Bibliotēku elektroniskie katalogi un to kvalitāte

Mūze, Baiba

January 2007

No description available.

The role of social auditors : A categorization of the unknown

Björkman, Hanna, Wong, Emelie

January 2013

As demands on companies’ accountability have increased, researchers have turned their attention towards the social auditing practice and studied its role in companies supply chains. This study highlights a theory gap, questioning existing praise and criticism correlated to the categorization of social auditors. By comparing two different social audit categories, namely the independent and internal auditors, this paper contribute with a broader understanding of the similarities and differences between the two audit types. This study addresses the research question; how does the independent and internal social audit type support companies’ work with improving social standards in the supply chain? The theoretical framework includes aspects within the area of social auditing, buyer-supplier relationships and theories regarding the categorization of the two audit types. The study draws upon a qualitative approach investigating two cases with different social auditors, finding that both auditor types have their strengths and weaknesses, and therefore support companies in different ways. Referring to this tradeoff, this study concludes that the praise and criticism correlated to the two audit classifications of independent and internal auditor might not be completely valid, which calls for further research.

Corporate Social Responsibility

Supply Chain Management

Independence

Multi-Stakeholder Initiative

Social Audits

Buyer-Supplier Relationship

Food Store Audits: Examining Food Price, Availability, and Quailty, Before and After Relocation of Public Housing Residents

Anderson, Anjenique

15 December 2010

In an effort to deconcentrate poverty, Atlanta is attempting to become the first city in the U.S. to completely eliminate public housing by relocating ≈ 10,000 residents. Research has shown that the health status of public housing residents is worse than any other population. Evidence also suggests that there is an inverse relationship between neighborhood availability of healthy, affordable foods and diet intake. The aim of this study was to compare the price, availability, and quality of food items in the public housing residents’ communities, before and after relocation. Using Nutrition Environment Measures Survey (NEMS), a total of 42 food store audits were conducted in pre- and post-relocation neighborhoods. The prices in post-relocation middle chain grocery stores were significantly cheaper for total frozen dinners (p = 0.042), baked goods (p = 0.017), and potato chips (p = 0.035). There were no significant differences in produce quality. However, fruits (p <0>.001), vegetables (p < 0.001), lower fat milk (p < 0.001), whole milk (p =0.041), ground beef (p < 0 .001), reduced-fat hot dogs (p = 0.015), regular hot dogs (p < 0.001), frozen dinners (p < 0.001), low-fat baked goods (p < 0.001), whole-wheat bread (p <0 .001) and 100% juice (p < 0.001) were more available in middle chain grocery stores than convenience stores. These results suggest that public housing residents have relocated to a food environment that is similar to their previous environment. Relocation of public housing residence did not have a significant effect on their access to food.

Food store audits

public housing

low-income

price

availability

quality

Nutrition

Investeringsuppföljningar : - En fallstudie på Volvo Construction Equipment i Braås

Stamenkovic, Aleksandar, Bergström, Donald

January 2011

Titel: Investeringsuppföljningar – En fallstudie på Volvo Construction Equipment i Braås Seminariedatum: 2011-06-01 Ämne/kurs: 2FE13E:3 Författare: Aleksandar Stamenkovic och Donald Bergström Handledare: Anders Jerreling Examinator: Fredrik Karlsson Nyckelord: Post-audits, Capital Budgeting, Investments, Performance Evaluations, ROI, RI, AARR Syfte: Syftet med detta ämnesfördjupande arbete är att förklara de problem som uppstår när avsaknad av investeringsuppföljning föreligger, samt att förklara för hur rutiner av uppföljningar kan organiseras. Metod: Valet föll på att göra en kvalitativ fallstudie gällande Volvo Construction Equipment i Braås. Kvalitativa semistrukturerade intervjuer har utförts med fyra stycken respondenter på anläggningen. Detta ämnesfördjupande arbete har utförts enligt en deduktiv metod och en diskussion förs angående arbetets validitet och reliabilitet. Teori: Den teoretiska referensramen behandlar relevant teori gällande investeringar och uppföljning, vidare behandlas även kortfattat de metoder som används för att bedöma investeringars lönsamhet på Volvo Construction Equipment i Braås. Empiri: Det empiriska avsnittet redovisar data från de semistrukturerade intervjuerna som fördes med personal på anläggningen i Braås. Dessa bestod av ekonomichefen, controllern samt två projektledare. Slutsats: Resultaten som presenteras behandlar komplexiteten med att följa upp investeringar enligt dess faktiska kassaflöden och förkastar därmed en sådan uppföljning för Volvo Construction Equipment i Bråas. Vidare presenteras två konkreta förslag över hur rutiner och metoder för investeringar givet anläggningens förutsättningar kan organiseras. Avslutningsvis för att öka validiteten presenteras respondenternas kommentarer till förslagen.

