How do Internal Auditors become Comfortable in their role within Risk Management? : An Empirical Study of Internal Auditors in Private Sector Companies

Andersson, Jessica, Vilo, Tuulikki

January 2016

The role of internal audit has changed during the past few years. Today, internal auditors are central players in organizations’ corporate governance structure. However, previous studies show that there is a gap between internal auditors’ own perception of their role compared to their stakeholders’. The wide scope of internal auditors’ role risks placing internal auditors in a situation of conflict, where consulting services threaten their provision of assurance services. In order to provide clarification to the role, this thesis studies how internal auditors become comfortable in their role, as both assurance and consulting providers and what concerns internal auditors face in their work. In order to fulfill the aim following research question is asked: How do internal auditors become comfortable in their role within risk management? Ten internal auditors were interviewed in order to make a contribution in the field of internal audit. The findings suggest that both assurance and consulting services are needed in order for internal auditors to feel they add value to the organization and hence, become comfortable in their role. Internal auditors’ comfort is many times dependent on fulfilling their stakeholders’ needs, however, staying in the scope of their role was shown to be more important.

Assurance

Comfort

Consulting

Discomfort

Internal audit

Risk management

Role

Information infrastructure risk : perspectives, practices & technologies

Öbrand, Lars

January 2015

This dissertation investigates the nature and management of information infrastructure risks in organizations. Specifically, it examines how practitioners identify and manage threats towards their organizational aims, and suggests ways of achieving sustainable risk management, in settings characterized by the integration of information technology (IT) and organizational processes. The dissertation is motivated by the difficulties organizations encounter when attempting to leverage IT as an organizational resource and the observation that IT projects have high rates of failure despite three decades of research on and practice of risk management in Information Systems (IS). Three aspects of the underlying logic of existing research and practice on IS risk management are challenged: (1) the infrastructural character of IT is suggested to be consequential for organizational risk management, however not recognized by either IS research on risk or risk experts, (2) risk management is enacted within and across practices beyond the boundaries of formal risk management models, and subsequently, (3) risks are increasingly emergent rather than predictable. To investigate such risks and risk management processes the studies in the dissertation build on information infrastructure theory and practice theory and a qualitative approach. As the role of IT in organizations has changed significantly over the last decades, so has both practice and research concerned with IT related risks. Research on risk in the field of IS has thus come to encompass a large variety of levels of analysis, risk levels and dimensions, organizational processes and research approaches. An analysis of the extant literature shows that despite this richness, it still does not account, or offer support, for situations characterized by a high degree of uncertainty and equivocality. In these kinds of situations, risks are typically emergent and cannot be identified or managed by the prescriptions found within the IS discourse. However, emergence has long been recognized as a characteristic of the organizational consequences of information technology. Paradoxically, while most IS scholars would recognize the socio-technical, or even sociomaterial, nature of IT, it has had little impact on research on risk in our field. A key argument in this dissertation is that theories of technology and organizational change within IS are equally valid for practice and research on IT related risk and risk management. Information infrastructure theory has been influential in improving our understanding of the changing nature and role of contemporary IT in organizational processes. It highlights the infrastructural character of IT, technological agency, and the entanglement of IT and organizational practices. Grounded in information infrastructure theory, this dissertation examines how practitioners identify, assess, prioritize and resolve risk in their everyday organizational practices. While risk has been used as a concept to characterize the underlying logic of information infrastructure evolution, scant attention has been paid to the particularities of risk emergence and operational risk management practices. As such, existing IS research on risk management explains why risk emerges but not how. The notion of practice has recently gained momentum in the IS field for its usefulness as an analytical lens in approaching complex, dynamic and emergent phenomena, and it is reflective of information infrastructure theory in its fundamental ontological and epistemological assumptions. All of the papers included in this dissertation build, to varying degrees, on information infrastructure theory and a practice approach. The dissertation contributes new knowledge to research on information infrastructure risk and risk management in IS by theorizing information infrastructure risk as emergent, interstitial, and rooted in practice and sociomaterial contexts.

