Summary of the papers of information risk management
43 vues 2 fois vendu
Cours
Information risk management (E_ACC_IRM)
Établissement
Vrije Universiteit Amsterdam (VU)
This is an English summary of all the seven papers which are mandatory to study for the exam of information risk management. Information risk management is one of the courses of the master accounting & control at VU Amsterdam.
Summary information risk management papers
Recommendations: Building trust and confidence in sustainable business information
Applying effective internal controls to sustainability information for internal and external
purposes constitutes a rapidly growing use of existing risk and control concepts. Few best
practices have been established.
A good starting point for implementing internal control over sustainability reporting (ICSR) is the
process and ecosystem of the Committee of Sponsoring Organizations of the Treadway
Commission (COSO) Internal Control—Integrated Framework—originally issued in 1992 and
refreshed in 2013 (ICIF-2013 or Framework)—with a key addition, the concept of organizational
commitment to integrity and purpose, which is an important aspect of sustainability.
This framework creates five action
points:
1. Commit to integrity by stating
your purpose.
2. Determine objectives.
3. Identify and assess risks (and
consider opportunities).
4. Identify control activities to
manage a risk or mitigate the
risk to an acceptable level.
5. Evaluate effectiveness to
determine whether the
framework components and principles are present and functioning.
Implementing results in a variety of benefits.
Delivering internal benefits: metrics related to key sustainability issues can provide
organizations with business intelligence to support internal decision making and the
management of performance and impacts.
Delivering external benefits: meanwhile, the same information can provide decision-useful
disclosures for external users, such as investors.
To realize both internal and external benefits of an effective system of internal controls over
sustainable business reporting for both internal and external users, data lineage and governance
is critical. It is extremely valuable to translate and connect financial information, operational
data, and sustainable business information. This integration supports not only ESG reporting but
also internal decision making.
Key takeaways: Stakeholder goals around sustainability
- Cultivate a culture of accountability.
- Revisit the interrelationship of purpose and various objectives.
- Establish a cross-functional team.
- Leverage existing expertise.
, - Leverage existing controls.
- Leveraging enabling technologies and platforms.
- Focus on decision usefulness.
By viewing sustainability through the lens of decision usefulness, an organization can
focus on covering a small subset of metrics that are most important to its success
over time by reducing risk and contributing to growth and value creation.
- Start early.
Sustainability is multidisciplinary. Further, sustainability means the involvement of participants
from a range of other areas, such as legal, human resources, facilities, operations, and investor
relations, all of whom may lack understanding of COSO and reporting systems. Nearly every
modern global company issues some form of external reporting on sustainability. Sustainable
business information from these reports, as well as from individualized questionnaires and
commercial ratings, are
readily delivered to
investors, policy
makers, and a range of
stakeholders through
modern software
applications and
platforms.
However, significant concerns remain regarding the nascent systems that are producing
this decision-critical information.
COSO refers to the Committee of Sponsoring Organizations of the Treadway Commission, which
is made up of five global accountancy and auditing organizations. Ultimately, in 1992 (with some
revisions through 1994), COSO published its first framework, called the Internal Control -
Integrated Framework. The publication made two giant steps forward. First, it provided a
definition of “internal control.” Second, it provided a common framework for evaluating and
improving internal control systems.
Support various professionals in financial reporting with common language and
concepts.
Later, ICIF became a premier tool for operationalizing and implementing the Sarbanes-Oxley Act
of 2002 (SOX).
With respect to annual report filings, these new requirements for public companies under the
SEC’s authority included:
- A report by management that assesses how well ICFR is functioning, commonly known
as SOX Section 404(a), and
- An auditor’s report attesting to management’s report, commonly known as SOX Section
404(b).4
Framework is not mandatory but it is generally accepted.
, ICIF-2013 defines internal control as follows: Internal control is a process, effected by an entity’s
board of directors, management, and other personnel, designed to provide reasonable
assurance regarding the achievement of objectives relating to operations, reporting, and
compliance.
An organization has achieved an effective system of internal controls when all principles
are present and functioning.
As various stakeholders showed increased interest in sustainable business information, COSO
responded by issuing materials that expressly endorsed the use of ICIF-2013. COSO
incorporated the term “nonfinancial” directly into the 2013 Framework.
The ERM framework can be interpreted and applied to support an organization’s sustainable
business strategy that it carries out through its internal control system (principle 7). A key goal is
to provide information that utilizes a broader perspective of resources and resource
contributors than under traditional financial accounting and reporting. Groups other than
investors are relying on corporate information to understand how a reporting entity’s
transactions, operations, and activities impact external stakeholders, such as policy makers
that speak for communities—both local and global—and the people and natural resources that
they represent.
Within the ESG world, it has been recognized that not all users can be considered the same. As
long-term, committed investors seek ESG information as part of their decision making, other
Les avantages d'acheter des résumés chez Stuvia:
Qualité garantie par les avis des clients
Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.
L’achat facile et rapide
Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.
Focus sur l’essentiel
Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.
Foire aux questions
Qu'est-ce que j'obtiens en achetant ce document ?
Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.
Garantie de remboursement : comment ça marche ?
Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.
Auprès de qui est-ce que j'achète ce résumé ?
Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur lauravanbeek3. Stuvia facilite les paiements au vendeur.
Est-ce que j'aurai un abonnement?
Non, vous n'achetez ce résumé que pour 7,49 €. Vous n'êtes lié à rien après votre achat.
