Dissertations / Theses on the topic 'Risk-Aware Business Process Management'

L’essor du Cloud Computing, permettant de partager les coûts et les ressources au travers de la virtualisation, présage une interconnexion dynamique et flexible entre entreprises et fournisseurs. Cependant, cette mise en commun de ressources, données et savoir-faire implique de nouvelles exigences en termes de sécurité. En effet, le manque de confiance dans les structures du Cloud est souvent vu comme un frein au développement de tels services. L’objectif de cette thèse est d’étudier les concepts d’orchestration de services, de confiance et de gestion des risques dans le contexte du Cloud. La contribution principale est un framework permettant de déployer des processus métiers dans un environnement Cloud, en limitant les risques de sécurité liés à ce contexte. La contribution peut être séparée en trois partie distinctes qui prennent la forme d'une méthode, d'un modèle et d'un framework. La méthode catégorise des techniques pour transformer un processus métier existant en un modèle sensibilisé (ou averti) qui prend en compte les risques de sécurité spécifiques aux environnements Cloud. Le modèle formalise les relations et les responsabilités entre les différents acteurs du Cloud. Ce qui permet d'identifier les différentes informations requises pour évaluer et quantifier les risques de sécurité des environnements Cloud. Le framework est une approche complète de décomposition de processus en fragments qui peuvent être automatiquement déployés sur plusieurs Clouds. Ce framework intègre également un algorithme de sélection qui combine les information de sécurité avec d'autres critère de qualité de service pour générer des configuration optimisées. Finalement, les travaux sont implémentés pour démontrer la validité de l'approche. Le framework est implémenté dans un outil. Le modèle d'évaluation des risques de sécurité Cloud est également appliqué dans un contexte de contrôle d'accès. La dernière partie présente les résultats de l'implémentation de nos travaux sur un cas d'utilisation réel
Nowadays service ecosystems rely on dynamic software service chains that span over multiple organisations and providers. They provide an agile support for business applications, governments of end-users. This trend is reinforced by the Cloud based economy that allows sharing of costs and resources. However, the lack of trust in such cloud environments, that involve higher security requirements, is often seen as a braking force to the development of such services. The objective of this thesis is to study the concepts of service orchestration and trust in the context of the Cloud. It proposes an approach which supports a trust model in order to allow the orchestration of trusted business process components on the cloud. The contribution is threefold and consists in a method, a model and a framework. The method categorizes techniques to transform an existing business process into a risk-aware process model that takes into account security risks related to cloud environments. The model formalizes the relations and the responsibilities between the different actors of the cloud. This allows to identify the different information required to assess and quantify security risks in cloud environments. The framework is a comprehensive approach that decomposes a business process into fragments that can automatically be deployed on multiple clouds. The framework also integrates a selection algorithm that combines security information with other quality of service criteria to generate an optimized configuration. Finally, the work is implemented in order to validate the approach. The framework is implemented in a tool. The security assessment model is also applied over an access control model. The last part presents the results of the implementation of our work on a real world use case

Submitted by Nayara Passos (nayara.passos@ufpe.br) on 2015-03-11T18:45:54Z No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) TESE César Augusto Lins de Oliveira.pdf: 3834643 bytes, checksum: d06a43bd091b3a1741f646e42716d74b (MD5)
Made available in DSpace on 2015-03-11T18:45:54Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) TESE César Augusto Lins de Oliveira.pdf: 3834643 bytes, checksum: d06a43bd091b3a1741f646e42716d74b (MD5) Previous issue date: 2014
CNPq
Nas últimas duas décadas, a literatura em gestão empresarial tem demonstrado um interesse crescente no tema da incerteza e os meios utilizados pelas organizações para lidar com ela. Há um consenso entre os pesquisadores atualmente de que as organizações precisam estar constantemente mudando e adaptando as suas operações e estratégias para atender a novos requisitos econômicos e de mercado. A capacidade de uma empresa de mudar rapidamente as suas metas e estratégias e de reconfigurar rapidamente as suas operações é chamada de “flexibilidade estratégica”. Essa capacidade tem sido identificada como um fator crítico para o sucesso das organizações de hoje. Contudo, o apoio da tecnologia da informação à flexibilidade estratégica tem sido limitado. Na maioria das organizações, há ainda uma grande lacuna que separa as atividades de planejamento estratégico das atividades de desenvolvimento de sistemas. Isso reduz a agilidade da companhia em responder a novas necessidades do mercado. Um estudo da literatura em gestão mostra que as necessidades atuais de gerentes em ambientes incertos e mutáveis não tem sido satisfeitas pelos sistemas de apoio à gestão disponíveis hoje. Nesta tese, nós propomos um mecanismo para tornar sistemas da informação “conscientes da estratégia”. Essa consciência estratégica é definida como uma funcionalidade que permite a atualização rápida das funções do sistema em resposta a mudanças estratégicas. Essa funcionalidade também aumenta a capacidade de alinhamento estratégico e monitoramento de desempenho da organização. Mais especificamente, nós propomos uma arquitetura de software que permite que os usuários de um sistema se tornem mais conscientes das necessidades estratégicas da companhia durante a realização do seu trabalho. Nosso foco nesse trabalho é na gestão de processos de negócio e o conceito que nós desenvolvemos é chamado de Gestão de Processos de Negócio Consciente de Estratégia (Strategy-Aware Business Process Management - SA-BPM). A consciência estratégica é obtida por meio de uma infraestrutura modular que muda o comportamento do sistema de gestão de processos em tempo real. O sistema passa a ser capaz de capturar informações derivadas diretamente dos sistemas de apoio à decisão da organização (ex.: sistema de planejamento estratégico). Por meio desse instrumento, as organizações podem desenvolver a capacidade de realizar mudanças frequentes nas suas estratégias e de tornar essas mudanças operacionais de maneira rápida, contribuindo assim para a sua flexibilidade estratégica.
Over the past two decades, management research has demonstrated a growing interest in the subject of uncertainty and in the means employed by organizations to cope with it. There is a consensus among researchers nowadays that organizations must be constantly changing and adapting their operations and strategies to match new market and economic requirements. The ability of a firm to rapidly change its goals and strategies and to readily reconfigure its operations is called “strategic flexibility”. Such ability is being identified as a critical success factor for contemporary organizations. Nevertheless, information technology support for strategic flexibility has been limited. In most organizations, there is still a large gap that separates strategic planning activities from information systems development activities. This reduces the agility of the company to respond to new market necessities. A study of the management literature demonstrates that current requirements of managers in uncertain and changing environments have not been fulfilled by the management support systems available today. In this thesis, we propose a mechanism to make information systems “strategy-aware”. Such strategy awareness is defined as a feature that allows for the rapid update of a system’s functions in response to strategic changes. This feature also improves an organization’s capacity for strategic alignment and performance monitoring. More specifically, we propose a software architecture that makes information system’s users become aware of the company’s strategic necessities while performing their job. Our focus in this work is on business process management and the concept developed by us is called Strategy-Aware Business Process Management (SA-BPM). The strategy awareness is achieved through a modular adaptation infrastructure that changes the behavior of the business process management system at run-time. The system becomes able to capture information derived directly from the organization’s management support systems (e.g., its strategic planning systems). Through our framework, organizations can develop the capacity to make frequent changes to their strategies and to rapidly make these changes operational, contributing to the improvement of their strategic flexibility.

Over the past decade, the ubiquity of business processes and their need for ongoing management in the same manner as other corporate assets has been recognized through the establishment of a dedicated research area: Business Process Management (or BPM). There are a wide range of potential software technologies on which a BPM o®ering can be founded. Although there is signi¯cant variation between these alternatives, they all share one common factor { their execution occurs on the basis of a business process model { and consequently, this ¯eld of technologies can be termed Process-Aware Information Systems (or PAIS). This thesis develops a conceptual foundation for PAIS based on the results of a detailed examination of contemporary o®erings including work°ow and case han- dling systems, business process modelling languages and web service composition languages. This foundation is based on 126 patterns that identify recurrent core constructs in the control-°ow, data and resource perspectives of PAIS. These patterns have been used to evaluate some of the leading systems and business process modelling languages. It also proposes a generic graphical language for de¯ning exception handling strategies that span these perspectives. On the basis of these insights, a comprehensive reference language { newYAWL { is developed for business process modelling and enactment. This language is formally de¯ned and an abstract syntax and operational semantics are provided for it. An assessment of its capabilities is provided through a comprehensive patterns-based analysis which allows direct comparison of its functionality with other PAIS. newYAWL serves as a reference language and many of the ideas embodied within it are also applicable to existing languages and systems. The ultimate goal of both the patterns and newYAWL is to improve the support and applicability of PAIS.