Risk

risk management

practice research

information infrastructure theory

The applicability of mean-variance analysis and beta-factors in the risk assessment of hedge funds

Boehlandt, Florian

12 1900

Thesis (MBA) -- Stellenbosch University, 2007. / ENGLISH ABSTRACT: Hedge funds are amongst the fastest growing types of investment funds, both in tenns of worldwide assets under management, as well as the number of private and institutional investors. More recently, analysts and investors focussed their attention on accurately estimating the inherent risks of hedge funds (e.g, Brooks & Kat, 2001; Fung & Hsieh, 2004). Past research suggests that the traditional approach of assessing the risks of investment funds through mean-variance analysis can lead to severe underestimation of left-hand-tail risks for hedge funds (Amenc, Malaise, Martellini & Vaissie, 2004; Favre & Galeano, 2002; Fung & Hsieh, 1999). This phenomenon is mainly attributab le to the non-normal distribution of monthly hedge fund returns around the mean. In addition, it has been found that skewed return distribution with high excess kurtosis has substantial impact on the rel iability of beta as a measure of systemic risk in hedge funds (Chan, Getmansky, Haas & Lo, 2005). Other problems when estimating hedge fund risks arise from serial correlation of time series (Getmansky, Lo & Makarov, 2003), managerial and survivorship bias (Amin & Kat, 2001 ), as well as spurious bias when estimating performance from economic time series (Fung & Hsieh, 2000). The following thesis provides statistical evidence of the limitations of traditional risk measures when applied to hedge fund investments. It also includes advice on how to improve the significance of the aforementioned risk measures. In the course of the mean-variance analysis, the applicability and reliability of Value at Risk as a risk measurement tool for hedge funds is explored. Furthennore, the reliability and accuracy of different univariate and multivariate regression models is tested. In the final chapter emphasis is placed on the possibilities of predicting the inherent risks of single funds from hedge fund style index performance. This should provide investors and analysts with an introductory framework for the appropriate risk assessment of hedge funds, considering the unique structure and dynamics of these alternative investment funds. / AFRIKAANSE OPSOMMING: Skansfondse tel onder die vinnigste groeiende tipes beleggingsfondse in terme van sowel wereldwye bates onder bestuur as die aantal private en institusionele beleggers. OnJangs het analiste en beleggers hulle aandag daarop begin toespits om die inherente risiko's verbonde aan skansfondse akkuraat te bereken (Brooks & Kat. 2001; Fung & Hsieh, 2004). Vroeere navorsing het daarop gedui dat die tradisioncle benadering om die risiko's verbonde aan beleggingsfondse deur gemiddeldevariansie-analise te takseer, daartoe kan lei dat linkerkantse-eindrisiko's verbonde aan skansfondse emstig onderskat word (Fung & Hsieh, 1999; Favre & Galeano, 2002; Amenc. Malaise, Martellini & Vaissie, 2004). Hierdie verskynsel is hoofsaaklik toe te skryf aan die abnonnale verspreiding van maandeliksc skansfondsopbrengste rondom die gemiddelde. Boonop is bevind dat skewe verdeling met hoe kurtose-oorskryding aansienlik inslaan op die betroubaarheid van beta as 'n meting van sistemiese risiko by skansfondse (Chan. Getmansky. Haas & Lo, 2005). Ander probleme by die raming van skansfondsrisiko's spruit uit tydreekskorrelasie (Getmansky, Lo & Markov, 2003), bestuurs- en oorlewingsydigheid (Amin & Kat, 2002) en vals sydigheid by die beraming van prestasie uil die ekonomiese tydsreeks (Fung & Hsieh, 2000). Hierdie tesis gaan statistiese bewyse lewer van die tradisioncle risikometings se beperkings wanneer dit op skansfondsbeleggings toegepas word. Verder sal daar raad gegee word oor hoe om die beduidendheid van die genoemde risikometings te verbeter. In die loop van die gemiddeldevariansie-analise sal die toepasbaarheid en betroubaarheid van die Waarde onder Risiko as 'n risikometing vir skansfondse ondersoek word. Voorts sal die betroubaarheid en akkuraatheid van verskillende ecnvariaat- en meervariaatregressiemodelle getoets word. In die laaste hoofstuk val die klem op die moontlikheid om die inherente risiko's van enkelfondse aan die hand van 'n skansfondstipe-indeksprestasie te voorspel. Wat hier volg, behoort beJeggers en analistc van 'n inleidende raamwerk vir die toepaslike risikotaksering van skansfondse - met inagneming van die unieke struktuur en dinamika van hierdie altcmatiewe beleggingsfondse - te voorsien.

Hedge funds

Risk assessment

Investments

Financial risk management

Reliability modelling of performance functions containing correlated basic variables, with application to construction project risk management

