A qualitative study of the competencies that should be covered by a specialised undergraduate degree in risk management

De Swardt, Cecilia Jacoba

02 1900

Purpose The purpose of the research was firstly, to determine the competencies required of risk managers and secondly, to consider the implications of such competencies in determining possible modules for inclusion in the design of a specialised undergraduate qualification in Risk Management. Methodology A qualitative research approach was followed, involving focus group interview sessions as part of an Interactive Qualitative Analysis (IQA) research study. Focus Group 1 comprised of academics teaching risk management at public universities in South Africa, and Focus Group 2 comprised of risk management practitioners in South Africa. Findings The competencies identified are business management and risk management knowledge; attributes such as assertiveness and courage; values such as ethics and integrity; as well as people, business and technical skills. Research implications The unique contribution of the current research was the innovative use of IQA for data collection, the removal of subjectivity and the rigour in analysing and presenting the results. The results are a starting point or foundation for the design of a specialised undergraduate degree in risk management that will both meet the requirements of the risk management profession and will equip learners with the best possible combination of knowledge, skills, attributes, values and attitudes to effectively manage risk in organisations. The implications for further research are that a study of the design, benchmarking and validation of a curriculum framework for a specialised undergraduate degree in risk management could be conducted. The development of a curriculum framework or curriculum did not form part of the scope of this study. / Okokuqala inhloso yocwaningo, ukuthola amakhono adingekayo kubaphathi bezinhlekelele kanti okwesibili, ukubheka imiphumela yalokho kusebenza ekunqumeni amamojuli angafakwa ekwakhiweni kweziqu ezikhethekile ezingakaphothulwa ngabafundi ku-Risk Management. Kwalandelwa indlela yocwaningo efanelekile, ebandakanya izikhathi zokuxoxisana zamaqembu njengengxenye yocwaningo lwe-Interactive Qualitative Analysis (IQA). I-Focus Group yoku-1 inabafundi abafundisa ukulawulwa kwezinhlekelele emanyuvesi vi kahulumeni aseNingizimu Afrika, kanye neFocus Group yesi-2 inabasebenzi bokulawulwa kobungozi eNingizimu Afrika. Amakhono ahlonziwe ukuphathwa kwebhizinisi nolwazi lokulawulwa kobungozi; anezimpawu ezinjengokuzethemba kanye nokuba nesibindi; ubugugu obufana nokuziphatha nobuqotho; kanye nabantu, amakhono ebhizinisi nezobuchwepheshe. / Die doel van die studie was eerstens om die bekwaamhede waaroor risikobestuurders moet beskik te bepaal, en tweedens, wat die implikasies van sodanige bekwaamhede inhou vir die modules vir insluiting in die ontwerp van ‘n gespesialiseerde voorgraadse kwalifikasie in Risikobestuur. Die studie het ‘n kwalitatiewe navorsingsbenadering gevolg deur gebruik te maak van fokusgroepsessies as deel van ‘n Interaktiewe Kwalitatiewe Ontleding (IKO) navorsingstudie. Fokusgroep 1 het bestaan uit akademici wat risikobestuur by openbare universiteite in Suid-Afrika doseer, en Fokusgroep 2 het uit risikobestuurpraktisyns in Suid-Afrika bestaan. Die bekwaamhede wat identifiseer is, is kennis van ondernemingsbestuur en risikobestuur; eienskappe soos selfgeldendheid en moed; waardes soos etiek en integriteit; asook mense, sake en tegniese vaardighede. / Finance, Risk Management and Banking / M. Com. (Risk Management)

Competencies

Chief Risk Officer (CRO)

Risk Management

Enterprise Risk Management (ERM)

Chief Risk Officer (CRO)

Interactive Qualitative Analysis (IQA)

Constituents

Affinity Relationship Table (ART)

System Influence Diagrams (SIDs)

658.155

Risk management -- Case studies

內部稽核與企業風險管理之關聯性研究 / The Association between Internal Audit and Enterprise Risk Management

