[en] RISK MEASUREMENT OF BUSINESS PROCESSES IN THE ELECTRICITY SECTOR: A STRATEGY FOR CONTINUOUS AUDITING / [pt] MENSURAÇÃO DE RISCO EM PROCESSOS DE NEGÓCIO DO SETOR ELÉTRICO: ESTRATÉGIA PARA AUDITORIA CONTÍNUA

JOÃO BATISTA DOMINICI DA PENHA FILHO

13 May 2019

[pt] A auditoria e o monitoramento contínuo visam melhorar a eficiência das operações na empresa, identificando e avaliando riscos de maneira tempestiva e provendo rapidamente informações críticas à alta administração para uma melhor tomada de decisão. Mediante a adoção de ferramentas de controle incorporadas aos sistemas de informação ou a utilização de softwares apropriados, a auditoria e o monitoramento contínuo propiciam o acompanhamento em tempo real dos processos empresariais. Esta dissertação tem como objetivo principal desenvolver e aplicar em uma empresa do setor elétrico brasileiro uma metodologia para estabelecer e hierarquizar regras de monitoramento de processos de negócio, na perspectiva de implementação futura de uma plataforma tecnológica de auditoria contínua. Mais especificamente, a metodologia compreende a seleção dos processos auditáveis com maior exposição ao risco; identificação de eventos de risco associados a esses processos; e estabelecimento e hierarquização de regras de monitoramento propriamente ditas. A pesquisa pode ser considerada aplicada, descritiva e participativa e teve como estratégia principal a adoção do método de estudo de caso, com a realização de oficinas de trabalho para a coleta de dados primários. Destacam-se como resultados: (i) a revisão crítica da literatura existente sobre auditoria contínua; (ii) uma metodologia para estabelecer e hierarquizar regras de monitoramento associadas a processos de maior exposição a risco para fins do projeto de auditoria continua em uma empresa do setor elétrico brasileiro; e (iii) demonstração da aplicabilidade e efetividade da metodologia proposta, conforme descrito no estudo de caso. / [en] Continuous monitoring and audit aim at improving the efficiency of operations at the company, identifying and timely assessing risks for providing critical information to senior management for better decision-making processes. By adopting control tools embedded in company s information systems or by using specialized software, continuous monitoring and audit provide real-time assessment of business processes. This dissertation aims to develop and apply in a Brazilian power energy company a methodology for establishing and hierarchizing monitoring rules for the purpose of continuous monitoring and audit. The proposed methodology encompasses selection of business processes with greater exposure to risk; identification of risk events associated with those processes; and establishment of monitoring rules themselves. This research can be classified as applied, descriptive, methodological and participatory. Its methodological approach includes the development of a case study and workshops for collecting primary data. The main results can be summarized as follows: (i) critical review of existing literature on continuous audit; (ii) a methodology designed for establishing and hierarchizing monitoring rules with the purpose of continuous monitoring and audit at a Brazilian power energy company selected for this research; and (iii) demonstration of the applicability and effectiveness of the proposed methodology according to the results presents in the case study.

[pt] REGULACAO

[en] REGULATION

[pt] METROLOGIA

[en] METROLOGY

[pt] GESTAO DE RISCO

[en] RISK MANAGEMENT

[pt] AUDITORIA CONTINUA

[en] CONTINUOUS AUDITING

[pt] MONITORAMENTO CONTINUO

[en] CONTINUOUS MONITORING

[pt] MODELO COSO-ERM

[en] COSO-ERM MODEL

[pt] EMPRESA DE ENERGIA ELETRICA

[en] POWER ENERGY COMPANY

Intern kontroll i svenska storbanker : En studie av kommunikation och integration av intern kontroll / Internal Control in Swedish Banks : A study of communication and integration of internal control

