Aligning enterprise risk management with business strategy and information systems

Business leaders recognise effective risk management as one of the main success drivers for enterprises. Even though the Enterprise Risk Management (ERM) concept has evolved significantly in the past years, in the aftermath of recent economic crises it became evident some of its critical challenges still need to be addressed. The review of subject literature led to a conclusion that current ERM approaches failed to protect enterprise value in turbulent and risky market conditions. Therefore, this paper aims to provide a conceptual analysis of the most common ERM practices and frameworks, in order to identify their shortcomings and areas requiring development. It is further aimed to provide guidance to business practitioners in implementing more integrated and effective Enterprise Risk Management (ERM) solutions. This research recognises the importance of aligning ERM programmes with business strategies, and with consolidated Information Systems. A “New Approach ERM Model” is developed as guidance for a successful alignment of ERM with enterprise business strategy, and for an effective adaption of Information Systems to requirements of ERM programmes. The “New Approach ERM Model” steers risk management initiatives and strategies in the same direction, and consequently allows enterprises to improve organisational effectiveness, increase shareholders value, and gain competitive advantage in the market

An integrated conceptual model for information system security risk management supported by enterprise architecture management

Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model

INSURANCE AS AN EFFECTIVE MECHANISM TO MINIMIZE RISKS AT THE ENTERPRISE

Purpose: The article analyzes the state of domestic insurance in agricultural enterprises, which is a complex type of property insurance, subspecies of which are insurance of crops, animals, commodity aquaculture, real estate and income of agricultural producers. Methodology: Generally accepted methods and techniques of economic research were used in the study process: monographic (in the process of studying risk management theoretical foundations), statistical and economic (when studying trends of AIC enterprise development and functioning), design-constructive (when justifying and calculating indicators of enterprise functioning), abstract and logical (when generalizing conceptual and methodological approaches in identifying, analyzing and assessing risks), comparative analysis (synthesis of native and foreign risk management experience), various risk assessment methodologies. Result: The economic risk passport is understood as a set of information about the risk area, risk criteria, as well as for instructions on the application of the necessary methods to manage or minimize the risk. The article presented a liquidity loss risk passport with one of the measures to minimize it - self-insurance. Applications: This research can be used for universities, teachers, and students. Novelty/Originality: In this research, the model of Insurance as an Effective Mechanism to Minimize Risks at the Enterprise is presented in a comprehensive and complete manner

Risk Prediction of Digital Human Resource Management Based on Artificial Intelligence

The latest information technologies have greatly accelerated the digitalization progress of Human Resource Management (HRM) and many useful techniques and tools have been developed for that purpose. However, in terms of risk management, effective enough tools and methods are still insufficient. Existing studies generally fail to give a turnkey solution to the operational risks in digital HRM system, and the macro measurement models are not suitable for dealing with the risks in the digital HRM system of each single enterprise. In view of these defects, this paper studied the prediction of risks in digital HRM systems based on Artificial Intelligence (AI). Firstly, the paper outlined the functions of a digital HRM system, defined the risk management mechanism of a HRM system, and built a conceptual model for it. Then, this paper proposed a novel method for predicting the risks in the digital HRM system, which innovatively integrates the digital HRM risk event chains with the risk event graph. After that, the paper elaborated on the structures and building principles of the risk event representation layer, risk event chain module, risk event graph module, and attention fusion module. At last, experimental results verified that the proposed model has obvious advantages in digital HRM risk prediction in terms of both stability and accuracy

A Conceptual Model for ASP Adoption

The much-heralded provision of Enterprise Resource Planning (ERP) and Customer Relationship Management (CRM) applications via hosting houses has been deemed to have failed. Many investigations have taken place, most of which have analysed the failure from the customer perspective, trying to understand why the end user did not endorse the Application Service Provision (ASP) model. As the end user stands to gain substantial benefits from the ASP model these studies are perhaps not focusing on the correct component of the value chain. This paper critically examines the ASP value chain and identifies the winners and risk takers within it. A flaw in the supply of ASP is highlighted and a conceptual model for ASP adoption proposed

Conceptualising risk culture on enterprise risk management (ERM) implementation in construction companies / Wong Ching Ching ... [et al.]

