854 resultados para Rafting (Sports)--Risk management|vCase studies.
Resumo:
Tämän tutkielman tarkoituksena on ollut tutkia pankin mahdollisuuksia soveltaa reaalioptioajattelua kriisiyrityksien käyttöpääomaan liittyvissä lisäluototusprosesseissa. Kohdepankin rahoitusasiantuntijoita haastattelemalla ja esimerkkitapauksiin tutustumalla tutkia on tutkittu pk-yritysten lisäluototusprosessia ja reaalioptioteorian soveltuvuutta luottoriskinhallintaan. Tutkimuksessa saatiin selville, että pankin luottoprosessin päätöksentekologiikassa on selkeitä yhteneväisyyksiä reaalioptioajattelun kanssa, mutta tietoisesti pankin asiantuntijat eivät sovella reaalioptioteoriaa toimintaansa. Tutkimuksessa havaittiin myös, että tiedostamattoman reaalioptioajattelun hyödyntämisaktiivisuus lisääntyy pankissa sitä mukaa, kun asiakaskohtainen riski kasvaa. Lisäksi kohdepankin asiantuntijat suhtautuivat luottoprosessissa kriisiyrityksille myönnettyihin lisäluottoihin suojautumisoption kaltaisen ajattelumallin tavoin. Toisin sanoen lisäluotto katsottiin asiakasyrityksen toiminnan jatkumisen mahdollistavana tekijänä, jonka avulla pitkän tähtäimen luottoriskin laskeminen on todennäköistä. Reaalioptioteorian tietoinen hyödyntäminen saattaisi tarjota lisätyökaluja asiakasyrityksien skenaarioiden arviointiin ja tukea sitä kautta luottopäätöksen tekemistä ja riskienhallintaa. Reaalioptiot voisivat tuoda joustavuutta ja lisäarvoa sellaisiin tilanteisiin, joissa asiakasyrityksen osalta ei ole olemassa laajaa historiatietoa tai asiakastuntemusta. Reaalioptioiden mahdollistaman joustavuuden sovittaminen säädösten mukaisiin proseduureihin saattaisi olla merkittävä keino pankin prosessin kehittämiseksi ja sisäisen viestinnän tehostamiseksi.
Resumo:
Pro Gradu -tutkielman tavoitteena on tutkia ulkoistettujen toimintojen valvontaa sekä toimintoihin kohdistuvan valvonnan eroja yrityksissä. Lisäksi tutkitaan, miten hyvin ulkoistukseen liittyvät mittarit toimivat. Tutkimuksessa pyritään selvittämään ulkoistamiseen liittyvien riskien toteutumisia sekä selvittämään valvonnan vaikutusta palvelun laatuun. Tutkimuksen tekoon vaikutti ulkoistamisten lisääntyminen sekä ulkoistettujen toimintojen valvontaan keskittyvien tutkimuksien puuttuminen. Aiemmin tehdyissä tutkimuksissa ei ole käsitelty toimintojen valvontaa. Empiirisessä tutkimuksessa tarkastellaan seitsemän eri toimialalla toimivan yrityksen ulkoistettuja toimintoja. Aineistokeruu tutkimukseen on toteutettu haastatteluina. Tutkimustulosten perusteella voidaan todeta yritysten valvonnan perustuvan sopimuksessa määriteltyihin mittareihin, joiden koetaan mittaavan haluttuja asioita. Toimintojen valvonnassa ei yrityksien välillä ole olennaisia eroja. Yritykset ovat pääsääntöisesti huomioineet ulkoistukseen liittyvät riskit riskienhallinnassaan. Yritykset kokevat valvonnan tehostamisen vaikuttavan palvelun laatuun.
