Aankooprisikobestuur met spesifieke fokus op die identifisering en voorkoming van bedrog : `n raamwerk vir die risikobestuurder en interne ouditeur

Venter, Anna Catharina

30 November 2005

The occurence of procurement fraud requires from the management of the enterprise, the risk manager of the enterprise as well as the internal auditor to effectively address procurement fraud risks within the enterprise risk management concept. The purpose of the study is to set a procurement fraud risk management process in place which will serve as a comprehensive framework for the enterprise risk manager as well as the internal auditor to limit the enterprise's exposure to procurement fraud risks as far as possible. The study firstly focus on the analysis of the steps within the procurement process which is the starting point for the identification of the fraud risks. Secondly the enterprise risk management model is applied in the format of a procurement risk matrix within the procurement function. The study is an indication that procurement fraud cannot be completely prevented but that the appearance thereof can be limited by means of the extensive procurement fraud risk management model. Recommendations for future studies include the application of the enterprise risk management model in other functional areas within the enterprise. / Die voorkoms van aankoopbedrog vereis van die onderneming se bestuur, ondernemingsrisikobestuurder en interne ouditeur om aankoopbedrogrisiko's effektief binne die konteks van die ondernemingsrisikobestuurskonsep aan te spreek. Die doel van die studie is om `n aankoopbedrogrisikobestuursproses daar te stel wat as `n omvattende raamwerk vir die ondernemingsrisikobestuurder en interne ouditeur kan dien om die onderneming se blootstelling aan aankoopbedrogrisiko's so ver as moontlik te beperk. Die studie fokus eerstens op die ontleding van die stappe in die aankoopproses wat as vertrekpunt vir die identifisering van bedrogrisiko's dien. Tweedens word die ondernemingsrisikobestuursmodel in die vorm van `n aankoopbedrogrisikomatriks in die aankoopfunksie toegepas. Die studie dui daarop dat alhoewel aankoopbedrog nie volkome verhoed kan word nie, die voorkoms daarvan wel beperk kan word deur die toepassing van `n omvattende aankoopbedrogrisikobestuursmodel. Aanbevelings vir verdere studies sluit die toepassing van die ondernemingsrisikobestuursmodel op ander funksionele terreine van die onderneming in. / Auditing / M. Com. (Auditing)

Procurement

Risk management

Enterprise risk management

Internal auditor

Risk manager

Procurement fraud

658.473

Purchasing

Fraud -- Prevention

Risk management

Loss control

Auditors

Risk managers

Gestão de riscos corporativos (ERM) e sua relação com o desempenho inovador de empresas de grande porte no Brasil / The relation between enterprise risk management (ERM) and innovation performance of Brazil\'s large companies

Silvye Ane Massaini

04 October 2017

A gestão de riscos corporativos (ERM) tem assumido um importante papel no campo da administração de empresas, sendo apontada como fundamental no sentido de potencializar a probabilidade de realização dos objetivos estratégicos. Concomitantemente, a inovação tem se tornado um imperativo para o alcance de vantagens competitivas em um ambiente cada vez mais dinâmico e inter-relacionado. No entanto, ao mesmo tempo em que as empresas devem inovar para se manterem perenes, o resultado em inovação pode ser influenciado pelos diversos fatores de riscos presentes no ambiente de negócios. Neste sentido, o estudo tem como objetivo verificar qual a influência das práticas de gestão de riscos corporativos no desempenho em inovação, tendo como foco empresas brasileiras de grande porte. A pesquisa, de cunho descritivo, possui caráter quantitativo e foi desenvolvida a partir da aplicação da técnica de Modelagem de Equações Estruturais, baseada no método de mínimos quadrados parciais (PLS). Os resultados apontam para uma relação positiva e significativa entre as práticas de ERM e o desempenho em inovação das empresas, sendo o ambiente interno propício e o apetite a risco das organizações variáveis relevantes para esta relação. / The Enterprise Risk Management (ERM) has gained importance in the context of business administration, as a fundamental process in order to maximize the probability of achieving the strategic objectives. Concomitantly, innovation has become an imperative for achieving competitive advantage, in view of an increasingly dynamic and interrelated environment. However, while companies must innovate to survive, innovation can also be influenced by risks present in the business environment. Considering this frame, this study aims to understand the influence of enterprise risk management\'s practices on innovation performance, focusing on Brazilian large companies. The quantitative research, which presents descriptive nature, was developed using structural equation modeling technique, based on the method of partial least squares (PLS). The results point to a positive and significant relationship between ERM practices and innovative performance. In addition, the variables internal environment and risk appetite are relevant and statistically significant for this association.

