Premium Essay

Organizational Risk Appetite and Risk Assessment

In: Computers and Technology

Submitted By kdmoody
Words 539
Pages 3
Assignment 2: Organizational Risk Appetite and Risk Assessment
Due Week 4 and worth 70 points

Imagine you have just been hired as an Information Assurance Officer and the leader of business impact analysis (BIA) and risk assessment team for a video game development company. The organization network structure is identified in the network diagram below and specifically contains:

•2 firewalls •3 file servers •1 Web / FTP server •1 wireless access point (WAP) •1 exchange email server •100 desktop / laptop computers •1 Network Intrusion Detection System (NIDS) •In-house PKI environment •2 Windows 2008 Active Directory Domain Controllers (DC) •VoIP telephone system

Description: Network
The Chief Information Officer (CIO) has seen reports of malicious activity on the rise and has become extremely concerned with the protection of the intellectual property and highly sensitive data maintained by your organization. As one of your first tasks with the organization, the CIO requests your help.
Write a three to five (3-5) page paper in which you:

1.Conduct an organizational business impact analysis (BIA) and determine which information assets need to have a risk assessment performed.
2.Conduct an organizational risk assessment and provide an initial report that includes the following:
1.Identify information assets and prioritize identified assets.
2.Define risks and prioritize the risks.
3.Identify the critical asset(s) and its associated risks.
3.Based on your BIA and risk assessment initial report, evaluate the current network and organizational requirements and complete the following:
1.Identify one (1) risk that should be accepted by the organization. Explain why.
2.Identify one (1) risk that should be avoided by the organization. Explain why and how it should be avoided.
3.Identify one (1) risk that should be shared

Similar Documents

Free Essay

Week 4 Assignment 2: Organizational Risk Appetite and Risk Assessment

...Week 4 Assignment 2: Organizational Risk Appetite and Risk Assessment Abstract This report will touch on what is needed to prepare in case of untimely disaster and what should be done when the worse has happen and you need to recover. We will take a look at what the business impact analysis look like and the company risk assessment for our company and look for risk that can be handled and risk the most be avoided and try to come up with a plans and policies for how to handle all future risks and problems. ”Business Impact Analysis (BIA) determines the importance of the organization’s activities by assessing the impact over time, if they are interrupted, and establishes continuity and recovery objectives”. (Engemann & Henderson, 2012) When looking to make a Business Impact Analysis we need to talk a look at all the resources of our company and what they do for the company. Then we figure what each piece need in the event of a crisis and how long and how much money it will take to get back on line so let take a look at the most valuable piece of equipment and work our way to the most expandable piece of equipment. The first and most important is the 3 file servers which is the central storage and the managing of data files to the company. These servers house not only private information on the company but also customer information. This means if they are damage or found missing work is loss and vital customer data is either gone or in a worse case stolen. This...

Words: 2047 - Pages: 9

Premium Essay

Risk Assessment

...large emphasis on financial risk assessments. The risk assessment process is needed to identify risks that need to be treated within an organization, as well as to provide strategies and methods that are most appropriate to treat these risks. Because many organizations are poorly aligned between their risk exposure and their risk appetite, it is important to engage in the risk assessment procedures. These procedures can help an organization prevent risk exposure and determine if their current operations will result in an increase or decrease of market value and owners’ wealth. As a result of the economic crisis, and the recent increase in corporate failures, organizations can now learn from the mistakes of others. This paper will discuss the mistakes that lead WorldCom, a telecom company that was once the fourth-ranked in Fortune 500, to bankruptcy in 2002, in an effort to demonstrate the importance of successful risk assessment and alignment implementation. Keywords: corporate failure, risk analysis, risk assessment, risk management, WorldCom Over the past years, and as a result of high profile firm failures, the economic crisis, and increased regulatory pressure, many organizations have placed a large emphasis on financial risk assessments. Risk assessment is the process where risk managers analyze the risks of an organization and identify risks that need to be treated (Tarantino & Cernauskas, 2011, p.47). In addition, a risk assessment provides strategies and...

Words: 4331 - Pages: 18

Premium Essay

Mr Mubi

...Introduction Enterprise Risk Management is defined1 as: “A process, affected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of the entity’s objectives.” In summary, ERM: * Forms a basis for the credit union’s decision making processes from the development of its strategy and objectives to its daily operations, reporting and compliance routines; * Provides the ability for management to make more efficient use/allocation of capital and resources within the organization to optimize capital levels. * Optimizes risk management by balancing the cost of risk with the cost of control for all aspects of the credit union’s potential risk areas to ensure organizational objectives are met. * Seeks to enhance value and preserve the longer term viability of the credit union. The importance of enterprise risk management Value is created by informed and inspired management decisions in all spheres of an entity’s activities, from strategy setting to operations. Entities failing to recognize the risks they face, from external or internal sources and to manage them effectively can destroy value – in absolute or relative terms for shareholders and other stakeholders, including the community and society at large. For companies,...

