Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Overview The project will contain discussion on internal audit, ethics and compliance and
enterprise risk management. Internal audit are activities conducted by an organization for evaluating themselves internally and it is different from external audit. Most of the organizations are having code of ethics and standards or policies that will support that ethical culture and aspects where all the employees should comply with it without failure. Enterprise risk management is broader form of risk management influencing the overall operations of the organization. 1.1.1. Purpose, and Aim
The purpose of the project is to identify what internal audit, ethics and compliance, and enterprise risk management are and to make a discussion about these terms by directly linking them to practical life in the organizational operations. Therefore, the project is aimed to provide good discussion around the various facts of these concepts. Section 2) 2.1) Discussion Findings
Internal Audit Internal audit is a process that involves objective assurance, independent and
consulting activity. It is designed for adding value and improving the operations of an organization. Therefore, it will be helping the organization so that they will be able to accomplish their objectives set by bringing disciplined and systematic approach for evaluating and improving the effectiveness of governance processes, control and risk management. The internal auditors will be evaluating the effectiveness and efficiency of the organizations procedures along with their related internal controls1.
Kowal, & Paribas. (2003). CobiT for Internal Auditors. Retrieved 6 December 2011 from http://www.nysscpa.org/committees/emergingtech/cobit.ppt
1
Page 1 of 6
Strand, Simkin, & Bagranoff. (2005). Information Technology Auditing. Retrieved 6 December 2011 from http://higheredbcs.wiley.com/legacy/college/bagranoff/0470045590/ppt/ch11.ppt Strand, Simkin, & Bagranoff. (2005). Information Technology Auditing. Retrieved 6 December 2011 from http://higheredbcs.wiley.com/legacy/college/bagranoff/0470045590/ppt/ch11.ppt
3
Makaeva. (2004). Internal Scanning: Organizational Analysis. Retrieved 6 December 2011 from http://sbmt.bsu.by/faculty/makaeva%5CmakaevaSMen%5CLectureNotes %5CIntrernal_Scanning_and_Organizational_Analysis.ppt
4
Hurt. (2010). Professional Certifications and Career Planning. Retrieved 6 December 2011 from http://www.philadelphia.edu.jo/courses/AIS/Chap017.ppt
5
Turban, McLean, & Wetherbe. (2000). Managing Information Resources and Security. Retrieved 6 December 2011 from http://people.hofstra.edu/Laura_H_Lally/bcis401/ch15.ppt
6
Page 2 of 6
Ethics are set of guiding ideals, standards or beliefs that will be pervading a group or an individual. There is great importance to computer ethics because the people are having certain fears and perceptions towards the use of computer. Most of the organizations have ethics programs, code of ethics, and ethics audit. An ethics program will be consisting of several activities that will provide staff members with directions to carry out the credo of a corporate. Whereby, ethics audit performed are by the internal auditors to evaluate compliance by the staff members. They will be auditing performed activities against code of ethics7. There are some issues of computer ethics such as internal control integrity, unemployment and displacement, equity in access, ownership of property, privacy, computer misuse, artificial intelligence, environmental issues, and security and accuracy8. The two approaches in ethics are integrity-based approach and compliance-based approach9. In order to have effective ethics compliance, the organization should consider the following10: 2.3)
7
Establishing compliance procedures and standards, Assigning top level management, Avoiding delegating responsibility who are not trustworthy, Communicating procedures and standards to all employees, Monitoring and auditing systems for detecting unethical activities, Enforcing ethical standards, and Making adjustments in the process of ethical issues.
McLeod, & Schell. (2004). Ethical Implications Of Information Technology. Retrieved 6 December 2011 from http://people.hofstra.edu/Laura_H_Lally/bcis401/ch15.ppt Wheeler, P. (2003). Ethics, Fraud, and Internal Control. Retrieved 6 December 2011 from http://www.swlearning.com/accounting/hall/ais_4e/ppt/ch03.ppt
8
Altman. (2005). Organizational Ethics and the Law. Retrieved 6 December 2011 from http://hercules.gcsu.edu/~dgoings/mktg3172/Chap006.ppt
9
Stanwick, P. (2000). Understanding Business Ethics. Retrieved 6 December 2011 from http://www.auburn.edu/~stanwsd/introtoethics.ppt
10
Page 3 of 6
Enterprise risk management (ERM) is consisting of three areas: operational risks, speculative risks and strategic risks. It is much broader concept considering personnel, property or liability loss exposures11. The process of ERM will be flowing and ongoing through an entity and the application will be during strategy setting. The design of ERM will be to identify possible events that might affect the entity so that they will be able to prepare risk management at enterprise level and to provide reasonable assurance. There are six encompassing areas in ERM as shown in figure 1:
Rejda. (2000). Advanced Topics in Risk Management. Retrieved 6 December 2011 from http://facultad.bayamon.inter.edu/cdehoyos/finanzas/seguros/fin%20601/CAP%204.ppt
11
Mulay, P. (2006). Information Risk Management vis--vis Enterprise Risk Management. Retrieved 6 December 2011 from http://www.assocham.org/events/recent/event_65/Presentation___ERM___20_4_06___Pravi n_Mulay.ppt
12
Page 4 of 6
Page 5 of 6
Page 6 of 6