Desempenho em inovação

Gestão de riscos corporativos

Modelagem de equações estruturais

Riscos do processo de inovação

Enterprise risk management

Innovation performance

Innovation risks

Structural equation modeling

Rizika založení malého podniku / Risk of Small Company Establishment

Fišar, Vratislav

January 2017

This thesis deals with a real business plan, including the assessment of individual risks, the establishment of a small bakery shop, which should be located in one of the city districts of Brno, namely Maloměřice a Obřany. In the first theoretical part, the basic concepts, definition of necessary analyzes and detailed description of individual parts of the business plan are introduced. The practical part uses theoretical knowledge, a critical risk analysis, market analysis and a business plan for the enterprise.

Assessment of enterprise risk management maturity levels of the insurance industry in Botswana

Ngwenya, Moreblessing

11 1900

The primary objective of this study was to develop an Enterprise Risk Management Maturity Framework (ERMMF) for use in the assessment of Enterprise Risk Management (ERM) maturity levels of the insurance industry in Botswana. The ERMMF incorporated elements from the Committee of Sponsoring Organisations of the Treadway Commission (COSO)’s ERM framework and the AON risk maturity model. Five criteria were utilised to define each of the eight components of ERM used to measure ERM maturity levels. The framework was developed qualitatively through literature review. The ERMMF was tested empirically to evaluate the ERM maturity levels of the insurance industry in Botswana. Data was collected from 12 respondents from long-term insurance companies, 15 from short-term insurance companies, 4 from reinsurers and 59 from brokerages. The findings revealed that the whole insurance industry is at the Defined stage of ERM maturity level as the responses bordered around 3 on the developed scale of measurement. The findings implied that the insurance sector in Botswana has generally implemented ERM but not enough follow-ups had been made to ensure that ERM became a continuous process. Results further indicated that although the whole sector was at the defined stage of ERM, the responses in each component differed per stratum. Literature indicates that insurance organisations, regardless of stratum within which they are, are faced with similar risks generally. The differing responses could be due to the magnitude of risks that could differ according to unique characteristics of each stratum. The study further recommended an enterprise risk management implementation procedure for the insurance industry in Botswana. / Business Management / D. Admin (Business Management)

Enterprise risk management

Enterprise risk maturity levels

ERM maturity framework

COSO ERM framework

ERM implementation procedure

Insurance industry

Short-term insurers

Long-term insurers

Reinsurers

Brokerages

368.00656856

Risk management -- Botswana

Insurance -- Botswana

Risk (Insurance) -- Botswana

Insurance agents -- Botswana

壽險業企業風險管理制度之探討 / A Study of Enterprise Risk Management Systems of Life Insurance Industry