Words: 1296 - Pages: 6

Premium Essay

Erm Concepts

...“fixes” to risk owners. 9. Report on progress. 10. Develop “soft” skills to be able “sell” ERM to organizational leaders. RIMS Risk Maturity Model. – to determine where its organization is in terms of risk management development. 1. Nonexistent-Limited risk management activity and no ERM program. 2. Level 1: Ad hoc-Uses ERM process for singular events. 3. Level 2: Initial-Early stages of ERM implementation. 4. Level 3: Repeatable-ERM being processed regularly by various units in the organization. 5. Level 4: Managed-Skillful use ERM process is decisions on risk. 6. Level 5: Leadership-Board and senior management fully embrace and guide ERM and organization is a culture of risk ownership and accountability. Ways to express risk appetite. (7) 1. Setting a boundary on a probability and impact grid 2. Economic capital measures/balance sheet-based expressions 3. Changes in credit ratings 4. Changes in credit ratings 5. Value-based measures 6. Limits/targets or thresholds for key indicators 7. Qualitative statements Role of organizational infrastructure in implementing ERM. (4) 1. Communication system. 2. Education system. 3. Conflict management system. 4. Reward system. Building a risk infrastructure. (4) 1. A highly organized communication structure to communicate and drive risk management considerations into operating decisions. 2. Intranet and ongoing personal communication of risk management...

Words: 866 - Pages: 4

Premium Essay

Erm Paper Internal Auditing

...Society Committee on Enterprise Risk Management has adopted the following definition which includes the purpose of ERM : “ERM is the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization’s short – and long-term value to its stakeholders.” In the US, COSO published its ERM-Integrated framework in 2004. COSO identified a need for robust framework to help companies effectively identify, assess, and manage risk. The resulting framework has eight components and four objectives. The eight components are:- * Internal Environment- It encompasses the tone of an organization, and sets the basis for how risk and control are viewed and addressed by an entity’s people. * Objective setting –Objectives must be aligned with the organization’s risk appetite, which derives risk tolerance levels for the organization. * Event identification-Management identifies potential events that, if they occur, will affect the entity’s ability to successfully implement the strategy and achieve objectives adversely or positively. * Risk Assessment-It allows an entity to consider the extent to which potential events have an impact on achievement of objectives. * Risk response-It includes risk avoidance, reduction, sharing and acceptance. * Control Activities-These are the policies & procedures that help ensure the management’s risk responses are carried out. ...

Words: 1368 - Pages: 6

Premium Essay

Enterprise Risk Management

...| Deakin UniversityAssignment Attachment SheetFaculty of Business and Law | Date received | This form must be completed, signed and attached to each assignment you submit within the Faculty of Business and Law. If submitting online, this form must be completed and submitted with your assignment. Last NamePlease use block letters, and enter your name as it appears on your Deakin student card | First Name | Student ID | Li | Ke | 900335188 | Unit code | Unit name | Campus | Lecturer/Tutor/Unit Coordinator | MAF754 | Enterprise Risk Management | | Lecturer: David SewellPeter | | | | Tutor: | Assignment number / title | Due date | Assignment 2: A research paper of enterprise risk management for Sinomaster(SMT) group | 25 May 2012 | If this assignment has been completed by a group or team:1. Each student in the group must complete and sign a separate form;2. The assignment will be returned to the student in the group nominated below.*This assignment was completed in a group or team: No (circle or delete as necessary)The assignment should be returned to the student named on this form: No (circle or delete as necessary) | Plagiarism and Collusion Plagiarism occurs when a student passes off as the student’s own work, or copies without acknowledgement as to its authorship, the work of another person. Collusion occurs when a student obtains the agreement of another person for a fraudulent purpose with...

Words: 3717 - Pages: 15

Premium Essay

Gx-Fsi-Risk-Transformation-Governance-and-Culture

...Implementing risk transformation in financial institutions Governance and culture Risk transformation can enable a financial institution to elevate risk management from a functional capability to an enterprise responsibility that permeates the entire organization. When that happens, every business, function, and individual becomes responsible for, accountable for, and capable of recognizing and addressing the risks within their purview. Moreover, risk awareness and appropriate risk-related skills can become an integral component of every individual’s responsibilities at every level. In these ways, risk transformation can enhance the organization’s ability to implement business strategies and achieve goals while addressing risks and complying with evolving regulations. This document is one in a series of four on the cornerstones of risk transformation (see Figure 1): • Strategy • Governance and culture • Business and operating models • Data, analytics, and technology As explained in Aligning risk and the pursuit of shareholder value: Risk transformation in financial institutions,1 when these cornerstone frameworks and capabilities are in place, risk management, risk governance, and regulatory compliance can be implemented in a more aligned and integrated manner. Figure 1: The cornerstones of risk transformation What vision drives the Organization? Business Model Operating Model culture What oversight ensures the strategy is executed? ...

