-
Business Activities
Operating Processes
Management and Support Services
Projects
-
BA - Operating Processes
Understand Environment, Develop Strategy, Design Product or service, market and sell
Mftg - process which it makes and sells product
Service - process market and deliver service
-
BA - Projects
For unique jobs
Project Operate: asset for itself(drill oil well and use)
Project Delivery: asset to pass off(engineer makes coaster then passes to park)
-
BA - Mgmgt Support Services
Activities that oversee & support org core value
HR, IT, Legal, Governance
-
Business Model
Auditors must understand to add value
- Is org vision, mission and values
- what they sell, how they market and supply/delivery
-
Top Down Approach (Processes)
- Top down: org objective to key processes
- risk: overlooking processes that are critical
-
Bottom-Up Approach (Processes)
- Down up: begin by looking at all processes at the activity level.
- id documentation by process owners
-
Once Processes are ID, you determine what next
Key objectives of the processes: why does it exist, how does it contribute etc.
-
Once the objectives are understood, next step is to understand
inputs/outputs of process and specific activities needed to achieve the process objectives
-
Order of business model
- Id Processes
- Determine key objectives of processes
- Understand inputs/outputs of processes
- Evaluate business risks
- Asses risks: impact & likelihood
- Link risks to specific objectives
- Develop responses to risk
-
Once processes are id they should be
Documented: by process owner
-
Documentation options
Process Maps: visual(flow chart)
Process Narratives: written (oral part of flow)
Can be high level or detailed level
-
Process Maps should have
- Mapping Symbols
- Flow from left to right or top to bottom
-
Business Risk
- Strategic
- Compliance
- Reporting
- Operation
-
Strategic Risk examples
- External: competition, technology
- Internal: Reputation, Governance
-
Compliance Risk examples
- External: Regulatory, Litigation
- Internal: Ethics, Fraud
-
Reporting Risk examples
- External: Acct/Finc Reporting, Taxation
- Internal: Budgeting, Performance Issues
also has Information Resources
-
Operation Risk examples
- Process: Supply chain,Cycle time
- People: Manpower, communications
- Financial: Interest rates, commodity pricing
-
Assess Risk
Impact and Likelihood
3-5 categories (low, med, high)
-
Likelihood of risk
- Can be evaluated by assessing the odds or probability of the risk impact occuring
- x axis put in ranges (ex: remote 0-10%)
-
Impact of Risk
- adverse effect of risk if it occurs
- Y axis needs boundaries
-
Risk assessment Model
Matrix of impact (y-axis) and likelihood (x-axis)
combination of impact and likelihood determines importance/significance of risk
-
Once risk is identified
- Like risks with specific objectives
- use matrix:
- y-axis - objectives
- x-axis - risks
-
Once risks are Id
Develop responses
-
Risk Responses Types
Avoidance: exit product line or sell division
Reduction: Action taken to reduce likelihood or impact
Sharing: Outsource, hedge, buy insurance
Acceptance: no action taken
-
Mapping business risk to business process
To determine if risks are being managed correctly
use Matrix with risk on top and process on left (key link and secondary link)
EX: Int rates volatile + pricing based on int rates = a link
-
Key Link
those in which the process plays a direct and key role in managing risk
-
Secondary Link
Ones in which the process helps to manage the risk indirectly
-
Can we use this for engagements
YES
-
Business Processing Outsourcing
Act of transferring some of an organizations business processes to an outside providers
|
|
