This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Chapter 14 Enterprise System Risks and Controls Review Questions R1. What is a system of internal controls? Internal controls are a set of rules, policies, and procedures an organization implements to provide reasonable assurance that (1) its financial reports are reliable, (2) its operations are effective and efficient, and (3) its activities comply with applicable laws and regulations. R2. Distinguish between risk, exposure, and threat. Risk, as with many words in the English language, has multiple meanings so we must be careful to define how we are using it. A risk is any exposure to the chance of injury or loss. (Some people use the term risk in a more narrow sense to describe the probability of a loss occurring.) Threat is another word some people use to describe these situations because they represent a probable evil, violence, or loss to the entity. There are so many potential risks that it may seem overwhelming to try to control all of them. So we should only worry about the most significant risks. The significance of a risk is determined by (a) its impact on the organization, and (b) the likelihood of it occurring. Exposure is a word some people use to describe the potential impact on the entity. R3. Describe the relationship between risk, opportunity, and objectives. Opportunity and risk go hand in hand. You cant have an opportunity without some risk and with every risk there is some potential opportunity. Peoples objectives and the stated objectives of the organization impact both risks and opportunities. Conservative objectives that can be easily achieved require less risk. More aggressive objectives create greater risk as more difficult and complex activities are pursued to achieve them. Change creates opportunities. The world is constantly changing and change is often viewed in a negative light because it upsets the status quo. The people who are the most successful are those who are able to anticipate change, recognize the opportunities associated with it, and adapt very quickly. In summary, change creates many new opportunities. The opportunities an organization seeks are guided by its objectives. But with every opportunity there is some element of risk. We seek to manage these risks by a system of controls. Solutions Manual to accompany Dunn, Enterprise Information Systems: A Pattern Based Approach, 3e 177 Chapter 14 R4. How do you determine the materiality of risk? Materiality of risk is a function of the size of the potential loss and its impact on achieving the organizations objectives, and of the likelihood of the loss. As either the likelihood or size of the loss increases, the materiality of the risk also increases. The need to manage risk increases with its materiality. In many situations these evaluations can only be measured in rough, order-of-magnitude amounts....
View Full Document
- Spring '10
- enterprise information systems