Ker-Fox, Gregory Mark

12 1900

Thesis (PhD)--Stellenbosch University, 2002. / ENGLISH ABSTRACT: Correlation mechanisms describing systematic variations and common sensitivities are critical contributors to uncertainty in quantitative functions modelling project performance in terms of probabilistic or basic variables. Current reliability methods transform dependent vectors to an equivalent set of independent standard normal variates. A simple method is developed for dealing with correlation in the original variable space. An algebraic description of the direction cosine (or alpha) for performance functions under conditions of dependence is formally derived and numerically validated. The resultant General First Order Second Moment (GFOSM) method for correlated basic variables is shown to be equivalent to the orthogonal transformation method. Geometric and physical interpretations of the general direction cosine are developed, with alpha found to be equivalent to the correlation between a basic variable and performance function. Corresponding inequalities and normalizing conditions are also developed for alpha. Expressions for a number of applications utilising the general dependent form for the direction cosine are derived and demonstrated. The current definition of the direction cosine as an importance factor is validated for dependent conditions, and conditions established under which this descriptor is no longer adequate. Expressions are derived to measure the significance of a variable in terms of stochastic importance and function sensitivity, to establish reliability index sensitivity to the omission of non-critical items, quantifying variable elasticity and an elasticity index. The general FOSM method for correlated basic variables is applied to system analysis to generate modal correlation coefficients between failure modes. The general direction cosine is stable for multivariate linear functions and functions of limited curvature across a range of reliabilities and correlation levels. This characteristic further simplifies the process by providing for deterministic reliability modelling of performance functions containing dependent variables, avoiding the solution of the more complex joint density function. The extension of the current theory and the treatment of performance functions in the original vector space develop invaluable insight into the correlation mechanisms driving risk and reliability. This will assist project managers to better understand areas that can affect project performance, to focus management attention, develop mitigation strategies and to allocate resources for the optimal management of project risk. / AFRIKAANSE OPSOMMING: Korrelasie meganismes wat sistematiese afwykings en gemeenskaplike sensitiwiteite veroorsaak, is kritieke bydraers tot onsekerheid in kwantitatiewe funksies wat projek prestasie modelleer m terme van probabilistiese of basiese veranderlikes. Huidige betroubaarheidsmetodes transformeer afhanklike vektore tot 'n ekwivalente stel van standaard normaalonafhanklike veranderlikes. '0 Eenvoudige metode is ontwikkelom die effekte van korrelasie in die oorspronklike vektorspasie te hanteer. 'n Algebraise beskrywing van die rigtingseosines (genoem alfa) vir prestasiefunksies onder omstandighede van afhanklikheid is formeel afgelei en numeries gevalideer. Dit is bewys dat die resulterende Algemene Eerste Orde Tweede Moment metode vir gekorreleerde basiese veranderlikes ekwivalent is aan die tradisionele Ortogonale Transformasie metode. Geometriese en fisiese interpretasies vir die algemene rigtingscosinus is ontwikkel, met bewys dat alfa ekwivalent is aan die korrelasie tussen 'n basiese veranderlike en die prestasiefunksie. Ooreenstemmende ongelykhede en normaliserings-kondisies is ook vir alfa ontwikkel. Uitdrukkings vir 'n aantal toepassings wat gebruik maak van die algemene afhanklike vorm van die rigtingscosinus is afgelei en gedemonstreer. Die huidige definisie van die rigtingscosinus as 'n belangrikheidsfaktor is gevalideer vir kondisies van afhanklikheid en omstandighede is uitgewys wanneer dit onvoldoende is. Uitdrukkings is afgelei om stochastiese belangrikheid te meet asook funksie sensitiwiteit, die sensitiwiteit van die betroubaarheidsindeks tot die weglating van nie kritiese veranderlikes, sowel as die kwantifisering van elastisiteit en die elastisiteitsindeks. Die Algemene Eerste Orde Tweede Moment metode vir gekorreleerde' veranderlikes is toegepas op sisteem analise om die korrelasie tussen falingsmodes te genereer. Die algemene rigtingscosinus is stabiel vir liniêre funksies en funksies met 'n beperkte kromming oor 'n reeks betroubaarheidswaardes en korrelasie vlakke. Hierdie kenmerk vereenvoudig die metode verder deur voorsiening te maak vir deterministiese betroubaarheidsmodellering van prestasie funksies met afhanklike veranderlikes, deur die oplossing van die meer komplekse gesamentlike-digtheidsfunksies te vermy. Die uitbreiding van die huidige teorie en die hantering van prestasie funksies in die oorspronklike vektor spasie ontwikkel waardevolle insig in die korrelasie meganismes wat risiko en betroubaarheid oorheers. Hierdie insig sal projekbestuurders in staat stelom kritieke gebiede wat projek prestasie kan affekteer beter te verstaan, om hulle aandag daarop te fokus, om teenmaatreël-strategieë te ontwikkel en hulpbronne toe te ken vir die optimale bestuur van projek risiko.

