Questions on using control self assessment techniques on information systems development projects

Erasmus, A J

January 1998

A research report submitted to the Faculty of Commerce, University of the Witwatersrand, Johannesburg, in partial fulfilment of the requirements for the degree of Master of Commerce, 1998 / Corporate Governance requires management to report to its stakeholders on Internal Control Systems. Corporate Governance is the system through which organisations are directed and controlled. To meet these requirements management needs a mechanism through which they can stay abreast of such control systems. The aim of this research is to evaluate whether such a mechanism can be provided for Information System Development (ISD) projects, through Control Self-Assessment questionnaire and / or workshop techniques. [Abbreviated abstract. Open document to view full version} / MT2017

Management information systems

Corporate governance

Control-self-assessment (Auditing)

The association between organizational culture and Control Self Assessment: adoption and approach choice

Pan, Ye., 潘燁.

January 2006

published_or_final_version / Business / Master / Master of Philosophy

Control self-assessment (Auditing)

Risk management.

Auditing, Internal.

Corporate culture - China - Hong Kong.

自行評估內部控制之探討－以美國個案公司為例

趙曉蓮

Unknown Date

本研究是針對內部控制自行評估（CONTROL SELF-ASSESSMENT簡稱CSA） 探討由理論到實際的實行的每一個階段的重點：為什麼需要CSA的概念？CSA的架構及方法為何？CSA實行的方法？ 以及CSA在美國實行的情形？希望藉由本項研究所得出來的概念，不但揭開CSA的面紗，更期望能幫助各公司能藉著CSA結合績效風險管理、目標管理達到其營運、財務、法令遵行的效果及效率。 本論文之研究程序為： （一） 收集國內外有關自行評估內部控制的文獻及法令，並探索自行評估內部控制的由來、實行的必要的理由，CSA的過程中內部稽核角色如何轉變及如何與內控理論的本意配合。 （二） 收集國外實行內控的最佳實例並在每種實行方法下，選出一家代表性的個案。 （三） 分析所選出的實例，並分析每個個案所實行的特色及成果。 （四） 歸納出各種實行方法的適用性及優缺點。 目 錄 圖次……………………………………………………………………2 表次……………………………………………………………………3 第一章緒論 4 第一節 研究背景及研究目的 4 第二節 研究方法 7 第三節 論文架構及大綱 11 第二章 內部控制制度概述 12 第一節 內部控制的定義及種類 12 第二節 內部控制制度的組成要素 15 第三節 企業目標與組成要素間的關係 21 第四節 與企業內部控制制度關聯之團體 23 第三章自行評估內部控制制度概念（簡稱CSA）之探討 29 第一節 CSA的定義及要素 29 第二節 CSA之必要性 31 第三節 實行CSA的三種模式 34 第四節 CSA的關鍵成功要素 38 第五節 CSA對稽核角色的影響 40 第四章 自行評估內部控制個案分析 42 第一節J C PENNY個案分析 42 第二節MAPCO公司個案分析 52 第三節CENTERIOR ENGERY個案分析 56 第四節 個案實施成果的分析 69 第五章結論與建議 76 第一節研究結論 76 第二節研究建議 79 第三節未來研究方向 79

自行評估內部控制

CSA

Control Self-Assessment

The association between organizational culture and Control Self Assessment adoption and approach choice /

Pan, Ye.

January 2006

Thesis (M. Phil.)--University of Hong Kong, 2007. / Title proper from title frame. Also available in printed format.