Andersson, Caroline, Nyman, Emelie

January 2011

Bakgrund och Problem: Det har visat sig att en gemensam nämnare bland de bakomliggande orsakerna till den senaste finanskrisen var bristande intern kontroll. Det var även en av orsakerna till att en svensk bank i augusti år 2010 gick i konkurs och det kan ses som högst oväntat med tanke på de utvecklade regler, ramverk och granskningar som finns för de svenska bankerna idag. För att den interna kontrollen i ett företag ska fungera väl måste den integreras i hela verksamheten. I dagsläget finns det tecken på att det råder en lucka mellan den interna kontroll som styrelse vill uppnå och den som når fram till medarbetarna i banken. Syfte: Uppsatsens syfte är att studera hur de fyra svenska storbankerna arbetar med intern kontroll idag samt analysera kommunikationen och integrationen av den interna kontrollen i verksamheten. Vidare vill vi bidra till en insikt om hur intern kontroll integreras och blir en del av det dagliga arbetet i banken. Metod/Empiri: Då studien undersöker hur kommunikationen och integrationen av intern kontroll ser ut i de svenska storbankerna, ansågs en enbart kvalitativ metod med intervjuer av personer som aktivt arbetar med intern kontroll inte vara tillräckligt. Det empiriska materialet består därför av intervjuer med personer som arbetar aktivt med den interna kontrollen i de fyra svenska storbankerna samt en enkätundersökning bland medarbetarna ute i verksamheten. Slutsats: Arbetet med den interna kontrollen i de svenska storbankerna fungerar väl och det går att märka en tendens till ökat fokus inom området. En samlad bedömning och en jämförelse av intervjurespondenternas svar och enkäternas svar visar att ett gap i kommunikationen angående den interna kontrollen kan anas. Det finns därmed också en brist i integrationen av den interna kontrollen. / Background and Problem: It was shown that the lack of internal control was a common denominator among the reasons for the recent financial crisis. It was also one of the reasons that a Swedish bank in August 2010 went bankrupt and this can be seen as highly unexpected due to the developed rules, frameworks and reviews that exist for the Swedish banks today. In order for a company to accomplish a well functional internal control it must be integrated throughout the whole organization. In the current situation there is evidence confirming an existence of a gap between the internal control a board request and what is accessible to employees in the bank. Aim: The purpose of this thesis is to study how the four major Swedish banks are operating the internal control today, also, analyzing the communication and integration of the internal control within the organization. We also wish to contribute to an understanding of how internal control is integrated and how it becomes a part of the daily work in the bank. Method/Empirics: Since this study examines how communication and integration of internal control appears in the major Swedish banks, a purely qualitative approach with interviews of people who actively work with the internal control was not considered as sufficient. Therefore, the empirical data consists of interviews with employees who are actively working with internal control in the four major Swedish banks and additionally, a survey was sent to the employees working in the daily business. Conclusions: The work with internal control in the major Swedish banks is well functioning and it is possible to notice a tendency for increased focus for the subject. An overall assessment and comparison of responses from the interviews and the survey indicates a gap in communication regarding internal control. Thus, there is a lack of integration of the internal control.

Internal control

Integration

Communication

COSO/ERM

bank

Corporate Governance

Operational risk

Basel regulation

”Three Lines of Defence”

Intern kontroll

integration

kommunikation

COSO/ERM

bank

bolagsstyrning

operativ risk

Baselregelverken

”Three Lines of Defence”

L'adoption de la fonction risk management : un travail de recouplage des finalités : le cas du groupe La Poste / Risk management adoption as recoupling work on ends : the case of the French postal group