In today's global economy, inadequate risk management and lack of risk culture can threaten a company’s viability. Since construction industry is subjected to uncertainty, construction Public Listed Companies (PLCs) need to implement Enterprise Risk Management (ERM) as an effective technique in managing risk holistically. Although the importance of ERM is widely accepted, the influence of risk culture in its’ implementation is unexplored. This paper presents a conceptual model that shows the relationship between risk culture and ERM implementation. The dependent variable is ERM implementation, consist of four dimensions namely risk identification and risk assessment; risk treatment; monitor and consult; communicate and consult. The independent variables, risk culture compromise of six dimensions, which are risk policy and risk appetite; key risk indicators; accountability; incentives; risk language and internal relationships. This study aims to empirically test the relationship between risk culture and ERM implementation among Malaysian construction public listed companies. Quantitative method through questionnaire survey is adopted as data collection for this study. Risk culture is expected to have direct effects and significantly influence ERM. This study contributes to enhance the body of knowledge in ERM especially in understanding significant of risk culture that influence its’ implementation from Malaysian perspective

Risk Analysis in Extended Enterprise Environments: Identification of Critical Risk Factors in B2B E-Commerce Relationships

The focus of this study is to identify the critical risk factors that can be used to assess the impact of B2B e-commerce on overall enterprise risk. We apply Tthe Khazanchi and Sutton (2001) framework for B2B e-commerce assurance is applied as the organizing conceptual model for the study. The framework focuses on three primary risk components: (1) technical risks, (2) application-user risks, and (3) business risks. To identify a critical set of B2B risk factors, structured focus groups applying a nominal group technique were conducted with three internal constituency groups (corporate groups consisting of IS security, internal IT audit, and e-commerce development managers) and two external constituency groups (e-commerce consultants and external IT auditors). Tests of consistency between the groups confirm strong agreement on the identified critical B2B risk factors. Tests were also conducted on participant groups\u27 perceived relative importance of the critical B2B risk factors. The only substantial inconsistencies were between the internal constituency groups and theversus e-commerce consultants\u27 group for the business risk factors. This would appear to indicate that the priorities of internal groups might be different from the e-commerce consultants who appear more focused on management support of projects than necessarily on active involvement of trading partner staff with systems integration. Subsequent testing of the three- component B2B risk assurance model with a follow-up questionnaire suggests that the identified risk factors support the model, including theorized interrelationships among the three risk components

Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach

A conceptual model of enterprise application integration in higher education institutions

Copyright @ 2013 EMCIS.It is eminent that several applications’ systems are deployed at different levels in Higher Education (HE), ranging from academic and administrative to staff and students record systems. Many of these systems suffer from different problems due to the lack of integration such as data redundancy, inconsistency and maintenance cost. Enterprise Application Integration (EAI) can provide substantial benefits to these systems, such as assisting with business process integration, facilitating e-service based transformation and supporting collaborative decision-making. However, some factors that influence EAI adoption process in HE will be defined. This paper introduces a conceptual model to explain the outcome of using EAI in Higher Education Institutions (HEIs). Analyzing the combination of the existing classification of EAI factors with the HE factors will enhance the implementation of EAI in HEI at both organizational and operational levels. A pilot study at King Abdulaziz University (KAU), Kingdom of Saudi Arabia will be presented in this paper to show that the integration of the multiple information systems gives an integrated view to facilitate information access and reuse. Moreover data from different information systems is combined to gain a more comprehensive basis to satisfy the educational needs