Words: 4931 - Pages: 20

Premium Essay

Erm Faq Guide

...Guide to Enterprise Risk Management F R E Q U E N T LY A S K E D Q U E S T I O N S Guide to Enterprise Risk Management: Frequently Asked Questions Page No. Introduction The Fundamentals 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. What is Enterprise Risk Management (ERM)? Why implement ERM? How does the scope of ERM compare to existing risk management approaches? What is the value proposition for implementing ERM? Which companies are implementing ERM? If companies are not implementing ERM, then what are they doing? Who is responsible for ERM? What are the steps companies can take immediately to implement ERM? Is ERM applicable to smaller and less complex organizations? Why have companies that have tried to implement ERM failed in their efforts? Does implementation of ERM ensure the success of a business? What is the difference between ERM and management? What does it mean to “implement ERM”? Generally, how long does it take to implement ERM? Is there any way to benchmark the level of investment required to implement ERM? Don’t successfully run companies already apply ERM? How long has ERM been around and why is there a renewed focus on it? What percentage of public companies currently have an ERM process or system? Is there an example of effective ERM as it is applied in practice? How does the application of ERM vary by industry? Are there any organizations that need not implement ERM? What are the regulatory mandates for implementing...

Words: 83481 - Pages: 334

Premium Essay

Corporate Compliance Report

...corporate obligation. Risk management is a fundamental area of importance to stakeholders. Organizations that are best practice companies look to the Committee of Sponsoring Organizations for guidance to develop efficient internal controls, enterprise risk and against fraudulent activities. This paper will outline a plan to implement enterprise risk for an organization of choice. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) “is dedicated to guiding executive management and governance entities toward the establishment of effective, efficient, and ethical business operations on a global basis. It sponsors and disseminates frameworks and guidance based on in-depth research, analysis, and best practices” (COSO, 2006). COSO is a private-sector program funded and sponsored by five professional organizations. The Committee conducted an 11-year research study to analyze instances of fraudulent financial reporting and determine contributing factors that lead to financial statement fraud (COSO, 2006). COSO’s research demonstrated that most fraudulent behavior involved the chief executive officer (CEO) and chief financial officer (CFO). In 83% of the cases, that COSO evaluated, either the CEO, CFO, or both implicated with fraudulent financial statements. In addition, managers, chief operating officers (COO), other significant executives, and members of the board were involved in unlawful acts as well. “The new Enterprise Risk Management (ERM) COSO...

Words: 1730 - Pages: 7

Premium Essay

The Culpability of Accounting Fraud

...The Culpability of Accounting Fraud: Auditors, Managers or Both ACC 503 – Accounting for Management Abstract The purpose of this term paper is to provide insight to the reader about accounting fraud and on whom the responsibility lays whenever there is an allegation of accounting misconduct. Based on the rash of accounting fraud by major respectable corporations in recent years, no one organization is immune to accounting fraud and it is prevalent in the Federal Government down to the smallest neighborhood business. This paper will, discuss the responsibility of managers and auditors in preventing accounting fraud, show the relationship between internal and external auditors in identifying and preventing fraud, and the responsibility for managers to have strict internal controls within their accounting processes. Introduction Enron, WorldCom, Lehman Brothers, and Waste Management were three of the biggest corporations plagued by accounting improprieties. These companies were at one time multi-billion dollar entities that seemed to have unlimited growth prospects. They also were mega companies that have been involved in some sort of accounting scandal or an instance of accounting fraud. The Journal of Finance and Accountancy lists the definition of fraud as “All multifarious means which human ingenuity can devise, and which are resorted to by one individual to get an advantage over another by false suggestions...

Words: 3151 - Pages: 13

Premium Essay

Risk Management

...ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library Library of Congress Cataloguing in Publication Data A catalog record for this book is available from the Library of Congress ISBN–13: 978-0-7506-8650-1 For information on all Butterworth-Heinemann publications visit our website at http://books.elsevier.com Printed and bound in Great Britain 07 08 09 10 10 9 8 7 6 5 4 3 2 1 For Loredana and Alexis for their encouragement, support and advice in our family’s own risk management. Introduction At the time of writing, at least three major global risks can be identified which...

