• The KIPS Transactions:PartC
• /
• v.10C no.2
• /
• pp.125-132
• /
• 2003

In the paper, we can select the best safeguard as proposed the definite and systematical method and procedure on risk mitigation of risk management for information system. The practical risk mitigation methodology has a good fulfillment procedure and a definition to fulfill procedure on each phase. So, it is easy to fulfill and can apply to any risk management methodology. The practical risk mitigation is composed of 6 phases, which are the existing safeguard assessment, safeguard means selection, safeguard technique selection, risk admission assessment, cost-effective analysis and safeguard embodiment. The practical risk mitigation's advantages are as follow. Efficient selection of safeguards to apply to risk's features with safeguard's means and techniques before embodying safeguards. Prevention of redundant works and security budgets waste as re-using the existing excellent safeguards through the existing safeguard assessment. Reflection of organization's CEO opinions to require special safeguards for the most important information system.

• Proceedings of the Korea Inteligent Information System Society Conference
• /
• 2003.05a
• /
• pp.338-346
• /
• 2003

Information Technology (IT) and the internet have been major drivers the changes in all aspects of the business processes and activities. They have brought major changes to the financial statements audit environment as well, which in turn has required modifications in audit procedures. There exist, however, certain difficulties with current audit procedures especially for the assessment of the level of control risk. This assessment is primarily based on the auditors' professional judgment and experiences, not based on the objective hies or criteria. To overcome these difficulties, this paper proposes a prototype decision support model named CRAS-CBR using case based reasoning (CBR) to support auditors in making their professional judgment on the assessment of the level of control risk of the general accounting system in the manufacturing industry. To validate the performance, we compare our proposed model with benchmark performances in terms of classification accuracy for the level of control risk. Our experimental results showed CRAS-CBR outperforms a statistical model (MDA) and staff auditor performance in average hit ratio.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.4
• /
• pp.555-562
• /
• 2023

The Railway Safety Act of 2014 strengthened the 'Railway Safety Management System' to establish autonomous safety management for railway operators and railway facility managers. Accordingly, it is required to establish and implement risk assessment and safety measures for risk management. However, the current risk assessment system is carried out at the fragmented safety management level within individual fields, which has caused difficulties in establishing and implementing risk assessment and safety measures. In addition, the technical standards of the safety management system stipulate that risk assessment of railway operators is mandatory, so standardized standards for risk assessment of railway facilities and railway vehicle maintenance are needed. Therefore, in this paper, we first verified railway risks by analyzing railway accident data for the last 10 years, and proposed a standardized framework to effectively assess and manage risks through a case study of a condition-based smart maintenance system developed based on railway vehicle maintenance data.

• Asia pacific journal of information systems
• /
• v.5 no.1
• /
• pp.112-128
• /
• 1995

The information system control includes organizational structure, control mechanism, and management tools which contribute to accomplish the goals of information system: asset safeguarding, data integrity, effectiveness, and efficiency. Information system audit is the process to evaluate whether the information system accomplishs the goals. Information system auditor examine the reliability of information system control and suggest recommendations to improve the information system control. Both information system control and information system audit activities contribute to prevent and detect the computer crime for the organization. This paper proposes a causal model of information system control/audit and the perceived risk of computer crime, and tests the model using a survey on 38 financial institutions in Korea. Statistical results show that information system control and audit significantly reduce the computer crime risk perceived by the user group. The general control has a stronger impact than the application control. In addition, it turns out that the greater the deviation between the importance and the actual level of information system control is, the higher the perceived risk of computer crime is.

