...LaTashaia Cole MGT/488 Strategic Business Management and Planning Professor Vermuth University of Phoenix October 4, 2011 Internal Risk Assessment Hewlett Packard Company was founded in January 1939 and was created by Dave Packard and Bill Hewlett. The company’s management uses good listening skills, engaging with customers and employees, and personal involvement for its management techniques. Hewlett and Packard managed the company using a principle called management by objective. According to Bill Packard, “management by objective refers to a system in which overall objectives clearly stated and agreed upon, and give people the flexibility to work toward those goals in ways they determine best for their own areas of responsibility. Hewlett- Packard Company strengths and weaknesses are in marketing, human resources, management, research and development, and finance have a huge impact on the profitability and welfare of it. The Hewlett Packard Company focused strongly on implementing telemarketing as way to reach its customers. Hewlett Packard Company provides its customers with software, solutions and services, and technology products. The change in the marketplace and customer’s expectations, Hewlett Packard focused on the customer insight. Hewlett Packard Company marketing leadership is received by the company creating and dispensing practical, new products, services, and resolutions. These new innovations for the company will allow the company to achieve profits...
Words: 1200 - Pages: 5
...Internal Risk Assessment Manuel Angel Cortez University of Phoenix Internal Risk Assessment: Wal-Mart Stores, Inc. “Walmart serves customers and members more than 200 million times per week at more than 8,838 retail units under 55 different banners in 15 countries. With fiscal year 2010 sales of $405 billion, Walmart employs 2.1 million associates worldwide” (Walmart, 2010). This document will focus on Walmart Stores, Inc. strength and weaknesses in marketing, human resources, management, research, development, and finance. The document will touch briefly on analyzing how internal organizational dynamics influence strategic business continuity for Walmart. Wal-Mart Stores, Inc.: Strengths and Weaknesses Walmart has grown to have a reputation for providing low prices, convenience, and product variety. Walmart Wal-Mart has seen significant growth, and has expanded globally over the years and is present in countries such as Canada, Mexico, and China. Walmart strengths can include the following: 1) Wal-Mart is powerful among its name brand, and has a reputation for convenience, money value, and wide variety of products all under one roof. 2) The company has a core competence involving its use of information technology to support its international logistics system. For example, it can see how individual products are performing country-wide, store-by-store at a glance. IT also supports Wal-Mart's efficient procurement. 3) A focused strategy is in place for...
Words: 1432 - Pages: 6
...DRAFT RTS ON ASSESSMENT METHODOLOGY FOR IRB APPROACH - Consultation Paper - 16 March 2015 Published by EBA Publication date 12 November 2014 Read by Hasan Isik Link CHAPTER 1- General rules for the assessment methodology 32 CHAPTER 2- Assessment methodology of roll out plans and Permanent partial use of Standardised Approach 35 CHAPTER 3- Assessment methodology of the function of validation of internal estimates and of the internal governance and oversight of an institution 38 CHAPTER 4- Assessment methodology of use test and experience test 48 CHAPTER 5- Assessment methodology for assignment of exposures to grades or pools 51 CHAPTER 6- Assessment methodology for definition of default 56 CHAPTER 7- Assessment methodology for rating systems design, operational details and documentation 60 CHAPTER 8- Assessment methodology for risk quantification 71 CHAPTER 9- Assessment methodology for assignment of exposures to exposure classes 90 CHAPTER 10- Assessment methodology for stress test used in assessment of capital adequacy 93 CHAPTER 11- Assessment methodology of own funds requirements calculation 96 CHAPTER 12- Assessment methodology of data maintenance 102 CHAPTER 13- Assessment methodology of internal models for equity exposures 106 CHAPTER 14- Assessment methodology for management of changes to rating systems 111 CHAPTER 15- Final provision 112 1. General Rules * Proportionality Principle: Competent...
Words: 2498 - Pages: 10
...Risk-Based IT Audit Risk-Based Audit Methodology Apply to Organization’s IT Risk Management Kun Tao (Quincy) Cal Poly Pomona Author Note This paper was prepared for GBA 577 Advanced IS Auditing, taught by Professor Manson. March 2014 Page 1 of 26 Risk-Based IT Audit Table of Contents Abstract .......................................................................................................................................... 3 Introduction .................................................................................................................................... 4 Methodology................................................................................................................................... 6 Risk-based auditing methodology: Risk assessment...................................................................... 6 IT Risk Management................................................................................................................... 7 IT Risk Control Framework........................................................................................................ 8 Identifying assets...................................................................................................................... 13 Determining criticality and confidentiality levels......................................................................14 Threat and vulnerability identification................................................................
