Global ETD Search

1	Härdsmälta eller riskarbete? : En studie av ISO 31000 och dess riskhanteringsprocess Björkstrand, Anette, Riis, Sebastian January 2012 (has links) Fokuset på riskhantering har ökat markant sedan mitten av 1990-talet till följd av företagskollapser. Orsakerna bakom användandet av diverse riskhanteringsramverk är dock omtvistat, då vissa anser att riskhanteringsarbetet bygger på andra anledningar än att hantera risk effektivt, såsom legitimitetssökande. Det finns även farhågor att riskhanteringsarbetet riskerar att förlora fokus och leda till en ond cirkel som skapar risker snarare än behandla redan existerande. Uppsatsens syfte är att studera vilka effekter införandet av ISO 31000 får på riskhanteringsprocessen inom energibranschen. Detta gör vi genom att studera energiföretaget E.ON Sverige AB och dess dotterbolag, och hur de använder sig av riskhanteringsramverket ISO 31000. Undersökningen skedde genom intervjuer med riskansvariga på företaget och även genom kontroll av dokument. Vi finner att införandet av ISO 31000 inte medfört så stora förändringar i riskhanteringsprocessen. Detta kan vara hänförligt till en brist av engagemang från ledningen och svårigheten att förändra styrsystem samt ett behov av legitimitet snarare än behovet av ramverk. Iso 31000 riskhantering
2	Riskhantering i kommuner och landsting : ISO 31000, riskbegreppet och organisationsövergripande riskhantering / Risk management in Swedish municipalities and county councils : ISO 31000, definition of risk and enterprise risk management Ahlström, Per January 2014 (has links) År 2009 antogs för första gången en ISO-standard om riskhantering, ISO 31000:2009. Den är tänkt att kunna användas inom alla samhällssektorer. Kunskapen om standardens utbredning, såväl inom privat som offentlig sektor är i dagsläget låg. Denna uppsats syftar till att undersöka i vilken utsträckning standarden används av kommuner och landsting. Den syftar vidare till att undersöka hur dessa aktörers riskhantering i vissa avseenden förhåller sig till råden i standarden. Dessa områden är definitionen av begreppet risk samt organisationsövergripande riskhantering. Uppsatsen är en surveyundersökning där insamling av data främst skett genom genomförandet av en enkätundersökning. Alla landsting och regioner kontaktades samt 48 av Sveriges 290 kommuner. Urvalet gjordes genom att först använda Sveriges kommuner och landstings kommungruppsindelning och sedan inom dessa göra slumpmässiga urval. Beredskapssamordnare, säkerhetssamordnare, säkerhetschef och liknande var de personer som fick besvara enkäten. Resultaten från uppsatsen visar att användandet av standarden är mycket lågt. Två kommuner använder den, inget landsting. Några landsting överväger dock att börja använda standarden. Både landsting och kommuner tycks dock ha en ambition att jobba med organisationsövergripande riskhantering på ett sätt som huvudsakligen ligger i linje med inriktningen i ISO 31000. Resultaten visar vidare att både landsting och kommuner definierar begreppet risk på olika sätt. Majoriteten av organisationerna menar att det finns en för organisationen ifråga fastslagen definition av begreppet. Ungefär hälften av kommunerna som använder sig av en fastslagen definition har valt en som ligger nära MSB:s definition av begreppet. Bland landstingen är det endast en fjärdedel som använder en sådan definition. Det är svårt att bedöma vad det kan få för effekter att uppfattningen av begreppet risk varierar. Det är dock ett faktum som kan vara bra att uppmärksamma, exempelvis inför framtida statlig styrning på området. Resultaten visar vidare på vad som verkar vara en skillnad mellan landsting och kommuner i hur vanligt det är med organisationsövergripande riskhantering. I landstingen sker det i högre utsträckning. Ambitionerna på området är höga hos båda parter, om än något högre hos landstingen. Det finns dock ett gap mellan ambition och bedömt nuläge. / In 2009 the first ISO-standard focused exclusively on risk management was adopted, ISO 31000:2009. It is supposed to be possible to use it in any societal sector. There is currently little information on how widely the standard has been used, regarding both public and private sector. The study at hand aims to collect information on how it is used in Swedish municipalities and county councils (i.e. local and regional level). Furthermore, it aims to study how these actors’ risk management relates to some certain aspects of the standard. These are how risk is defined and enterprise risk management. A survey has been conducted. All county councils and 48 municipalities were contacted. Sampling regarding municipalities was made by using a categorization made by the Swedish Association of Local Authorities and Regions combined with random choices. The results of the study reveal that the use of ISO 31000 is very limited. It is used by two municipalities and not one of the county councils. Some of the latter are however considering using it. It seems to be the ambition of both municipalities and county councils to apply enterprise risk management in a way that is principally in line with ISO 31000. Furthermore, the results show that municipalities and county councils define risk in different ways. The majority of these organizations say that they use a defined definition of risk in the whole organization. Approximately half of the municipalities use the definition of risk being used by the Swedish Civil Contingencies Agency, i.e. risk is the product of probability * consequence. Amongst county councils only a quarter use this definition. To a larger extent they use definitions that take into account the objectives of their organizations. It is hard to judge which consequences this might have. It might be good to know though, e.g. when future governmental controls are being developed. The results also show that there are differences between municipalities and county councils when it comes to enterprise risk management, where the latter use it more extensively. There is a gap however between how much enterprise risk management is used and how much municipalities and county councils would like to use it. riskhantering ISO 31000 kommuner och landsting organisationsövergripande riskhantering riskbegreppet.