Long wait times are a global issue in the healthcare sector, particularly in Canada. Despite numerous research findings on wait time management, the issue persists. This is partly because for a given hospital, the data required to conduct wait times analysis is currently scattered across various information systems. Moreover, such data is usually not accurate (because of possible human errors), imprecise and late. The whole situation contributes to the current state of wait times. This thesis proposes a location-aware business process management system for real-time care process monitoring. More precisely, the system enables an improved visibility of process execution by gathering, as processes execute, accurate and granular process information including wait time measurements. The major contributions of this thesis include an architecture for the system, a prototype taking advantages of commercial real-time location system combined with a business process management system to accurately measure wait times, as well as a case study based on a real cardiology process from an Ontario hospital.

Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2017-07-27T12:57:10Z No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) Dissertacao_FabioFerreira_Digital.pdf: 2972458 bytes, checksum: f0d2fa1803fb21110efdc841f63933b1 (MD5)
Made available in DSpace on 2017-07-27T12:57:10Z (GMT). No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) Dissertacao_FabioFerreira_Digital.pdf: 2972458 bytes, checksum: f0d2fa1803fb21110efdc841f63933b1 (MD5) Previous issue date: 2016-07-01
Na busca por agilidade, economia e qualidade em seus processos, um número crescente de empresas tem adotado técnicas de Gerenciamento de Processos de Negócios (do original em inglês: Business Process Management - BPM), já que esta permite que a organização torne seus processos mais eficientes, com maior precisão, rapidez, flexibilidade e qualidade. No entanto, mesmo gerenciados, os processos podem enfrentar riscos que podem causar forte impacto sobre os objetivos da organização se estes riscos não forem gerenciados de forma apropriada. Como o gerenciamento de riscos demanda recursos e a execução de várias atividades (entrevistas, análises, reuniões etc.) que também são demandados pelo BPM, a integração destes dois campos tem sido tema de pesquisa frequente nos últimos anos. Um problema com os trabalhos existentes, no entanto, é que as atividades de gerenciamento de riscos propostas são aplicadas apenas a algumas fases do ciclo de vida BPM. Esta dissertação teve como objetivo construir e avaliar uma metodologia para realizar o gerenciamento de riscos em processos de negócios de forma integrada com o ciclo de vida BPM. A metodologia, chamada R-BPM, é composta por um conjunto de fases e uma ferramenta de apoio. Ela é inspirada na estrutura de gerenciamento de riscos do COSO (Committee of Sponsoring Organizations of the Treadway Commission) e foi construída através da abordagem de Design Science Research, que envolve um ciclo iterativo de construção e avaliação. Para avaliar a metodologia e a ferramenta de software construída para apoiá-la, foi realizado um estudo de caso em uma organização pública. Os artefatos foram avaliados através de grupos focais e surveys com especialistas da organização. Os resultados mostraram que a metodologia R-BPM, além de permitir que as atividades relacionadas à gestão de riscos sejam executadas em conjunto com o ciclo de vida BPM, permite também compartilhar a responsabilidade pelos riscos e fornecer melhores condições para os analistas e donos dos processos avaliá-los. Como a metodologia foi utilizada para resolver um problema do mundo real na organização estudada, esta pesquisa também contribuiu para a disseminação de conhecimento acadêmico para o mercado.
In search for agility, economy and quality in their processes, an increasing number of companies have adopted techniques of Business Process Management (BPM), as this allows the organization make its processes more efficient with greater precision, speed, flexibility and quality. However, even when managed, processes may face risks that can cause strong impact on the organization's goals if these risks are not managed appropriately. As risk management requires resources and the execution of many activities (interviews, analysis, meetings and so on) which are also demanded by BPM, the integration of these two fields has been a research theme frequent in recent years. A problem with existing works, however, is that the risk management activities proposed are applied only to some phases of the BPM lifecycle. This work aimed to construct and evaluate a methodology to manage risks of business processes integrated with the BPM lifecycle. The methodology, called R-BPM, is composed of a set of phases and a supporting tool. It is inspired by the COSO (Committee of Sponsoring Organizations of the Treadway Commission) risk management structure and was built by Design Science Research strategy, which involves an iterative cycle of construction and evaluation. To evaluate the methodology and the software tool built to support it, we conducted a case study in a public organization. The artifacts were assessed through focus groups and surveys with the organization's experts. The results showed that the R-BPM allows the activities related to risk management can now be implemented together with the BPM lifecycle, as well as shares responsibility for the risks and provides better conditions for process owners evaluate them. As the methodology was used to solve a real-world problem in the organization studied, this research also contributed to the dissemination of academic knowledge to market.

Thesis (MBA)--Stellenbosch University, 2012.
ENGLISH ABSTRACT: Severe flooding in Queensland, Australia in late 2010 and into February of 2011 resulted in significant losses to infrastructure, equipment and coal production. Xstrata Coal (XC) mines suffered billions of dollars worth of losses, resulting in insurance premiums increasing drastically in subsequent months. These events prompted Xstrata‟s top management to reconsider the way in which they managed risk. Initial revelations were that the focus of Risk Management had largely been on the areas of Health and Safety and that, particularly in South Africa, the outcome of all management‟s efforts to manage risk had been to comply with the relevant legislation. There was clearly an attempt to avoid litigation resulting in potential prosecution. The most stringent of this legislation was that of the Mine Health and Safety Act (No. 24 of 996), as promulgated by the Department of Mineral Resources. The requirements were prescriptive to the extent that mine management was required to utilise the Hazard Identification Risk Assessment process to identify hazards, assess the associated risk and apply mitigation, largely in order to prevent incidents which could affect the health and safety of employees. Little regard was given to the fact that mining houses could endure severe financial losses as a result of catastrophic events, which could stop production for significant periods of time. Whilst Xstrata did recognise Business Continuity Risk (BCR), the risk assessment process which was introduced along with the CURA risk register displayed a distinct division between Health and Safety Risk and BCR. Furthermore, this was not a systematic process. Initial risk categories were prescribed by XC mainly based on experiences in Australia. The floods prompted a rethink and Xstrata‟s prescription to conduct business continuity risk assessments (BCRAs) coincided perfectly with this writer‟s exposure to the Enterprise Risk Management Elective at the University of Stellenbosch‟s Business School. As the General Manager of the iMpunzi Complex that comprises three coalmines, it was the responsibility of the writer to carry out the instruction to review the business continuity process. Consequently, the research is intended to assess the current Risk Management environment within Xstrata Coal South Africa by means of an analysis of current documentation and interviews with select key personnel who largely influence and impact the management of risk in the company. Thereafter, the study will progress to the methodology involved in the Risk Assessments, followed by an assessment of the knowledge, skills and qualifications required for the relevant, accountable managers appointed to manage the risks. The findings of the research were that whilst there was quite a rigid framework, which was aligned with ISO 31000 principles for risk management, there were shortcomings in the methodology of the risk assessment process, as well as the considerations for dealing with latent or residual risk. To this extent, the writer recommended: A risk assessment template which prescribes, but is not limited to, the hazards which may be prevalent on a coal mine, including hazards specific to iMpunzi Complex; A revised template for the Risk Treatment Plan, which takes cognisance of Residual Risk; Other recommendations, which may deal with minor findings of the study.

