Skip to main content

Risk Management


Risk management is a major component of IT Governance set to protect against fraud, bribery and corruption. Due to the increasing use of IT in all organisations, IT Governance must continuously evolve to manage the increasing need for higher risk management (Pasquini & Galie, 2013). Accurate IT governance should have the ability to identify, monitor and report on the level at which IT risks are managed along with how much they need to be managed (von Solms, 2005).
HR managers can implement fraud prevention strategies such as top-down control and trust-building practices into their organisation, however these strategies do not address every aspect of fraud, like opportunity (Niehoff & Paul, 2000). HR managers along with the use of IT Governance can effectively implement controls within an organisation to prevent fraud.COBIT 5 provides guidance through enablers to contribute to the overall governance and management of risk. Processes identify and support the function and management of risks while information flows and organisational structures are required to control and manage the risk (ISACA, 2013).

Figure 1: COBIT 5 Enablers

A real-world example of using COBIT 5 for risk management occurred in the US. A regional grocery chain was experiencing rapid growth, therefore distributed products out to stores through a warehouse which also contained head offices and IT resources. They identified an IT organisational risk and choose to use COBIT 5 due to its clear and concise framework for identifying, controlling and managing risk. COBIT 5 is trusted by their IT professionals in the strategy, security and risk areas (ISACA, 2013).

References

ISACA. (2013). Cobit 5 for risk. Retrieved from ISACA: http://www.isaca.org/COBIT/Documents/COBIT-5-for-Risk-Preview_res_eng_0913.pdf
ISACA. (2013). COBIT Case Study: Risk Assessment Management Using COBIT 5. Retrieved from ISACA: http://www.isaca.org/Knowledge-Center/cobit/Pages/COBIT-Case-Study-Risk-Assessment-Management-Using-COBIT-5.aspx
Niehoff, B. P., & Paul, R. J. (2000). Causes of employee theft and strategies that HR managers can use for prevention. John Wiley & Sons, Inc,.
Pasquini, A., & Galiè, E. (2013). COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process. In Proceedings of FIKUSZ’13 Symposium for Young Researchers (pp. 67-76).
von Solms, S. B. (2005). Information Security Governance–compliance management vs operational management. Computers & Security24(6), 443-447.



Comments

Post a Comment

Popular posts from this blog

Labelmakers Case

A forensic accountant’s role in a civil action is usually to draw out information from accounting records and establish relevant facts (Fenton & Isaacs, 2012). In the Labelmakers Group Pty Ltd v LL Force Pty Ltd case two forensic accountants were engaged by each party to examine relevant records and provide reports. They were required to calculate the profit margin, discount rate, loss of profit on paper sales and accounts of profits. The profit margin was calculated to identify losses of sales revenue and to indicate the impact of clients transferring their business away. The discount rate was calculated to be applied in calculating the quantum of the applicant’s losses as a result of the respondents misconduct in order to assist in recognising the resulting damages of each party. The loss of profit on paper sales was calculated to identify the implications of lost business on paper quantity ordered and the revenue from these sales.   Under the accounts of profits,...
Post a Comment
Read more

Strict/Vicarious Liability

Under strict/vicarious liability an employer can be held liable for the actions of their employees even if the employee engages in criminal or fraudulent behaviour (Smit & Viviers, 2016). In Australia, liability can arise under contract law, tort, criminal law or other statutes (Ryding & Reisz, 2016) . I do agree that making employers liable for their employee’s actions is a great motivation to minimise fraud, bribery and corruption; however, I disagree that it is the only solution. The backhand in a workplace could be that an employer withholds information that might lead to the conviction of an employee in the fear that they will become equally convicted initiating another area of fraud. The Royal Commission produced a report into misconduct in the banking, superannuation and financial services industry that identified types of crime. Vendor fraud was a main issue of the report due to banks charging fees for services that were not provided (Hayne, 2017) . Vica...
Post a Comment
Read more