Post-audits

Capital Budgeting

Investments

Performance Evaluations

ROI

RI

AARR

Business studies

Företagsekonomi

Bringing Visibility in the Clouds : using Security, Transparency and Assurance Services

Aslam, Mudassar

January 2014

The evolution of cloud computing allows the provisioning of IT resources over the Internet and promises many benefits for both - the service users and providers. Despite various benefits offered by cloud based services, many users hesitate in moving their IT systems to the cloud mainly due to many new security problems introduced by cloud environments. In fact, the characteristics of cloud computing become basis of new problems, for example, support of third party hosting introduces loss of user control on the hardware; similarly, on-demand availability requires reliance on complex and possibly insecure API interfaces; seamless scalability relies on the use of sub-providers; global access over public Internet exposes to broader attack surface; and use of shared resources for better resource utilization introduces isolation problems in a multi-tenant environment. These new security issues in addition to existing security challenges (that exist in today's classic IT environments) become major reasons for the lack of user trust in cloud based services categorized in Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) or Infrastructure-as-a-Service (IaaS). The focus of this thesis is on IaaS model which allows users to lease IT resources (e.g. computing power, memory, storage, etc.) from a public cloud to create Virtual Machine (VM) instances. The public cloud deployment model considered in this thesis exhibits most elasticity (i.e. degree of freedom to lease/release IT resources according to user demand) but is least secure as compared to private or hybrid models. As a result, public clouds are not trusted for many use cases which involve processing of security critical data such as health records, financial data, government data, etc. However, public IaaS clouds can also be made trustworthy and viable for these use cases by providing better transparency and security assurance services for the user. In this thesis, we consider such assurance services and identify security aspects which are important for making public clouds trustworthy. Based upon our findings, we propose solutions which promise to improve cloud transparency thereby realizing trustworthy clouds. The solutions presented in this thesis mainly deal with the secure life cycle management of the user VM which include protocols and their implementation for secure VM launch and migration. The VM launch and migration solutions ensure that the user VM is always hosted on correct cloud platforms which are setup according to a profile that fulfills the use case relevant security requirements. This is done by using an automated platform security audit and certification mechanism which uses trusted computing and security automation techniques in an integrated solution. In addition to provide the assurance about the cloud platforms, we also propose a solution which provides assurance about the placement of user data in correct and approved geographical locations which is critical from many legal aspects and usually an important requirement of the user. Finally, the assurance solutions provided in this thesis increase cloud transparency which is important for user trust and to realize trustworthy clouds.

