Scribd
Upload
96 views1 page

AIS9

The document discusses several ways that ERM processes can be continuously monitored and modified so that deficiencies are reported to management, including having internal auditing perform evaluations, overseeing employees, using responsibility accounting systems, using risk analysis software, tracking software use, performing security audits, appointing a chief security officer and chief compliance officer, using forensic investigators, and installing fraud detection software.

Uploaded by

XiaoMeiMei
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
96 views1 page

AIS9

The document discusses several ways that ERM processes can be continuously monitored and modified so that deficiencies are reported to management, including having internal auditing perform evaluations, overseeing employees, using responsibility accounting systems, using risk analysis software, tracking software use, performing security audits, appointing a chief security officer and chief compliance officer, using forensic investigators, and installing fraud detection software.

Uploaded by

XiaoMeiMei
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Discuss several ways that ERM processes can be continuously monitored and modified

so that deficiencies are reported to management.

1. Have a special team or internal auditing perform a formal or a self-assessment


ERM evaluation.

2. Supervise effectively, including training and assisting employees, correcting


errors, and overseeing employees who have access to assets.

3. Use Responsibility Accounting Systems such as budgets, quotas, schedules,


standard costs, and quality standards; reports comparing actual and planned
performance; and procedures for investigating and correcting significant
variances.

4. Use risk analysis and management software packages to review computer and
network security measures, detect illegal access, test for weaknesses and
vulnerabilities, report weaknesses found, and suggest improvements.

5. Track purchased software to comply with copyrights and protect against software
piracy lawsuits. Companies should periodically conduct software audits.
Employees should be informed of the consequences of using unlicensed software.
Track and monitor mobile devices, as their loss could represent a substantial
exposure. Also, track who has them, what tasks they perform, the security
features installed, and what software is needed to maintain adequate system and
network security.

6. Have periodic external, internal, and network security audits to assess and
monitor risk as well as detect fraud and errors.

7. Have a chief security officer (CSO), who is independent of the information system
function, be in charge of system security and report to the chief operating officer
(COO) or the CEO. Have a chief compliance officer (CCO), who reports to the
same people, be responsible for all compliance issues

9. Use forensic investigators, who specialize in fraud detection and investigation,


help with the financial reporting and corporate governance process. Most forensic
investigators received specialized training with the FBI, IRS, or other law
enforcement agencies. Investigators with the computer skills to ferret out fraud
perpetrators are in great demand.

10. Install fraud detection software to help ferret out fraud, such as illegal credit card
use, and notify forensic investigators when it is found.

11. Use a fraud hotline so people witnessing fraudulent behavior can report it
anonymously.

You might also like