2001 Fiscal Year Final Research Report Summary
A Model for Combining Risk Information Systems with Audit Expert Systems
| Project/Area Number |
11630155
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Accounting
|
|---|
| Research Institution | Nihon University |
|---|
Principal Investigator |
HORIE Masayuki Nihon University, College of Commerce, Professor, 商学部, 教授 (70173630)
|
|---|
| Project Period (FY) |
1999 – 2001
|
| Keywords | Risk information systems / Risk management process auditing / Interaction model / Risk mapping / Risk control self assessment |
|---|
| Research Abstract |
The research project involved development of a model combining risk information systems with audit expert systems. The model aims to provide a theoretical basis from a systems theory perspective for :
(1) risk management process auditing, particularly with respect to risk derivation (the process by which one type of risk gives rise to another) - an emerging research field ; and
(2) the methodology of developing risk-based audit strategies and selecting and applying audit procedures a more established research field.
The three defining characteristics of the conceptual model are as follows.
(1) The simple linear association model (risk → control objectives → control activities) is of limited use for modeling risk information management processes ; instead, we use an "interaction model" that expresses the risk associated with each of the structural elements behind management activities in solid structural Rerms. The interaction model defines the correlations between core business process risks and risks associated with strategic management planning, organizational structure, information technology infrastructure, and employee skills.
(2) Using mapping techniques in systemized form provides an effective means of analyzing risk information. When a specific control activity acts on a given risk, the result is either a reduction in the impact of the risk on corporate activity or a reduction in the likelihood of the risk occurring in the first place. The model builds up a database of risk categories and control activities in this way.
(3) Risk control self assessment, through workshops that bring together managers from all departments, is an effective means of accumulating risk information. It also has the advantage of providing timely feedback on fluctuations in risk factors.
|