Thesis (MComm (Business Management))--University of Stellenbosch, 2011.
ENGLISH ABSTRACT: This study focuses on banking book interest rate risk management, more specifically shortterm interest rate risk management problems. This type of risk is induced by the inflation targeting policy of the South African Reserve Bank. As a result, inflation leads to an uncertain interest rate cycle and a period of uncertain interest rate levels as it relates to lending and borrowing products in the South African commercial banking sector. The lending rates of most South African commercial banks are tied to the prime overdraft rate. The borrowing rates are linked to the money market rates such as the Johannesburg Interbank Agreed Rate (JIBAR) which is indirectly affected by the prime overdraft rate. Hence, lending and borrowing rates are related to the repo-rate. Furthermore, a fixed relationship exists between the prime overdraft rate and the repo-rate. The monetary policy committee meets every two months during the year to make inflation and repo-rate adjustments, as stipulated in the inflation targeting policy. A subject portfolio containing fixed-rate loans, advances and floating-rate deposits is exposed to the change of the repo-rate. This short-term banking book interest rate risk is defined based on the fact that the repo-rate adjustment occurs every two months, the banking book risk management is short term focused, and hedging instruments against interest rate risk are short term dated contracts. Such a short term risk may have a negative impact on the bank’s profitability. The study starts with a review of the bank risk management processes, and then discusses the enterprise risk management framework that guides the formation of the risk management processes and systems. In order to benchmark against international risk management practices, a comparative analysis is carried out to evaluate the risk management tendencies of bank risk management in South Africa and globally. The empirical findings reveal that most banks (i.e. eighty per cent of all local banks) manage the short-term interest rate risk by following the same process as the interest rate risk in general. The key elements (risk identification, measurement, mitigation and monitoring and reporting) of the banking book interest rate risk management are not linked together as a systematic process. This is not in line with the Basel II Accord to manage market risks through a process approach. The study also proposes a generic short-term interest rate risk management framework and in doing so, addresses some of the weaknesses of current risk management practices. Based on this framework, the South African banks may develop their own processes to manage such short-term banking book interest rate risk exposure. Some of the problems of bank risk management that come to light from the empirical findings, are summarised in the last chapter and may be considered for future research.
AFRIKAANSE OPSOMMING: Hierdie studie fokus op die probleme van die bankboek rentekoersrisikobestuur, meer spesifiek die korttermyn rentekoers risikobbestuursprobleme. Hierdie tipe risiko word deur die inflasieteikenraamwerk beleid van die Suid-Afrikaanse Reserwebank veroorsaak. Dit veroorsaak ‘n tydperk van onsekere rentekoersvlakke veral sover dit uitleen- en leenprodukte in die Suid-Afrikaanse kommersiële banksektor aangaan. Die uitleenkoerse van die meeste Suid-Afrikaanse kommersiële banke is aan die prima bankoortrekkingskoers gekoppel. Die leningstariewe is aan die geldmarkkoerse soos die Johannesburgse Interbank Ooreengekome Koers (JIBOK) gekoppel wat indirek geraak word deur die prima bankoortrekkingskoers. Uitleen- en leenkoerse is redelik afhanklik van die repo-koers waar laasgenoemde ‘n redelike vaste verwantskap met die prima bankoortrekkingskoers het. Die monetêre beleidkomitee vergader elke twee maande van die jaar om inflasie en repokoers aanpassings te maak, ooreenkomstig die inflasieteiken beleid. 'n Bepaalde portefeulje met vasterente lenings, voorskotte en vlottende koers deposito’s is blootgestel aan die verandering in die repokoers. Hierdie korttermyn rentekoersrisiko van die bankboek word gedefinieer op grond van die feit dat die repo-koers aanpassing elke twee maande gebeur. Die bankboek risikobestuur het ‘n korttermyn fokus, en verskansingsinstrumente teen rentekoersrisiko is korttermyn kontrakte. So 'n korttermyn risiko kan 'n negatiewe impak op die bank se winsgewendheid hê. In hierdie studie word bankrisikobestuur prosesse beskou. Die risikobestuursraamwerk wat die basis vorm van die risikobestuursprosesse en stelsels word aangespreek. Om 'n idee te vorm van die huidige internasionale risikobestuurspraktyke of tendense by banke, word die state van internasionale en oorsese banke kortliks beskou. Die empiriese bevindinge uit die opname dui daarop dat die meeste banke (d.w.s tagtig persent van alle plaaslike banke) die korttermyn rentekoersrisiko nie afsonderlik van rentekoersrisikobestuur in die algemeen bestuur nie. Die sleutelelemente van die risikobestuursproses (risiko identifisering, mitigasie, implementering, monitering en verslagdoening) kom wel voor maar die bankboek rentekoersrisikobestuur is nie gekoppel as 'n sistemastiese proses nie. Dit blyk dat hierdie situasie na alle waarskynlikheid nie in lyn is met die Basel II akkoord om markrisiko's deur 'n prosesbenadering, te bestuur nie. Die studie stel ook ‘n generiese raamwerk voor vir die bestuur van korttermyn rentekoersrisiko wat dan ook van die swakhede van die huidige risikobestuurspraktyke aanspreek. Op grond van hierdie raamwerk, kan die Suid-Afrikaanse banke dit oorweeg om hul eie prosesse te ontwikkel vir die bestuur van bankboek rentekoersrisiko blootstelling. Sommige navorsingsprobleme van bank risikobestuur wat uit die empiriese bevindinge aan die lig gekom het, word in die laaste hoofstuk opgesom en kan vir verdere navorsing in die toekoms oorweeg word.

Configurable process models are integrated representations of multiple variants of a process model in a given domain, e.g. multiple variants of a shipment-to-delivery process in the logistics domain. Configurable process models provide a basis for managing variability and for enabling reuse of process models in Process-Aware Information Systems. Rather than designing process models from scratch, analysts can derive process models by configuring existing ones, thereby reusing proven practices. This thesis starts with the observation that existing approaches for capturing and managing configurable process models suffer from three shortcomings that affect their usability in practice. Firstly, configuration in existing approaches is performed manually and as such it is error-prone. In particular, analysts are left with the burden of ensuring the correctness of the individualized models. Secondly, existing approaches suffer from a lack of decision support for the selection of configuration alternatives. Consequently, stakeholders involved in the configuration of process models need to possess expertise both in the application domain and in the modeling language employed. This assumption represents an adoption obstacle in domains where users are unfamiliar with modeling notations. Finally, existing approaches for configurable process modeling are limited in scope to control-flow aspects, ignoring other equally important aspects of process models such as object flow and resource management. Following a design science research method, this thesis addresses the above shortcomings by proposing an integrated framework to manage the configuration of process models. The framework is grounded on three original and interrelated contributions: (i) a conceptual foundation for correctness-preserving configuration of process models; (ii) a questionnaire-driven approach for process model configuration, providing decision support and abstraction from modeling notations; (iii) a meta-model for configurable process models covering control-flow, data objects and resources. While the framework is language-independent, an embodiment of the framework in the context of a process modeling language used in practice is also developed in this thesis. The framework was formally defined and validated using four scenarios taken from different domains. Moreover, a comprehensive toolset was implemented to support the validation of the framework.

Thesis (MBA)--Stellenbosch University, 2012.
Governance Risk and Compliance (GRC) software applications are designed to facilitate the GRC process. GRC software inherently faces the same implementation challenges as any other Enterprise Resource Planning (ERP) software. The design and usability of GRC software contribute substantially to how much value is added to the GRC process and as GRC is still in its infancy; it is likely to keep evolving as this process matures. Due to the inconstant nature of the GRC process, GRC software applications require a large amount of customisation to meet the special requirements of each organisation. The objective of this research was to establish the extent to which GRC software applications add value to the GRC process. The researcher also tried to establish whether organisations, that are currently using GRC software applications, gain more value from the GRC process than before they implemented GRC software applications. He conducted the research by presenting research questions, in the form of a questionnaire, to the risk executives of three Western Cape companies. The author of this research paper collected the responses from each company by conducting one-on-one interviews with each of the executives concerned and then reviewed and analysed the interview results of each company. Finally, the author completed a cross case analysis, by comparing GRC software application dimensions and characteristic ratings across the three companies concerned. The research indicated that there is not a great difference in importance between the five GRC design dimensions because they all received high performance ratings. There were some differences, however, in the perceived performance of each dimension, when analysing the dimension characteristics ratings. The research showed that the greatest benefit, of the use of GRC software applications, is the ability to add structure and consistency to the GRC process.

The research described in this thesis provides a comparative study of the impact of Process Safety Management System (PSMS) performance and Human Error rates on off-site risk from two major hazards sites in Malaysia. One of the sites was built and run by a multinational company until a few years ago while the other was built and run by a local company since its inception. The sites handle bulk quantities of ammonia for downstream distribution. The study considers: the assessment of the sites PSMS performance using a structured audit technique the assessment of human error potential from ammonia road-tanker filling operations assessing the impact of site PSMS and human error potential on off-site risk from the sites investigating the possibility of linking the assessment of site PSMS performance with human error potential Results of Quantitative Risk Assessment (QRA) conducted on the two sites showed a significant difference in terms of individual and societal risk when site specific PSMS performance and human error potential are taken into consideration. The use of site specific Management Factor (MF) and site specific Human Error Probabilities (HEPs) produces a significant impact on the results of the off-site risk as compared to estimates of risk based only on generic failure rates. This finding emphasized the need to consider explicitly the contribution of site specific PSMS performance and human error potential in major hazard risk assessment especially in developing countries like Malaysia where there exists significant differences on these factors between locally owned and multinational sites. The approach to link the results of the site specific PSMS performance audit with the assessment of human error potential was found to be inadequate to describe all the influences which will be exerted on the reliability of individual tasks involving human error potential.

