• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 7
  • 4
  • 2
  • 2
  • 1
  • Tagged with
  • 16
  • 16
  • 12
  • 11
  • 4
  • 4
  • 4
  • 4
  • 4
  • 3
  • 3
  • 3
  • 3
  • 2
  • 2
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Härdsmälta eller riskarbete? : En studie av ISO 31000 och dess riskhanteringsprocess

Björkstrand, Anette, Riis, Sebastian January 2012 (has links)
Fokuset på riskhantering har ökat markant sedan mitten av 1990-talet till följd av företagskollapser. Orsakerna bakom användandet av diverse riskhanteringsramverk är dock omtvistat, då vissa anser att riskhanteringsarbetet bygger på andra anledningar än att hantera risk effektivt, såsom legitimitetssökande. Det finns även farhågor att riskhanteringsarbetet riskerar att förlora fokus och leda till en ond cirkel som skapar risker snarare än behandla redan existerande. Uppsatsens syfte är att studera vilka effekter införandet av ISO 31000 får på riskhanteringsprocessen inom energibranschen. Detta gör vi genom att studera energiföretaget E.ON Sverige AB och dess dotterbolag, och hur de använder sig av riskhanteringsramverket ISO 31000. Undersökningen skedde genom intervjuer med riskansvariga på företaget och även genom kontroll av dokument. Vi finner att införandet av ISO 31000 inte medfört så stora förändringar i riskhanteringsprocessen. Detta kan vara hänförligt till en brist av engagemang från ledningen och svårigheten att förändra styrsystem samt ett behov av legitimitet snarare än behovet av ramverk.
2

Riskhantering i kommuner och landsting : ISO 31000, riskbegreppet och organisationsövergripande riskhantering / Risk management in Swedish municipalities and county councils : ISO 31000, definition of risk and enterprise risk management

Ahlström, Per January 2014 (has links)
År 2009 antogs för första gången en ISO-standard om riskhantering, ISO 31000:2009. Den är tänkt att kunna användas inom alla samhällssektorer. Kunskapen om standardens utbredning, såväl inom privat som offentlig sektor är i dagsläget låg. Denna uppsats syftar till att undersöka i vilken utsträckning standarden används av kommuner och landsting. Den syftar vidare till att undersöka hur dessa aktörers riskhantering i vissa avseenden förhåller sig till råden i standarden. Dessa områden är definitionen av begreppet risk samt organisationsövergripande riskhantering. Uppsatsen är en surveyundersökning där insamling av data främst skett genom genomförandet av en enkätundersökning. Alla landsting och regioner kontaktades samt 48 av Sveriges 290 kommuner. Urvalet gjordes genom att först använda Sveriges kommuner och landstings kommungruppsindelning och sedan inom dessa göra slumpmässiga urval.  Beredskapssamordnare, säkerhetssamordnare, säkerhetschef och liknande var de personer som fick besvara enkäten. Resultaten från uppsatsen visar att användandet av standarden är mycket lågt. Två kommuner använder den, inget landsting. Några landsting överväger dock att börja använda standarden. Både landsting och kommuner tycks dock ha en ambition att jobba med organisationsövergripande riskhantering på ett sätt som huvudsakligen ligger i linje med inriktningen i ISO 31000. Resultaten visar vidare att både landsting och kommuner definierar begreppet risk på olika sätt. Majoriteten av organisationerna menar att det finns en för organisationen ifråga fastslagen definition av begreppet. Ungefär hälften av kommunerna som använder sig av en fastslagen definition har valt en som ligger nära MSB:s definition av begreppet. Bland landstingen är det endast en fjärdedel som använder en sådan definition. Det är svårt att bedöma vad det kan få för effekter att uppfattningen av begreppet risk varierar. Det är dock ett faktum som kan vara bra att uppmärksamma, exempelvis inför framtida statlig styrning på området. Resultaten visar vidare på vad som verkar vara en skillnad mellan landsting och kommuner i hur vanligt det är med organisationsövergripande riskhantering. I landstingen sker det i högre utsträckning. Ambitionerna på området är höga hos båda parter, om än något högre hos landstingen. Det finns dock ett gap mellan ambition och bedömt nuläge. / In 2009 the first ISO-standard focused exclusively on risk management was adopted, ISO 31000:2009. It is supposed to be possible to use it in any societal sector. There is currently little information on how widely the standard has been used, regarding both public and private sector. The study at hand aims to collect information on how it is used in Swedish municipalities and county councils (i.e. local and regional level).  Furthermore, it aims to study how these actors’ risk management relates to some certain aspects of the standard. These are how risk is defined and enterprise risk management. A survey has been conducted. All county councils and 48 municipalities were contacted. Sampling regarding municipalities was made by using a categorization made by the Swedish Association of Local Authorities and Regions combined with random choices. The results of the study reveal that the use of ISO 31000 is very limited. It is used by two municipalities and not one of the county councils. Some of the latter are however considering using it.  It seems to be the ambition of both municipalities and county councils to apply enterprise risk management in a way that is principally in line with ISO 31000.   Furthermore, the results show that municipalities and county councils define risk in different ways. The majority of these organizations say that they use a defined definition of risk in the whole organization. Approximately half of the municipalities use the definition of risk being used by the Swedish Civil Contingencies Agency, i.e. risk is the product of probability * consequence. Amongst county councils only a quarter use this definition. To a larger extent they use definitions that take into account the objectives of their organizations. It is hard to judge which consequences this might have. It might be good to know though, e.g. when future governmental controls are being developed. The results also show that there are differences between municipalities and county councils when it comes to enterprise risk management, where the latter use it more extensively. There is a gap however between how much enterprise risk management is used and how much municipalities and county councils would like to use it.
3