Words: 6057 - Pages: 25
...Assessing Information Technology General Control Risk: An Instructional Case Carolyn Strand Norman, Mark D. Payne, and Valaria P. Vendrzyk ABSTRACT: Information Technology General Controls (ITGCs), a fundamental category of internal controls, provide an overall foundation for reliance on any information produced by a system. Since the relation between ITGCs and the information produced by an organization’s various application programs is indirect, understanding how ITGCs interact and affect an auditor’s risk assessment is often challenging for students. This case helps students assess overall ITGC risk within an organization’s information systems. Students identify specific strengths and weaknesses within five ITGC areas, provide a risk assessment for each area, and then evaluate an organization’s overall level of ITGC risk within the context of an integrated audit. Keywords: internal controls; general control; ITGC; risk assessment. INTRODUCTION he Sarbanes-Oxley Act (SOX 2002) and the Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5 (PCAOB 2007) require that the organization’s chief executive officer (CEO) and chief financial officer (CFO) include an assessment of the operating effectiveness of their internal control structure over financial reporting when issuing the annual report. External auditors must review management’s internal control assessment as part of an annual integrated audit of an organization’s internal controls over financial reporting. In short...
Words: 6299 - Pages: 26
...Training Program.......................................................................7 2. OVERVIEW OF INTERNAL CONTROLS OVER FINANCIAL REPORTING 2.1 2.2 2.3 2.4 2.5 Introduction ....................................................................................................................8 Definition of Internal Control ........................................................................................8 COBIT..........................................................................................................................11 Responsibility for Internal Control System .................................................................13 Conclusion ...................................................................................................................14 3. TOP-DOWN, RISK-BASED APPROACH 3.1 3.2 3.3 3.4 3.5 Introduction ..................................................................................................................15 Risk Identification........................................................................................................17 Controls Identification .................................................................................................18 Execution and Evaluation ............................................................................................21 Roadmap for Implementation of a Top-Down, Risk Based...
Words: 45404 - Pages: 182
...large emphasis on financial risk assessments. The risk assessment process is needed to identify risks that need to be treated within an organization, as well as to provide strategies and methods that are most appropriate to treat these risks. Because many organizations are poorly aligned between their risk exposure and their risk appetite, it is important to engage in the risk assessment procedures. These procedures can help an organization prevent risk exposure and determine if their current operations will result in an increase or decrease of market value and owners’ wealth. As a result of the economic crisis, and the recent increase in corporate failures, organizations can now learn from the mistakes of others. This paper will discuss the mistakes that lead WorldCom, a telecom company that was once the fourth-ranked in Fortune 500, to bankruptcy in 2002, in an effort to demonstrate the importance of successful risk assessment and alignment implementation. Keywords: corporate failure, risk analysis, risk assessment, risk management, WorldCom Over the past years, and as a result of high profile firm failures, the economic crisis, and increased regulatory pressure, many organizations have placed a large emphasis on financial risk assessments. Risk assessment is the process where risk managers analyze the risks of an organization and identify risks that need to be treated (Tarantino & Cernauskas, 2011, p.47). In addition, a risk assessment provides strategies and...
Words: 4331 - Pages: 18
...subject to fraud risk; there is no immunity when it comes to fraud. There has been much legislation passed by the government and many new guidelines required by different accounting agencies. The Implementation or addition of an internal audit department has been wide spread. External audit independence, corporate governance and most recently the use of a fraud risk assessment have been a few recent developments of such new legislation and rules set forth. Businesses as well as the public were skeptical of the changes but admitted something had to be done. “The fraud triangle, developed by Donald R. Cressey, tells us that there are three interrelated elements that enable someone to commit fraud: the non-sharable financial need that drives a person to want to commit the fraud, the opportunity that enables him to commit the fraud, and the ability to rationalize the fraudulent behavior. The vulnerability that an organization has to those capable of overcoming these three elements is fraud risk,” (Wells, 2011). A fraud risk assessment is a process designed to proactively assess and correct these vulnerabilities to both internal and external fraud to defend against and reduce the chances of fraud. The objective of a fraud risk assessment is to identify and address these vulnerabilities to reduce that risk of fraud. In a 2008 study by the ACFE, “the report to the Nation – 2008, indicates that, on average, an organization loses 8% of its top-line revenues to internal fraud alone...