Cloud Security

Trusted Computing

Trustworthy Clouds

Cloud Audits

Security Automation

SCAP

Virtual Machine

Revisorns oberoende : Kommunens förtroendevalda revisorer

Jonsson, Moa, Hansen, Anna

January 2014

Det är mycket viktigt att en revisor är oberoende, detta för att ge en opartisk och rättvis bild av finansiella rapporter. Den kommunala revisionen har de förtroendevalda revisorerna som ska granska att verksamheten sköts på ett tillförlitligt sätt enligt god revisionssed. Dock har proceduren för utnämnandet av de förtroendevalda revisorerna kritiserats i media för att vara partiskt och jävigt. Tidigare forskning lyfter fram olika hot som kan påverka en yrkesrevisors oberoende och opartiskhet i sitt arbete. Vissa av dessa hot väljs ut och undersöks. Har de utvalda hoten även en påverkan på de förtroendevalda revisorerna i Sveriges kommuner? Hot mot oberoende undersöks i form av tre undersökningsfrågor: rådgivning, kvalitetskontroller samt längden på uppdraget. Det har utformats en modell där undersökningsfrågorna ingår, giltigheten på denna testas. Insamlandet av datamaterialet har erhållits genom en sluten enkätstudie där 660 stycken kommunfullmäktige och förtroendevalda revisorer, runt om i landet, har svarat. Svaren har bearbetats och analyserats med hjälp av SPSS och Minitab. Resultatet visade att två av de tre undersökningsfrågorna hade en inverkan på oberoendet hos de förtroendevalda revisorerna. Studiens slutsats påvisade att respondenternas inställning till oberoendet främst kan förklaras av rådgivning och uppdragstidens längd, men även av politik som blev en ny undersökningsdel, modellen blev därför korrigerad. / It is very important that an auditor is independent, in order to give an impartial and fair view of the financial statements. The municipal audit has auditors who are trusted to review the organization. This is managed in a reliable manner according to generally accepted auditing standards. However, the procedure for the nomination of the trusted auditors is criticized in the media for being biased. Previous research highlights the different threats that may affect the auditor's independence and objectivity in their work. Some of these threats are chosen and examined. Do these threats also have an influence on the trusted auditors in Swedish municipalities? Threats against independence are examined in terms of three study factors: counseling, quality controls and auditor tenure. A model has been designed in which survey questions are included. It´s validity is later tested. The collection of the data is obtained through a closed survey in which 660 city council and trusted auditors have responded. The responses were processed and analyzed with the help of SPSS and Minitab. The results demonstrated that two of the three study factors had an impact on the independence of the local municipal audit. The study's conclusion clarifies that respondents' attitude towards independence is mainly reflected over counseling and auditor tenure but also of politics, that in the end became a new study factor, and therefore changed the models appearance.

Auditor independence

municipal audits

trusted auditors

professional accountant

Revisorns oberoende

kommunal revision

förtroendevald

yrkesrevisor.