Estrutura conceitual para análise de risco nas operações de corte, transbordo e transporte: estudo de caso em uma empresa paulista do setor sucroenergético / Conceptual framework for risk analysis in cutting, transhipment and transportation operations: a case study at São Paulo company in the sugarcane sector

Assumpção, André Luís 30 August 2018 (has links)
Submitted by Andre Luís Assumpção (andreluisassumpcao@gmail.com) on 2018-09-20T19:29:31Z No. of bitstreams: 1 Dissertação Defesa Mestrado FCAV UNESP 2018 - Andre Assumpcao.pdf: 3064399 bytes, checksum: 3370dac113bb0243290f6773830004df (MD5) / Approved for entry into archive by Neli Silvia Pereira null (nelisps@fcav.unesp.br) on 2018-09-21T17:11:02Z (GMT) No. of bitstreams: 1 assumpcao_al_me_jabo.pdf: 3064399 bytes, checksum: 3370dac113bb0243290f6773830004df (MD5) / Made available in DSpace on 2018-09-21T17:11:02Z (GMT). No. of bitstreams: 1 assumpcao_al_me_jabo.pdf: 3064399 bytes, checksum: 3370dac113bb0243290f6773830004df (MD5) Previous issue date: 2018-08-30 / A gestão de riscos tem se apresentado como uma opção muito próspera para empresas de diversos setores, pois desenvolve chances maiores de análise e controle de perdas para a direção da organização empresarial, além de promover maior competitividade junto a suas concorrentes no tocante a melhores práticas de gestão. Devido a uma carência de estudos sobre os riscos nestas operações, observou-se a necessidade de propor uma estrutura conceitual para analisar e avaliar os riscos intrínsecos nas operações Corte, Transbordo e Transporte de Cana de Açúcar (CTT) em uma empresa paulista do setor sucroenergético. Esta pesquisa é de caráter qualitativo e composta por três etapas. A primeira etapa envolveu uma revisão bibliográfica sobre os temas de gestão de riscos, normas internacionais, ferramentas de análise de riscos e setor sucroenergético. Na segunda etapa, foram realizadas técnicas como análise de documentos, observação participante e entrevistas semiestruturadas com oito especialistas, com o intuito de entender mais profundamente os riscos incorridos no Sistema CTT. Na terceira etapa da pesquisa, apresentou-se uma estrutura conceitual para análise e avaliação de riscos no Sistema CTT utilizando como base, as ferramentas extraídas das normas internacionais de gestão de riscos que mais se harmonizaram com a estrutura sugerida de análise e avaliação de riscos, sendo elas Análise de Árvore de Falhas (FTA), Análise da Gravata Borboleta (Bow-Tie) e Matriz de Risco (Probabilidade e Consequência). Como resultado conclui-se que esta estrutura conceitual para análise de risco nas operações de CTT pode contribuir segundo especialistas do setor de forma expressiva para a empresa estudo e demais organizações do setor sucroenergético auxiliando a gestão na tomada de decisão para redução de custos e nas perdas e danos causados aos veículos, máquinas e equipamentos, pessoas e ambiente envolvidos nas operações de Corte, Transbordo e Transporte. / Risk management has proven to be a very successful option for companies in many sectors, as it develops greater chances of analysis and loss control for the direction of the business organization, as well as promoting greater competitiveness among its competitors regarding best practices in management. Due to a lack of risk studies in these operations, it was observed the need to propose a conceptual framework to analyze and evaluate the intrinsic risks in the operations Cut, Transhipment and Transport of Sugar Cane (CTT) in a São Paulo company of the sugar-energy sector . This research is qualitative and consists of three stages. The first step involved a literature review on the topics of risk management, international standards, risk analysis tools and the sugar and ethanol sector. In the second stage, techniques such as document analysis, participant observation and semi-structured interviews with eight specialists were carried out, in order to understand more deeply the risks incurred in the CTT System. In the third stage of the research, a conceptual framework for risk analysis and evaluation was presented in the CTT System using as a basis the tools extracted from international risk management standards that were most in harmony with the suggested structure of risk analysis and evaluation, such as Fault Tree Analysis (FTA), Bow-Tie Analysis, and Risk Matrix (Probability and Consequence). As a result, it can be concluded that this conceptual framework for risk analysis in CTT operations can contribute, according to industry experts, to the study firm and other organizations in the sugar and ethanol sector, helping management in decision making to reduce costs and losses and damage to vehicles, machinery and equipment, people and the environment involved in the operations of Cut, Transhipment and Transportation.
4

Um guia de apoio à implantação da norma ISO 31000 para gestão de riscos em processos de TI: um estudo de caso IFTO