高美蓮, Kao,Mei Lien

Unknown Date

壽險業作為經營風險的特許行業，承擔著穩定社會、資金的聚集和供給，以及促進經濟成長等重要功能。近年來由於低利率、匯率變動及國內外經濟環境日益惡化，保險業的本業利潤逐年降低，壽險業的經營面臨重大的挑戰。 保險公司倒閉在國外並不是新鮮事，根據統計，1978～1994年，不到20年間，全球共有648家保險公司破產。導致保險公司破產的原因很多，其中美國在2000～2001年破產的公司大部份是準備金不足；日本保險公司的破產原因則多為投資損失。此外，一些無法意料的天災及人禍之理賠，例如美國911恐怖事件以及卡翠那風災，使得各國保險公司對於企業風險管理更加重視。標準普爾信用評等公司於2006年起，正式將企業風險管理（ERM）制度列入保險業的信用評等項目，更加速保險公司執行企業風險管理的速度。目前國內保險業風險管理制度之實施，則仍屬於起步階段。 保險業屬於高度競爭及高度監理之行業，因此，如何在保持領先的競爭地位及提供優質的客戶服務的同時，亦能恪遵法令、落實內部控制制度及企業風險管理制度，進而創造出屬於自身的藍海策略，以期追求穩定持續成長的獲利，實為壽險業者必須重視的議題。 本研究探討目前保險業所面臨的風險及挑戰，分析金管會對保險公司重大裁罰之種類，並描述及探討個案公司實施內部控制、沙賓法案及企業風險管理制度之狀況與歷程，以及其可能遇到的瓶頸與障礙。本研究結果對於國內保險業實施內部控制、沙賓法案及企業風險管理的過程，可提供助益。 / Life insurance industry conducts business that requires approval from its regulatory authority. The industry provides an array of functions, such as managing risks, maintaining social stability, pooling and supplying funds, etc. In recent years, life insurance industry has faced with serious challenges due to its decreasing operating profit margin caused by low interest rates, volatility of foreign exchange rates, and deteriorating economic environment around the globe. The bankruptcy among insurance companies is nothing new over the world. There were as many as 648 companies going bankrupt during 1978 to 1994. The causes of the aforementioned bankruptcy were many. For example, Japan companies became insolvent mostly due to investment losses; those in the U.S. were caused by insufficient reserves. Huge insurance claims for unpredictable natural or man-made disasters, such as 9/11 terrorist attack, hurricane Katrina, and the subprime mortgage crisis in the U.S., have attracted most companies’ attention worldwide to “enterprise risk management (ERM)”. Hence, Standard & Poor’s started in 2006 to apply the ERM analysis to its credit rating for the insurance industry, and this measure propels insurance companies into the implementation of ERM. Nonetheless, Taiwanese insurance companies are just at the inception of ERM. Insurance industry must comply with stringent regulations while confronting keen competition. An insurance company must take a lead in competition, provide quality services to its customers, abide by regulations, and implement internal controls and ERM in an integrated fashion. In doing so, an insurance company can develop its own blue ocean strategy and maintain sustainable growth and profit. This research probes into the risks and challenges faced by Taiwan insurance industry in dealing with various risks and challenges, including the serious sanctions by the Financial Supervisory Commission. We present a case study of local life insurance company with respect to its process of integrating internal control systems, compliance to Sarbanes-Oxley Act and implementation of ERM. A number of deficiencies, bottlenecks and obstacles were identified and analyzed, followed by related suggestions. Our results provide insights and helpful suggestions to the integration of internal controls, Sarbanes-Oxley compliance, and ERM for Taiwan insurance industry.

內部控制

沙賓法案

企業風險管理（ERM）

保險業

internal control

Sarbanes-Oxley Act

enterprise risk management (ERM)

insurance industry

Developing an Institutional Compliance Program: A Case Study Assessing the Organizational Structure of Two Universities

Kendra Alise Cooks (6611819)

10 June 2019

Compliance programs have grown since the early 1990s and evolved more formally into corporate institutional or enterprise-wide programs with the passage of the Sarbanes-Oxley Act of 2002. Formal institutional compliance programs are emerging in colleges and universities to assist in the management of the myriad of regulations and requirements placed on them by accrediting bodies, creditors, boards, donors, grantors, and federal and state regulators. An effective compliance program provides the structure for the institution and its employees to conduct operations ethically, with integrity, and in compliance with legal and regulatory requirements. The goals of this study were to identify organizational structures that assist large, public universities in effectively managing institutional compliance, the elements that shape these structures, and the benefits and limitations of those structures.

Higher Education

accountability

code of conduct

corporate of responsibility

enterprise risk management

ethics

ethics programs

institutional compliance

institutional compliance programs

integrity-based programs

Sarbanes-Oxley Act of 2002

U.S. Federal Sentencing Guidelines

Gerenciamento de riscos corporativos em pequenas e médias empresas: análise de uma empresa nacional do setor de TI / Enterprise risk management in small and medium-sized enterprises: analysis of a national IT company abstract