As diferenças entre auditoria interna e compliance

Dalla Porta, Flaviano Carvalho

January 2011

As profundas mudanças ocorridas no mundo dos negócios aguçaram a curiosidade e as necessidades dos empresários na área de Governança Corporativa. Muitas são as técnicas e as ferramentas que podem ser utilizadas visando melhorias de processos, segurança e integridade das informações, mitigação de riscos de negócio e divulgação de normas de acordo com as diretrizes estabelecidas pela Alta Administração das empresas. Neste rol, surge a necessidade de implantação de Compliance e da Auditoria Interna. Segundo Muzzili, a organização cresce e torna as suas operações volumosas e complexas no que ele chama de “efeito capilarização”, ou seja, o dia a dia é conduzido por dezenas e até milhares de pessoas, em locais diferentes, que recebem delegação implícita da Alta Administração. Ao mesmo tempo, verificamos uma grande diversificação de normas e órgão reguladores que geram diversas obrigações para as empresas e seus gestores de negócios. Como exemplos citamos as empresas seguradoras que são regulamentadas pela Superintendência de Seguros Privados (SUSEP) e as instituições financeiras (Bancos) que são regulamentados pelo Banco Central do Brasil (BACEN). No entanto, cabe salientar que qualquer quebra de paradigmas e regras em relação à SUSEP e ao BACEN pode acarretar em falhas e exposição de processos com grande propensão à incidência de crimes fraudulentos ou cometimento de lavagem de dinheiro, além de aumentarem os riscos das operações que possam impactar na continuidade dos negócios. Vimos no decorrer da primeira década dos anos 2000 uma explosão de escândalos fraudulentos que devido a sua relevância levaram à quebra de grandes Companhias. Tudo isto devido a diversos fatores entre os quais as fraquezas constatadas nos controles internos dessas corporações. A criação de processos, normas e regulamentos consistentes, amparados por auditorias internas com eficazes sistemas monitoramento contínuo das operações, minimizam significativamente os riscos nos negócios das grandes corporações. / Profound changes in the business world have increased businessmen's curiosity and needs in the area of Corporate Governance. There are many techniques and tools that can be used for the improvement of processes, security and integrity of information, business risk mitigation, and publication of norms according to the guidelines established by the companies' Top Management, giving rise to the need for implementing Compliance and Internal Audits. When the organization grows and its operations become large and complex, we have what Muzzili calls "the capillarization effect", that is, daily activities are conducted by dozens or even thousands of people, in different locations, who receive implicit delegation from the Top Management. At the same time, we notice great diversity of norms and regulatory agencies, which generate various obligations for the companies and their business managers. As examples, we mention insurance companies, which are regulated by Superintendência de Seguros Privados (SUSEP) and financial institutions (Banks), which are regulated by Banco Central do Brasil (BACEN). However, it is important to highlight that any breach of paradigms and rules regarding SUSEP and BACEN may result in failures and in the exposure of processes with high possibility of fraud crimes or money laundering, besides the increased risk of operations that can have an impact on the continuity of business. We witnessed, between 2000 and 2010, an outburst of fraud scandals, which due to their relevance led to the ruin of very large Companies. All this is due to numerous factors, among which is the weakness observed in the internal controls of these corporations. The creation of processes, norms and consistent regulations, supported by internal audits with effective systems for continuous monitoring of operations, minimize significantly the business risks of very large corporations.

Auditoria interna

Controladoria

Governança corporativa

Normas contabeis

Risk

Norms

Compliance

Internal audits

Método de avaliação de sistemas de gestão de segurança e saúde no trabalho (MASST) com enfoque na engenharia de resiliência

Costella, Marcelo Fabiano

January 2008

Tendo em vista a crescente disseminação de sistemas de gestão da segurança e saúde no trabalho (SGSST), torna-se cada vez mais relevante a necessidade de instrumentos de avaliação da sua eficiência e eficácia. Nesse contexto, esta tese apresenta a proposta de um método de avaliação de sistemas de gestão de segurança e saúde no trabalho (MASST), o qual apresenta duas características inovadoras: a) a conciliação das abordagens estrutural (sistema prescrito), operacional (o que está acontecendo na prática) e por desempenho (resultados de indicadores); b) a adoção do enfoque da engenharia de resiliência (ER) sobre a segurança e saúde. O MASST foi desenvolvido a partir das contribuições da literatura, na qual foram identificados quatro princípios da ER (comprometimento da alta direção, flexibilidade, aprendizagem e consciência), bem como de um estudo de caso exploratório realizado em uma empresa de implementos agrícolas. Com base nisso, foram propostos vinte e sete itens distribuídos ao longo de sete critérios. Cada item possui um conjunto de requisitos que são avaliados com base em três fontes de evidências básicas: entrevistas, análise de documentos e observação direta. O MASST foi validado em um estudo de caso em uma empresa da cadeia automotiva. Os principais resultados revelaram que, no estudo de caso, em uma escala de pontuação de 0% a 100%, nove dentre quatorze itens relacionados à ER obtiveram pontuação entre 0% e 10%. Além disso, o MASST possibilitou a identificação dos pontos positivos do SGSST, a identificação das causas sistêmicas da falta de segurança e a identificação das prioridades de ação em termos de SST. Dentre as limitações do MASST percebidas durante o estudo de caso, salienta-se a necessidade de experiência do auditor acerca de conceitos e princípios da ER, os quais ainda não são amplamente aplicados de modo sistemático no meio industrial. / Due to the increasing dissemination of health and safety management systems (HSMS), both academics and practitioners have paid more attention to the assessment of their effectiveness and efficacy. This thesis introduces a method for assessing health and safety management systems (MASST) that has two innovative characteristics: a) it takes into account simultaneously the structural approach (prescribed system), the operational approach (what is really happening on the shop floor) and the performance approach (results of performance indicators); b) it adopts the resilience engineering (RE) perspective on health and safety. The MASST was developed based on both the literature review and an exploratory case study in a heavy machinery manufacturer. The literature review pointed out four major resilience engineering (RE) principles: top management commitment, flexibility, learning and awareness. Then, twenty-seven items grouped into seven major criteria were proposed. Each item encompasses a set of requirements that should be assessed based on three major sources of evidence: interviews, analysis of documents and direct observation. The MASST was tested in a case study that was carried out in a supplier of the automotive industry. The results pointed out that, considering a scale from 0% to 100%, nine out of the fourteen items related to the RE obtained a very low degree, ranging from 0% to 10%. Moreover, the MASST pointed out the positive aspects of the HSMS, identified systemic causes of the lack of safety and identified priorities in terms of health and safety management. The case study results also indicated that one of the main limitations of the MASST concerns the necessity of experienced auditors in terms of RE principles and concepts. This drawback is relevant since the RE perspective on health and safety has not yet been adopted by a large extent in the industry.