3	Estrutura conceitual para análise de risco nas operações de corte, transbordo e transporte: estudo de caso em uma empresa paulista do setor sucroenergético / Conceptual framework for risk analysis in cutting, transhipment and transportation operations: a case study at São Paulo company in the sugarcane sector Assumpção, André Luís 30 August 2018 (has links) Submitted by Andre Luís Assumpção (andreluisassumpcao@gmail.com) on 2018-09-20T19:29:31Z No. of bitstreams: 1 Dissertação Defesa Mestrado FCAV UNESP 2018 - Andre Assumpcao.pdf: 3064399 bytes, checksum: 3370dac113bb0243290f6773830004df (MD5) / Approved for entry into archive by Neli Silvia Pereira null (nelisps@fcav.unesp.br) on 2018-09-21T17:11:02Z (GMT) No. of bitstreams: 1 assumpcao_al_me_jabo.pdf: 3064399 bytes, checksum: 3370dac113bb0243290f6773830004df (MD5) / Made available in DSpace on 2018-09-21T17:11:02Z (GMT). No. of bitstreams: 1 assumpcao_al_me_jabo.pdf: 3064399 bytes, checksum: 3370dac113bb0243290f6773830004df (MD5) Previous issue date: 2018-08-30 / A gestão de riscos tem se apresentado como uma opção muito próspera para empresas de diversos setores, pois desenvolve chances maiores de análise e controle de perdas para a direção da organização empresarial, além de promover maior competitividade junto a suas concorrentes no tocante a melhores práticas de gestão. Devido a uma carência de estudos sobre os riscos nestas operações, observou-se a necessidade de propor uma estrutura conceitual para analisar e avaliar os riscos intrínsecos nas operações Corte, Transbordo e Transporte de Cana de Açúcar (CTT) em uma empresa paulista do setor sucroenergético. Esta pesquisa é de caráter qualitativo e composta por três etapas. A primeira etapa envolveu uma revisão bibliográfica sobre os temas de gestão de riscos, normas internacionais, ferramentas de análise de riscos e setor sucroenergético. Na segunda etapa, foram realizadas técnicas como análise de documentos, observação participante e entrevistas semiestruturadas com oito especialistas, com o intuito de entender mais profundamente os riscos incorridos no Sistema CTT. Na terceira etapa da pesquisa, apresentou-se uma estrutura conceitual para análise e avaliação de riscos no Sistema CTT utilizando como base, as ferramentas extraídas das normas internacionais de gestão de riscos que mais se harmonizaram com a estrutura sugerida de análise e avaliação de riscos, sendo elas Análise de Árvore de Falhas (FTA), Análise da Gravata Borboleta (Bow-Tie) e Matriz de Risco (Probabilidade e Consequência). Como resultado conclui-se que esta estrutura conceitual para análise de risco nas operações de CTT pode contribuir segundo especialistas do setor de forma expressiva para a empresa estudo e demais organizações do setor sucroenergético auxiliando a gestão na tomada de decisão para redução de custos e nas perdas e danos causados aos veículos, máquinas e equipamentos, pessoas e ambiente envolvidos nas operações de Corte, Transbordo e Transporte. / Risk management has proven to be a very successful option for companies in many sectors, as it develops greater chances of analysis and loss control for the direction of the business organization, as well as promoting greater competitiveness among its competitors regarding best practices in management. Due to a lack of risk studies in these operations, it was observed the need to propose a conceptual framework to analyze and evaluate the intrinsic risks in the operations Cut, Transhipment and Transport of Sugar Cane (CTT) in a São Paulo company of the sugar-energy sector . This research is qualitative and consists of three stages. The first step involved a literature review on the topics of risk management, international standards, risk analysis tools and the sugar and ethanol sector. In the second stage, techniques such as document analysis, participant observation and semi-structured interviews with eight specialists were carried out, in order to understand more deeply the risks incurred in the CTT System. In the third stage of the research, a conceptual framework for risk analysis and evaluation was presented in the CTT System using as a basis the tools extracted from international risk management standards that were most in harmony with the suggested structure of risk analysis and evaluation, such as Fault Tree Analysis (FTA), Bow-Tie Analysis, and Risk Matrix (Probability and Consequence). As a result, it can be concluded that this conceptual framework for risk analysis in CTT operations can contribute, according to industry experts, to the study firm and other organizations in the sugar and ethanol sector, helping management in decision making to reduce costs and losses and damage to vehicles, machinery and equipment, people and the environment involved in the operations of Cut, Transhipment and Transportation. Análise de riscos ISO 31000 Sucroenergético Risk analysis Sugarcane