Enterprise Resilience Assessment A Quantitative Approach

[EN] Enterprise resilience is a key capacity to guarantee enterprises¿ long-term continuity. This paper proposes a quantitative approach to enhance enterprise resilience by selecting optimal preventive actions to be activated to cushion the impact of disruptive events and to improve preparedness capability, one of the pillars of the enterprise resilience capacity. The proposed algorithms combine the dynamic programming approach with attenuation formulas to model real improvements when a combined set of preventive actions is activated for the same disruptive event. A numerical example is presented that shows remarkable reductions in the expected annual cost due to potential disruptive events.Sanchis, R.; Poler, R. (2019). Enterprise Resilience Assessment A Quantitative Approach. Sustainability. 11(16):1-13. https://doi.org/10.3390/su11164327S1131116Baghersad, M., & Zobel, C. W. (2015). Economic impact of production bottlenecks caused by disasters impacting interdependent industry sectors. International Journal of Production Economics, 168, 71-80. doi:10.1016/j.ijpe.2015.06.011Cagliano, A. C., De Marco, A., Grimaldi, S., & Rafele, C. (2012). An integrated approach to supply chain risk analysis. Journal of Risk Research, 15(7), 817-840. doi:10.1080/13669877.2012.666757Vanpoucke, E., Boyer, K. K., & Vereecke, A. (2009). Supply chain information flow strategies: an empirical taxonomy. International Journal of Operations & Production Management, 29(12), 1213-1241. doi:10.1108/01443570911005974Chaudhuri, A., Boer, H., & Taran, Y. (2018). Supply chain integration, risk management and manufacturing flexibility. International Journal of Operations & Production Management, 38(3), 690-712. doi:10.1108/ijopm-08-2015-0508Oliva, F. L. (2016). A maturity model for enterprise risk management. International Journal of Production Economics, 173, 66-79. doi:10.1016/j.ijpe.2015.12.007Hendry, L. C., Stevenson, M., MacBryde, J., Ball, P., Sayed, M., & Liu, L. (2019). Local food supply chain resilience to constitutional change: the Brexit effect. International Journal of Operations & Production Management, 39(3), 429-453. doi:10.1108/ijopm-03-2018-0184Prior, T., & Hagmann, J. (2013). Measuring resilience: methodological and political challenges of a trend security concept. Journal of Risk Research, 17(3), 281-298. doi:10.1080/13669877.2013.808686Holling, C. S. (1973). Resilience and Stability of Ecological Systems. Annual Review of Ecology and Systematics, 4(1), 1-23. doi:10.1146/annurev.es.04.110173.000245Haimes, Y. Y. (2009). On the Definition of Resilience in Systems. Risk Analysis, 29(4), 498-501. doi:10.1111/j.1539-6924.2009.01216.xDoorn, N. (2015). Resilience indicators: opportunities for including distributive justice concerns in disaster management. Journal of Risk Research, 20(6), 711-731. doi:10.1080/13669877.2015.1100662Scholz, R. W., Blumer, Y. B., & Brand, F. S. (2012). Risk, vulnerability, robustness, and resilience from a decision-theoretic perspective. Journal of Risk Research, 15(3), 313-330. doi:10.1080/13669877.2011.634522Reyes Levalle, R., & Nof, S. Y. (2015). Resilience by teaming in supply network formation and re-configuration. International Journal of Production Economics, 160, 80-93. doi:10.1016/j.ijpe.2014.09.036Kamalahmadi, M., & Parast, M. M. (2016). A review of the literature on the principles of enterprise and supply chain resilience: Major findings and directions for future research. International Journal of Production Economics, 171, 116-133. doi:10.1016/j.ijpe.2015.10.023Ponomarov, S. Y., & Holcomb, M. C. (2009). Understanding the concept of supply chain resilience. The International Journal of Logistics Management, 20(1), 124-143. doi:10.1108/09574090910954873Comfort, L. K., Sungu, Y., Johnson, D., & Dunn, M. (2001). Complex Systems in Crisis: Anticipation and Resilience in Dynamic Environments. Journal of Contingencies and Crisis Management, 9(3), 144-158. doi:10.1111/1468-5973.00164Ayyub, B. M. (2013). Systems Resilience for Multihazard Environments: Definition, Metrics, and Valuation for Decision Making. Risk Analysis, 34(2), 340-355. doi:10.1111/risa.12093Cox Jr., L. A. T. (2012). Community Resilience and Decision Theory Challenges for Catastrophic Events. Risk Analysis, 32(11), 1919-1934. doi:10.1111/j.1539-6924.2012.01881.xSchmitt, A. J., & Singh, M. (2012). A