Jemaa, Fatma

29 November 2016

Le risk management d’entreprise (ERM) est un ensemble de politiques, de structures et de pratiques infuses d’idéaux sociaux de bonne gouvernance et de contrôlabilité. Nous nous demandons ici dans quelles mesures le travail des acteurs permet l’adoption durable de l’ERM dans l’organisation. Dans le cas du Groupe La Poste, l’appropriation des pressions externes par les auditeurs internes a été cruciale. Une fois introduit dans l’organisation postale, l’ERM a d’abord été confronté à l’indifférence du management. Les contenus réglementaires et normatifs ont été adoptés sans être mis en œuvre. Des structures partielles d’ERM ont été peuplées de risk managers détenant les compétences nécessaires pour répondre aux attentes externes. Ces risk managers ont ensuite travaillé à légitimer et structurer le dispositif conformément aux « meilleures pratiques » en réalisant un travail de recouplage – action intentionnelle des individus visant à aligner le risk management organisationnel avec les traits externes et abstraits de l’ERM. L’étude du cas La Poste suggère ainsi une explication organisationnelle au fait que l’ERM ne puisse être révoqué une fois en place. / Enterprise-wide risk management (ERM) is a set of policies, structures and practices infused with social ideals of good governance and controllability. In this research, we seek to know how actors’ work allows ERM lasting adoption in the organization. In La Poste, the enactment of external pressures by internal auditors turned out to be critical. When introduced in the postal organization, ERM first encountered management disregard. As a consequence, ERM regulatory and normative meanings and categories were adopted but not implemented in the business. Partial ERM structures were created and inhabited by risk managers who hold necessary skills to help organizational compliance with external expectations. Newly appointed risk managers worked internally to legitimize and structure the device consistently with external “best practices” performing what we named recoupling work - the purposive action of individuals and organizations aimed at aligning organizational risk management with external ERM abstract features. Thus, our case suggests an organizational explanation to the fact that risk management could not be rescinded after its initial settlement.

Enterprise-Wide Risk Management (ERM)

Institutionnalisation

Risk manager

Power

Travail

Découplage

Politiques et pratiques

Moyens et fins

Enterprise-Wide Risk Management (ERM)

Institutionalization

Risk manager

Power

Work

Decoupling

Recoupling

Policy and practices

Means and ends

658.1

dSTRIPAK régule les fonctions catalytiques et non-catalytiques de la kinase Ste20 Slik

de Jamblinne, Camille V.