Resumo:
This thesis studies intellectual property right (also: IPR) strategies from the perspective of high growth startup companies. Due to technology development and intellectualization of business, large part of companies’ assets are nowadays intangible. At the same time, the importance of protection instruments designed to protect these intangible assets, intellectual property rights, is increasing. Utilization of these instruments, however, requires understanding of the functioning of the IPR system, as well as financial resources. Startup companies aiming for growth need to be able compete with more established companies also in relation to intangible assets, but they might not have the required knowledge ot resources to fully utilize IPRs in their business. This research aims to understand what are the benefits a startup company can have from protecting their IPRs, and how can the company achieve those benefits. Based on a review of previous literature, altogether 11 benefits of IPR registration were recognized. To answer to the research questions, six half-structured interviews were conducted with experts form different fields, all with experience in working with startup companies and IPR issues. The interviews were analyzed using different methods of qualitative data analysis, mainly derived from grounded theory and case study methods. As a result, out of the 11 benefits recognized from earlier literature, 8 were recognized to be relevant for startup companies. The most central benefits were recognized to be linked with the financial lifecycle of the startup company, including increasing credibility of the startup and stimulating an investment. In addition it was noticed, that startup companies are mainly able to utilize these benefits at later stages of their lifecycle. However, to be able to utilize the benefits at later stages, the startup company needs to be aware of the functioning of the IPR system and might need to apply for appropriate protection already early on. As a result of this study, a three-step model was formed to describe different levels of IPR utilization. The first level of the model represents the minimum level of understanding that every startup company should have regarding IPRs. The second level views IPR strategy from a risk management perspective, including securing the minimum protection of the company’s own IPRs, contract management and establishing processes for handling IPR issues. The last stage reflects strategic use of IPRs. At this third stage intellectual property rights have a central role in the startup company’s business, and they are used in the company’s value creation.
Resumo:
This thesis presents different IPR risk mitigation actions as well as enforcement practices and evaluates their usability in different situations. The focus is on pending patent applications, where the right is not officially recognized or established yet, but some references are made to granted patents as well. The thesis presents the different aspects when assessing the risk level created by patents and pending applications. At all times it compares the patent law of the United States and European Patent Convention. Occasionally some references are made to national law, when the European Patent Convention cannot be applied. The thesis presents two case examples, which bring the risk mitigation actions and enforcement practices closer to practice.
Resumo:
The topic of this Master’s Thesis is risk assessment in the supply chain, and the work was done for a company operating in the pharmaceutical industry. The unique features of the industry bring additional challenges to risk management, due to high regulatory, docu-mentation and traceability requirements. The objective of the thesis was to generate a template for assessing the risks in the supply chain of current and potential suppliers of the case company. Risks pertaining to the case setting were sought mainly from in-house expertise of this specific product and supply chain as well as academic research papers and theory on risk management. A questionnaire was set up to assess the found risks on impact, occurrence and possibility of detection. Through this classification of the severity of the risks, the supplier assessment template was formed. A questionnaire template, comprised of the top 10 risks affecting the flow of information and materials in this setting, was formulated to serve as a generic tool for assessing risks in the supply chain of a pharmaceutical company. The template was tested on another supplier for usability and accuracy of found risks, and it demonstrated functioning in a differing supply chain and product setting.
Resumo:
The main strengths of professional knowledge-intensive business services (P-KIBS) are knowledge and creativity which needs to be fostered, maintained and supported. The process of managing P-KIBS companies deals with financial, operational and strategic risks. That is why it is reasonable to apply risk management techniques and frameworks in this context. A significant challenge hides in choosing reasonable ways of implementing risk management, which will not limit creative ability in organization, and furthermore will contribute to the process. This choice is related to a risk intelligent approach which becomes a justified way of finding the required balance. On a theoretical level the field of managing both creativity and risk intelligence as a balanced process remains understudied in particular within KIBS industry. For instance, there appears to be a wide range of separate models for innovation and risk management, but very little discussion in terms of trying to find the right balance between them. This study aims to shed light on the importance of well-managed combination of these concepts. The research purpose of the present study is to find out how the balance between creativity and risk intelligence can be managed in P-KIBS. The methodological approach utilized in the study is strictly conceptual without empirical aspects. The research purpose can be achieved through answering the following research supporting questions: 1. What are the characteristics and role of creativity as a component of innovation process in a P-KIBS company? 2. What are the characteristics and role of risk intelligence as an approach towards risk management process implementation in a P-KIBS company? 3. How can risk intelligence and creativity be balanced in P-KIBS? The main theoretical contribution of the study conceals in a proposed creativity and risk intelligence stage process framework. It is designed as an algorithm that can be applied on organizational canvas. It consists of several distinct stages specified by actors involved, their roles and implications. Additional stage-wise description provides detailed tasks for each of the enterprise levels, while combining strategies into one. The insights driven from the framework can be utilized by a vast range of specialists from strategists to risk managers, and from innovation managers to entrepreneurs. Any business that is designing and delivering knowledge service can potentially gain valuable thoughts and expand conceptual understanding from the present report. Risk intelligence in the current study is a unique way of emphasizing the role of creativity in professional knowledge-intensive industry and a worthy technique for making profound decisions towards risks.