Doi, Anderson

04 October 2017

Os riscos fazem parte do cotidiano das empresas. Eles variam conforme sua natureza, a chance de ocorrer e o impacto que pode ocasionar às organizações. Por diversas razões, as empresas de pequeno e médio portes estão mais suscetíveis à imprevisibilidade e aos efeitos negativos dos riscos. Desse modo, é essencial que criem processos capazes de gerenciar os riscos de modo contínuo e sistêmico. Entretanto, o que se pode constatar é que ainda são raros os casos de empresas desses portes que possuam esses mecanismos de gestão. Essas empresas são fundamentais para o sistema econômico nacional, tanto pela geração de empregos quanto pelo crescimento do PIB e desenvolvimento do país. Na revisão bibliográfica desta pesquisa, o autor busca expor os principais conceitos existentes para o termo \"risco\" que, apesar de ser objeto de estudo há muito tempo, ainda possui definições bastante distintas; busca também apresentar aspectos importantes sobre o Gerenciamento de Riscos Corporativos e detalhar os dois principais modelos usados no mundo: COSO e ISO 31000, além de apresentar um modelo de identificação de riscos que abrange toda cadeia de valor das empresas. Como objetivos, identificar e avaliar quais são os principais riscos envolvidos na gestão de uma pequena empresa nacional do setor de TI, além de propor uma estratégia de tratamento para eles. A metodologia escolhida foi a pesquisa ação, na qual o pesquisador possui uma postura direta e ativa sobre a pesquisa e sobre a problemática. A pesquisa foi realizada sob uma abordagem qualitativa de caráter exploratório. Após identificação, avaliação e proposição de uma estratégia para tratamento dos riscos, conclui-se que é possível a implementação de um processo de Gerenciamento de Riscos Corporativos em uma empresa de pequeno porte e esse processo pode criar condições favoráveis para sobrevivência e crescimento das organizações. Muitos riscos descritos na literatura, que afetam negativamente as pequenas e médias empresas em vários países do globo, foram identificados na empresa analisada, enfatizando a necessidade de gestão dos riscos de um modo sistêmico, abrangente e contínuo. São poucas as pesquisas sobre este tema, na literatura nacional e, portanto, são fundamentais os estudos que possam contribuir para melhor entendimento deste universo. / Risks are part of everyday business. They vary according to their nature, the chance to occur and the impact they can have on organizations. For various reasons, small and medium-sized enterprises are more susceptible to unpredictability and the negative effects of risks. In this way, it is essential that they create processes capable of managing risks in a continuous and systemic way. However, what can be seen is that there are still rare cases of companies of these sizes that have these management mechanisms. These companies are fundamental to the national economic system, both for the generation of jobs and for the GDP growth and development of the country. In the bibliographic review of this research, the author seeks to expose the main concepts existing for the term \"risk\" that, despite being object of study for a long time, still has quite different definitions; he also seeks to present important aspects of Enterprise Risk Management and to detail the two main models used in the world: COSO and ISO 31000, in addition to presenting a model of risk identification that covers the entire value chain of companies. The objectives are to identify and evaluate the main risks involved in the management of a small national IT company, and propose a treatment strategy for them. The methodology chosen was action research, in which the researcher has a direct and active attitude about the research and the problem. The research was carried out under a qualitative approach from an exploratory perspective. After identifying, evaluating and proposing a risk management strategy, it was possible to conclude that it is possible to implement an Enterprise Risk Management process in a small company, and this process can create favorable conditions for the survival and growth of the organization. Many risks described in the literature, which negatively affect small and medium enterprises in several countries of the globe, were identified in the analyzed company, emphasizing the need for risk management in a systemic, comprehensive and continuous way. There are few researches on this topic, in the national literature and, therefore, are fundamental studies that can contribute to a better understanding of this universe.

Administração de riscos

Avaliação de riscos

Enterprise risk management

Gerenciamento de riscos corporativos

Identificação de riscos

Identification of risks

Information technology

Pequenas e médias empresas

Risk assessment

Risk management

Small and medium enterprises

Tecnologia da informação

Tratamento de riscos

Treatment of risks

Svensk Kod för Bolagsstyrning : Förändringen av arbetet med intern kontroll och betydelsen av förändringen ur ett investeringsperspektiv