12 1900

Many cellular and molecular mechanisms are involved in the structural changes (morphogenesis) taking place during embryonic development. Indeed, the cytoskeleton is dynamically modified by intracellular signaling cascades, controlling cell morphogenesis during division or epithelial organization. Signal transduction mechanisms establishes homeostasis during morphogenetic processes. The cell cortex, composed by plasma membrane and underlying cytoskeleton meshwork, is responsible for integrating cell shape changes and organizing structural elements required for intercellular communication. The composition of the cell cortex is thus constantly changing in response to morphogenetic needs. However, the signaling network controlling this cortical plasticity is still unclear. This work has identified a new signaling pathway involved in cell cortex organization. The laboratories of Dr Carréno and Dr Hipfner use Drosophila as a model organism to study cell and tissue morphogenesis. Dr Carréno and Dr Hipfner had previously found that Ste20 Slik kinase was responsible for dMoesin activation by phosphorylation. dMoesin acts as a cross-linker between the cytoskeleton and the plasma membrane. This way, activation of dMoesin by Slik controls cortical stability during mitosis and epithelial integrity in Drosophila. This research project found that dSTRIPAK phosphatase activity promotes cortical localization of Slik in order to activate dMoesin at the plasma membrane. In addition, it showed that dSTRIPAK, as Slik and dMoesin, controls mitotic morphogenesis and epithelial tissue integrity. On top of that, Dr Hipfner has previously shown that Slik induces growth signaling at distance and independently of its catalytic activity. My research has led to the discovery that Slik is located along specialized signaling filopodia, called cytonemes. In addition, our data showed that Slik lengthens cytonemes, while dSTRIPAK is necessary for their biogenesis and signaling function. Slik and dSTRIPAK thus control tissue growth during the embryonic development of Drosophila. We have not determined the molecular mechanisms involved in the formation of cytonemes by dSTRIPAK/Slik yet. Together, our research projects led to the discovery that the dSTRIPAK complex regulates the catalytic and non-catalytic functions of Slik. We have thus identified a new signaling pathway controlling cell and tissue morphogenesis, through the cytoskeleton and intercellular communication. These processes are essential for maintaining homeostasis during embryogenesis. However, alteration of these morphogenetic processes can cause tumorigenesis. Our research might lead to the exploration of new anti-cancer therapeutic avenues. / De nombreux mécanismes moléculaires et cellulaires sont à la base des changements structurels (appelés la morphogenèse) qui ont lieu durant le développement d’un organisme. En effet, le cytosquelette est dynamiquement modifié par des cascades de signalisation intracellulaires contrôlant ainsi la morphogenèse cellulaire durant la division ou l’organisation d’un épithélium. L’homéostasie entre les différents processus morphogénétiques est établie grâce à des échanges de molécules signalisatrices. Le cortex de la cellule, composé de la membrane plasmique et du réseau de protéines du cytosquelette sous-jacent, est responsable d’intégrer les changements de forme cellulaire et d’organiser les éléments structurels requis pour la communication intercellulaire. Donc la composition du cortex cellulaire varie constamment en réponse aux besoins morphogénétiques. Toutefois, les réseaux de signalisation qui contrôlent cette plasticité corticale ne sont pas toujours connus. Ce travail a identifié une nouvelle voie de signalisation impliquée dans l’organisation du cortex cellulaire. Le laboratoire d’accueil (Dr Carréno) ainsi que celui du Dr Hipfner utilisent la drosophile comme organisme modèle pour l’étude fondamentale de la morphogenèse cellulaire et tissulaire. Le Dr Carréno et le Dr Hipfner avaient précédemment découvert que la kinase Ste20 Slik était responsable d’activer la dMoésine par phosphorylation. Celle-ci lie le cytosquelette à la membrane plasmique. L’activation de la dMoésine par Slik contrôle ainsi la stabilité corticale durant la mitose et l'intégrité épithéliale chez la drosophile. Durant mon projet de recherche, nous avons ensuite mis en évidence que le complexe phosphatase-kinase dSTRIPAK promeut la localisation corticale de Slik afin d’activer la dMoésine à la membrane plasmique. Nous avons également révélé que dSTRIPAK contrôle, tout comme Slik et dMoésine, la morphogenèse mitotique et l’intégrité du tissu épithélial. D'autre part, le Dr Hipfner avait précédemment constaté que Slik induisait une signalisation de croissance à distance, de façon indépendante de son activité catalytique. Mes recherches ont amené à découvrir que Slik est localisée le long de filopodes spécialisés dans la signalisation à distance, appelés cytonèmes. En outre, nos résultats révèlent que Slik allonge les cytonèmes, alors que dSTRIPAK est nécessaire à leur biogenèse et fonction de signalisation. Slik et dSTRIPAK contrôlent ainsi la croissance tissulaire au cours du développement embryonnaire de la mouche. Il reste à déterminer les mécanismes moléculaires impliqués dans la formation des cytonèmes par dSTRIPAK/Slik. Au final nos recherches ont mené à la découverte que le complexe dSTRIPAK régule les fonctions catalytiques et non-catalytiques de Slik. Nous avons ainsi identifié une nouvelle voie de signalisation contrôlant la morphogenèse cellulaire et tissulaire, par le biais du cytosquelette et de la communication intercellulaire. Ces processus sont essentiels au maintien de l’homéostasie durant l’embryogenèse. Toutefois, l’altération de ces processus morphogénétiques peut causer la tumorigenèse. Notre travail de recherche participe donc potentiellement à l’exploration de nouvelles stratégies thérapeutiques anti-cancéreuses.