Resumo:
Tutkimuksen tarkoituksena on tarkastella etäjohtamista finanssitoimialan johtamismallina ja sen vaikutuksia toimialan operatiivisten riskien hallintaan. Tutkimuksessa toteutetaan kvalitatiivinen tutkimus finanssialalla toimivalle Case yritys X:lle ja tutkimusmenetelmänä käytetään teemahaastatteluja. Tutkimuksella pyritään selvittämään miten etäjohtaminen vaikuttaa yrityksen operatiivisten riskien hallintaan ja mitä muutoksia etäjohtamismalliin tulisi tehdä operatiivisten riskien hallinnan tehostamiseksi. Teoriaosuudessa käydään läpi etäjohtamisen ja finanssialan riskienhallintaa aikaisempien tutkimusten ja kirjallisuuden pohjalta. Tutkimuksessa selvitetään yrityksen yleisimmät operatiiviset riskit, niiden hallintakeinot ja pyritään teoriaan nojaten kehittämään etäjohtamismalliin menetelmiä tehokkaampaan operatiivisten riskien hallintaan. Tuloksissa vedetään yhteen yrityksen tämänhetkinen tilanne operatiivisessa riskienhallinnassa ja teemahaastattelujen sekä teorian pohjalta pyritään löytämään kehitysehdotuksia etäjohtamismalliin, mitä voitaisiin tehdä toisin. Teoria painottaa mm. HR:n sisällyttämistä osaksi operatiivista riskienhallintaa, vastuuhenkilöiden ja mittareiden asettamista ja kehittämistä sekä leader-johtajuutta ja Basel-säännöksiin perustuvaa operatiivisten riskienhallinnan viitekehystä. Empiirisessä osiossa haastatteluista kerätyt vastaukset ohjaavat teorian kanssa samansuuntaisiin kehitysehdotuksiin. Avainasemassa yrityksen operatiivisessa riskienhallinnassa ovat reagoiminen, osaava etäjohtaminen sekä johdonmukainen perehdytyssuunnitelma. Yritys X on tehnyt huomattavia toimenpiteitä etäjohtamismalliin ja jatkuva kehittäminen kohti parempaa operatiivista riskienhallintaa on liiketoimintastrategian keskiössä.
Resumo:
High levels of von Willebrand factor (vWF) have been associated with cardiovascular disease. The A allele of the -1185A/G polymorphism in the 5'-regulatory region of the vWF gene was associated with the highest plasma vWF levels in a normal population. To examine the association between -1185A/G polymorphism and coronary artery disease (CAD), 173 Brazilian Caucasian subjects submitted to coronary angiography were studied. Of these, 57 (33%) had normal coronary arteries (control group) and 116 (67%) had CAD (patient group). Plasma vWF levels were higher in patients (145 U/dl) than in controls (130 U/dl), but the differences were significant only for O blood group subjects. Polymerase chain reaction amplification of the 864-bp vWF promoter region followed by AccII restriction digestion was used to identify the -1185A/G genotypes. The -1185A allele frequency was 43.1% in patients and 44.7% in controls. Allele and genotype frequencies were not significantly different between patients and controls. No association was observed between the -1185A/G genotypes and plasma vWF levels in patients or controls. These results suggest that -1185A/G polymorphism is not an independent risk factor for CAD.
Resumo:
Tässä tutkielmassa tutkitaan sitä, mitä poliittinen riski on. Tarkoitus on saada selvyyttä tälle käsitteelle, jotta poliittisten riskien arviointi ja hallinta olisi kansainvälisille yrityksille helpompaa. Tutkielmassa tutkitaan myös sitä, millaisilla erilaisilla strategioilla ja keinoilla poliittiseen riskiin on mahdollista varautua. Tutkielman empiirisessä osiossa tutkitaan, tukevatko aikaisempien tutkimusten tulokset ja teoriat tosielämää erään suomalaisen teknologiavientiyhtiön kautta tarkasteltuna.