Background: As companies are operating in more globally and complex environments, the need for risk control is accelerating. In an ever-changing environment, companies cannot merely focus on traditional risks, which include financial and insurable risks. To maintain competitiveness, companies need to extend their risk management to include all risks, traditional as well as operational and strategic risks.

Purpose: The purpose is to describe and position risk management for Telecom operators, in comparison with the risk management literature, with regards to structure, processes, learning process, visions and benefits. In addition, our aim is to link risk management perspectives with the different strategies for knowledge management.

Method: The approach taken is a hermeneutic case study, in which a total of 13 in-depth interviews with three different Telecom operators have been carried out.

Results: The main findings are that the Telecom operators have developed their risk management to the business risk management perspective. There are some indications however that the companies are focusing on widening their risk management to the Enterprise-Wide perspective. The degree of the environments complexity, in which companies are operating, is determining the need for different risk management perspectives. To maintain their competitiveness in a highly complex environment a wider risk management perspective is needed. This includes operational and strategic risks, which are non-quantifiable. Therefore the personalization strategy is to recommend for achieving an effective risk management. A less complex environment, on the other hand, can mainly focus on the traditional risks. These risks are quantifiable, and therefore the codification strategy is to prefer.

Oil companies in Alberta, Canada, invested $32 billion on new oil sands projects in 2013. Despite the size of this investment, there is a demonstrable deficiency in the uniformity and understanding of environmental legislation requirements that manifest into increased project compliance risks. This descriptive study developed 2 prioritized lists of environmental regulatory compliance risks and mitigation strategies and used multi-criteria decision theory for its theoretical framework. Information from compiled lists of environmental compliance risks and mitigation strategies was used to generate a specialized pairwise survey, which was piloted by 5 subject matter experts (SMEs). The survey was validated by a sample of 16 SMEs, after which the Analytic Hierarchy Process (AHP) was used to rank a total of 33 compliance risks and 12 mitigation strategy criteria. A key finding was that the AHP is a suitable tool for ranking of compliance risks and mitigation strategies. Several working hypotheses were also tested regarding how SMEs prioritized 1 compliance risk or mitigation strategy compared to another. The AHP showed that regulatory compliance, company reputation, environmental compliance, and economics ranked the highest and that a multi criteria mitigation strategy for environmental compliance ranked the highest. The study results will inform Alberta oil sands industry leaders about the ranking and utility of specific compliance risks and mitigations strategies, enabling them to focus on actions that will generate legislative and public trust. Oil sands leaders implementing a risk management program using the risks and mitigation strategies identified in this study will contribute to environmental conservation, economic growth, and positive social change.

The ultimate aim of this study is to identify and eliminate inefficiencies associated with the current claims management processes, thereby ensuring cost reduction, hi damages recoveries while ensuring that the company is positioned to be able to apply its resources in the best way possible to respond to satisfying the needs of the customers. The study was conducted using the qualitative approach with interviews conducted with people involved with the claims business process.

The thesis is concerned with application of Decision Support Systems and Business Intelligence as a tool for decision-making support into processes of operational risk management in insurance company to improve them and reach a higher corporate performance.The goal of the thesis is to analyze a theory for a support of a process improvement design with the mentioned reach and to develop a design of improved operational risk management processes in a particular insurance company. The mean to reach goals is through-out a literature and articles research regarding a process improvement, decision-making, models and technologies of DSS and BI, and risk management. The theoretical framework is then used as back-bone for implementation of a practical part of innovated processes design. The thesis offers the analysis of an area of risk management processes improvement via DSS and BI in an insurance company that has been researched relatively little, but whose principles can be used for improvement projects in different areas too. A department of operational risk management in a certain insurance company obtains a complete design of innovated processes including DSS / BI application support specification which respects modern techniques of process improvements involving specific methods of decision-making quality. For the same department a part of the design was implemented -- Knowledge management system, that can be fully used. Introductory part of the thesis is concerned with techniques of business process improvement and its alignment with corporate performance. The next chapter describes specifics of operational risk management processes. In the third one models, techniques, information technologies of Decision Support Systems and Business Intelligence disciplines are analyzed. The practical part of the text starts with strategic analysis of the insurance company, proceeds with operational risk management processes analysis and reaches the design of innovated processes involving DSS and BI application support. Benefits of designed processes' changes are verified. In the conclusion a certain process change is accepted for the implementation and its results are described.

Bakgrund: Riskhantering handlar om att förebygga att risker uppstår inom ett företag. På grund av den föränderliga miljö som företag befinner sig i krävs en effektiv och integrerad riskhantering, varpå detta blivit särskilt avgörande vid hantering av kriser. Coronapandemin betraktas som en kris som inneburit ett förändrat konsumentbeteende, inte minst inom klädbranschen. På grund av det förändrade konsumentbeteendet har pandemin blivit en av de mest betydande förändringarna i modern marknadsföringshistoria där tidigare långsiktiga strategier blivit begränsade. Hur marknadsföringen fungerade tidigare, innan pandemin, har förändrats för att möta den nya verkligheten. I den alltmer föränderliga miljön som företagen befinner sig i kommer vikten av riskhantering öka i betydelse och det kommer bli mer betydelsefullt att kunna agera snabbt vid förändringar.  Syfte: Syftet med studien är att bidra med kunskap om hur e-handelsföretag inom klädbranschen skapar en riskuppfattning inom strategisk marknadsföring. Vidare undersöks hur e-handelsföretag integrerar riskhantering i deras marknadsföringsstrategier för att underlätta vid eventuella kriser. Det genom att studera hur e-handelsföretag har uppfattat och hanterat coronapandemin. Metod: För att uppfylla vårt informationsbehov bestod studiens empiri av kvalitativ data i som samlades in genom semistrukturerade intervjuer med totalt 16 informanter. Urvalet bestod av personer som hade en beslutsfattande roll på företagets marknadsföringsavdelning. Intervjuerna baserades på en intervjuguide som grundades på studiens teoretiska referensram. Resultat: Informanterna beskrev att det råder en pågående diskussion angående interna och externa dimensioner samt tidsdimensionen för att identifiera eventuella risker. Samtidigt identifierar vi att företagen mer eller mindre arbetar med de fem olika stegen i riskhanteringsprocessen. Slutsatser: Vi kan dra slutsatsen att företagen använder sig av de tre subdimensionerna för att rama in företaget situation och bilda sig en riskuppfattning. Riskhanteringsprocessen används i stor utsträckning av företagen. Dock på ett mer ostrukturerat sätt än det linjära sättet som teorin förespråkar. Det är däremot få företag som genomför en kvalitativ riskanalys vidutvärdering av riskers sannolikhet och konsekvens.
Background: Risk management is about preventing risks from arising within a company. Due to the ever changing environment in which companies find themselves, efficient and integrated risk management has become particularly crucial. The coronavirus pandemic is seen as a crisis that has led to a change in consumer behavior, which affects the clothing industry. The changing consumer behavior has made the pandemic into one of the most significant changes in modern marketing history, where previous long-term marketing strategies have been limited and marketing has changed to meet the new reality. The importance of risk management will increase following the changing environment and acting more quickly in the event of changes will become more important.  Purpose: The purpose of the study is to contribute to knowledge about how e-commercecompanies in the clothing industry create a risk perception in strategic marketing.Furthermore, how a risk management process is integrated into companies' marketingstrategies to facilitate possible crises is also examined. This after studying how companieshave perceived and handled the corona pandemic. Methodology: To fulfill the purpose of the study, our empirical data consisted of qualitative data collected through semi-structured interviews with a total of 16 informants. The sample consisted of people who had a decision-making role in the company's marketing team. The interviews were based on an interview guide which originated from the theoretical frame of reference.   Findings: All the informants described that discussions about the company's internal, external and temporal subdimensions were used to identify possible risks. All companies were using the five steps of the risk management process to a different extent. Conclusion: We can conclude that companies use the three sub-dimensions to frame the company's situation and form a risk perception. The risk management process is widely used by companies. However, it is used in a more unstructured way than the linear process that the theory advocates. It is a few companies that evaluate the probability and consequence of the risk using a qualitative risk analysis

