| Project/Area Number |
11630155
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Accounting
|
|---|
| Research Institution | Nihon University |
|---|
Principal Investigator |
HORIE Masayuki Nihon University, College of Commerce, Professor, 商学部, 教授 (70173630)
|
|---|
| Project Period (FY) |
1999 – 2001
|
| Project Status |
Completed (Fiscal Year 2001)
|
| Budget Amount *help |
¥1,000,000 (Direct Cost: ¥1,000,000)
Fiscal Year 2001: ¥300,000 (Direct Cost: ¥300,000)
Fiscal Year 2000: ¥300,000 (Direct Cost: ¥300,000)
Fiscal Year 1999: ¥400,000 (Direct Cost: ¥400,000)
|
|---|
| Keywords | Risk information systems / Risk management process auditing / Interaction model / Risk mapping / Risk control self assessment / リスク評価 / ビジネスリスク / リスク・セルフ・アセスメント / バリュー・アット・リスク / リスク・コントロール / コントロール・セルフ・アセスメント / コントロール環境 / ビジネス・リスクの識別と分析 / リスク管理監査 / 監査エキスパート・システム / ルール適用モデル / スクリプトモデル / スキルモデル / リスクコントロール |
|---|
| Research Abstract |
The research project involved development of a model combining risk information systems with audit expert systems. The model aims to provide a theoretical basis from a systems theory perspective for :
(1) risk management process auditing, particularly with respect to risk derivation (the process by which one type of risk gives rise to another) - an emerging research field ; and
(2) the methodology of developing risk-based audit strategies and selecting and applying audit procedures a more established research field.
The three defining characteristics of the conceptual model are as follows.
(1) The simple linear association model (risk → control objectives → control activities) is of limited use for modeling risk information management processes ; instead, we use an "interaction model" that expresses the risk associated with each of the structural elements behind management activities in solid structural Rerms. The interaction model defines the correlations between core business process risks and risks associated with strategic management planning, organizational structure, information technology infrastructure, and employee skills.
(2) Using mapping techniques in systemized form provides an effective means of analyzing risk information. When a specific control activity acts on a given risk, the result is either a reduction in the impact of the risk on corporate activity or a reduction in the likelihood of the risk occurring in the first place. The model builds up a database of risk categories and control activities in this way.
(3) Risk control self assessment, through workshops that bring together managers from all departments, is an effective means of accumulating risk information. It also has the advantage of providing timely feedback on fluctuations in risk factors.
|