SOUZA, Daniel Félix de 09 December 2016 (has links)
Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2017-08-23T12:36:43Z No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) Daniel_Felix_Souza_Versao_Final.pdf: 1840427 bytes, checksum: 48809bf9e2f28c62b0d6b33620e3b6c4 (MD5) / Made available in DSpace on 2017-08-23T12:36:43Z (GMT). No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) Daniel_Felix_Souza_Versao_Final.pdf: 1840427 bytes, checksum: 48809bf9e2f28c62b0d6b33620e3b6c4 (MD5) Previous issue date: 2016-12-09 / O aumento da demanda de soluções que aperfeiçoem os serviços oferecidos pelo governo à sociedade de maneira ágil e econômica, faz com que cresça o número de atividades críticas de TI (tecnologia da informação) que precisam ser gerenciadas. Logo, é um desafio para as organizações controlar estes processos de forma que sejam priorizadas e adequadamente gerenciadas as atividades que podem causar algum tipo de prejuízo. Nesse sentido, existem modelos de gestão de riscos que possibilitam um gerenciamento equilibrado dessas demandas levando em consideração as necessidades de cada organização. A implantação destes modelos é um grande desafio, pois em geral eles auxiliam a gestão de riscos apresentando “o que” e não “como” fazer. Assim, esta dissertação tem como objetivo propor um guia para apoiar a implantação da norma ISO 31000 (ABNT, 2009) para gerenciar riscos em processos de TI. Para a escolha dessa norma como referência desta pesquisa, foram comparados três modelos de gestão de riscos e sua relevância alcançou melhores resultados para proposta deste trabalho. Um estudo de caso foi realizado em uma organização pública com experiência na gestão de riscos corporativas. Ele teve a finalidade de identificar objetivos e características que um guia precisa satisfazer para apoiar a implantação de um modelo para gestão de riscos em processos de TI. Para obter tais informações, foram realizados grupos focais e entrevistas com especialistas da área gestão de riscos corporativa e de TI. A partir dos resultados do estudo, foi proposto um guia dividido em seis fases e duas atividades com exemplos práticos, para facilitar seu entendimento e aplicação. A avaliação do guia foi realizada por meio de uma pesquisa survey de natureza qualitativa, com a participação de sete gestores com formação em TI. Como resultado da avaliação do guia, constatou-se que o guia proposto contribui para apoiar a implantação de um modelo para gestão de riscos em processos de TI em organizações públicas, baseado em uma norma específica para este contexto. / The increase of the demand on solutions that improve the services that are offered by the government to the community in a fast and economical way increases the number of critical IT (information technology) activities which need to be managed. Therefore, it is a challenge for organizations to be able to control these processes in such a way that the activities that may cause any kind of detriment are prioritized and properly managed. In this sense, risk management models enable a balanced handling of those demands, taking into account the needs of each organization. The implementation of those models is a difficult task, because generally risk management models present “what” and not “how” to do. Thus, this dissertation has the goal to propose a guideline to support the implementation of the norm ISO 31000 (ABNT, 2009) to manage risks in IT processes. For a choice of this standard as reference for the research, three models of risk management were compared and their relevance achieved better results for the proposal of this work. A case study was carried out in a public organization with experience in corporative risk management. The goal of the study was to identify the objectives and characteristics that a guideline needs to have in order to support the implementation of a model for risk management