STRIPAK

Sterile20 kinase Slik

Morphogenesis

Morphogenèse

Mitosis

Mitose

Cytoskeleton

Cytosquelette

Plasma membrane

Membrane plasmique

Cytonème

dMoesin (ERM)

dMoésine (ERM)

Cell cortex

Cortex cellulaire

kinase Sterile20 Slik

Sistemas de controle interno e transparência pública: estudo de caso da Universidade Federal de Alagoas

Brandão, Joseth Ferreira

22 December 2015

Made available in DSpace on 2016-04-25T18:40:13Z (GMT). No. of bitstreams: 1 Joseth Ferreira Brandao.pdf: 1284075 bytes, checksum: 1fbf41051d6cee86095f7b8f3639df96 (MD5) Previous issue date: 2015-12-22 / Internal control of a public institution must be suited to your needs, in order to provide reasonable security of your information. It is true that information is one of the basic inputs of society becoming thus a fundamental good for any activity. Thus, this rummage aimed to conduct a study on the Internal Control System of the Federal University of Alagoas analyzing their suitability to the model proposed by COSO in order to foster a culture of internal controls in the institution, with the risk assessment, activities control, information and communication, as well as by monitoring through ongoing management activities. The data collection was conducted through survey research using a structured questionnaire with closed and open questions, which was applied to teachers and technicians of the University. During the processing and analysis of the results it was applied Palfi and Boot- Avram model that consists of comparing international models of internal control obtaining the degree of similarity and dissimilarity between them from the calculation of the Jaccard coefficient. The results show that there is high dissimilarity among the COSO model and Internal Control System UFAL especially with regard to the monitoring component / O controle interno de uma instituição pública deve estar adequado às suas necessidades, de modo a proporcionar uma razoável segurança de suas informações. É certo que a informação é um dos insumos básicos da sociedade tornando-se, portanto, um bem fundamental para qualquer atividade. Nesse sentido, esta pesquisa teve por objetivo conduzir um estudo sobre o Sistema de Controles Internos da Universidade Federal de Alagoas analisando sua adequação ao modelo proposto pelo COSO com o intuito de fomentar a cultura de Controles Internos na Instituição, com a avaliação de riscos, atividades de controle, informação e comunicação, bem como através do monitoramento por meio de atividades gerenciais contínuas. A coleta de dados foi realizada por meio de pesquisa survey com a utilização de questionário estruturado com questões fechadas e abertas, o qual foi aplicado aos docentes e técnicos da Universidade. Durante o processamento e as análises do resultado foi aplicado o modelo Palfi e Bota-Avram, que consiste na comparação entre modelos internacionais de controle interno obtendo-se o grau de semelhança e dessemelhança entre eles a partir do cálculo do Coeficiente de Jaccard. Os resultados mostram que há grande dissimilaridade entre o modelo COSO e o Sistema de Controles Internos da UFAL, principalmente no que tange ao componente de Monitoramento

Controles internos

COSO ERM

Gestão de risco

Internal controls

Risk management

Enterprise Risk Management : insights on emerging risks from the German banking sector

Nöth-Zahn, Stephanie

January 2017

IT innovations have reshaped banking and will continue to do so. They are a manifestation of indispensable progress, yet risks emerge from IT innovations. Historic data and accounts of emerging risk experiences are rather scarce. Hence, they present a special challenge to risk management as they are hard to identify. Moreover, traditional risk management practices, relying on historic data, may not be fully adequate. What solutions can be offered by risk management to manage these risks? When is an uncertainty understood as an emerging risk? Who needs to be involved in the risk management process?The research asks the seemingly obvious question, yet this important topic has been regularly neglected in academics as well as in practice. Both literature and theoretical basis have only recently developed so as of yet there is little availability of varying viewpoints and reliable theories. 70% of the banks interviewed do notactively consider emerging risks in their risk management process. The banks take a reluctant position in general, waiting to see how things develop. Only three banks have a proactive approach and manage emerging risks from IT innovation in using an enterprise-wide approach such as Enterprise Risk Management (ERM).Therefore, this work develops a conceptual framework which aims to fill the research gap between ERM as an approach to holistic portfolio risk management and the lack of academic and practical work on emerging risks. The conceptual framework explores how banks can apply ERM to manage emerging risks in the future. Researching this topical phenomenon, extending today's common application and understanding of emerging risks and ERM in practice and academia is one of the most challenging tasks confronting future risk management (Bromiley et al., 2015).To the author's knowledge, this project is one of the first to take this challenge.