quantitative analysis of disruption risk in a multi-echelon supply chain. International Journal of Production Economics, 139(1), 22-32. doi:10.1016/j.ijpe.2012.01.004Dabhilkar, M., Birkie, S. E., & Kaulio, M. (2016). Supply-side resilience as practice bundles: a critical incident study. International Journal of Operations & Production Management, 36(8), 948-970. doi:10.1108/ijopm-12-2014-0614Dormady, N., Roa-Henriquez, A., & Rose, A. (2019). Economic resilience of the firm: A production theory approach. International Journal of Production Economics, 208, 446-460. doi:10.1016/j.ijpe.2018.07.017Polyviou, M., Croxton, K. L., & Knemeyer, A. M. (2019). Resilience of medium-sized firms to supply chain disruptions: the role of internal social capital. International Journal of Operations & Production Management, 40(1), 68-91. doi:10.1108/ijopm-09-2017-0530The Ripple Effect—How Manufacturing and Retail Executives View the Growing Challenge of Supply Chain Risk www2.deloitte.com/us/en/pages/operations/articles/supply-chain-risk-ripple-effect.htmlRisk Ranking 2013–2015 http://www.ey.com/GL/en/Services/Advisory/Business-Pulse--top-10-risks-and-opportunitiesGlobal Risk Management Survey—Executive Summary www.aon.com/2017-global-risk-management-survey/pdfs/2017-Aon-Global-Risk-Management-Survey-Full-Report-062617.pdfThe State of Enterprise Resilience Survey 2016/2017 www.controlrisks.com/our-thinking/insights/reports/the-state-of-enterprise-resilience-survey-2016-201720th CEO Survey www.pwc.com/gx/en/ceo-survey/2017/pwc-ceo-20th-survey-report-2017.pdfBCI Supply Chain Resilience Report 2018 www.thebci.org/uploads/assets/uploaded/c50072bf-df5c-4c98-a5e1876aafb15bd0.pdfThe global risks report 2019 www.weforum.org/reports/the-global-risks-report-2019Madni, A. M., & Jackson, S. (2009). Towards a Conceptual Framework for Resilience Engineering. IEEE Systems Journal, 3(2), 181-191. doi:10.1109/jsyst.2009.2017397Pettit, T. J., Fiksel, J., & Croxton, K. L. (2010). ENSURING SUPPLY CHAIN RESILIENCE: DEVELOPMENT OF A CONCEPTUAL FRAMEWORK. Journal of Business Logistics, 31(1), 1-21. doi:10.1002/j.2158-1592.2010.tb00125.xBellman, R. (1954). The theory of dynamic programming. Bulletin of the American Mathematical Society, 60(6), 503-516. doi:10.1090/s0002-9904-1954-09848-8Cord, J. (1964). A Method for Allocating Funds to Investment Projects when Returns are Subject to Uncertainty. Management Science, 10(2), 335-341. doi:10.1287/mnsc.10.2.335Weingartner, H. M. (1966). Capital Budgeting of Interrelated Projects: Survey and Synthesis. Management Science, 12(7), 485-516. doi:10.1287/mnsc.12.7.485Weingartner, H. M., & Ness, D. N. (1967). Methods for the Solution of the Multidimensional 0/1 Knapsack Problem. Operations Research, 15(1), 83-103. doi:10.1287/opre.15.1.83Nemhauser, G. L., & Ullmann, Z. (1969). Discrete Dynamic Programming and Capital Allocation. Management Science, 15(9), 494-505. doi:10.1287/mnsc.15.9.494Boyer, V., Baz, D. E., & Elkihel, M. (2010). Solution of multidimensional knapsack problems via cooperation of dynamic programming and branch and bound. European J. of Industrial Engineering, 4(4), 434. doi:10.1504/ejie.2010.035653Skiena, S. S. (1999). Who is interested in algorithms and why? ACM SIGACT News, 30(3), 65-74. doi:10.1145/333623.333627Chou, T.-C., & Talalay, P. (1983). Analysis of combined drug effects: a new look at a very old problem. Trends in Pharmacological Sciences, 4, 450-454. doi:10.1016/0165-6147(83)90490-xChou, T.-C., & Talalay, P. (1984). Quantitative analysis of dose-effect relationships: the combined effects of multiple drugs or enzyme inhibitors. Advances in Enzyme Regulation, 22, 27-55. doi:10.1016/0065-2571(84)90007-4Belen’kii, M. S., & Schinazi, R. F. (1994). Multiple drug effect analysis with confidence interval. Antiviral Research, 25(1), 1-11. doi:10.1016/0166-3542(94)90089-2Glossary of Terms and Symbols Used in Pharmacology. Pharmacology and Experimental Therapeutics Department at Boston University School of Medicine http://www.bumc.bu.edu/busm-pm/academics/resources/glossary/Foucquier, J., & Guedj, M. (2015). Analysis of drug combinations: current methodological landscape. Pharmacology Research & Perspectives, 3(3), e00149. doi:10.1002/prp2.149Tallarida, R. J. (2011). Quantitative Methods for Assessing Drug Synergism. Genes & Cancer, 2(11), 1003-1008. doi:10.1177/194760191244057