Bakgrund: När covid-19 spred sig i Sverige under våren 2020 blev både samhället, näringslivet och andra samhällsfaktorer drabbade. Regeringen utformade flera restriktioner under årets gång och speciellt drabbad blev restaurang- och hotellbranschen. För företagen blev det snabbt viktigt att anpassa sig och tillämpa rätt strategi för att överleva. När covid-19 drabbade världen i modern tid skapade det ett unikt tillfälle att undersöka vilka faktiska strategival företag har tillämpat under en kris. Syfte: Syftet med studien är att nå en djupare förståelse i hur företag arbetat med strategiförändringar till följd av covid-19 och hur planering används i företags strategiarbete. Metod: I denna studie tillämpas en kvalitativ forskningsmetod med en abduktiv ansats. För att kunna undersöka forskningsfrågan har en intervjustudie gjorts. Data har samlats in genom semistrukturerade intervjuer från sex olika företag som ligger till grund för empirin. Slutsats: I studien framkommer det att samtliga företag har arbetet med att tillämpa nya strategiförändringar för att kunna fortsätta bedriva sin verksamhet till följd av covid-19. Företagen har inte använt någon långsiktig planering vid deras strategiarbete. Deras strategiarbete i covid-19 har istället handlat om kortsiktig planering, samarbete, kommunikation och kreativt entreprenörskap.
Background: When covid-19 spread in Sweden in the spring of 2020, both society, business and other important societal factors were affected. The government designed several restrictions during the year and the restaurant and hotel industry was particularly affected. For companies, it quickly became important to adapt and apply the right strategy to survive. When covid-19 hit the world in modern times, it created a unique opportunity to examine strategy choices companies have applied during a crisis. Purpose: The purpose of this study is to gain a deeper understanding of how companies worked with strategy changes as a result of covid-19 and how planning is used in companies' strategy work. Method: In this study, a qualitative research method with an abductive approach is applied. In order to investigate the research question, an interview study has been conducted. Data have been collected through semi-structured interviews from six different companies that form the basis of the empirical data. Conclusion: The study shows that all companies have had to apply new strategy changes in order to stay in business due to the covid-19. The companies have not used any long-term planning in their strategy work. Their strategy work in covid-19 has instead focused on short-term planning, collaboration, communication and creative entrepreneurship.

Bakgrund: Hållbara och ansvarsfulla investeringar har blivit allt viktigare för investerare, utöver avkastning och risk. Universiteten har som fanbärare av god moral ett stort ansvar i att leva upp till en hög nivå av hållbarhet. Donatorer, förmånstagare, studenter, intresseorganisationer och opinionsbildare har alla olika mål och krav på kapitalförvaltningen i universitetsstiftelser. Detta driver en målkonflikt som inte har en uppenbar lösning. Syfte: Huvudsyftet med studien är att ur ett investeringsperspektiv kartlägga och analysera svenska universitetsstiftelsers syn på och hantering av målkonflikter mellan avkastning, riskhantering och interna samt externa krav om hållbara och ansvarsfulla investeringar. Ett delsyfte med studien är att ge perspektiv och förslag till riktlinjer för hur en hållbar stiftelseförvaltning kan utformas i relation till mål om avkastning och risk givet restriktioner kring vad som ur ett hållbarhetsperspektiv är tillåtna investeringar. Genomförande: Vi har genomfört tio kvalitativa intervjuer med stiftelseförvaltare och kapitalförvaltare. Som ramverk för analysen har referensramen byggts upp utifrån evidensbaserad kapitalförvaltning sammanfattad av William F. Sharpe. Det har kompletterats med beprövad erfarenhet och stiftelselagstiftning. Slutsats: Stiftelseförvaltarna uppfattar inte målkonflikten som ett stort problem och anser sig ha löst den. Samtliga tycker att hållbarhet går att förena med god avkastning. Vi har dock upptäckt brister, framförallt i synen på risk. Genom att ha ett mer kontinuerligt angreppssätt och tydligare prioritera målen samt definiera hållbarhet anser vi att en bättre lösning uppnås.
Background: SRI has grown in importance for investors, apart from risk and return. Universities do as moral leaders of society have a responsibility to reach an elevated level of sustainability. Donors, beneficiaries, students, organizations of interest and opinion formers differ in their demands and objectives for asset management in university foundations. This fuel a conflict of objectives that has no immediate solution. Purpose: The purpose of this thesis is to, from an investing perspective, map and analyse Swedish university foundations’ view upon and management of conflicts of objectives between return, risk management and internal as well as external demands for sustainable and responsible investments. A partial purpose is to give perspective and develop suggestions for guidelines for how a sustainable foundation management can be accomplished in relation to objectives for risk and return given restrictions for what is allowed investments from a sustainable perspective. Completion: We have conducted ten qualitative interviews with foundationand asset managers. The framework used to analyse our data have been built up from evidence based asset management summarized by William F. Sharpe. This has been extended with proven knowledge and legislation. Conclusion: The foundation managers do not fully interpret the conflict of objectives as a large problem and claim they have solved it. They believe sustainability and satisfying returns can be combined. We have although found a lack of risk awareness. We conclude that by having a continuous approach, prioritize the objectives and define sustainability a better solution can be reached.

This diploma thesis deals with selection and implementation of information system for company providing IT services. Theoretical background concerning the topic is described in the first part. Then, the company is analyzed and based on the results new information system is suggested. Implementation strategy and risk analysis for implementation of new information system to corporate environment are designed in this thesis. Implementation of the information system is economically evaluated at the end of this thesis.

Bakgrund och problemdiskussion: Riskhanteringsprocessen utformas på olika sätt i olika företag och den behöver anpassas till både interna och externa förändringar eftersom företag verkar i olika miljöer och utsätts därmed för olika sorters risk. Förutom detta blir även riskhanteringsprocessen en särskilt betydelsefull process för företag som bedriver samhällsviktiga verksamheter eftersom de är av yttersta vikt för samhällets funktion. Idag existerar det en stor mängd litteratur om ämnet riskhantering men vi fann en frånvaro av forskning som studerar den praktiska tillämpningen av riskhanteringsprocessen och styrningen genom hela processen. Syfte: Studiens syfte är att undersöka hur riskhanteringsprocessen är utformad och hur den styrs för att bidra med ökad kunskap om vilka element som är av kritisk karaktär i processen. Studien avser även att undersöka hur hela organisationen och dess intressenter inkluderas i riskarbetet. Metod: För att uppfylla studiens syfte har vi utfört en kvalitativ enfallsstudie på företaget E.ON Sverige. För att samla in det empiriska materialet har intervjuer tillämpats, både personliga och telefonintervjuer. Totalt genomfördes fem intervjuer vilka även har kompletterats med återkommande samtal med våra huvudkontakter på E.ON under hela studiens gång. Slutsats: De kritiska momenten i en riskhanteringsprocess är intern kommunikation samt att företag måste beakta sina intressentgruppers krav och intressen och ta hänsyn till dessa vid utformandet av företagets riskhanteringsprocess.
Background and problem discussion: The risk management process needs to be designed based on the specific company, and adapted to both internal and external circumstances and changes since every company operates in different environments and is therefore subject to different types of risks. Meanwhile, the risk management process is especially crucial for companies whose activities have a major impact on the function of the society. Today’s literature within the subject risk management covers a vast range, however, we identified an absence of research that focuses on the practical implementation of risk management and the control throughout its whole process. Purpose: The purpose of the study is to examine how the risk management process is designed and how it is governed in order to contribute with increased insights regarding what elements are critical in the process. Moreover, the study aims to investigate how the organization as a whole, including its stakeholders, is involved in its work with risk management. Method: In order to fulfill the purpose of the study, a qualitative single case study was applied at the company E.ON Sweden. Both personal interviews as well as phone interviews were carried out with the intention of gathering empirical material. In total, five interviews were held, and they have been supplemented with recurring conversations with the main contacts at E.ON throughout the stages of the research. Conclusion: The critical elements in the risk management process lie within the internal communication and in respecting the stakeholders’ demands as well as considering these while formulating the risk management process for the company.