Resumo:
Fluctuating commodity prices, foreign exchange rates and interest rates are causing changes in cash flows, market value and the companies’ profit. Most of the commodities are quoted in US dollar. Companies with non-dollar accounting face a double risk in the form of the commodity price risk and foreign exchange risk. The objective of this Master’s thesis is to find out how companies under commodity should manage foreign exchange exposure. The theoretical literature is based on foreign exchange risk, commodity risk and foreign exchange exposure management. The empirical research is done by using constructive modelling of a case company in the oil industry. The exposure is model with foreign exchange net cash flow and net working capital. First, the factors affecting foreign exchange exposure in case company are analyzed, then a model of foreign exchange exposure is created. Finally, the models are compared and the most suitable method is defined. According to the literature, foreign exchange exposure is the foreign exchange net cash flow. However, the results of the study show that foreign exchange risk can be managed also with net working capital. When the purchases, sales and storage are under foreign exchange risk, the best way to manage foreign exchange exposure is with combined net cash flow and net working capital method. The foreign exchange risk policy of the company defines the appropriate way to manage foreign exchange risk.
Resumo:
The Finnish legislation requires for a safe and secure learning environment. However, the comprehensive, risk based safety and security management (SSM) and the management commitment in the implementation and development of the SSM are not mentioned in the legislation. Multiple institutions, operators and researchers have studied and developed safety and security in educational institutions over the past decade. Typically the approach has been fragmented and without bringing up the importance of the comprehensive SSM. The development needs of the safety and security operations in universities have been studied. However, in universities of applied sciences (UASs) and in elementary schools (ESs), the performance level, strengths and weaknesses of the comprehensive SSM have not been studied. The objective of this study was to develop the comprehensive, risk based SSM of educational institutions by developing the new Asteri consultative auditing process and study its effects on auditees. Furthermore, the performance level in the comprehensive SSM in UASs and ESs were studied using Asteri and the TUTOR model developed by the Keski-Uusimaa Department for Rescue Services. In addition, strengths, development needs and differences were identified. In total, 76 educational institutions were audited between the years 2011 and 2014. The study is based on logical empiricism, and an observational applied research design was used. Auditing, observation and an electronic survey were used for data collection. Statistical analysis was used to analyze the collected information. In addition, thematic analysis was used to analyze the development areas of the organizations mentioned by the respondents in the survey. As one of the main contributions, this research presents the new Asteri consultative auditing process. Organizations with low performance levels on the audited subject benefit the most from the Asteri consultative auditing process. Asteri may be usable in many different types of audits, not only in SSM audits. As a new result, this study provides new knowledge on attitudes related to auditing. According to the research findings, auditing may generate negative attitudes and the auditor should take them into account when planning and preparing for audits. Negative attitudes can be compensated by producing added value, objectivity and positivity for the audit and, thus, improve the positive effects of auditing on knowledge and skills. Moreover, as the results of this study shows, auditing safety and security issues do not increase feelings of insecurity, but rather increase feelings of safety and security when using the new Asteri consultative auditing process with the TUTOR model. The results showed that the SSM in the audited UASs was statistically significantly more advanced than that in the audited ESs. However, there is still room for improvement in the ESs and the UASs as the approach to the SSM was fragmented. It can be assumed that the majority of Finnish UASs and ESs do not likely meet the basic level of the comprehensive, risk based the SSM.