Words: 89973 - Pages: 360

Free Essay

Coso Paper

...Helen Valentine ACCT 3222 Sec. 01 October 18, 2011 The COSO Framework Due to questionable corporate political campaign finance practices and foreign corrupt practices in the mid -1970s, the U.S. Securities and Exchange Commission (SEC) and the U.S. Congress enacted campaign finance law reforms and the 1977 Foreign Corrupt Practices Act (FCPA) which criminalized transnational bribery and required companies to implement internal control programs. In response, the Treadway Commission, a private-sector initiative, was formed in 1985 to inspect, analyze, and make recommendations on fraudulent corporate financial reporting. The Treadway Commission studied the financial information reporting system over the period from October 1985 to September 1987 and issued a report of findings and recommendations in October 1987, Report of the National Commission on Fraudulent Financial Reporting. As a result of this initial report, the Committee of Sponsoring Organizations (COSO) was formed and it retained Coopers & Lybrand, a major CPA firm, to study the issues and author a report regarding an integrated framework of internal control. In September 1992, the four volume report entitled Internal Control— Integrated Framework was released by COSO and later re-published with minor amendments in 1994. This report presented a common definition of internal control and provided a framework against which internal control systems may be assessed and improved. This report is one standard that...

Words: 1651 - Pages: 7

Premium Essay

Enterprise Risk Management

...Chapter 4 – Risk Management In the 1970s, corporate and political campaign finance corruption was running rampant. The United State Securities and the Exchange commission and the United States Congress together ratified campaign finance law reforms and the 1977 Foreign Corrupt Practices Act. These two laws made it a criminal offense for any corporations or persons to be involved in global bribery and required all companies to implement internal control systems. In 1985, in response to these reforms 5 major private sector accounting associations together created The Committee Of Sponsoring Organizations, also referred to as COSO, to help sponsor the National Commission on Fraudulent Financial Reporting (Treadway Commission). The 5 associations included the American Institute of Certified Public Accountants, American Accounting Association, Financial Executives International, Institute of Internal Auditors and the Institute of Management Accountants. The original chairman of COSO was James Treadway, which led to it being referred to as the Treadway Commission. This association was formed to inspect, analyze and make recommendations of fraudulent corporate financial reporting. Today this association is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence. COSO offers 5 key components to the Internal Control Framework: Control Environment, Risk Assessment, Control Activities...

Words: 1831 - Pages: 8

Premium Essay

Internal Control Checklist

...Control Environment – The control environment is the foundation for the other four components of internal control. It outlines discipline and structure for the internal control method and consists of philosophy, ethical values, operating style, risk appetite, functioning of the board, and organizational structure (Louwers, Ramsay, Sinason, & Strawser, 2007). 2. Risk Assessment - This component evaluates the way in which an organization decides to handle the number of always-evolving external and internal risks. 3. Control Activities - This component seeks to ensure that the directives of management are carried out. These are computerized and manual and serve the purpose of preventing, detecting, and correcting errors (Louwers, Ramsay, Sinason, & Strawser, 2007). 4. Information and Communication – The information and communication component provide managers with the critical information necessary for achieving objectives. This component seeks to provide information that is timely, reliable, and relevant. 5. Monitoring – Assessing the quality of the established controls is essential to motivate continuous progress of the internal control method. |Yes |No |N/A |Control Environment Assessment | | | | |Are leadership personnel familiar with internal policy, operating methods, and regulatory compliance components? | | | ...

Words: 866 - Pages: 4

Premium Essay

Research on Internal Audit Participate in Risk Management-Based on the Erm Framework of Coso

...换一个你的 School of Management, University of Glamorgan Research on Internal Audit Participate in Risk Management-Based on the ERM Framework of COSO By: Weichen Zhu Candidate no: 学号 September 2012 Supervised by: 你导师的名字 The dissertation is submitted as part of the requirement for the award of Masters of Science: 你专业的名字 Declaration This Dissertation has been prepared on the basis of my own work and that where other published and unpublished source materials have been used, these have been acknowledged. Word Count: Student Name: __________________ Signature: ______________________ Date of Submission:______________ Acknowledgement This is my first time to go aboard for studying. During different campus life in the UK, it is wonderful with deep impression. I learned how to use my internal power to make things happen and how to live my own life. All efforts contribute to my growth, but I cannot forget people who encourage and help me. Probably, I am not happy to study in my whole postgraduate time without support. Firstly, I would like to thank my supervisor 你导师的名字. He helps me develop the ideas and complete this dissertation. Especially, when I make a survey in China, I communicate with him through email. Sometimes, I am afraid that my timetable could have bad effects on him. However, he usually gives me feedback as soon as possible. Therefore, I only use 20 days to finish my survey. This kind of strong professional ethic is worth to learn...

Words: 20009 - Pages: 81