L'ingénierie d'entreprise conçoit et met en application des projets d'amélioration de la structure et du fonctionnement des organisations de production de biens ou de services. Elle développe des démarches fondées sur la modélisation, en particulier la modélisation des processus métiers, pour assurer une qualité et une cohérence d'ensemble des projets. Aujourd'hui, la prise en compte du risque en ingénierie d'entreprise fait l'objet de nombreux développements, liés à un environnement perçu comme de plus en plus agressif et imprévisible. Des cadres de référence sont même publiés pour guider les entreprises dans ces nouvelles dimensions du pilotage de l'organisation autour du risque. Notre étude se consacre à la conception des processus métier dirigée par les risques comme une composante à part entière de l'ingénierie d'entreprise. Après avoir fait une synthèse des connaissances sur les univers du risque et des processus, un problème d'intégration de ces connaissances est formulé. Un cadre méthodologique pour le management intégré des risques et des processus est ainsi conçu et décrit. Il repose sur la coordination des cycles de vie de la gestion des risques et de la gestion des processus métier, sur la définition d'un cadre conceptuel unifié permettant d'identifier et de maîtriser les informations échangées entre eux, et enfin sur un langage de modélisation adapté à une description des situations et étendant les capacités d'un outil de modélisation du marché (ARIS Business Architect). Un cas d'études du domaine de la santé vient illustrer le bien fondé de l'application de ce cadre méthodologique sur un cas concret
Enterprise engineering is concerned with the design of projects which aim to improve the structure and behaviour of organisations producing goods and services. It develops approaches based on modelling techniques, particularly on business process modelling in order to assure the quality and the global consistency of the project portfolio. Nowadays, risk consideration in enterprise engineering is a growing importance since the business environment is becoming more and more competitive and unpredictable. In fact, reference frameworks providing guidance for enterprise risk management are developed to tackle this. Our research focuses on risk driven business process design as an integral part of enterprise engineering. After delivering a synthesis of work related to risks and business processes, a research question concerning the integration of both has been addressed. A framework for the integrated management of risks and business processes is suggested. It is based on three components: a coordination of risk and business process management lifecycles, a unified conceptual framework supporting information exchanges between the coordinated lifecycles, and finally a modelling language adapted to the description of risky situations. The later extends the features of a commercial modelling tool (ARIS Business Architect). A case study from the health sector illustrates the foundation of the methodological framework

A number of Defence organizations worldwide are moving towards outsourcing. The United Arab Emirates Air Force & Air Defence (UAE AF&AD) is also transforming some of its activities from military entities into civilian organizations. This paper studies the risks associated with the transformation of the UAE AF&AD Flight Test Centre (FTC) into a civilian organization to become a competitive, independent and autonomous outsourcing agency able to undertake additional, complex and specialized aeronautical projects.In this paper, the author describes the FTC "AS IS" organization, mission and function while focusing on the future "TO BE". He underlines the existing challenges and develops the future needs of the FTC. In his mind, it is clear that the future of the FTC has to be sustainable, competitive, process oriented, cohesive and dynamic in response to changes. The need of an enterprise framework is, in the authors view, a critical matter. The greatest challenge is to identify or develop the right framework with a risk dimension and governance for a specific FTC application: a framework that will assist the FTC to identify, determine and assess at an earlier stage various risks

Titel: Riskhantering av molnbaserade affärssystem Författare: Fredrik Forsberg & Kevin Adamsson Handledare: Pia Nylinder Examinator: Petter Boye Kurs: Företagsekonomi, Kandidatuppsats inom ekonomistyrning/redovisning Kurskod: 2FE75E Frågeställning: Hur arbetar företag inom bilförsäljningsbranschen med riskhanteringen av molnbaserade affärssystem? Syfte: Studiens syfte är att undersöka vilka risker molnbaserade affärssystem medför och hur företag inom bilhandeln arbetar för att hantera riskerna. Metod: För att uppfylla studiens mål har vi använt oss av den abduktiva ansatsen. Semistrukturerade intervjuer har genomförts och vi har genom detta samlat in empiri från åtta olika respondenter som är verksamma inom bilhandeln. Slutsats: Vi har kommit fram till att storleken på företag har en stor påverkan på hur riskprocessen samt riskhanteringen sker, även om riskerna har samma prioriteringsnivå. De flesta företagen har en plan för hur de skall hantera riskerna och arbeta för att motverka dessa. Vi har även kommit fram till att större ekonomiska resurser ger större utrymme för att arbeta i förebyggande syfte och på så sätt motverka de riskerna som studien har handlat om. Nyckelord: molntjänster, molnbaserade affärssystem, risker med molnbaserade affärssystem, riskhantering i samband med molnbaserade affärssystem, riskprocess.
Title: Risk management of cloud-based ERP-systems Writers: Fredrik Forsberg & Kevin Adamsson Supervisor: Pia Nylinder Examiner: Petter Boye Course: Business administration, Bachelor thesis in finance/accounting Course code: 2FE75E Research question: How do companies in the automotive trade industry work with risk management of cloud-based ERP-systems? Purpose: The purpose of this paper is to examine what risks that the cloud based ERP-systems entail and how companies in the automobile trade work with the risk management. Method: To fulfill the purpose of this paper we have used the abductive approach. Semi-structured interviews have been conducted in order to retrieve empirical data from eight different respondents who operates in the automobile trade. Conclusion: We have come to the conclusion that the size of the companies has a major impact on how the risk process and the risk management are done, even if the risks have the same level of priority. Greater financial resources provides more space for the companies to work with the risk management. Keywords: Cloud based services, Cloud based ERP-system, Risks with the cloud based ERP-systems, Risk management, Risk process.