Resumo:
The investments have always been considered as an essential backbone and so-called ‘locomotive’ for the competitive economies. However, in various countries, the state has been put under tight budget constraints for the investments in capital intensive projects. In response to this situation, the cooperation between public and private sector has grown based on public-private mechanism. The promotion of favorable arrangement for collaboration between public and private sectors for the provision of policies, services, and infrastructure in Russia can help to address the problems of dry ports development that neither municipalities nor the private sector can solve alone. Especially, the stimulation of public-private collaboration is significant under the exposure to externalities that affect the magnitude of the risks during all phases of project realization. In these circumstances, the risk in the projects also is becoming increasingly a part of joint research and risk management practice, which is viewed as a key approach, aiming to take active actions on existing global and specific factors of uncertainties. Meanwhile, a relatively little progress has been made on the inclusion of the resilience aspects into the planning process of a dry ports construction that would instruct the capacity planner, on how to mitigate the occurrence of disruptions that may lead to million dollars of losses due to the deviation of the future cash flows from the expected financial flows on the project. The current experience shows that the existing methodological base is developed fragmentary within separate steps of supply chain risk management (SCRM) processes: risk identification, risk evaluation, risk mitigation, risk monitoring and control phases. The lack of the systematic approach hinders the solution of the problem of risk management processes of dry port implementation. Therefore, management of various risks during the investments phases of dry port projects still presents a considerable challenge from the practical and theoretical points of view. In this regard, the given research became a logical continuation of fundamental research, existing in the financial models and theories (e.g., capital asset pricing model and real option theory), as well as provided a complementation for the portfolio theory. The goal of the current study is in the design of methods and models for the facilitation of dry port implementation through the mechanism of public-private partnership on the national market that implies the necessity to mitigate, first and foremost, the shortage of the investments and consequences of risks. The problem of the research was formulated on the ground of the identified contradictions. They rose as a continuation of the trade-off between the opportunities that the investors can gain from the development of terminal business in Russia (i.e. dry port implementation) and risks. As a rule, the higher the investment risk, the greater should be their expected return. However, investors have a different tolerance for the risks. That is why it would be advisable to find an optimum investment. In the given study, the optimum relates to the search for the efficient portfolio, which can provide satisfaction to the investor, depending on its degree of risk aversion. There are many theories and methods in finance, concerning investment choices. Nevertheless, the appropriateness and effectiveness of particular methods should be considered with the allowance of the specifics of the investment projects. For example, the investments in dry ports imply not only the lump sum of financial inflows, but also the long-term payback periods. As a result, capital intensity and longevity of their construction determine the necessity from investors to ensure the return on investment (profitability), along with the rapid return on investment (liquidity), without precluding the fact that the stochastic nature of the project environment is hardly described by the formula-based approach. The current theoretical base for the economic appraisals of the dry port projects more often perceives net present value (NPV) as a technique superior to other decision-making criteria. For example, the portfolio theory, which considers different risk preference of an investor and structures of utility, defines net present value as a better criterion of project appraisal than discounted payback period (DPP). Meanwhile, in business practice, the DPP is more popular. Knowing that the NPV is based on the assumptions of certainty of project life, it cannot be an accurate appraisal approach alone to determine whether or not the project should be accepted for the approval in the environment that is not without of uncertainties. In order to reflect the period or the project’s useful life that is exposed to risks due to changes in political, operational, and financial factors, the second capital budgeting criterion – discounted payback period is profoundly