Construction industry

Project management

Risk management

Dissertations -- Civil engineering

Risk management of electronic health record system in hospitals

Barnawi, Abdullah

January 2013

This thesis investigates the use of electronic medical record (EMR) systems and risk management in hospitals. It provides a critical analysis of recognized EMR systems and potential failures and discusses six traditional risk management techniques including brain storming, cause, effect analysis, failure mode effective analysis (FMEA), fault tree analysis (FTA), and Binary Decision Diagram (BDD) in addition, to one of the most recent systematic risk management techniques, Systems Theoretic Accident Model Process (STAMP). The traditional techniques are not as well suited to managing risks and preventing failures in modern information systems with complex software that involves human and machine interaction. The thesis introduces the implementation of common traditional risk management technique such as BDD and FTA which is mostly used in nuclear plants, transportation and medical devices backed by a hypothetical example to help and explain the process of the FTA usage. Most traditional techniques rely on a direct cause-and-effect chain and have no clear formal guidance. The systematic technique introduced and used in this study, is known as Systems Theoretic Accident Model Process (STAMP). It is one of the recent systematic techniques developed and used in many sectors including aerospace. This study applied the STAMP technique to the EMR system failure at King Khalid General Hospital (KKGH) in Riyadh. One of the reasons for selecting the STAMP technique is that it is based on system theory and established the risk factors that lead to system failure. It also provides guidance for managing and controlling risk factors. This thesis discusses the implementation of STAMP, supported by examples, to explain how the technique conducted. System failures occur unexpectedly and have the potential to affect health services; they can compromise patient health and sometimes lead to death. The aims of this study are to explore The Kingdom of Saudi Arabia healthcare usage of EMRs and risk factors that leads to system failure and demonstrate the benefit of STAMP for RM in EMR system, define gaps and provide suggestion based on international best practice The study was conducted in three phases. The first phase explored EMR system usage and failures. The second phase implemented the STAMP risk management technique at one hospital of our 8 surveyed hospitals, the King Khalid General Hospital’s (KKGH), to identify and manage risks. In the third phase, the study modified the STAMP technique and reapplied it. The modified technique STAMP Checklist (STAMPC) was compared with the original STAMP technique. We found that STAMPC is much more usable and subjectively beneficial for the hospital that uses a hybrid system. Data extracted using the modified technique provided more useful information to improve EMR system safety, and prevent potential failures. This study addresses the challenges of how effectively RM techniques used to reduce the potential risk of EMR system failures in hospitals. It improves the efficiency of the STAMP risk management technique by proposing a new (STAMPC) technique. There are 3 important implications for both RM and EMRs practice: first, the study suggests that RM and EMRs are integral parts of the management decision-making process; second, they are necessary to improve human health and safety; and, third, RM may minimise the possibility of system failure.

600

Ανάπτυξη συστήματος στήριξης αποφάσεων για τη διαχείριση κινδύνων στα τεχνικά έργα

Γεωργαντοπούλου, Ανδριάνα

26 July 2013

Σκοπός της διατριβής αυτής ήταν η ανάπτυξη ενός συστήματος για τη διαχείριση των κινδύνων στα τεχνικά έργα. Ο σχεδιασμός του προτεινόμενου συστήματος στοχεύει στο να αποκαλύψει στο χρήστη την πιθανότητα εμφάνισης συγκεκριμένων κινδύνων στο έργο και την επίπτωση αυτών στους στόχους του έργου (κόστος, χρόνος, ποιότητα, σκοπός) καθώς και να προτείνει αντίσοιχες δράσεις πρόληψης, για την μείωση είτε της πιθανότητας της εμφάνισης τους είτε για τη μείωση των συνεπειών τους στους στόχους του έργου. / A decision support system was developed in order to examine the probability of occurrence of certain risks in a construction project. Risk responses were developed so as to minimize either the probability or the impact of its identified risk

Διαχείριση κινδύνου

Τεχνικά έργα

624.068 1

Risk management

Construction projects

Revitalising construction project procurement through joint risk management

Rahman, Md. Motiar.

January 2003

published_or_final_version / Civil Engineering / Doctoral / Doctor of Philosophy

Construction industry - Prices.

Industrial Procurement.

Risk management.

Project management.

The perception and management of risk in engineering projects, with particular reference to Hong Kong

Thornely, J. H. A.

January 1987

published_or_final_version / Business Administration / Master / Master of Business Administration

Project management.

Risk management.

An exploration of the business opportunities in freight between Hong Kong and China

Wong, Teck-sun, Alexander., 王德燊.

January 1990

published_or_final_version / Business Administration / Master / Master of Business Administration

Risk management - China - Hong Kong.

Semi-static hedging of guarantees in variable annuities under exponential lévy models

Pang, Long-fung., 彭朗峯.

January 2010

published_or_final_version / Statistics and Actuarial Science / Master / Master of Philosophy

Variable annuities.

Hedging (Finance) - Mathematical models.

Risk management.