Words: 1260 - Pages: 6
...49006- Risk Management In Engineering Risk Management Plan * Proposed Darling Harbour Water Feature Prepared by Vipin Appu Parambil Vikraman 11789373 29th March 2015 Executive Summary This report presents the risk assessment and risk treatment plan for the three new water features of Darling Harbour precinct along with the installation of the public realm. This project is a part of the Convention Centre Redevelopment plan and the risk assessment and treatment, is carried out by abiding with the AS/NZS ISO 31000:2009, SA/SNZ HB 436:2013 and IEC/ISO 31010:2009. Firstly, an introduction of the iconic location, Darling Harbour is briefed. The project objectives, scope and boundaries of the new water features installation is explained along with the risk management process adopted for this project. Secondly the context for risk is established inclusive of internal and external context. The stakeholder analysis and communication and consultation stage, explains the various stakeholders of this project and their mode of communication. Thirdly, risk criteria, risk identification, risk analysis and risk evaluation is developed based on the possible risks that may occur with this project. During risk identification potential risks related to the project was generated. The application of risk severity matrix and FEMA analysis were conducted to identify the likelihood and consequence of risks. ALARP principle was used for risk evaluation and identifying possible...
Words: 5780 - Pages: 24
...Toussaint Chivars IS3110/Lab2 8/16/2014 Align Risks, Threats & Vulnerabilities to COBIT Lab 2 1. List indentified threats & vulnerabilities Risk Factors from Lab1 a. Unauthorized access from public Internet High risk b. User destroys data in application and deletes files High risk c. Hacker penetrates your IT infrastructure and Medium risk gains access to your internal network d. Intra-office employee romance gone bad High risk e. Fire destroys primary data center Low 2. PO9.2 IT Establishment of Risk Context; PO9.3 Event Identification; PO9.4 Risk Assessment. 3. a. Unauthorized access from public Internet Integrity b. User destroys data in application and deletes files Availability c. Hacker penetrates your IT infrastructure and Confidentiality gains access to your internal network 4. The risks potential, the current protection level and the mitigation steps needed to prepare or reduce the risks/damages. 5. a. Threat vulnerability 1: unauthorized from public internet Information---firewall and encryption. Applications---only from recommended sources (applications with encryption, antivirus protection will be used. Infrastructure—Firewalls People---IT awareness training for all employees, monitoring from IT manager b. Threat or...
Words: 719 - Pages: 3
...number of views or the number of clicks depending on the type of the contract. The company acquired Corporate Collaborations this entity manages private and public social media networks that earn its revenue providing corporate social network development and hosting services. The audit committee of the company has requested the company to hire a new audit firm with a better experience in auditing of public technology companies. 2. Auditing and reporting issues: Miss Kristine Drew is the senior auditor for this company and is responsible for auditing revenue. She should start by asking for reviews from the predecessor audit firm in order to identify any problems they faced and to incorporate appropriate actions in order to minimize those risks. Ms. Drew should start off by initially accessing the controls of the activity reports. If the controls are strong and the data could not be manipulated, then it can be presumed that the data is accurate if this is not the case, then Ms. Drew should take up the services of a professional to figure out a way and if it is still not possible then she should state the facts on the audit report. The existing customers with hosting contracts of three years are changed to five-year contract, the revenues from this change have to be accounted prospectively. The revenue recognition for the new contracts for hosting that is for five years with three months free service, at the end of the five-year tenure the revenue should be charged over five years...
Words: 5302 - Pages: 22
...Risk Management Overview February 21, 2011 FIN/415 Risk Management Overview Paper Risk management is a systematic process of managing the exposure of the organization to a variety of risks. This process has become increasingly important for the success of any organization in current competitive markets. The successful identification of threats and opportunities is crucial in risk management as it allows to create the processes and procedures allowing the company to maximize opportunities and minimize threats. Many organizations treat risk management seriously and create separate department responsible solely for risk management. Royal Caribbean Cruise Line incorporated risk management department into its structure. This step allowed this organization to improve the risk assessment procedures and introduce the necessary processes to minimize the impact of threats. The organizational risk relates to the organizational governance, operations, and information systems. The organizational risk management “provides assurance for reliable and accurate financial and operational information and reporting, effectiveness and efficiency of operations, and safeguarding of assets, as well as compliance with regulations, contracts, and the organization’s code of ethics” (Aghili, 2010, p. 23). Organizational risk management treats the relates to the organization as one entity and...