Segurança do trabalho

Gestão

Auditoria

Engenharia de resiliência

Health and safety management systems

Resilience engineering

Health and safety audits

Sistematização do reconhecimento de irregularidades que caracterizam fraude em medidores de energia elétrica

Foiatto, Noara

January 2009

Irregularidades técnicas verificadas em medidores de energia elétrica, que caracterizam fraude, são responsáveis por grande parte das perdas de energia para o setor de distribuição de energia elétrica, ocasionando, também, perda de receita para o Estado referente aos tributos não recolhidos. O custo da energia furtada é repassado a todos os consumidores sob a forma de perdas não técnicas. Este trabalho foi motivado pela necessidade de mecanismos efetivos que auxiliem no combate a fraudes em medidores de energia elétrica para, assim, reduzir perdas no setor. Para isso, propõe-se um modelo de sistematização do reconhecimento de irregularidades que caracterizam fraude em medidores de energia elétrica, com a emissão de relatórios periciais. A partir dessa sistematização, busca-se a redução das perdas não técnicas de energia mediante o fortalecimento dos mecanismos de punição de fraudadores. Seu desenvolvimento foi estruturado por meio da automação de informações aplicada à padronização de serviços de perícia técnica, com foco na determinação do erro de medição e na inspeção técnica funcional dos medidores. A sistematização proposta foi baseada em um banco de dados hierarquicamente padronizado e em informações de verificações metrológicas que garantam a confiabilidade dos resultados. O modelo proposto foi testado em amostras de medidores fraudados fornecidas por concessionárias distribuidoras de energia elétrica da região sul do Brasil. Como principal resultado, destaca-se o REPEM, software que sistematiza o serviço de perícia técnica aplicada a medidores de energia elétrica e que possibilita a produção de relatórios periciais. A partir da análise dos medidores verificados com o uso do REPEM, foi possível o estabelecimento da capacidade de produção de relatórios periciais e o conhecimento dos valores de perdas ocasionadas pelas irregularidades pesquisadas. / Technical irregularities found in electrical power meters due to tampering, which are classified as fraud, are responsible for the most part of the energy loss experienced in the sector of electrical power distribution. These frauds also cause revenue losses to the society due to tax evasion. The cost of energy theft is shared with all consumers in the form of nontechnical losses. This work suits that context, by means of combating fraud in electric power meters in order to reduce losses due to the strengthening of effective punishment of cheaters. For that is proposed a systematization model of the process for verification of irregularities in electric power meters and the respective issuance of audit reports. Its development is based on the automation of information gathering applied to the standardization of such audits services, therefore focusing on the determination of the measurement error and on the technical audit of meters. The proposed systematization is based on a standardized database which were hierarchically arranged and also from information obtained from metrological calibration audits, thus ensuring the reliability of the results obtained. The proposed model was tested in samples of the power meters tampered provided by the electrical distribution companies in southern Brazil. A main outcome of this research is REPEM, a custom built software that organizes the procedures of technical audit in a legally binding basis as applied to power meters. From the results of analysis conducted on sample power meters audited by REPEM, it was possible to settle the software's report generation functions and the values of the losses arising from the irregularities investigated.