important, particularly for the Russian environment. Those statements represent contradictions that exist in the theory and practice of the applied science. Therefore, it would be desirable to relax the assumptions of portfolio theory and regard DPP as not fewer relevant appraisal approach for the assessment of the investment and risk measure. At the same time, the rationality of the use of both project performance criteria depends on the methods and models, with the help of which these appraisal approaches are calculated in feasibility studies. The deterministic methods cannot ensure the required precision of the results, while the stochastic models guarantee the sufficient level of the accuracy and reliability of the obtained results, providing that the risks are properly identified, evaluated, and mitigated. Otherwise, the project performance indicators may not be confirmed during the phase of project realization. For instance, the economic and political instability can result in the undoing of hard-earned gains, leading to the need for the attraction of the additional finances for the project. The sources of the alternative investments, as well as supportive mitigation strategies, can be studied during the initial phases of project development. During this period, the effectiveness of the investments undertakings can also be improved by the inclusion of the various investors, e.g. Russian Railways’ enterprises and other private companies in the dry port projects. However, the evaluation of the effectiveness of the participation of different investors in the project lack the methods and models that would permit doing the particular feasibility study, foreseeing the quantitative characteristics of risks and their mitigation strategies, which can meet the tolerance of the investors to the risks. For this reason, the research proposes a combination of Monte Carlo method, discounted cash flow technique, the theory of real options, and portfolio theory via a system dynamics simulation approach. The use of this methodology allows for comprehensive risk management process of dry port development to cover all aspects of risk identification, risk evaluation, risk mitigation, risk monitoring, and control phases. A designed system dynamics model can be recommended for the decision-makers on the dry port projects that are financed via a public-private partnership. It permits investors to make a decision appraisal based on random variables of net present value and discounted payback period, depending on different risks factors, e.g. revenue risks, land acquisition risks, traffic volume risks, construction hazards, and political risks. In this case, the statistical mean is used for the explication of the expected value of the DPP and NPV; the standard deviation is proposed as a characteristic of risks, while the elasticity coefficient is applied for rating of risks. Additionally, the risk of failure of project investments and guaranteed recoupment of capital investment can be considered with the help of the model. On the whole, the application of these modern methods of simulation creates preconditions for the controlling of the process of dry port development, i.e. making managerial changes and identifying the most stable parameters that contribute to the optimal alternative scenarios of the project realization in the uncertain environment. System dynamics model allows analyzing the interactions in the most complex mechanism of risk management process of the dry ports development and making proposals for the improvement of the effectiveness of the investments via an estimation of different risk management strategies. For the comparison and ranking of these alternatives in their order of preference to the investor, the proposed indicators of the efficiency of the investments, concerning the NPV, DPP, and coefficient of variation, can be used. Thus, rational investors, who averse to taking increased risks unless they are compensated by the commensurate increase in the expected utility of a risky prospect of dry port development, can be guided by the deduced marginal utility of investments. It is computed on the ground of the results from the system dynamics model. In conclusion, the outlined theoretical and practical implications for the management of risks, which are the key characteristics of public-private partnerships, can help analysts and planning managers in budget decision-making, substantially alleviating the effect from various risks and avoiding unnecessary cost overruns in dry port projects.
Resumo:
