Applying DSM methodology to rank risk of internal controls in critical infrastructure enterprises
Editor: Browning, T. R.; Eppinger, S. D.; Schmidt, D. M.; Lindemann, U.
Author: Dister, C. J.; Jablonski, A.; Browning, T. R.
Section: Managing Failures and Risks in Complex Systems
Global infrastructures (finance, health, energy) require the enterprises involved to have complex risk management systems. To verify that these enterprise risk management systems are working properly, external auditors are often deployed to monitor their internal controls. But the number of controls and the number of requirements, and the weighted interconnection between all of these parts, are highly complex and dynamic. Although auditors typically have excellent background and sound judgment, the complexity of the risk control network is exceeding human capacity to make sound heuristic judgments in many organizations. Additionally, several industries are experiencing shortages in auditor talent as the workforce ages. DSM methodology provides a powerful approach to guide auditors in prioritizing which controls they investigate (audit scope), how deeply they examine these controls (audit depth), and how often they audit (audit frequency), while capturing this knowledge for future generations.