Erasmus Multilateral Projects Virtual campuses Reference Number of the Project: 134350- LLP-1-2007-1-HU-ERASMUS-EVC Title of the Project: Virtual campus for SMEs in a multicultural milieu ( SMEdigcamp ) This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which may be made of the information contained therein. CONTENT PAPER OF THE MODULE Management Information Systems and Risk management Head of the quadrangle: Bernard QUINIO (FR) Members of the quadrangle: András JÁNOSA(HU) János IVANYOS (HU) Jay MITRA (UK) Gunnar PRAUSE (DE) Description of the content: This module has tow parts: one on Information System and one on Risk Management. The Information System s part give the main skills necessary for manage Information system in Small and Medium Enterprises (SME). The risk Management s part give the main skill for apply risk management principles and tools in SME. Knowledge acquired during the module: Management Information System How to manage information system in SME How to participate at a project of information system How to use security rules for SME Risk management How to apply risk management principles and tools. How to set objectives, risk appetite and risk tolerance. How to perform risk assessment and define risk responses How to internal control system is embedded into risk management. How to evaluate effectiveness of risk and control systems.
Pre-requisites: Management Information System Good use in professional context of personal computer, Internet and office suite Use of spreadsheet, data base system and internet for management issues Modeling and advanced use of spreadsheet for finance and control budgeting Risk management Strategic management. Financial management. Organization and Management Process assessment. Working method: For each chapter of this module, the mains principles are exposed with a lot of examples, then relevant internet links are indicated in order to see these principles in the real life. After that, some quiz and exercises are proposed in order to use tools in practical context. Evaluation: The evaluation has two parts: one quiz to evaluate the knowledge of main principles exposed and one case study. Structure of the module Management Information System (credits 2) 1. Organizing and leading the Information System (IS) for SME 2. Applications of IS in SME 3. Management project 4. Security and control of IS Risk management (credit 2) 1. The Purposes of acquiring Risk Management knowledge 2. Fundamental concepts of Risk Management categories 3. Achievement of Entity s interrelated objectives 4. Components of Risk Management: 5. Assessment of Risk Management capability Recommended bibliography: In French: Encyclopédie des Systèmes d Information, Editions Vuibert coordonné par J. AKOKA et I. Commyn Wattiau, 2007 Marciniak et Rowe (2005) Systèmes d'information, Dynamique et Organisation, Economica, 2005, seconde édition Quinio et lecoeur (2003)«Projet de Système d'information : Une démarche et des outils pour le chef de projet» Alain Lecoeur et Bernard Quinio (Vuibert, Paris 2003). «Manuel de gestion d entreprise», trois chapitres sur les Systèmes d Information, ouvrage collectif coordonné par l AUPELF (2004). In English: Laudon Laudon (2006) Management Information Systems, 9/e, Pearson prentice hall
Detailed content: Management Information System (credits 2) Chapter 1 Organizing and leading the Information System (IS) for SME Have a perfect knowledge of Information system s concepts How to organize an Information System in SME How to manage outsourcing of IS functions How to manage service provider for SME Definitions and Key issues of IS for SME Information for management and Information System Key issues for SME Organization of IS function in firm Budget and costs of IS function How to manage outsourcing of IS Characterization of IS provider IS activities and their outsourcing How to manage service provider IS Governance in SME: rules and tools Chapter 2 Applications of IS in SME Have a good knowledge of main IS application in SME For each application, know the key success factors For each application, know the main products and editors The use of application is not an objective of this chapter Technical infrastructure of IS in SME Technical point of view of Infrastructure Cartography of soft application How to choose between open system and proprietary one? How to choose between package software and specific development? IS application for decision Executive Information System (EIS) Expert system Knowledge management Business intelligence Data analysis and data mining Is application for tow mains functions Customer relationship management (CRM) E-business and Web site Supply chain management (SCM)
IS application for integration Inside the firm: Entreprise Ressource planning (ERP) Outside the firm: Electronic data interchange (EDI) The E-business market place Chapter 3 Project management How to manage an information system s project How to apply management project tools The risk analysis is treated in the Risk Management part Definition of the main concepts of project management How to prepare a project Precise the objectives of the project: Why and where do you act Identify the type of the solution: How do you act Identify human and technical resources: With who and what do you act How to construct the project How to manage Project? Project direction Project management Planning (Pert and Gantt) Cost control Change management and human factors How to install and to use the result of the project Chapter 4 Security and control of IS How to apply security rules and tools in SME How to find information and advices on security Rules of security: hard, soft and organization Human s factor of security Internals and externals attacks Law for IT security Backup of data and software Restart and maintain the activity Use of COBIT for SME Use of ITIL for SME
Risk Management (credits 2) Chapter 1 The Purposes of acquiring Risk Management knowledge Aligning risk appetite and strategy Management considers the entity s risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanisms to manage related risks. Enhancing risk response decisions Enterprise risk management provides the rigor to identify and select among alternative risk responses risk avoidance, reduction, sharing, and acceptance. Reducing operational surprises and losses Entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses. Identifying and managing multiple and cross-enterprise risks Every enterprise faces a myriad of risks affecting different parts of the organization, and enterprise risk management facilitates effective response to the interrelated impacts, and integrated responses to multiple risks. Seizing opportunities By considering a full range of potential events, management is positioned to identify and proactively realize opportunities. Improving deployment of capital Obtaining robust risk information allows management to effectively assess overall capital needs and enhance capital allocation. Chapter 2 Fundamental concepts of Risk Management A process, ongoing and flowing through an entity Effected by people at every level of an organization Applied in strategy setting Applied across the enterprise, at every level and unit, and includes taking an entitylevel portfolio view of risk Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite Able to provide reasonable assurance to an entity s management and board of directors Geared to achievement of objectives in one or more separate but overlapping categories Chapter 3 Achievement of Entity s interrelated objectives Strategic high-level goals, aligned with and supporting its mission Operations effective and efficient use of its resources Reporting reliability of reporting Compliance compliance with applicable laws and regulations.
Chapter 4 Components of Risk Management: Internal Environment The internal environment encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. Objective Setting Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity s mission and are consistent with its risk appetite. Event Identification Internal and external events affecting achievement of an entity s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channelled back to management s strategy or objective-setting processes. Risk Assessment Risks are analysed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis. Risk Response Management selects risk responses avoiding, accepting, reducing, or sharing risk developing a set of actions to align risks with the entity s risk tolerances and risk appetite. Control Activities Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out. Information and Communication Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity. Monitoring The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both. Chapter 5 Assessment of Risk Management capability Using COSO framework as reference model Mapping entity s objectives to capability levels Assurance engagement Consulting engagement