Security Requirements Elicitation from Engineering Governance, Risk Management and Compliance

Author(s):  
Ana-Maria Ghiran ◽  
Robert Andrei Buchmann ◽  
Cristina-Claudia Osman
2014 ◽  
Author(s):  
Kilian Bizer ◽  
Martin Führ

Dieser Leitfaden beschreibt in kompakter Form, wie eine „interdisziplinäre Institutionenanalyse“ praktisch anzulegen ist: Welche Analyse- und Prüfungsschritte sind zu durchlaufen? Um welche Fragen geht es jeweils und welche Rolle spielen empirische Befunde dabei? Die Darstellung orientiert sich an der Aufgabenstellung, vor der der Gesetzgeber im Rahmen einer Gesetzesfolgenabschätzung (wie sie etwa in § 44 der Gemeinsamen Geschäftsordnung der Bundesministerien oder in den Leitlinien der Europäischen Kommission vorgeschrieben ist) steht. Die Analyse- und Prüfungsschritte sind in gleicher Weise aber auch nutzbar, wenn es um Gestaltungsprobleme in Unternehmen (etwa Fortschreibung der Rahmenbedingungen im Kontext von „Governance, Risk Management, Compliance“ – GRC), Kammern und anderen Vereinigungen sowie in Behörden geht. Am Ende des Kompaktleitfadens erläutert ein Glossar Schlüsselbegriffe der Institutionenanalyse. Dort finden sich auch „Lesetipps“ zu weiterführender Literatur.


2021 ◽  
Vol 10 (03) ◽  
pp. 342-366
Author(s):  
Shayan Khan Kakar ◽  
Javed Ali ◽  
Muhammad Bilal ◽  
Yasmeen Tahira ◽  
Muhammad Tahir ◽  
...  

2019 ◽  
Vol 8 (1) ◽  
pp. 1-24
Author(s):  
Rubeena Tashfeen ◽  
Saud Hayat ◽  
Afreen Mallik

This study examines the effectiveness of the corporate governance structure when coping with any potentially unexpected events. For the purpose of this research, an event study has been conducted in order to investigate the market responses of various firms through the Cumulative Average Abnormal Return (CAAR) of the stocks listed on the Pakistan Stock Exchange (PSX). The stocks data under consideration is that which was presented after the assassination of Benazir Bhutto in 2007. The overall results indicate that firms that are governed conventionally do not perform well in the markets during a crisis situation. In our comparison of conventionally, and non-conventionally governed firms, the overall pooled results show that the former record a lower CAAR. This, in short, indicates that conventional corporate governance structures may not be equipped to take timely and dynamic actions that are deemed necessary in the face of a crisis. Moreover, our results suggest that firms which have less diversified ownership, and governance mechanisms are less vulnerable to such unanticipated events. There are two reasons that support our hypotheses: first, strict governance mechanisms, and a resultant cautious/conservative approach may not allow firms to take timely and proactive decisions during these situations and second, there is a lower chance of existing agency problems, as family owners would be working for the protection of their own wealth during these events. Therefore, our findings ultimately reveal that the conventional corporate governance structures that work during normal time period, may become ineffective during a crisis. This study, aims to fill a gap in the literature in order to provide fresh insights into the stock market dynamic, and corporate governance risk management. Furthermore, it also highlights the benefits of family owned structures, and unconventional corporate governance systems, that may outperform conventional governance structure in some situations. This, however, raises the question whether one governance framework could be the correct fit in all the situations.


Author(s):  
Anders Esmark

Setting a new benchmark for studies of technocracy, the book shows that a solution to the challenge of populism will depend as much on a technocratic retreat as democratic innovation. Esmark examines the development since the 1980s of a new 'post-industrial' technocratic regime and its complicity in the populist backlash against politics and political elites that is visible today. The new technocracy – a combination of network governance, risk management and performance management – has, the author argues, abandoned the overtly anti-democratic sentiments of its industrial predecessor and proclaimed a new partnership with democracy. The rise of populism, however, is a clear sign that the inherent problems of this partnership have been exposed and that technocracy posing as democracy will only serve to exacerbate existing problems.


2021 ◽  
Vol 39 (11) ◽  
Author(s):  
Mahammed Adil Mohammed ◽  
Thamer Kadhim Al-Abedi ◽  
Hakeem Hammood Flayyih ◽  
Hussein Ali Mohaisen

This study aims at searching in different editions of internal control frameworks and its relation with governance and risk management by dividing the study into three themes. The first one includes studying each framework in terms of the concept of internal control, elements and goals and what makes it different form the latter. The second concerns the relation of internal control with governance and the importance of what it provides to economic unity. The third one and the last regards the relation of internal control to risk management framework and what economic unity will achieve if it managed its risks properly through presenting a number of academic studies that dealt with the subject of the study. The design of this paper depends on reviewing literature during the period (2012-2019) and analyzing results concluded by these literatures concerning the study of internal control framework and its relation with governance and risk management. The study concluded that economic unity cannot achieve its goals and maintain success without an effective management of risks, control and governance. Board of directors and administration both need each other to apply governance, risk management and control effectively.


2011 ◽  
Vol 12 (1) ◽  
pp. 115-125 ◽  
Author(s):  
Sam Lubbe ◽  
Osden Jokonya

The relationship between Information Technology (IT) Governance, Risk Management and Compliance (GRC) and organisation business values continues to interest academics and practitioners (IT Governance Institute, 2003). Like governance, risk management and compliance generally, IT GRC is about the decision rights and accountabilities that encourage desirable behaviour in the use of IT (IT Governance Institute, 2003). A case study approach was used in an organisation with many business units. The organisation selected is a mining company, RioZim, situated in Zimbabwe. Data was collected from business units on IT issues and business values. The interviews centred on the IT GRC practices based on responsibility and authority for IT decision making. The results suggest that IT GRC does not adequately support business values. The study revealed that business values should drive IT GRC and IT GRC should be the responsibility of executives and all business units.


Sign in / Sign up

Export Citation Format

Share Document