Risks and Audit Objectives for IT Outsourcing

In the recent years, as a result of globalization, internet and IT progress, the outsourcing of IT services has seen an exponential growth. As a result more and more companies decide to outsource, partially or totally, their IT services. Nevertheless, the outsourcing process exposes both clients and service providers to a series of risks that can seriously affect their activities. Managing these risks by improving the quality and efficiency of internal control has made the ITO audit a necessary component for all the companies involved in this process. The goal of this paper is to identify analyze and map the influence areas of ITO risks in order to suggest a series of objectives for ITO audit.Information Technology, Outsourcing, Audit, Risks, Service Provider

Risks of investment in personnel development: evidence from Ukrainian IT companies

In this paper, we examine key factors that influence the risks of investment in the development of human capital of a firm in the IT sector and estimate their weight in the overall risk. In particular, we single out the risk of premature voluntary termination of an employee, the risk of ineffective training, and the risk of a firm’s incorrect employee development strategy. Moreover, to support management of the mentioned kinds of risks, we enumerate the factors that influence them and classify those factors into three main groups: related to the employee, related to the firm, and related to the external environment. Based on this division, we build a model for estimating the risks of investing in the development of personnel using the Analytic Hierarchy Process (AHP)

Accounting for toxicity risks in pollution control : does it matter?

The accounting and public release of information about industrial toxic pollution emissions is meeting increasing criticism in that these listings typically do not account for the different toxicity risks associated with different pollutants. A firm emitting a large amount of relatively harmless substance is ranked as a heavier polluter than a firm emitting a small quantity of a potent substance. Such"unweighted"rankings of firms, it is argued, may lead to misallocation of resources and a wrong prioritization of efforts in pollution control. This is a particular problem in developing countries, where sources for pollution control are typically scarce. To account for varying toxicity risk, a number of organizations have developed thresholds or exposure limits for various pollutants. But many toxicity risk factors and methods are currently available, and different risk indicators yield different results and hence priorities. So the authors review seven risk methods and construct 10 sets of toxicity risk factors from those indicators. They apply those factors to the 3,426 industrial municipalities of Brazil and explore Rio de Janeiro and Sao Paulo in detail. After ranking states and municipalities for their pollution intensity, results indicate that at the state level, risk-weighted rankings remain largely the same across the 10 sets of toxicity risk factors used in thispaper. By and large the result also holds true at the municipal level. Although at the state level the unweighted ranking is relatively similar to the risk-weighted ranking, at the municipal level significant differences were found between the risk-weighted and unweighted rankings. These findings suggest that it is important for environmental regulators to weight pollutants for their relative toxicity risk when developing priorities for pollution control efforts at the industrial or regional level. But at high levels of aggregation, the choice of indicator need not be the subject of immense debate.Public Health Promotion,Environmental Economics&Policies,Health Monitoring&Evaluation,Pollution Management&Control,Water and Industry,Health Monitoring&Evaluation,TF030632-DANISH CTF - FY05 (DAC PART COUNTRIES GNP PER CAPITA BELOW USD 2,500/AL,Sanitation and Sewerage,Water and Industry,Environmental Economics&Policies

Premium Risk net of Reinsurance: from short-term to medium term assessment

Solvency II requirements introduced new issues for actuarial risk management in non-life insurance, challenging the market to have a consciousness of its own risk profile, and also investigating the sensitivity of the solvency ratio depending on the insurance risks and technical results on either a short-term and medium-term perspective. For this aim, in the present paper, a partial internal model for premium risk is developed for three multi-line non-life insurers, and the impact of some different business mixes is analyzed. Furthermore, the risk-mitigation and profitability impact of reinsurance in the premium risk model are introduced, and a global framework for a feasible application of this model consistent with a medium-term analysis is provided. Numerical results are also figured out with evidence of various effects for several portfolios and reinsurance arrangements, pointing out the main reasons for these differences

Financial Risks and the Pension Protection Fund: Can it Survive Them?

This paper discusses the financial risks faced by the UK Pension Protection Fund (PPF) and what, if anything, it can do about them. It draws lessons from the regulatory regimes under which other financial institutions, such as banks and insurance companies, operate and asks why pension funds are treated differently. It also reviews the experience with other government-sponsored insurance schemes, such as the US Pension Benefit Guaranty Corporation, upon which the PPF is modelled. We conclude that the PPF will live under the permanent risk of insolvency as a consequence of the moral hazard, adverse selection, and, especially, systemic risks that it faces.

The Multidimensionality of IT Outsourcing Risks

Abstract: IT outsourcing is a complex endeavour with multiple sources of risks. The body of knowledge on the subject is vast but scattered. Our project aims to create an integrated risk and controls framework. This paper discusses the multidimensional nature of outsourcing risks that needs to be addressed when such framework is developed. This paper presents findings from two workshops where risks, their classifications and dimensions where discussed by a group of experienced risk practitioners. The results highlight that practitioners see strategy, stakeholders and the different phases of the outsourcing as important dimensions that create risk and need to be addressed when organisations are planning or running an outsourcing venture. This research confirms that there are a number of dimensions in IT outsourcing risk and it has provided depth to the understanding of these dimensions

The Multidimensionality of IT Outsourcing Risks

IT outsourcing is a complex endeavour with multiple sources of risks. The body of knowledge on the subject is vast but scattered. Our project aims to create an integrated risk and controls framework. This paper discusses the multidimensional nature of outsourcing risks that needs to be addressed when such framework is developed. This paper presents findings from two workshops where risks, their classifications and dimensions where discussed by a group of experienced risk practitioners. The results highlight that practitioners see strategy, stakeholders and the different phases of the outsourcing as important dimensions that create risk and needs to be addressed by organisations that are planning or already running an outsourcing venture. This research confirms that there are a number of dimensions in IT outsourcing risk and it has provided depth to the understanding of these dimensions

Taxonomy of Technological IT Outsourcing Risks: Support for Risk Identification and Quantification

The past decade has seen an increasing interest in IT outsourcing as it promises companies many economic benefits. In recent years, IT paradigms, such as Software-as-a-Service or Cloud Computing using third-party services, are increasingly adopted. Current studies show that IT security and data privacy are the dominant factors affecting the perceived risk of IT outsourcing. Therefore, we explicitly focus on determining the technological risks related to IT security and quality of service characteristics associated with IT outsourcing. We conducted an extensive literature review, and thoroughly document the process in order to reach high validity and reliability. 149 papers have been evaluated based on a review of the whole content and out of the finally relevant 68 papers, we extracted 757 risk items. Using a successive refinement approach, which involved reduction of similar items and iterative re-grouping, we establish a taxonomy with nine risk categories for the final 70 technological risk items. Moreover, we describe how the taxonomy can be used to support the first two phases of the IT risk management process: risk identification and quantification. Therefore, for each item, we give parameters relevant for using them in an existing mathematical risk quantification model