[ES] A través de la evolución y el desarrollo de la humanidad, la historia del individuo, de su comunidad y de la cultura, ha estado marcada por muchos esfuerzos focalizados en la creación de buenas prácticas, herramientas y tecnologías dirigidas hacia la reducción de la vulnerabilidad ante distintos tipos de riesgos. En el ámbito de la calidad, la seguridad alimentaria, la seguridad y la salud ocupacional, la gestión ambiental y la eficiencia energética, estos esfuerzos se han consolidado e integrado en instrumentos para el aseguramiento, la mejora en el desempeño y la garantía en términos de certificación de Sistemas de Gestión, conocidos internacionalmente como Normas ISO, que en la actualidad tienen un amplio abanico de posibilidades y modelos, donde los de mayor utilización corresponden al acrónimo en inglés QHSE3+: ISO 9001:2015 "Quality management systems Requirements", para la Q de calidad; ISO 45001:2018 ISO 45001, "Occupational health and safety management systems - Requirements", para la HS de seguridad y salud en el trabajo; ISO 14001:2015 Environmental management systems Requirements with guidance for use, para la E de medio ambiente; ISO 50001:2018. Energy Management Systems - Requirements with guidance for use, para la E2 de eficiencia energética. El acrónimo considera al final el signo (+), que corresponde a cualquier otro referencial que pueda ser exigido a la organización en función de la naturaleza de sus operaciones y del mercado, o que tenga relevancia en función de la naturaleza de los riesgos de la organización, como, por ejemplo, las normas ISO 21500:2012. Guidance on Project management, ISO 22000:2018. International Organization for Standardization. Food safety management systems - Requirements for any organization in the food chain, e ISO 27001:2013 Information technology - Security techniques -Information security management systems - Requirements. La presente Investigación Doctoral, desarrolla un Modelo Conceptual para los Sistemas de Gestión que cubren los referenciales "QHSE3+", bajo un enfoque integral de riesgos que incluye la perspectiva energética y otras componentes que se puedan requerir, en función de la naturaleza y particularidades del negocio. El enfoque propuesto se basa en el Diseño Sistémico, y en el desarrollo y la aplicación de herramientas dirigidas a facilitar su aplicación e implementación en las diferentes empresas, bajo aplicaciones sencillas en Excel. La estructura de la presente Tesis Doctoral se resume en seis capítulos: El capítulo 1 contiene la introducción y la presentación de los principios y elementos de la gestión integral, la administración de riesgos y el enfoque asociado al acrónimo "QHSE3+", considerando la gestión integral de riesgos y los planteamientos de ISO 31000:2018. En el capítulo 2 se describe la metodología general empleada para el desarrollo de la investigación, el estudio del estado del arte, los principios y las fuentes que enmarcan la investigación, el modelo conceptual, los requisitos, el diagnóstico, y la metodología para la planificación y el desarrollo del proyecto. El capítulo 3, los resultados del diseño del Modelo Conceptual. En el capítulo 4, la presentación de la secuencia de aplicación del modelo. El capítulo 5 contiene el Balance de Resultados cuali-cuantitativos de la aplicación preliminar del modelo. Finalmente, el capítulo 6 resume las conclusiones obtenidas en cada uno de los anteriores capítulos y presenta las posibles líneas futuras de investigación. En los Anexos, se ha incluido la referencia a las ilustraciones utilizadas en el Informe de Tesis, la referencia a los archivos de soporte, Herramientas y Plantillas Generadas, los Ejemplos de Aplicación, las Guías, y finalmente, la referencia al archivo "Una voz desde el TC 176. Entrevista a Leopoldo Colombo".
[CA] A través de tota l'evolució i el desenrotllament de la humanitat, la història de l'individu, de la seua comunitat i de la cultura ha estat marcada per molts esforços focalitzats en la creació de bones pràctiques, ferramentes i tecnologies dirigides cap a la reducció de la vulnerabilitat davant de distints tipus de riscos. En l'àmbit de la qualitat, la seguretat alimentària, la seguretat i la salut ocupacional, la gestió ambiental i l'eficiència energètica, estos esforços s'han consolidat i integrat en instruments per a l'assegurament, la millora en l'exercici i la garantia en termes de certificació de Sistemes de Gestió, coneguts internacionalment com a Normes ISO, que en l'actualitat tenen un ampli palmito de possibilitats i models, on els de major utilització corresponen a l'acrònim en anglés QHSE3+: ISO 9001:2015 "Quality management systems ¿ Requirements", per a la Q de Qualitat. ISO 45001:2018 ISO 45001, "Occupational health and safety management systems - Requirements", per a la HS de seguretat i salut en el treball. ISO 14001:2015 Environmental management systems ¿ Requirements with guidance for use, per a la E de medi ambient. ISO 50001:2018. Energy Management Systems - Requirements with guidance for use, per a la E2 de eficiència energètica. L'acrònim considera al final el signe (+), que correspon a qualsevol altre referent que pot ser exigit a l'organització en funció de la naturalesa de les seues operacions i del mercat, o la importància que té en la funció de la naturalesa dels riscos de l'Organització, com per exemple, la norma ISO 21500: 2012. Orientació sobre gestió de projectes, la norma ISO 22000: 2018. Sistemes de gestió de la innocuïtat dels aliments: requisits per a qualsevol organització de la cadena alimentària i ISO 27001: 2013 Tecnologia de la informació - Tècniques de seguretat - Sistemes de gestió de la seguretat de la informació - Requisits. La present Investigació Doctoral, desenvolupa un Model Conceptual per als Sistemes de Gestió que cobreixen els referencials "QHSE3+", sota un enfocament integral de riscos que inclou la perspectiva energètica i altres components que es puguen requerir, en funció de la naturalesa i particularitats del negoci. L'enfocament proposat es basa en el Disseny Sistèmic, i en el desenvolupament i l'aplicació d'eines dirigides a facilitar la seua aplicació i implementació en les diferents empreses, sota aplicacions senzilles en Excel. L'estructura de la present Tesi Doctoral es resumeix en sis capítols: El capítol 1 conté la introducció i la presentació dels principis i elements de la gestió integral, l'administració de riscos i l'enfocament associat a l'acrònim "QHSE3+", considerant la gestió integral de riscos i els plantejaments d'ISO 31000:2018. En el capítol 2 es descriu la metodologia general empleada per al desenvolupament de la investigació, l'estudi de l'estat de l'art, els principis i les fonts que emmarquen la investigació, el model conceptual, els requisits, el diagnòstic, i la metodologia per a la planificació i el desenvolupament del projecte. El capítol 3, els resultats del disseny del Model Conceptual. En el capítol 4, la presentació de la seqüència d'aplicació del model. El capítol 5 conté el Balanç de Resultats cuali-quantitatius de l'aplicació preliminar del model. Finalment, el capítol 6 resumeix les conclusions obtingudes en cadascun dels anteriors capítols i presenta les possibles línies futures d'investigació. En els Annexos, s'ha inclòs la referència a les il·lustracions utilitzades en l'Informe de Tesi, la referència als arxius de suport, Eines i Plantilles Generades, els Exemples d'Aplicació, les Guies, i finalment, la referència a l'arxiu "Una veu des del TC 176. Entrevista a Leopoldo Colombo".
[EN] Throughout the evolution and development of humanity, the history of the individual, their community and their culture has been characterized by many efforts focused on the creation of good practices, tools and technologies aimed at reducing vulnerability related to different types of risks. In the field of quality, food safety, occupational safety and health, environmental management and energy efficiency, these efforts have been consolidated and integrated into instruments for insurance, improvement in performance, and guarantee in terms of requirements for the certification of Management Systems. These instruments are known internationally as ISO Standards, and currently have a wide range of possibilities and models, where the most commonly used correspond to the acronym in English QHSE3+: ISO 9001:2015 "Quality management systems ¿ Requirements", for the Q of Quality. ISO 45001:2018 ISO 45001, "Occupational health and safety management systems - Requirements", for the HS of the Health and Safety. ISO 14001:2015 Environmental management systems ¿ Requirements with guidance for use, for the E of Environment. ISO 50001:2018. Energy Management Systems - Requirements with guidance for use, for the E2 of Energy Efficiency. The acronym considers at the end the sign (+), which corresponds to any other referential that may be required from the organization depending on the nature of its operations and the market, or that has relevance according to the nature of the risks of the organization, such as the ISO 21500: 2012 Standards. Guidance on project management, ISO 22000: 2018. International Organization for Standardization. Food safety management systems - Requirements for any organization in the food chain, and ISO 27001: 2013 Information technology - Security techniques - Information security management systems - Requirements. This Doctoral Research develops a Conceptual Model for Management Systems that cover the references "QHSE3+", under a comprehensive risk approach that includes the energy perspective and other components that may be required, depending on the nature and particularities of the business. The proposed approach is based on the Systemic Design, and the development and application of tools aimed at facilitating its application and implementation in different companies, under simple applications in Excel. The structure of this Doctoral Thesis is summarized in six chapters, configured as described below: Chapter 1 contains the introduction and presentation of the principles and elements of comprehensive management, risk management and the approach associated with the acronym "QHSE3 +", considering comprehensive risk management and the approaches of ISO 31000: 2018. Chapter 2 describes the general methodology used for the development of the research, the study of the state of the art, the principles and sources that frame the research, the conceptual model, the requirements, the diagnosis, and the methodology for planning. and the development of the project. Chapter 3, the results of the Conceptual Model design. In Chapter 4, the presentation of the model application sequence. Chapter 5 contains the Qualitative and Quantitative Results Balance of the preliminary application of the model. Finally, Chapter 6 summarizes the conclusions obtained in each of the previous chapters and presents the possible future lines of research. In the Annexes, the reference to the illustrations used in the Thesis Report, the reference to the support files, Generated Tools and Templates, the Application Examples, the Guides, and finally, the reference to the file "A voice from TC 176. Interview with Leopoldo Colombo ".
Poveda Orjuela, PP. (2021). Configuración de un modelo conceptual para los sistemas de gestión "qhse3+", con perspectiva de rendimiento energético y administración integral de riesgos [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/171277
TESIS

IT governance is a very pressing matter for many companies not only all around the world but also in Czech Republic. Therefor this thesis will in the beginning introduce reader to the subject of IT Governance, it's historical development, structure, participants and also its benefits for the organizations but also with possible hardships of incorporating it into companies. Main benefit of this thesis is mapping of different solutions providers. These solutions include software platforms, differentiating methodics and also consulting IT services. This work chooses and introduces key market providers. Last part of the thesis hints at the possibilities of implementing chosen methodic into a sample company. Reader is introduced to the chosen methodic in greater detail and the aforementioned methodic is demonstrated through the companies services.