Medidor elétrico

Banco de dados

Perícia

Electric power meter

Fraud

Service automation

Audits

Método de avaliação de sistemas de gestão de segurança e saúde no trabalho (MASST) com enfoque na engenharia de resiliência

Costella, Marcelo Fabiano

January 2008

Tendo em vista a crescente disseminação de sistemas de gestão da segurança e saúde no trabalho (SGSST), torna-se cada vez mais relevante a necessidade de instrumentos de avaliação da sua eficiência e eficácia. Nesse contexto, esta tese apresenta a proposta de um método de avaliação de sistemas de gestão de segurança e saúde no trabalho (MASST), o qual apresenta duas características inovadoras: a) a conciliação das abordagens estrutural (sistema prescrito), operacional (o que está acontecendo na prática) e por desempenho (resultados de indicadores); b) a adoção do enfoque da engenharia de resiliência (ER) sobre a segurança e saúde. O MASST foi desenvolvido a partir das contribuições da literatura, na qual foram identificados quatro princípios da ER (comprometimento da alta direção, flexibilidade, aprendizagem e consciência), bem como de um estudo de caso exploratório realizado em uma empresa de implementos agrícolas. Com base nisso, foram propostos vinte e sete itens distribuídos ao longo de sete critérios. Cada item possui um conjunto de requisitos que são avaliados com base em três fontes de evidências básicas: entrevistas, análise de documentos e observação direta. O MASST foi validado em um estudo de caso em uma empresa da cadeia automotiva. Os principais resultados revelaram que, no estudo de caso, em uma escala de pontuação de 0% a 100%, nove dentre quatorze itens relacionados à ER obtiveram pontuação entre 0% e 10%. Além disso, o MASST possibilitou a identificação dos pontos positivos do SGSST, a identificação das causas sistêmicas da falta de segurança e a identificação das prioridades de ação em termos de SST. Dentre as limitações do MASST percebidas durante o estudo de caso, salienta-se a necessidade de experiência do auditor acerca de conceitos e princípios da ER, os quais ainda não são amplamente aplicados de modo sistemático no meio industrial. / Due to the increasing dissemination of health and safety management systems (HSMS), both academics and practitioners have paid more attention to the assessment of their effectiveness and efficacy. This thesis introduces a method for assessing health and safety management systems (MASST) that has two innovative characteristics: a) it takes into account simultaneously the structural approach (prescribed system), the operational approach (what is really happening on the shop floor) and the performance approach (results of performance indicators); b) it adopts the resilience engineering (RE) perspective on health and safety. The MASST was developed based on both the literature review and an exploratory case study in a heavy machinery manufacturer. The literature review pointed out four major resilience engineering (RE) principles: top management commitment, flexibility, learning and awareness. Then, twenty-seven items grouped into seven major criteria were proposed. Each item encompasses a set of requirements that should be assessed based on three major sources of evidence: interviews, analysis of documents and direct observation. The MASST was tested in a case study that was carried out in a supplier of the automotive industry. The results pointed out that, considering a scale from 0% to 100%, nine out of the fourteen items related to the RE obtained a very low degree, ranging from 0% to 10%. Moreover, the MASST pointed out the positive aspects of the HSMS, identified systemic causes of the lack of safety and identified priorities in terms of health and safety management. The case study results also indicated that one of the main limitations of the MASST concerns the necessity of experienced auditors in terms of RE principles and concepts. This drawback is relevant since the RE perspective on health and safety has not yet been adopted by a large extent in the industry.

Segurança do trabalho

Gestão

Auditoria

Engenharia de resiliência

Health and safety management systems

Resilience engineering

Health and safety audits