4	Um guia de apoio à implantação da norma ISO 31000 para gestão de riscos em processos de TI: um estudo de caso IFTO SOUZA, Daniel Félix de 09 December 2016 (has links) Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2017-08-23T12:36:43Z No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) Daniel_Felix_Souza_Versao_Final.pdf: 1840427 bytes, checksum: 48809bf9e2f28c62b0d6b33620e3b6c4 (MD5) / Made available in DSpace on 2017-08-23T12:36:43Z (GMT). No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) Daniel_Felix_Souza_Versao_Final.pdf: 1840427 bytes, checksum: 48809bf9e2f28c62b0d6b33620e3b6c4 (MD5) Previous issue date: 2016-12-09 / O aumento da demanda de soluções que aperfeiçoem os serviços oferecidos pelo governo à sociedade de maneira ágil e econômica, faz com que cresça o número de atividades críticas de TI (tecnologia da informação) que precisam ser gerenciadas. Logo, é um desafio para as organizações controlar estes processos de forma que sejam priorizadas e adequadamente gerenciadas as atividades que podem causar algum tipo de prejuízo. Nesse sentido, existem modelos de gestão de riscos que possibilitam um gerenciamento equilibrado dessas demandas levando em consideração as necessidades de cada organização. A implantação destes modelos é um grande desafio, pois em geral eles auxiliam a gestão de riscos apresentando “o que” e não “como” fazer. Assim, esta dissertação tem como objetivo propor um guia para apoiar a implantação da norma ISO 31000 (ABNT, 2009) para gerenciar riscos em processos de TI. Para a escolha dessa norma como referência desta pesquisa, foram comparados três modelos de gestão de riscos e sua relevância alcançou melhores resultados para proposta deste trabalho. Um estudo de caso foi realizado em uma organização pública com experiência na gestão de riscos corporativas. Ele teve a finalidade de identificar objetivos e características que um guia precisa satisfazer para apoiar a implantação de um modelo para gestão de riscos em processos de TI. Para obter tais informações, foram realizados grupos focais e entrevistas com especialistas da área gestão de riscos corporativa e de TI. A partir dos resultados do estudo, foi proposto um guia dividido em seis fases e duas atividades com exemplos práticos, para facilitar seu entendimento e aplicação. A avaliação do guia foi realizada por meio de uma pesquisa survey de natureza qualitativa, com a participação de sete gestores com formação em TI. Como resultado da avaliação do guia, constatou-se que o guia proposto contribui para apoiar a implantação de um modelo para gestão de riscos em processos de TI em organizações públicas, baseado em uma norma específica para este contexto. / The increase of the demand on solutions that improve the services that are offered by the government to the community in a fast and economical way increases the number of critical IT (information technology) activities which need to be managed. Therefore, it is a challenge for organizations to be able to control these processes in such a way that the activities that may cause any kind of detriment are prioritized and properly managed. In this sense, risk management models enable a balanced handling of those demands, taking into account the needs of each organization. The implementation of those models is a difficult task, because generally risk management models present “what” and not “how” to do. Thus, this dissertation has the goal to propose a guideline to support the implementation of the norm ISO 31000 (ABNT, 2009) to manage risks in IT processes. For a choice of this standard as reference for the research, three models of risk management were compared and their relevance achieved better results for the proposal of this work. A case study was carried out in a public organization with experience in corporative risk management. The goal of the study was to identify the objectives and characteristics that a guideline needs to have in order to support the implementation of a model for risk management in IT processes. Focus groups and interviews with experts in corporative risk management and IT fields were conducted to obtain such information. From the study results, we proposed a guide divided into six phases and two activities, with practical examples to facilitate its understanding and application. The guide assessment was performed through a survey of qualitative nature, with the participation of eight managers with IT expertise. As the outcome of the guide evaluation, it was verified that the proposed guide contributes to support the implementation of a model for managing risks in IT processes in public organizations, based on a specific standard for this context. Gestão de Riscos Processos de TI Guia de apoio à implantação ISO 31000:2009
