Projects
Our current projects
Empirical studies
Market Study Risk Management Information Systems 2016
The complexity and diversity of risk structures require software support for risk management if a company wants to handle risks professionally. For this purpose, risk management information systems (RMIS) exist to support companies in documenting and forecasting the risk situation and to better manage risks and countermeasures. The market for RMIS is highly fragmented, as there are solutions for different company sizes on the one hand and industry-independent or industry-specific offerings on the other. For this purpose, we already analysed nine RMIS for the supply chain in 2009. In our current project, we are expanding the analysis and looking at the global market for RMIS. In a first step of our analysis, we identified the relevant RMIS providers. In the next step, a survey of the range of services is currently being conducted on the basis of a questionnaire, which will make it possible to obtain a well-founded overall view of the RMIS market. For our research, the status quo in software support for risk management is to be ascertained in this way. The publication of the market overview is intended to provide potential customers with an up-to-date decision-making aid.
Study Risk Management in Public Universities
Public universities are operating in an increasingly competitive environment and are faced with uncertain funding, which in recent years has developed towards an increasingly performance-oriented distribution of funds. Thus, state universities also face risks that need to be identified, analysed, managed and controlled by their own risk management system. The study deals with the identification and analysis of university-specific risks. The literature has not yet provided a systematic identification and analysis of risks in the university environment, which is why this article is intended to fill a gap. In addition to the structured review, an empirical analysis is conducted among all universities in Germany in order to assess the significance of the identified risks by those responsible for risk management at the universities. Based on expert interviews with representatives of state universities, we identify potential for improvement in risk management at state universities.
Internal Risk Management
Integration of Risk Aspects into Business Process Modelling
One of the biggest challenges in risk management is to identify and capture risks. Often, companies lack a structured, comprehensive and systematic approach to capture, document and process risks. Especially in the operational area, where risks frequently arise, risk information should be collected. Within the framework of business process management, processes are modelled and documented in a notational language. Although several approaches have existed for several years on how to integrate risk aspects into business process models, these approaches are neither comprehensive nor systematically aligned with the requirements of risk management frameworks such as COSO ERM or auditing standards. In this project, the requirements for modelling risks in business processes are derived from the widely used framework COSO ERM and an extension of the world's leading business process notation BPMN 2.0 is designed to close this gap.
Risk Cost Accounting: A Risk Management Information System Based on Risk Costs
The recording and documentation of risks forms the basis of operational risk management. By integrating the risk aspect into business process modelling beforehand, particularly high-risk areas can be identified. In this project, a risk cost accounting system is being designed that can be established as a shadow accounting system in addition to the classic cost accounting system if the risks are quantified appropriately. This should then provide detailed information about the risk situation in the company and the risk liability of individual areas. With the help of this shadow accounting, the quantified risks can ultimately be taken into account in pricing.
Risk Responsibility Accounting
If risks and their interrelationships are known, quantified and the place of their occurrence is clear, countermeasures can be taken. The problem here is that risks often arise in other organisational units. A responsible person would therefore have to finance measures from his budget that counteract risks for which his unit is not responsible. Based on the recorded risk-cause-effect chains, a risk-responsibility calculation is therefore designed in this project that takes this problem into account. Risks that occur in units where they were not caused are attributed to the units that are responsible for their occurrence and have not taken appropriate measures against them. This creates an incentive system for those responsible to also combat risks that originate in their own environment but cause damage in other units.