Words: 940 - Pages: 4
...Security Risk Management Plan Sydney Head Office 175 Sydney Rd Sydney NSW 2000 DOCUMENT VERSION CONTROL Document Name: | Amalgamation of GSC | Version Number: | 0.1 | Date: | 18 July 2016 | Reviewed By: | | Authorised By: | | CHANGE HISTORY Version | Issue Date | Author | Reason for Change | 0.1 | 20.05 | ABCELLO | Original Document | | | | | | | | | | | | | | | | | | | | | | | | | DISTRIBUTION LIST Copy No | Name | Location | 1. | Master | Project Office | 2. | <Project Manager> | | 3. | <Project Sponsor> | | 4. | <Executive Sponsor> | | 5. | | | | | | | | | | | | | | | CONTENTS INTRODUCTION | 4 | | | SCOPE OF WORKS | 4 | DISCLAIMER AND LIMITATIONS | 4 | | | METHODOLOGY | 4 | | | STRATEGIC CONTENT | 4 | STAKEHOLDER LIST | 5 | RISK MANAGEMENT CONTEXT | 5 | THE RISK MANAGEMENT PROCESS | 6 | | | ANALYSIS OF SECURITY RISK | 7 | TREATMENT OPTIONS | 7 | | | SOURCES OF EVENT RISK | 8 | | | RISK IMPLEMENTATION/RISK IDENTIFICATION | 9 | | | RISK ASSESSMENT SUMMARY | 9 | RISK 1 - Operational | 10 | RISK 2 - Strategic | 10 | RISK 3 - Human / Animal Resources | 11 | RISK 4 - Systems | 11 | RISK 5 - Financial | 12 | RISK 6 - Legal | 12 | | | RISK ASSESSMENT TABLES & CONSEQUENCE | 13 -18 | STAKEHOLDERS SIGN OFF | 19 | BIBLIOGRAPHY | 20 | | | INTRODUCTION ...
Words: 3116 - Pages: 13
...Internal Control Evaluation Checklist Phase I-Understanding Control Environment N/A YES NO Comments Is there an evidence of and implementation of a company code of conduct? Are codes periodically acknowledged by signature from all employees? Do employees indicate that peer pressure exists for appropriate moral and ethical behavior? Does management take quick and appropriate action as soon as there are any signs that a problem may exist? Management fosters and encourages an agency culture that emphasizes the importance of integrity and ethical values. This may be achieved through oral communications in meetings, via one-on-one discussions, and by example in day-to-day activities? Are there formal job descriptions or other means of identifying and defining specific tasks required for job positions established and up-to-date? Phase II-Assessment Risk Assessment N/A YES NO Comments Does management provide a sound basis for setting realistic and achievable goals and does not pressure employees to meet unrealistic ones? Are formal unit-wide mission or value statements established and communicated throughout the organization? Are employees at all levels represented in establishing objectives? Are risk management program in place to monitor and help reduce exposures? Are measures in place to identify...
Words: 458 - Pages: 2
...Scott J. Straw Risk Management in Information Technology Security Summer 2014 6/29/14 Week 2 Assignment – Risk Assessment In regards to the projected expansion of bandwidth and storage, I feel I should start by addressing some of the present and future potential risks. There are inherent risks to adding new nodes in the network, and some of these can be mitigated by installing and properly configuring new hardware firewalls and proper installation and configuration of Intrusion Detection Systems. In addition to the new hardware, we will also need an additional system administrator, that is not only qualified for the position, but also needs to pass a background check to ensure he/she is not a threat to the federal government’s data and in turn US Industries as a company. A qualitative risk assessment finds the following risks for the network expansion: QUALITATIVE ANALYSIS SURVEY CATEGORY PROBABILITY IMPACT RISK LEVEL Loss of Data Availability 100 100 100 From DoS/DDoS Attack Loss of data from 100 100 100 Unauthorized access Loss of data from Malware 50 100 50 Loss of data from Fire/Natural Disaster 10 100 10 Stolen/corrupt data From lack of access Controls and improper Configuration 10 100 10 Noncompliance with...
Words: 931 - Pages: 4