Applying DSM methodology to rank risk of internal controls in critical infrastructure enterprises

DSM 2015: Modeling and managing complex systems - Proceedings of the 17th International DSM Conference Fort Worth (Texas, USA), 4-6 November 2015

Year: 2015
Editor: Browning, T. R.; Eppinger, S. D.; Schmidt, D. M.; Lindemann, U.
Author: Dister, C. J.; Jablonski, A.; Browning, T. R.
Series: DSM
Section: Managing Failures and Risks in Complex Systems
Page(s): 123-136


Global infrastructures (finance, health, energy) require the enterprises involved to have complex risk management systems. To verify that these enterprise risk management systems are working properly, external auditors are often deployed to monitor their internal controls. But the number of controls and the number of requirements, and the weighted interconnection between all of these parts, are highly complex and dynamic. Although auditors typically have excellent background and sound judgment, the complexity of the risk control network is exceeding human capacity to make sound heuristic judgments in many organizations. Additionally, several industries are experiencing shortages in auditor talent as the workforce ages. DSM methodology provides a powerful approach to guide auditors in prioritizing which controls they investigate (audit scope), how deeply they examine these controls (audit depth), and how often they audit (audit frequency), while capturing this knowledge for future generations.

Keywords: Enterprise Risk Management, Internal Controls, Audit Scope, Audit Frequency, Audit Depth, Critical Infrastructure, Risk Monitoring, Aging Workforce

Please sign in to your account

This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties. Privacy Policy.