Tutkimuksen tarkoitus on analysoida suomalaisen yrityksen vuonna 2014 kohtaamia riskejä Ukrainassa sekä tutkia sitä, miten niitä hallitaan ja miten ne vaikuttivat yrityksen liiketoimintaan. Ukraina ei ole merkittävä kauppakumppani Suomelle, mutta silti monet suomalaiset yritykset toimivat maassa ja vuoden 2014 kriisin jälkeen maahan on tullut uusia suomalaisia yrityksiä. Ukraina on kooltaan merkittävä markkina-alue, ja sen merkitys saattaa kasvaa kun se on aloittanut siirtymisen kohti EU:ta. Tutkimuksen tarkoituksena on tutkia millaisia riskejä Ukrainan liiketoimintaympäristössä esiintyi vuonna 2014 ja kuinka tutkittu yritys on hallinnut niitä. Tutkimusta varten on suoritettu laadullinen tapaustutkimus, jonka aineisto kerättiin teemahaastatteluiden sekä sähköpostivaihdon avulla. Tämän lisäksi on perehdytty aihetta käsitteleviin journaaleihin, aikakausilehtiin sekä Internet-sivustoihin relevantin ja monipuolisen tiedon hankkimista varten. Teoriapohjana on tutkimuksessa käytetty riskin määritelmää sekä COSO:n kokonaisvaltaista riskinhallintamallia. Tutkimuksessa tehtyjen havaintojen perusteella voidaan todeta, että tutkitun yrityksen riskinhallintatoimenpiteet eivät eronneet merkittävästi COSO:n mallissa esitetyistä, muutamaa poikkeusta lukuun ottamatta. Tutkittaessa suomalaisen yrityksen kohtaamia riskejä Ukrainassa vuonna 2014 huomattiin, että riskit jakautuvat viiteen eri kategoriaan: sosiaalisiin riskeihin, teknisiin riskeihin, henkilöstö riskeihin, poliittisiin riskeihin ja taloudellisiin riskeihin. Tutkimustuloksista huomattiin että yritys vastasi kolmeen eri riskikategoriaan poikkeavalla tavalla verrattuna malliin. Sosiaalisten-, teknisten- ja henkilöstö riskien osalta toimenpiteet erosivat mallissa esitetyistä. Yritys vastasi sosiaalisista riskeistä johtuviin boikotteihin vähentämällä niitä uudelleen brändäämällä tuotteitaan. Teknisiä riskejä hallittiin muuttamalla tuotteita ja tuotantoa uuteen toimintaympäristöön sopiviksi. Henkilöstöriskejä vältettiin olemalla käyttämättä tiettyyn etniseen ryhmään kuuluvia henkilöitä. Tutkimuksessa ilmenneitä riskinhallintakeinoja, jotka poikkesivat COSO:n mallista, ei tullut esille aikaisemmissa akateemisissa tutkimuksissa
Resumo:
Tietoturvallisuuden hallintajärjestelmä on organisaation laatujärjestelmän osa, joka keskittyy tietoturvallisuuteen liittyvien riskien hallintaan. Tässä työssä esitellään erityisesti terveydenhuoltoalaan liittyviä tietoturvavaatimuksia ja vertaillaan kuutta tietoturvallisuuden hallintajärjestelmämallia. Työssä tutkitaan millaisia eroja tietoturvallisuuden hallintajärjestelmien rakenteessa ja kattavuudessa on ja miten ne kykenevät vastaamaan terveydenhuoltoalan tietoturvaan liittyviin erityistarpeisiin. Lopputuloksena valitaan parhaiten soveltuva tietoturvallisuuden hallintajärjestelmä esimerkkiorganisaatiolle, joka on julkisomisteinen kuntoutusyhtiö. Arvioitavia hallintajärjestelmämalleja ovat TCSEC, ITSEC, Common Criteria, SOGP, VAHTI-ohjeet sekä ISO/IEC 27001 -standardiperhe. Tietoturvallisuuden hallintajärjestelmämalleja verrataan kahdesta aiemmasta tutkimuksesta sovellettujen vertailumallien pohjalta. Vertailun perusteella todetaan TCSEC, ITSEC ja Common Criteria –standardien olevan muita arvioituja hallintajärjestelmämalleja suppeampia ja soveltuvan parhaiten tekniseen tuotekehitystoimintaan. Laajempia SOGP-, VAHTI- ja ISO/IEC 27001 –malleja verrataan vielä erikseen terveydenhuollon sekä esimerkkiyrityksen erityistarpeisiin nähden ja lopputuloksena päädytään valitsemaan esimerkkiyritykselle parhaiten soveltuvaksi hallintajärjestelmämalliksi ISO/IEC 27001.
Tietokoneavusteisten tilintarkastuksen tukijärjestelmien käyttö tilintarkastuksen riskienhallinnassa
Resumo:
Suuryritysten skandaalit ovat herättäneet huolenaiheita organisaatioiden tilintarkas-tuksen hallintajärjestelmistä. Tietokonepohjainen tilintarkastuksen tukijärjestelmä voi auttaa tilintarkastajaa suorittamaan valvontaa ja varmistuskokeita, tilinpäätöstietojen analysointia ja tarkistusta sekä jatkuvaa seurantaa ja tilintarkastusta. Tilintarkastuk-sen hallintaohjelmiston avulla voidaan tehostaa työnkulkua ja vähentää virheiden riskiä. Tämän tutkielman tavoitteena on tutkia sähköisen tukijärjestelmän käyttöä tilintarkastusprosessissa sekä tilintarkastukseen liittyvien riskien hallinnassa. Tavoit-teena on saada selville, miten sähköistä tukijärjestelmää käytetään hyväksi tilintar-kastusriskien hallitsemisessa osana tilintarkastusprosessia. Tutkimus on toteutettu laadullisena tutkimuksena. Tutkimuksen empiirinen aineisto koostuu neljästä teemahaastattelusta. Kaikki haastateltavat ovat samasta tilintar-kastusyhteisöstä. Teemahaastattelun aiheet on koottu aikaisemmissa tutkimuksissa esiinnousseista teemoista. Tutkielman empiiristen tutkimustulosten mukaan sähköiset järjestelmät ovat vaikut-taneet merkittävästi tilintarkastajan työhön. Järjestelmätarkastuksen avulla saadaan tarkastettua tehokkaasti suuria aineistomääriä, ja näin koko tarkastus nopeutuu. Laatuvaatimukset ovat kuitenkin kiristyneet, mikä osaltaan syö tehokkuutta. Järjes-telmätarkastajilla on käytössään monenlaisia sähköisiä tilintarkastuksen järjestel-miä, joilla voidaan hakea ja analysoida dataa asiakkaan järjestelmästä. Tämän jäl-keen tarkastajilla on mahdollisuus käydä läpi analysoitua dataa erilaisten raporttien muodossa. Järjestelmätarkastajien toimesta voidaan käydä läpi asiakkaan koko populaatio. Tämä osaltaan auttaa tilintarkastuksen riskienhallinnassa.