Andén, Ludvig, Arnbom, Therése

January 2010

<p>Intern kontroll handlar om att ha verksamhetens riskområden under kontroll. Brister i intern kontroll kan leda till ett ineffektivt arbete och riskera att utsätta verksamheten och därmed dess aktieägare för risk. När Svensk Kod för Bolagsstyrning (Koden) infördes i juli 2005 var syftet delvis att ge börsnoterade bolag ett ramverk för hur de ska arbeta med och redovisa sitt arbete med dessa frågor som ett led i att åstadkomma god bolagsstyrning.</p><p>Uppsatsen undersöker huruvida Koden har förändrat svenska börsnoterade bolags arbete med intern kontroll samt den betydelse förändringen, ur ett investeringsperspektiv, har för aktieägarna.</p><p>Agentteorin utgör en grundläggande del av uppsatsens teoretiska ram genom att beskriva relationerna mellan och drivkrafterna bakom de studerade aktörerna, aktieägarna och styrelsen. En täckande schematisk modell av agentteorin saknas i befintlig akademisk litteratur. Uppsatsens författare har därför utformat en sådan modell, som presenteras och utgör stommen i uppsatsens analysmodell.</p><p>Nio stycken intervjuer med revisorer och ansvariga för intern kontroll på svenska börsnoterade bolag genomfördes. Vidare utfördes en enkätundersökning bland investerare på svenska fondbolag som ett led i den empiriska datainsamlingen.</p><p>Studien visar att införandet av Koden har lett till en förändring i hur svenska börsnoterade bolag idag arbetar med intern kontroll. Förändringen har varit störst i de små och medelstora bolagen, som inte arbetat med dessa frågor tidigare i samma utsträckning som de stora bolagen. Investerarna, och tillika aktieägarna, är inte medvetna om den förändring som skett avseende bolagens arbete med intern kontroll. Investerarna anser dock att intern kontroll är viktigt vid ett investeringsbeslut, men samtidigt inte en av de tre avgörande faktorerna.</p><p>Bolagen har i och med sitt ökade arbete med intern kontroll mer börjat identifiera de långsiktiga överlevnadsriskerna. Utfallet av denna förändring i styrelsens arbete har möjligen ännu inte kommit aktieägarna till godo något som kan förklara varför de inte ser intern kontroll som ett avgörande investeringskriterium.</p>

svensk kod för bolagsstyrning

bolagsstyrning

ägarstyrning

redovisning

intern kontroll

internkontroll

risk

riskhantering

ERM

enterprise risk management

styrning

revisor

revision

bolagsstyrningsrapport

investering

investerare

investeringskriterier

ledning

styrelse

Koden

styrelsens ansvar

börsnoterade bolag

stora bolag

SME

små bolag

medelstora bolag

Business studies

Företagsekonomi

Svensk Kod för Bolagsstyrning : Förändringen av arbetet med intern kontroll och betydelsen av förändringen ur ett investeringsperspektiv

Andén, Ludvig, Arnbom, Therése

January 2010

Intern kontroll handlar om att ha verksamhetens riskområden under kontroll. Brister i intern kontroll kan leda till ett ineffektivt arbete och riskera att utsätta verksamheten och därmed dess aktieägare för risk. När Svensk Kod för Bolagsstyrning (Koden) infördes i juli 2005 var syftet delvis att ge börsnoterade bolag ett ramverk för hur de ska arbeta med och redovisa sitt arbete med dessa frågor som ett led i att åstadkomma god bolagsstyrning. Uppsatsen undersöker huruvida Koden har förändrat svenska börsnoterade bolags arbete med intern kontroll samt den betydelse förändringen, ur ett investeringsperspektiv, har för aktieägarna. Agentteorin utgör en grundläggande del av uppsatsens teoretiska ram genom att beskriva relationerna mellan och drivkrafterna bakom de studerade aktörerna, aktieägarna och styrelsen. En täckande schematisk modell av agentteorin saknas i befintlig akademisk litteratur. Uppsatsens författare har därför utformat en sådan modell, som presenteras och utgör stommen i uppsatsens analysmodell. Nio stycken intervjuer med revisorer och ansvariga för intern kontroll på svenska börsnoterade bolag genomfördes. Vidare utfördes en enkätundersökning bland investerare på svenska fondbolag som ett led i den empiriska datainsamlingen. Studien visar att införandet av Koden har lett till en förändring i hur svenska börsnoterade bolag idag arbetar med intern kontroll. Förändringen har varit störst i de små och medelstora bolagen, som inte arbetat med dessa frågor tidigare i samma utsträckning som de stora bolagen. Investerarna, och tillika aktieägarna, är inte medvetna om den förändring som skett avseende bolagens arbete med intern kontroll. Investerarna anser dock att intern kontroll är viktigt vid ett investeringsbeslut, men samtidigt inte en av de tre avgörande faktorerna. Bolagen har i och med sitt ökade arbete med intern kontroll mer börjat identifiera de långsiktiga överlevnadsriskerna. Utfallet av denna förändring i styrelsens arbete har möjligen ännu inte kommit aktieägarna till godo något som kan förklara varför de inte ser intern kontroll som ett avgörande investeringskriterium.

svensk kod för bolagsstyrning

bolagsstyrning

ägarstyrning

redovisning

intern kontroll

internkontroll

risk

riskhantering

ERM

enterprise risk management

styrning

revisor

revision

bolagsstyrningsrapport

investering

investerare

investeringskriterier

ledning

styrelse

Koden

styrelsens ansvar

börsnoterade bolag

stora bolag

SME

små bolag

medelstora bolag

Business studies

Företagsekonomi

Gerenciamento de riscos corporativos em pequenas e médias empresas: análise de uma empresa nacional do setor de TI / Enterprise risk management in small and medium-sized enterprises: analysis of a national IT company abstract