in IT processes. Focus groups and interviews with experts in corporative risk management and IT fields were conducted to obtain such information. From the study results, we proposed a guide divided into six phases and two activities, with practical examples to facilitate its understanding and application. The guide assessment was performed through a survey of qualitative nature, with the participation of eight managers with IT expertise. As the outcome of the guide evaluation, it was verified that the proposed guide contributes to support the implementation of a model for managing risks in IT processes in public organizations, based on a specific standard for this context.
5

Risk Management Practices in Six Organizations in the Government of Canada

Loan, Christopher 10 January 2012 (has links)
This thesis is an exploratory study that measured the alignment of corporate risk management practices in six organizations in the Government of Canada with best practices described in the 2009 ISO 31000, as well as five independent variables believed to influence risk management practices in an organization. The objective was to determine if risk management practices vary from one organization to another in a single government, and if so why, as well as building a number of testable hypotheses for future research. The thesis found that risk management practices do vary significantly from one organization to another. It also found that there is a strong correlation between an organization’s budget, total workforce and the policy instruments it uses, and the alignment of its corporate risk management practices with ISO 31000:2009. This study furthers our understanding of how risk management is implemented in public sector organizations.
6

Risk Management Practices in Six Organizations in the Government of Canada

Loan, Christopher 10 January 2012 (has links)
This thesis is an exploratory study that measured the alignment of corporate risk management practices in six organizations in the Government of Canada with best practices described in the 2009 ISO 31000, as well as five independent variables believed to influence risk management practices in an organization. The objective was to determine if risk management practices vary from one organization to another in a single government, and if so why, as well as building a number of testable hypotheses for future research. The thesis found that risk management practices do vary significantly from one organization to another. It also found that there is a strong correlation between an organization’s budget, total workforce and the policy instruments it uses, and the alignment of its corporate risk management practices with ISO 31000:2009. This study furthers our understanding of how risk management is implemented in public sector organizations.
7

Risk Management Practices in Six Organizations in the Government of Canada

Loan, Christopher 10 January 2012 (has links)
This thesis is an exploratory study that measured the alignment of corporate risk management practices in six organizations in the Government of Canada with best practices described in the 2009 ISO 31000, as well as five independent variables believed to influence risk management practices in an organization. The objective was to determine if risk management practices vary from one organization to another in a single government, and if so why, as well as building a number of testable hypotheses for future research. The thesis found that risk management practices do vary significantly from one organization to another. It also found that there is a strong correlation between an organization’s budget, total workforce and the policy instruments it uses, and the alignment of its corporate risk management practices with ISO 31000:2009. This study furthers our understanding of how risk management is implemented in public sector organizations.
8