5	Risk Management Practices in Six Organizations in the Government of Canada Loan, Christopher 10 January 2012 (has links) This thesis is an exploratory study that measured the alignment of corporate risk management practices in six organizations in the Government of Canada with best practices described in the 2009 ISO 31000, as well as five independent variables believed to influence risk management practices in an organization. The objective was to determine if risk management practices vary from one organization to another in a single government, and if so why, as well as building a number of testable hypotheses for future research. The thesis found that risk management practices do vary significantly from one organization to another. It also found that there is a strong correlation between an organization’s budget, total workforce and the policy instruments it uses, and the alignment of its corporate risk management practices with ISO 31000:2009. This study furthers our understanding of how risk management is implemented in public sector organizations. risk management practices government canada public sector risk management ISO 31000
6	Risk Management Practices in Six Organizations in the Government of Canada Loan, Christopher 10 January 2012 (has links) This thesis is an exploratory study that measured the alignment of corporate risk management practices in six organizations in the Government of Canada with best practices described in the 2009 ISO 31000, as well as five independent variables believed to influence risk management practices in an organization. The objective was to determine if risk management practices vary from one organization to another in a single government, and if so why, as well as building a number of testable hypotheses for future research. The thesis found that risk management practices do vary significantly from one organization to another. It also found that there is a strong correlation between an organization’s budget, total workforce and the policy instruments it uses, and the alignment of its corporate risk management practices with ISO 31000:2009. This study furthers our understanding of how risk management is implemented in public sector organizations. risk management practices government canada public sector risk management ISO 31000
7	Risk Management Practices in Six Organizations in the Government of Canada Loan, Christopher 10 January 2012 (has links) This thesis is an exploratory study that measured the alignment of corporate risk management practices in six organizations in the Government of Canada with best practices described in the 2009 ISO 31000, as well as five independent variables believed to influence risk management practices in an organization. The objective was to determine if risk management practices vary from one organization to another in a single government, and if so why, as well as building a number of testable hypotheses for future research. The thesis found that risk management practices do vary significantly from one organization to another. It also found that there is a strong correlation between an organization’s budget, total workforce and the policy instruments it uses, and the alignment of its corporate risk management practices with ISO 31000:2009. This study furthers our understanding of how risk management is implemented in public sector organizations. risk management practices government canada public sector risk management ISO 31000
8	Risk Management Practices in Six Organizations in the Government of Canada Loan, Christopher January 2012 (has links) This thesis is an exploratory study that measured the alignment of corporate risk management practices in six organizations in the Government of Canada with best practices described in the 2009 ISO 31000, as well as five independent variables believed to influence risk management practices in an organization. The objective was to determine if risk management practices vary from one organization to another in a single government, and if so why, as well as building a number of testable hypotheses for future research. The thesis found that risk management practices do vary significantly from one organization to another. It also found that there is a strong correlation between an organization’s budget, total workforce and the policy instruments it uses, and the alignment of its corporate risk management practices with ISO 31000:2009. This study furthers our understanding of how risk management is implemented in public sector organizations. risk management practices government canada public sector risk management ISO 31000
9	Information security risk management model for mitigating the impact on SMEs in Peru Garay, Daniel Felipe Carnero, Marcos Antonio, Carbajal Ramos, Armas-Aguirre, Jimmy, Molina, Juan Manuel Madrid 01 June 2020 (has links) El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado. / This paper proposes an information security risk management model that allows mitigating the threats to which SMEs in Peru are exposed. According to studies by Ernst Young, 90% of companies in Peru are not prepared to detect security breaches, and 51% have already been attacked. In addition, according to Deloitte, only 10% of companies maintain risk management indicators. The model consists of 3 phases: 1. Inventory the information assets of the company, to conduct the risk analysis of each one; 2. Evaluate treatment that should be given to each risk, 3. Once the controls are implemented, design indicators to help monitor the implemented safeguards. The article focuses on the creation of a model that integrates a standard of risk management across the company with a standard of IS indicators to validate compliance, adding as a contribution the results of implementation in a specific environment. The proposed model was validated in a pharmaceutical SME in Lima, Peru. The results showed a 71% decrease in risk, after applying 15 monitoring and training controls, lowering the status from a critical level to an acceptable level between 1.5 and 2.3, according to the given assessment. / Revisión por pares information security ISO/IEC 27004 ISO/IEC 31000 IT Risk Magerit