658

Analýza stavu připravenosti ČR na přijetí jednotné evropské měny / Analysis of preparedness of the Czech Republic to adopt the single European currency

Burešová, Ivana

January 2016

The Thesis Analysis of preparedness of the Czech Republic to adopt the single European currency is focused on integration process of the Czech Republic into the Eurozone. The Thesis is divided into two main parts, the theoretical and practical part. The theoretical part is focused on the history of monetary cooperation in Europe, the European Central Bank and its instruments and also on the European currency. The practical part is dedicated to fulfilling the Maastricht convergence criteria and to procedures that are strictly related to adoption of the European currency, such as selection of scenarios and legislative preparations for euro adoption.

Ebb and Flow

CHEN, HSIN-LEI

January 2007

No description available.

Music

Orchestral Work

Orchestra Score

Instrumental Music

Orchestra

Ebb and Flow

Percussion

Marimba

Taiwanese

Chinese

Asian

ERM Media's Materworks of the New Era

Assessment of enterprise risk management maturity levels of the insurance industry in Botswana

Ngwenya, Moreblessing

11 1900

The primary objective of this study was to develop an Enterprise Risk Management Maturity Framework (ERMMF) for use in the assessment of Enterprise Risk Management (ERM) maturity levels of the insurance industry in Botswana. The ERMMF incorporated elements from the Committee of Sponsoring Organisations of the Treadway Commission (COSO)’s ERM framework and the AON risk maturity model. Five criteria were utilised to define each of the eight components of ERM used to measure ERM maturity levels. The framework was developed qualitatively through literature review. The ERMMF was tested empirically to evaluate the ERM maturity levels of the insurance industry in Botswana. Data was collected from 12 respondents from long-term insurance companies, 15 from short-term insurance companies, 4 from reinsurers and 59 from brokerages. The findings revealed that the whole insurance industry is at the Defined stage of ERM maturity level as the responses bordered around 3 on the developed scale of measurement. The findings implied that the insurance sector in Botswana has generally implemented ERM but not enough follow-ups had been made to ensure that ERM became a continuous process. Results further indicated that although the whole sector was at the defined stage of ERM, the responses in each component differed per stratum. Literature indicates that insurance organisations, regardless of stratum within which they are, are faced with similar risks generally. The differing responses could be due to the magnitude of risks that could differ according to unique characteristics of each stratum. The study further recommended an enterprise risk management implementation procedure for the insurance industry in Botswana. / Business Management / D. Admin (Business Management)

Enterprise risk management

Enterprise risk maturity levels

ERM maturity framework

COSO ERM framework

ERM implementation procedure

Insurance industry

Short-term insurers

Long-term insurers

Reinsurers

Brokerages

368.00656856

Risk management -- Botswana

Insurance -- Botswana

Risk (Insurance) -- Botswana

Insurance agents -- Botswana

Telemetry Post-Processing in the Clouds: A Data Security Challenge

Kalibjian, J. R.

10 1900

ITC/USA 2011 Conference Proceedings / The Forty-Seventh Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2011 / Bally's Las Vegas, Las Vegas, Nevada / As organizations move toward cloud [1] computing environments, data security challenges will begin to take precedence over network security issues. This will potentially impact telemetry post processing in a myriad of ways. After reviewing how data security tools like Enterprise Rights Management (ERM), Enterprise Key Management (EKM), Data Loss Prevention (DLP), Database Activity Monitoring (DAM), and tokenization are impacting cloud security, their effect on telemetry post-processing will also be examined. An architecture will be described detailing how these data security tools can be utilized to make telemetry post-processing environments in the cloud more robust.

Data security

network security

cloud computing

Enterprise Rights Management (ERM)

Enterprise Key Management (EKM)

Data Loss Prevention (DLP)

Database Activity Monitoring (DAM)

tokenization