Risk Management Practices in Six Organizations in the Government of Canada

Loan, Christopher January 2012 (has links)
This thesis is an exploratory study that measured the alignment of corporate risk management practices in six organizations in the Government of Canada with best practices described in the 2009 ISO 31000, as well as five independent variables believed to influence risk management practices in an organization. The objective was to determine if risk management practices vary from one organization to another in a single government, and if so why, as well as building a number of testable hypotheses for future research. The thesis found that risk management practices do vary significantly from one organization to another. It also found that there is a strong correlation between an organization’s budget, total workforce and the policy instruments it uses, and the alignment of its corporate risk management practices with ISO 31000:2009. This study furthers our understanding of how risk management is implemented in public sector organizations.
9

[pt] MODELO DE AUTOAVALIAÇÃO DA GESTÃO DE RISCOS PARA INSTITUIÇÕES GESTORAS DE RECURSOS DE TERCEIROS: UMA ABORDAGEM MULTICRITÉRIO / [en] SELF-ASSESSMENT MODEL OF RISK MANAGEMENT FOR THIRD-PARTY ASSET MANAGEMENT INSTITUTIONS: A MULTICRITERIA APPROACH

ENALDO CORDEIRO DE SOUZA 08 August 2022 (has links)
[pt] O objetivo desta dissertação é desenvolver um modelo de autoavaliação da gestão de riscos em instituições gestoras de recursos de terceiros, segundo uma abordagem multicritério de apoio à decisão e tendo como base as diretrizes da Norma ABNT NBR ISO 31000:2018. Busca-se demonstrar a aplicabilidade do modelo mediante o desenvolvimento de um estudo empírico em uma instituição gestora de recursos de terceiros e administração dos fundos de investimento. A metodologia compreende: (i) revisão da literatura e análise documental sobre os temas centrais da pesquisa; (ii) definição de estruturas analíticas em rede, segundo as cláusulas e itens da referida Norma; (iii) emprego do método Analytic Network Process (ANP) para atribuição de pesos aos itens da Norma referentes à estrutura e ao processo de gestão de riscos, mediante reuniões consensuais com especialistas com formação e experiência em gestão de riscos; (iv) elaboração e aplicação do instrumento de autoavaliação junto à instituição gestora de recursos de terceiros e administração dos fundos de investimento para avaliar seu nível de maturidade em relação às cláusulas e aos itens da Norma, com uso da lógica fuzzy; (vi) emprego do método Importance-Performance Analysis (IPA) para identificar os itens que devem ser priorizados, visando à melhoria da gestão de riscos da instituição. Destaca-se como resultado principal uma sistemática inovadora de autoavaliação de instituições gestoras de recursos de terceiros que buscam a excelência em gestão de riscos, na perspectiva de apoiar processos decisórios referentes à melhoria contínua de seus sistemas e processos de gestão de riscos. O estudo empírico no contexto organizacional da instituição gestora de recursos de terceiros demonstrou ser plausível determinar o nível de maturidade desta instituição em relação às cláusulas da Norma ABNT NBR ISO 31000:2018 e mapear os principais desafios a serem gerenciados pela instituição, tendo em vista a realização de valor pela gestão de riscos bem sucedida. / [en] This dissertation aims to develop a risk management self-assessment model in third-party asset management institutions, according to a multi-criteria decision support approach and based on the guidelines of the ABNT NBR ISO 31000:2018 Standard. It seeks to demonstrate the model s applicability by developing an empirical study in an institution specialist in third-party resources management and investment fund administration. The methodology comprises: (i) literature review and documental analysis on the central themes of the research; (ii) definition of two analytical network structures, based on the clauses and items of referred Standard; (iii) use of the Analytic Network Process (ANP) method to assign weights to the items concerning the structure and the process of risk management, through consensual meetings involving specialists with experience in risk management; (iv) elaboration and application of the self-assessment instrument in the institution that manages third-party resources and administrates investment funds to assess their level of maturity in relation to the clauses and items of the ABNT NBR ISO 31000:2018 Standard, using fuzzy logic; (vi) application of the Importance-Performance Analysis (IPA) method to identify the items that should be prioritized, with a view to improving the institution s risk management. The main result is an innovative self-assessment system of institutions managing third-party resources that seek excellence in risk management to support decisions related to the continuous improvement of their risk management systems and processes. The empirical study in the organizational context of an institution specialist in third-party resources management demonstrated that it is plausible to determine the maturity level of this institution concerning the clauses and items of the ABNT NBR ISO 31000:2018 standard and to map the main challenges faced by this institution to realize value by the successful risk management.
10