陳彬弘

Unknown Date

本研究之目的在於探討國內公司推動企業風險管理（enterprise risk management, ERM）的情形，以及其對內部稽核職能產生的影響。本研究利用問卷分別調查：（1）國內企業目前推動風險管理機制的情形，（2）影響國內企業推動風險管理機制的重要因素，（3）內部稽核人員在企業風險管理過程扮演何種角色，以及（4）內部稽核人員在企業風險管理過程實際扮演之角色與其認知之差異。 本研究結果顯示，國內企業正處於推行ERM之起步階段，專責風險主管之設置仍較不足，惟內部稽核職能已逐漸轉變為以風險為導向，有助於其服務機構推動ERM。至於影響國內推行ERM之重要因素則分別為：中高階主管的支持、獨立董事之比例、CEO與CFO要求內部稽核職能參與風險管理之程度，以及企業與是否設置風險長。此外，規模較大以及由四大事務所查核簽證之公司，其ERM之推動程度較高。而我國內部稽核人員在ERM過程所扮演的角色，與國際內部稽核協會（IIA）所發布之立場聲明書之建議並不一致，其主要差異在於內部稽核在ERM過程不應扮演的角色，以及其在防護措施之下可以扮演的角色。導致此種差異的可能原因可能是國內正值ERM推動的起步階段，內部稽核職能被要求扮演著較重的角色。不過，內部稽核人員的定位應該要更清楚的劃分，才足以維持內部稽核職能的獨立性與客觀性。 / The purpose of this study is to investigate the current status of enterprise risk management (ERM) in Taiwan public-listed firms and its impact on the internal audit function. We use a research questionnaire to explore the following issues: (1) the current status of ERM in the sample Taiwan public firms, (2) the key factors affecting the implementation of ERM, (3) the role that an internal audit function plays in the ERM process, and (4) the potential gaps between internal auditors’ perceptions of their roles in the ERM process and what they are actually playing in such a process. Our results show that the public companies in Taiwan are, in general, still at the early stage of ERM implementation. They are still lack of managing positions in charge of corporate risk management. Internal audit engagements, however, are becoming more risk-oriented. This development is helpful in promoting ERM. Among the key factors affecting ERM are: (1) the support from management, (2) the ratio of independent directors in the board, (3) the degree of participation by internal auditors in the ERM process that CEO and CFO demand, and (4) the presence of a chief risk officer in the enterprise. Moreover, larger firms and those audited by the top four CPA firms are more advanced in implementing ERM. Our results also indicate that, during the ERM process, the roles played by internal auditors in Taiwan are not consistent with those specified in the ERM position paper issued by the Institute of Internal Auditors (IIA). The main differences are in the areas of “roles the internal auditor should not play” and “the roles played under protective measures”. This may be due to the fact that ERM in Taiwan is still at its early stage and internal auditors are, therefore, asked to take more responsibilities in a firm’s ERM process. In order to maintain their independence and objectivity, however, internal auditors should follow the IIA’s professional standards and code of ethics and avoid taking the responsibilities of management.

企業風險管理

內部稽核

風險長

enterprise risk management

internal audit

chief risk officer

Understanding Perspectives of Risk Awareness

Park, Byunguk Randon

01 August 2014

Research in risk awareness has been relatively neglected in the health informatics literature, which tends largely to examine project managers’ perspectives of risk awareness; very few studies explicitly address the perspectives held by senior executives such as directors. Another limitation evident in the current risk literature is that studies are often based on American data and/or they are restricted to American culture. Both factors highlight the need to examine how senior executives (i.e., directors) who oversee or direct eHealth projects in Canada perceive risk awareness. This research explores and discusses the perspectives of risk awareness (i.e., identification, analysis, and prioritization) held by directors and project managers who implement Canadian eHealth projects. Semi-structured interviews with nine directors and project managers uncovered six key distinctions in these two groups’ awareness of risk. First, all project managers valued transparency over anonymity, whereas directors believed that an anonymous reporting system for communicating risks had merit. Secondly, most directors emphasized the importance of evidence-based planning and decision making when balancing risks and opportunities, an aspect none of the project managers voiced. Thirdly, while project managers noted that the level of risk tolerance may evolve from being risk-averse to risk-neutral, directors believed that risk tolerance evolved toward risk-seeking. Directors also noted the importance of employing risk officers, a view that was not shared by project managers. Directors also believed the risk of too little end-user engagement and change management was the most important risk, whereas project managers ranked it as the least important. Finally, when directors and project managers were asked to identify and define the root cause(s) of eHealth risks, directors identified the complexity of health care industry, while project managers attributed it to political pressure and a lack of resources where eHealth projects are concerned. This research proposes that the varied perspectives of risk awareness held by directors and project managers must be considered and integrated to properly align expectations and build partnerships for successful eHealth project outcomes. Understanding risk awareness offers a means to systematically identify and analyze the complex nature of eHealth projects by embracing uncertainties, thereby enabling forward thinking (i.e., staying one step ahead of risks) and the ability to prevent avoidable risks and seize opportunities. / Graduate / 0723 / 0489 / 0454 / randbpark@gmail.com

Health Informatics

Risk Management

Risk Awareness

Canadian Perspective

Project Manager

Director

Risk Identification

Risk Analysis

Risk Prioritization

Project Risk

Risk Tolerance

Risk Ranking Rationale

Risk Root Cause

Risk Framework

Risk Communication

Clinical Information Systems

Electronic Medical Records

Electronic Health Records

Risk Decision Making

Definitions and Benefits

Tools and Deliverables

Risk Manager

Risk Officer

Risk Owner

eHealth Risk Factor

Risk Dependency and Relationship

Uncertainty

Shared Responsibility

Collective Decision Making

Evidence-Based Decision Making