The generation of attractive innovations is one of the most important and complex tasks companies undertake, the process of open innovation is being used to support this endeavour. SMEs often face difficulties applying and commercialising external sources’ technologies for their own purposes due to liability of smallness and related lack of capability of co-ordination. In particular, small and medium-sized system integrators of electronic consumer products (SIs) are (1) highly dependent on close collaboration with external organisations, (2) have to cope with turbulent technology markets, and have to manage (3) the continuous shortening of innovation cycles. These factors necessitate small and mediumsized SIs of electronic consumer products to increase their dynamic capability to innovate, which subsequently forms the basis for the SIs’ sustainable competitiveness. The effective embedding of the Purchasing Organisation (PO) into the innovation outside-in process can potentially become a major driver in improving the overall innovation process and company performance. However, given academic research does not provide sufficient insight concerning relevant Enabling Factors (EFs) and related drivers. Therefore, academics allude to a demand for further research in the field of early purchasing involvement in the innovation process. In addition, purchasing practitioners point to the low maturity of Purchasing Organisations with regard to securing innovations. To explore relevant Enabling Factors for purchasing integration into the innovation process, the qualitative study design was based on an embedded case study inquiry with multiple units of analysis. Data collection and analysis was realised through a sequential qualitative  quantitative mixedmethod approach. For this reason, interviews were conducted with 7 purchasing experts from the medium-sized German television set manufacturer Loewe. To obtain insights as to the generalisability of the findings, a purposive selected sample of 11 purchasing experts from other SIs with high dependency on innovation suppliers were interviewed via webbased questionnaires. The study identified: EF1: External Interconnectedness EF2: Preferred Customer status Process EF3: Management Commitment to the PO EF4: External Interconnectedness EF5: Early Integration into Product Planning EF6: Degree of Professionalisation of the PO EF7: Innovation Management System and EF8: Open-minded Relations based on Trust as a relevant Enabling Factor. Furthermore, the study suggests direct relations between the EFs and 32 drivers that are formative to the related Enabling Factors. Based on the study findings, 14 strategic measures were defined via focus group interviews. In this way, the study contributes to given academic knowledge in the field of early purchasing involvement into new product development processes (NPD). With regard to such new product development processes, this study suggests integrating the PO, as a third element, into the R&D and marketing interface.

The thesis focuses on the selection process and the implementation of the new information system (hereinafter "IS") in a manufacturing company. This is achieved by detailing characteristics of all individual phases and steps of the selection and implementation processes in the context of one appointed company. The characteristics analysis identifies key factors which need to be managed well by the company in order to accomplish a desired outcome. The thesis also includes a generic and coherent framework and it concludes with a comprehensive proposal which can be used as a tool for a successful selection and implementation of the new IS.

System dynamics modelling has been used for around 40 years to address complex, systemic, dynamic problems, those often described as wicked. But, system dynamics modelling is not an exact science and arguments about the most suitable techniques to use in which circumstances, continues. The nature of these wicked problems is investigated through a series of case studies where poor situational awareness among stakeholders was identified. This was found to be an underlying cause for management failure, suggesting need for better ways of recognising and managing wicked problem situations. Human cognition is considered both as a limitation and enabler to decision-making in wicked problem environments. Naturalistic and deliberate decision-making are reviewed. The thesis identifies the need for integration of qualitative and quantitative techniques. Case study results and a review of the literature led to identification of a set of principles of method to be applied in an integrated framework, the aim being to develop an improved way of addressing wicked problems. These principles were applied to a series of cases in an action research setting. However, organisational and political barriers were encountered. This limited the exploitation and investigation of cases to varying degrees. In response to a need identified in the literature review and the case studies, a tool is designed to facilitate analysis of multi-factorial, non-linear causality. This unique tool and its use to assist in problem conceptualisation, and as an aid to testing alternate strategies, are demonstrated. Further investigation is needed in relation to the veracity of combining causal influences using this tool and system dynamics, broadly. System dynamics modelling was found to have utility needed to support analysis of wicked problems. However, failure in a particular modelling project occurred when it was found necessary to rely on human judgement in estimating values to be input into the models. This was found to be problematic and unacceptably risky for sponsors of the modelling effort. Finally, this work has also identified that further study is required into: the use of human judgement in decision-making and the validity of system dynamics models that rely on the quantification of human judgement.

During the past five years risk management has evolved to such an extent that most companies have developed formal risk management systems whereby their risk identification processes are integrated into their objective setting processes, albeit with different forms of integration. The integration of the risk identification process into the objective setting process is an essential step in the risk management process as it facilitates the identification of those risks that may affect the achievement of business objectives and ensure that plans are developed to mitigate the risks identified. The management of risks is essential to the success of any business whether profit making or non-profit making. This study examines, by way of a case study, the extent to which a specific business unit, within an organisation has integrated its risk identification process into the objective setting process. It then explores the benefits that can be derived from integrating the risk identification process into the objective setting process. In support of the aims of the study the corresponding objectives are to determine the extent to which the unit of study has integrated the risk identification process into the objective setting process, to demonstrate the benefits of integrating the two process as well as recommendations on future research and guidelines on integrating risk identification into objective setting. The study concludes that the integration of the risk identification process into the objective setting process starts by setting business objectives and then followed by identifying those events that can negatively impact the achievement of objectives. The integration of the two processes can happen in practice and that there are benefits to the organisation that can be derived from the integration of the risk identification process into the objective setting process as observed by the study. For future research it is recommended that similar studies involving multiple case studies should be conducted to test the applicability of the integration model to a broader population. Other business units within ABSA, just like the Home Loans Division should use the risk identification integration model to identify business risks they are exposed to, that is, if they are not already doing so, taking into consideration their individual circumstances and business planning processes.
Thesis (MBA)-University of KwaZulu-Natal, 2007.

M.Com. (Business Management)
Risk management is an important factor in ensuring business and project success. Thus, risk management methodologies are constantly being developed and improved. In order to define the goals, specify the process and manage progress, it is necessary to have a clear view of the enterprise‟s current approach to risk, as well as a definition of the intended destination. Benchmarking offers the opportunity to determine the current maturity capability against agreed frameworks, and also provides a structured route to improvement. A generally accepted framework is needed in order for an organisation to benchmark its current maturity and capability in managing risk, and this framework should also assist in defining progress towards increased maturity. Being an assessment tool, a risk maturity model is designed to measure risk management capability and to provide objectives for improvement The purpose of the research is to identify, adapt and recommend a sound risk maturity model, together with an easily applicable and effective questionnaire for use to measure the risk capability maturity of a Life Insurer (“Liberty Life”). To achieve this aim, six risk management maturity models were identified through a literature review and the proposed model was further supported with long-term insurance specific attributes of risk management as advocated by leading corporate governance codes and regulations such as King III and the newly proposed Financial Services Board (FSB) Solvency Assessment and Management (SAM) regime. Despite the widening consensus on the value of risk management, effective implementations of risk processes into organisations are not common. The benefits of mature risk management have been discussed in Chapter 2. By adopting an exploratory approach, the researcher conducted a qualitative research project, in the form of an in-depth case study, on a multinational financial services organisation. Unstructured face-to-face interviews were held with senior executives and risk managers in order to gather data regarding what they perceive as key attributes, including acceptable measurement criteria, of a risk maturity model appropriate and effective for implementation in their organisation.

Proper records management plays a significant role in the auditing process, risk management and wider corporate governance. Despite this role, in South Africa, many governmental bodies are issued with disclaimer reports every year by the Auditor-General of South Africa (AGSA) due to a lack of supporting documentation. This problem is exacerbated by the exclusion of records management from the criteria for a sound financial management infrastructure in many governmental bodies. The other dilemma is that some records such as financial records, personnel records and electronic records usually fall outside the jurisdiction of the organisation’s records manager. Utilising the King Report III as a framework, this study sought to develop a framework to embed records management practices into the auditing process in the public sector of South Africa, with a view to entrench a culture of clean audits. The study relied on mixed methods research (MMR), with the quantitative study conducted first through informetrics analysis of audit reports, while the qualitative paradigm was used to substantiate numerical data. Data collection adopted a multi-approach with four key sources of data: a questionnaire, interviews, literature review and publicly available data from the consolidated general reports of AGSA. The study revealed that most governmental bodies have established internal audit units, audit committees and records management units, which did not work in unison. In most governmental bodies records management did not form part of the audit scope and records management professionals were not part of the audit committees. As a result, most governmental bodies continued to receive negative audit opinions from AGSA. The study recommends that records management community should utilise auditing and risk management as a springboard to propel records management to the new heights. A further empirical study on the role of auditing and risk management in records management that embraces both the private and public sectors is recommended.
Information Science
D. Litt. et Phil. (Information Science)