Implementação do gerenciamento de riscos operacionais na área de recebimento integrado: uma abordagem intervencionista em uma editora nacional

Moraes, Wilson de

01 February 2017

Submitted by Aline Amarante (1146629@mackenzie.br) on 2017-03-27T23:16:25Z No. of bitstreams: 2 WILSON DE MORAES.pdf: 1079542 bytes, checksum: 6099360007d99844eac2e5ab5365e283 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) / Approved for entry into archive by Paola Damato (repositorio@mackenzie.br) on 2017-04-03T13:15:33Z (GMT) No. of bitstreams: 2 WILSON DE MORAES.pdf: 1079542 bytes, checksum: 6099360007d99844eac2e5ab5365e283 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) / Made available in DSpace on 2017-04-03T13:15:33Z (GMT). No. of bitstreams: 2 WILSON DE MORAES.pdf: 1079542 bytes, checksum: 6099360007d99844eac2e5ab5365e283 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) Previous issue date: 2017-02-01 / Risk management is one of the most important features for the survival of organizations. In a background in which transparency and reliability are fundamental cornerstones in financial statements, appropriate management of operational risks is a growing concern. As a result, risk management is increasingly necessary and a vital tool to reduce the opportunities for deviations from the route plan. However, the literature on the subject addresses, mainly, companies in the financial sector, showing a lack of data for organizations in other industries. Within this context, this study aims to present the implementation of operational risk management in the Integrated Receiving (IR) area of a National Publisher. The analysis of this study was based on the concepts of COSO (Committee of Sponsoring Organizations of the Treadway Commission) methodology and made possible using Control Self Assessment (CSA) methodology, in addition to the interventionist approach. CSA methodology provides the identification of risks by managers of the area under analysis. However, in order to develop a theoretical contribution, this study analyzed data referring to employees in IR area. After data were collected, the implementations of the necessary corrective actions were discussed and negotiated with the concerned manager. The result was a success throughout the whole process of implementation; in addition, the participation of all employees were beneficial and constructive for the company in order to determine weaknesses of the area. The main benefit observed was the dissemination of the risk culture among the participants of this work and an improvement in the control environment for the company. Results should be analyzed considering the limitations of this work, as the company studied belongs to a specific sector. Therefore, as a suggestion for future research, there is a need to expand the number of companies and internal areas to be studied, comparing the conclusions with those of this study. / A gestão de riscos é um dos mais importantes recursos para a sobrevivência das organizações. Em um cenário de demanda por transparência e confiabilidade nas demonstrações financeiras, o adequado gerenciamento de riscos operacionais é preocupação cada vez mais presente. Em razão disso, a gestão de riscos torna-se um instrumento de extrema importância para minimizar as ocorrências de perdas nas organizações. Porém, a literatura sobre o assunto aborda, principalmente, empresas do setor financeiro, havendo uma carência de dados para organizações pertencentes aos demais setores do mercado. É nesse contexto que o presente estudo teve como objetivo principal a implementação do gerenciamento de riscos operacionais na área de Recebimento Integrado (RI) de uma Editora Nacional. As análises deste trabalho tiveram por base os conceitos da metodologia COSO (Committee of Sponsoring Organizations of the Treadway Commission) e foram viabilizadas com a utilização da metodologia CSA (Control Self Assessment) e da abordagem intervencionista. A metodologia CSA estabelece a identificação dos riscos pelos gestores da área em análise, porém, nesse trabalho, com o intuito de se obter contribuição para a teoria, foram apurados dados referentes a todos os funcionários da área de RI. Posteriormente ao levantamento de dados, as implementações das ações corretivas necessárias foram discutidas e negociadas junto ao gerente da área. O resultado apurado demonstrou sucesso no processo de implementação, destacando que a participação de todos os funcionários da área para apuração de fragilidades é benéfica e salutar para o negócio. O principal ganho verificado foi a disseminação da cultura de riscos entre os participantes deste trabalho e uma melhoria no ambiente de controle para a empresa. Os resultados devem ser analisados considerando-se as limitações deste trabalho, que estudou uma empresa em um setor específico. Para tanto, como sugestão de pesquisas futuras, há a necessidade de se ampliar o número de empresas e áreas internas a serem estudadas, comparando-se as conclusões com as do presente trabalho.

gerenciamento de riscos operacionais

COSO

control self assessment (CSA)

abordagem intervencionista