supporting integrity framework and code of documents justifying ethics selection of ERM framework - Inspect code of ethics Objective setting - Board evaluation and - Inspect board minutes - Setting of risk tolerance approval of agreed risk and supporting objectives in alignment terminology documents justifying risk with organizational - Board evaluation and tolerance objectives mission, vision, and approval of - Inquire of board strategy managements members and recommended risk management regarding tolerances the process for setting risk tolerances Event identification - Management clearly - Compare the orgs - Both internal and external provides a strategy for identified risks to those events identifying risks identified by auditor - Those that coul affect the - Board approves during CBR assessment ability to achieve goals managements strategy phase and provides feedback - Inspect board minutes and supporting documents where approval of risk assessment strategy is provided Risk assessment - Board approves risk - Inspect risk assessment - Methodically consider the assessment methodology documentation potential impact and - Board re-evaluates - Inspect board minutes likelihood of risk events tolerances in light of the approving risk summarized risk methodology and risk evaluations tolerances Risk response - Board evaluates - Inspect documents - Based on risk tolerance managements recommending risk goals, select one of the recommendation for risk response activities four approaches: responses - Inspect board minutes of 1. Acceptance - do - Compare risk responses approval nothing to recommendations of - Inspect specialist reports 2. Avoidance - eliminate ex or internal auditors or recommending specific the activity that causes other specialized reports courses of action with the risk respect to risk responses 3. Mitigation - reduce the effects of the risks by taking appropriate actions 4. Transference - outsource, transfer, share the risk using methods such as insurance or transfer of business processes Control activities - Evaluate and approve - Document the control - Policies and practices for mgmts plan for ERM activies, evaluate design ensuring that the control activities effectiveness and identified risk responses conduct testing of ERM are actually completed control activities where reliance is placed on the controls Information and - Inquire of management - Obtain copies of and communication - information is and request inspect regular gathered and communicated documentation to communications about the risk management support information and process throughout all levels of communication methods, the organization evaluate adequacy Monitoring - Evaluate management - Inspect board minutes - ERM is monitored, recommendations for with respect to process feedback provided and change to ERM process and approval of change changes to the process are to ER process made as needed- Effective corp governance can reduce client business risk and result in a lower assessed control risk IT governance and the audit of Gereral information systems controls - IT governance - policies, practices, and procedures that help IT resources add value while considering costs and benefits - Adds value and helps prevent failures, keeping costs low - IT dependence - a disconnect between the business strategy and MIS operation (no supervision of IT, so you rely on a small group of individuals - IT governance is linked with ERM and a sound control environment - 3 general control categories o Organization and management controls o Systems acquisition, development, and maintenance o Operations and information systems support - Below are common issues with those Organization and management controls - Depends on factors lie overall size, functions, and off-the-shelf or customized software -
More Less
Unlock Document

Only pages 1,2 and half of page 3 are available for preview. Some parts have been intentionally blurred.

Unlock Document
You're Reading a Preview

Unlock to view full version

Unlock Document

Log In


OR

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


OR

By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.


Submit