Anderson Doi

04 October 2017

Os riscos fazem parte do cotidiano das empresas. Eles variam conforme sua natureza, a chance de ocorrer e o impacto que pode ocasionar às organizações. Por diversas razões, as empresas de pequeno e médio portes estão mais suscetíveis à imprevisibilidade e aos efeitos negativos dos riscos. Desse modo, é essencial que criem processos capazes de gerenciar os riscos de modo contínuo e sistêmico. Entretanto, o que se pode constatar é que ainda são raros os casos de empresas desses portes que possuam esses mecanismos de gestão. Essas empresas são fundamentais para o sistema econômico nacional, tanto pela geração de empregos quanto pelo crescimento do PIB e desenvolvimento do país. Na revisão bibliográfica desta pesquisa, o autor busca expor os principais conceitos existentes para o termo \"risco\" que, apesar de ser objeto de estudo há muito tempo, ainda possui definições bastante distintas; busca também apresentar aspectos importantes sobre o Gerenciamento de Riscos Corporativos e detalhar os dois principais modelos usados no mundo: COSO e ISO 31000, além de apresentar um modelo de identificação de riscos que abrange toda cadeia de valor das empresas. Como objetivos, identificar e avaliar quais são os principais riscos envolvidos na gestão de uma pequena empresa nacional do setor de TI, além de propor uma estratégia de tratamento para eles. A metodologia escolhida foi a pesquisa ação, na qual o pesquisador possui uma postura direta e ativa sobre a pesquisa e sobre a problemática. A pesquisa foi realizada sob uma abordagem qualitativa de caráter exploratório. Após identificação, avaliação e proposição de uma estratégia para tratamento dos riscos, conclui-se que é possível a implementação de um processo de Gerenciamento de Riscos Corporativos em uma empresa de pequeno porte e esse processo pode criar condições favoráveis para sobrevivência e crescimento das organizações. Muitos riscos descritos na literatura, que afetam negativamente as pequenas e médias empresas em vários países do globo, foram identificados na empresa analisada, enfatizando a necessidade de gestão dos riscos de um modo sistêmico, abrangente e contínuo. São poucas as pesquisas sobre este tema, na literatura nacional e, portanto, são fundamentais os estudos que possam contribuir para melhor entendimento deste universo. / Risks are part of everyday business. They vary according to their nature, the chance to occur and the impact they can have on organizations. For various reasons, small and medium-sized enterprises are more susceptible to unpredictability and the negative effects of risks. In this way, it is essential that they create processes capable of managing risks in a continuous and systemic way. However, what can be seen is that there are still rare cases of companies of these sizes that have these management mechanisms. These companies are fundamental to the national economic system, both for the generation of jobs and for the GDP growth and development of the country. In the bibliographic review of this research, the author seeks to expose the main concepts existing for the term \"risk\" that, despite being object of study for a long time, still has quite different definitions; he also seeks to present important aspects of Enterprise Risk Management and to detail the two main models used in the world: COSO and ISO 31000, in addition to presenting a model of risk identification that covers the entire value chain of companies. The objectives are to identify and evaluate the main risks involved in the management of a small national IT company, and propose a treatment strategy for them. The methodology chosen was action research, in which the researcher has a direct and active attitude about the research and the problem. The research was carried out under a qualitative approach from an exploratory perspective. After identifying, evaluating and proposing a risk management strategy, it was possible to conclude that it is possible to implement an Enterprise Risk Management process in a small company, and this process can create favorable conditions for the survival and growth of the organization. Many risks described in the literature, which negatively affect small and medium enterprises in several countries of the globe, were identified in the analyzed company, emphasizing the need for risk management in a systemic, comprehensive and continuous way. There are few researches on this topic, in the national literature and, therefore, are fundamental studies that can contribute to a better understanding of this universe.

Administração de riscos

Avaliação de riscos

Gerenciamento de riscos corporativos

Identificação de riscos

Pequenas e médias empresas

Tecnologia da informação

Tratamento de riscos

Enterprise risk management

Identification of risks

Information technology

Risk assessment

Risk management

Small and medium enterprises

Treatment of risks