Análise da relação entre a gestão de riscos da tecnologia da informação (TI) e a gestão de riscos corporativos

Machado, Rosane 26 July 2012 (has links)
Submitted by Silvana Teresinha Dornelles Studzinski (sstudzinski) on 2015-06-25T15:43:48Z No. of bitstreams: 1 Rosane Machado.pdf: 5627687 bytes, checksum: 217ef585ddc49cf22c5c6e610d7d133a (MD5) / Made available in DSpace on 2015-06-25T15:43:48Z (GMT). No. of bitstreams: 1 Rosane Machado.pdf: 5627687 bytes, checksum: 217ef585ddc49cf22c5c6e610d7d133a (MD5) Previous issue date: 2012 / Nenhuma / A crescente utilização da tecnologia e dos sistemas de informação, tornou a tecnologia um aliado na gestão das organizações. Neste ambiente, os riscos inerentes à tecnologia da informação (TI) e aos processos de negócios (riscos corporativos) podem impactar de forma negativa os resultados das corporações. É mediante a gestão destes riscos que as organizações podem explorar suas oportunidades e reduzir suas fraquezas, evitando assim perdas desnecessárias. O foco deste trabalho se concentrou em analisar a relação entre a gestão de riscos da tecnologia da informação (TI) e a gestão dos riscos corporativos, mediante um estudo fundamentado teoricamente que foi aprofundado em um estudo de caso único. Evidenciou-se o tipo de pesquisa metodológica como um estudo de caso exploratório de natureza aplicada, com abordagem qualitativa. A coleta de dados foi realizada a partir de múltiplas fontes, tais como: entrevistas, questionário e documentos, as entrevistas foram tratadas mediante utilização do software para as análises léxicas. Os resultados decorrentes desta pesquisa indicaram que no caso investigado não existe um processo formal de gerenciamento de riscos de TI, apesar de existirem iniciativas pontuais. Já em se tratando dos riscos corporativos a atuação do comitê de riscos foi identificada, porém a estrutura instaurada não contempla a gestão do risco do tipo operacional, neste prisma os dados indicaram oportunidades de melhorias da relação entre a gestão dos riscos de TI e riscos corporativos. / The increasing use of technology and information systems became the technology an ally in the management of organizations. In this environment, the risks of information technology (IT) and business processes (enterprise risk) may impact in a negative way the results of the corporations. It is through the management of these risks that organizations can exploit opportunities and reduce their weaknesses, thus avoiding unnecessary losses. The focus of this work is concerned on analyzing the relationship between the risk management of information technology (IT) and management of corporative risk, it is a study based upon a theory that was detailed in a single case study. It became evident the kind of research methodology as an exploratory case study of an applied nature, with a qualitative approach. Data collection was performed from multiple sources such as interviews, questionnaires and documents, interviews were treated by use of software for the lexical analyzer. The results arising from this research indicated that in the case investigated there is no formal process for managing IT risks, although there are specific initiatives. Already in the case of corporate risk committee of the performance of risk has been identified, but the structure does not include established risk management of the type operating, in this perspective the data indicated opportunities for improvement of the relationship between IT risk management and corporate risk.

Page generated in 0.0512 seconds