10	[pt] MODELO DE AUTOAVALIAÇÃO DA GESTÃO DE RISCOS PARA INSTITUIÇÕES GESTORAS DE RECURSOS DE TERCEIROS: UMA ABORDAGEM MULTICRITÉRIO / [en] SELF-ASSESSMENT MODEL OF RISK MANAGEMENT FOR THIRD-PARTY ASSET MANAGEMENT INSTITUTIONS: A MULTICRITERIA APPROACH ENALDO CORDEIRO DE SOUZA 08 August 2022 (has links) [pt] O objetivo desta dissertação é desenvolver um modelo de autoavaliação da gestão de riscos em instituições gestoras de recursos de terceiros, segundo uma abordagem multicritério de apoio à decisão e tendo como base as diretrizes da Norma ABNT NBR ISO 31000:2018. Busca-se demonstrar a aplicabilidade do modelo mediante o desenvolvimento de um estudo empírico em uma instituição gestora de recursos de terceiros e administração dos fundos de investimento. A metodologia compreende: (i) revisão da literatura e análise documental sobre os temas centrais da pesquisa; (ii) definição de estruturas analíticas em rede, segundo as cláusulas e itens da referida Norma; (iii) emprego do método Analytic Network Process (ANP) para atribuição de pesos aos itens da Norma referentes à estrutura e ao processo de gestão de riscos, mediante reuniões consensuais com especialistas com formação e experiência em gestão de riscos; (iv) elaboração e aplicação do instrumento de autoavaliação junto à instituição gestora de recursos de terceiros e administração dos fundos de investimento para avaliar seu nível de maturidade em relação às cláusulas e aos itens da Norma, com uso da lógica fuzzy; (vi) emprego do método Importance-Performance Analysis (IPA) para identificar os itens que devem ser priorizados, visando à melhoria da gestão de riscos da instituição. Destaca-se como resultado principal uma sistemática inovadora de autoavaliação de instituições gestoras de recursos de terceiros que buscam a excelência em gestão de riscos, na perspectiva de apoiar processos decisórios referentes à melhoria contínua de seus sistemas e processos de gestão de riscos. O estudo empírico no contexto organizacional da instituição gestora de recursos de terceiros demonstrou ser plausível determinar o nível de maturidade desta instituição em relação às cláusulas da Norma ABNT NBR ISO 31000:2018 e mapear os principais desafios a serem gerenciados pela instituição, tendo em vista a realização de valor pela gestão de riscos bem sucedida. / [en] This dissertation aims to develop a risk management self-assessment model in third-party asset management institutions, according to a multi-criteria decision support approach and based on the guidelines of the ABNT NBR ISO 31000:2018 Standard. It seeks to demonstrate the model s applicability by developing an empirical study in an institution specialist in third-party resources management and investment fund administration. The methodology comprises: (i) literature review and documental analysis on the central themes of the research; (ii) definition of two analytical network structures, based on the clauses and items of referred Standard; (iii) use of the Analytic Network Process (ANP) method to assign weights to the items concerning the structure and the process of risk management, through consensual meetings involving specialists with experience in risk management; (iv) elaboration and application of the self-assessment instrument in the institution that manages third-party resources and administrates investment funds to assess their level of maturity in relation to the clauses and items of the ABNT NBR ISO 31000:2018 Standard, using fuzzy logic; (vi) application of the Importance-Performance Analysis (IPA) method to identify the items that should be prioritized, with a view to improving the institution s risk management. The main result is an innovative self-assessment system of institutions managing third-party resources that seek excellence in risk management to support decisions related to the continuous improvement of their risk management systems and processes. The empirical study in the organizational context of an institution specialist in third-party resources management demonstrated that it is plausible to determine the maturity level of this institution concerning the clauses and items of the ABNT NBR ISO 31000:2018 standard and to map the main challenges faced by this institution to realize value by the successful risk management. [pt] METROLOGIA [pt] NORMA ABNT NBR ISO 31000 :2018 [pt] GESTAO DE RISCOS [en] METROLOGY [en] ABNT NBR ISO 31000 :2018 STANDARD [en] RISK MANAGEMENT [en] MULTI-CRITERIA DECISION MAKING

Search results