• Industrial Engineering and Management Systems
• /
• v.12 no.2
• /
• pp.103-111
• /
• 2013

This paper discusses how to manage supply chain disruption risks from natural disasters or other low-likelihood-high-impact risk drivers. After the catastrophic earthquake in Eastern Japan and the severe flood in Thailand, most companies have been attempting to re-establish the business continuity plan to prevent their supply chain from disruption. However, the challenges for managers and individual risks are often interrelated, and thus, actions that mitigate one risk can end up being no contribution as a whole. In this paper, we describe a framework for assessing how much impact individual mitigation strategies have on the entire supply chain protection against disruption, using network reliability. We propose three categories of risk-mitigation approaches: Stabilization, Absorption, and Duplication. We analyze the situation under which each of these strategies is the best suitable. With a clear understanding of relations between these mitigation strategies and the entire supply chain risks, managers can select effective risk-reduction approaches to their supply chain.

• Proceedings of the Safety Management and Science Conference
• /
• 2009.11a
• /
• pp.203-208
• /
• 2009

Government and company are unfolding greenhouse gas reduction activity to prevent the effects of global warming. Also, verification business through greenhouse gas inventory construction is spreaded variously. Greenhouse gas verification proceeds by document examination, risk analysis, field survey. Document investigates emission information, calculation standard, emission report, data management system. And through risk assessment result, establish field verification plan. Through study on risk assessment of greenhouse gas inventory verification, wish to reduce risk of verification.

• Proceedings of the Korean Institute Of Construction Engineering and Management
• /
• 2004.11a
• /
• pp.384-387
• /
• 2004

It is very important to manage the risk in building construction because construction process has too many internal risk compared with others. So construction managers need more developed risk management system than the Present. While the study for the solution and management of generated risk is comparatively enough, the effort to confirm the risk of construction phase on pre-construction phase haying an major effect on total duration, is insufficient. For supporting the schedule risk management of pre-construction, this study suggests the reclassified risk breakdown structure and the investigation form for advance preparations on pre-construction Phase, which help the Poorly experienced construction manager to make more correct decisions and efficiently to execute risk management.

• Korean Journal of Construction Engineering and Management
• /
• v.9 no.4
• /
• pp.101-110
• /
• 2008

In order to achieve the best performance of a project, uncertainties involved in the building construction process need to be identified in the planning phase of the project. Risk management plays a significant role in construction to minimize risk occurred due to uncertainties of a project. Although the importance of the risk management has been known to the construction industry, a more effective system should be developed to meet the demands of the industry. The purpose of this study is to develop the effective risk management system for scheduling the construction processes. The study provides a tool that can optimize the management system which would assist managers to identify schedule risks in the planning phase of the project.

• Korean Journal of Construction Engineering and Management
• /
• v.1 no.1 s.1
• /
• pp.53-62
• /
• 2000

This study proposes FREES(Fuzzy Risk Evaluation Expert System) for analyzing and evaluating risks occurring during the construction process. The feasibility of this system model was tested by virtual scenario. For the development of the model, at first, risk breakdown structure was established based on risks identified in the existing researches, that is quantitative and qualitative. FREES can reflect human cognition process in the risk analysis and evaluation by adopting artificial intelligence fuzzy theory, differentiating the existing quantitative analysis model. The FREES can be applied to all the project phases from planning to operation & maintenance stage.

• Journal of Korean Tunnelling and Underground Space Association
• /
• v.22 no.2
• /
• pp.155-170
• /
• 2020

In this paper, a risk management system applicable to NATM tunneling projects is proposed. After investigating case histories in NATM tunnel collapse, this paper analyzes the potential risk factors and their corresponding risk events during NATM tunnel construction. The risk factors are categorized into three groups: geological, design and construction risk factors. The risk events are also categorized into four types: excessive deformation, excessive deformation with subsidence, collapse inside tunnels, and collapse inside tunnels with subsidence. The paper identifies risk scenarios in consideration of the risk factors and proposes a risk analysis/evaluation method for the NATM tunnel risk scenarios. Based on the evaluation results, the optimal mitigation measure to handle the risk events is suggested. In order to effectively facilitate a series of risk management processes, it is necessary to develop a risk register and a management ledger for risk mitigation measures that are customized to NATM tunnels. Lastly, the risk management for an actual NATM tunnel construction site is performed to verify the validity of the proposed system.