Human Resources Management and Payroll Cycle
The Human Resources Management (HRM) and the Payroll Cycle, which represent two connected but autonomous subsystems, are one of the five core transaction cycles inherent in every organisation. According to Romney and Steinbart (2015, p.443) they can be defined as “a recurring set of business activities and related data processing operations associated with effectively managing the employee workforce”. In this process the HRM system conducts all tasks which can be grouped into recruiting, training, job assignment, performance evaluation and discharge of employees. The major activities of the payroll system concern compensation as well as allocation of personnel cost to products and departments. Since
…show more content…
First, an increase of the workforce implies that the new employees must be trained to maintain the established security-aware culture. Secondly, an expansion as well as a stock exchange introduction will lead to new roles and tasks that have to be integrated in the organisational structure and might create a lack of clarity concerning accountability and responsibility. Finally, the firm would be subject to even more sophisticated laws and regulations as for instance the Sarbanes-Oxley Act (SOX) for the US stock market, due to its Initial Public Offering (IPO) (Romney & Steinbart, 2015).
The previously outlined aspects build the foundation for the crucial management questions of how the substantial company-specific risks can be identified and also how suitable control mechanisms can be determined and implemented. To solve this issue and to introduce an effective as well as reliable control system is the requirement for the applied framework. Keeping this in mind the two most common frameworks, namely COSO and COBIT are presented and their applicability is discussed.
Committee of Sponsoring Organizations (COSO)
…show more content…
It emphasises the enterprise-wider management of threats and also the risks resulting from the market environment. Moreover, it reveals the relevance of employees as a key influencing factor of a reliable control system (Romney & Steinbart, 2015). Therefore, the evaluation is based on the COSO ERM framework.
Control Objectives for Information and Related Technology (COBIT) framework
The second approach to implement an internal control system is the Control Objectives for Information and Related Technology (COBIT) framework. It was introduced in 1996 by the Information Systems Audit and Control Association (ISACA) with a clear focus on IT-related issues concerning governance and management (Romney & Steinbart, 2015). Similar to COSO it is constantly evolving and broadens its view to provide more comprehensive guidelines as outlined in Figure 3. The current COBIT 5 version is not only widening the perspective, but also enables the integration of related models such as Val IT and Risk IT into the framework, thereby reinforcing the effectiveness and reliability of the concept (ISACA, 2006). Furthermore, COBIT 5 shifts the focus even further on a company-wide level and fosters the reconciliation of the IT landscape with the business needs and stakeholder requirements (Zororo, 2015). As a consequence, the following discussion always refers to the COBIT 5
Introduction A company’s success is measured by how well it is structured and organized in order to adapt to the changes in environment as well as the changes within itself such as the company’s scale, employees, product scope, etc. Having a suitable, well-structured organizational frame will not only increase the chance of being success but also prolong the company’s lifespan compared to an un-structured one. It is important to note that an organization’s structure needs to fit in with the current situation and does not necessarily required remain unchanged over time. Taking Dynacorp as an example, even though its functional structure contributed to the vast growth of the company at the start, its limitation in dealing with the changes within
Process Controls (PC) each COBIT process has genetic control requirements that are identified by PCn for process control number. They should be considered together with the process control objectives to have a complete view of control requirements. 6. Application Controls(AC) COBIT assumes the design and implementation of automated application controls to be responsibility of IT, which is covered in the Acquire and Implement domain based on business requirements defined using COBIT’s information criteria. The COBIT IT processes cover general IT controls, but only the development aspects of application controls.
For operational purposes, the company collects and stores confidential information about their customers, employees, suppliers, and vendors. For purposes of their rewards program, the company collects sensitive and confidential consumer information. Although security measures and information technology systems have been put in place to ensure secure transmission and storage of confidential information, security breaches, computer viruses, or even human error can occur. Any of these events could cause data to be lost or stolen, as well as disclosed and used with malicious intent. Such occurrence could lead to litigation, fines, increased security costs, and damage to
After reading the case study of the PCNet Project, we will examine how critical success factors apply to the case study. The first area is setting clear objectives for risk management. With this factor we set strategic, financial, operational, and other objectives during the strategic and annual planning processes and throughout the year for a company. With these objectives we need to ensure that there is the process of identifying risks to our objectives, evaluating the impact of those risks and choosing a response. Some of the actions the company needs to be ready to respond to are avoidance, mitigation, or acceptance.
Protiviti is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through their network of more than 70 offices in over 20 countries, they have served more than 40 percent of FORTUNE 1000® and FORTUNE Global 500® companies. They also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half. Founded in 1948, Robert Half is a member of the S&P 500 index.
The first step that the auditor should take is to gather as much information about any security procedures and policies that may have been in use following the information collected from the records available. Since each policy may have a different aspect that it works on, the findings from the audit may present evidence that may be vital in identifying the existing procedures or the absence of any policies or procedures. The existence of policies and procedures enables a company to reduce the occurrence or the impacts of a given risk. The lack of such policies may lead to reduced risk management
h. Preventive controls such as proper training and educating employees so they understand to never use a USB if they don’t know where it came from or what is on it. Antimalware or spyware software can be used for security protection. i. Preventive controls such as proper training and implementation of CIRT so that employees know where to go when an attack occurs. Corrective controls such as practicing the incident response plan and alert process can help when attacks occur and help identify gaps in the plan so they can be fixed for when a real attack happens. j. Preventive controls such as testing the systems and securing access by requiring proper verification of the users attempting to obtain dial-in access.
INTRODUCTION Human resource management is the strategic approach to the management of an organization 's most valued assets - the people working there who individually and collectively contribute to the achievement of the goals of the business (Armstrong, M., 2006). In other words, human resource management is a to work with employees, and for the employees, to help them solve their problems. Therefore, human resource is a complicate department, as they deal with people who already work there, they also deal with several issues which happen among new employees, such as recruitment, selection and so on. Nowadays, employee retention becomes one of the most significant issue in the organizations, and managers are aiming to find the best employees
Contemporary management involves many aspects of management. These aspects include planning, leading, organising and controlling operations to achieve certain organisational goals. When comparing different management levels it is evident that at all levels emphasise the importance of using resources effective and responsibly. Managers should be able to build their own as well as their subordinates’ skills, regarding decision making, monitoring information and supervising personnel are which are essential to success. Managers have great responsibilities, these responsibilities include managing a diverse work force, maintaining a competitive edge, behaving ethically and using emerging technologies.
1.4.1 Literature Review HRM practices are a process of engaging, motivating, and maintaining employees to ensure the organizational survival (Schuler and Jackson, 1987). According to (Delery and Doty, 1996) HRM practices are prepared and implemented in a way that human capital plays important role in achieving the goals and objectives of the organization. The appropriate use of HRM practices strongly influence the standard of employer and the degree of employee commitment (Purcell, 2003). HRM practices like, training and development, performance appraisal allow the employees to do better in order to enhance the organizational performance (Snell and Dean, 1992; Pfeffer, 1998).
A system to check and balances the benefit of all the board of directors and to avoid some of top management from making decisions that only benefit themselves is created and named corporate governance. Corporate governance means the system of rules, practices and processes by which a company is directed and controlled. The set of rules provided as a guidelines for the board of directors to make sure that accountability and fairness in a company’s relationship with its stakeholders such as financiers, customers, management, employees, shareholders and also society in order to achieve company’s goals and targets in a manner that add a value to the company. All of the stakeholders play an important role in corporate governance to ensure that