|
|
|
 |
||||||||||||||||||||||||||||||||||||||
Fundamental Model In this section we introduce our Fundamental Model. Let us start by supposing that an organisation carries out a range of business activities. Let the cost of such activity be Cba. Cost may be expressed in terms of money and/or resources (e.g. volunteer work). It will generate some business benefit B. If the organisation is a company, then B corresponds to profit, P, and is related to the cost of the business activities through revenue R: P = R – Cba The organisation deploys an Internal Control System (ICS). This has an associated cost, Cics, which increases the cost of doing business Cba + Cics In the context of a company this has the effect of reducing profit, see Figure 1.
Let E be a set of events: E = {e1, e2, e3, ... ej, ...}. Each event ej occurs at some time Tej and if the damage that it causes is not fixed by time Tfj, where Tfj is less than some time Twj (where ΔTwj = Tfj - Tej is referred to as the time window), the event will cause a loss of business benefit, Ipj (referred to as the impact penalty). See Figure 2.
The impact penalty may take a variety of guises. For example, it could:
Moreover, the event may also have an immediate impact on the net worth of the organisation, for example because property is destroyed or money is stolen. For simplicity, we model these asset losses as an impact penalty. As shown in the insert in Figure 2, there may also be consequential impacts, for example other customers in the future do not buy, the stock markets collapse, there is a general strike, etc. The objective of an ICS is to control activities and detect unwanted results. An ICS is never perfect and therefore certain events will not be detected by it. Those it does detect are detected at times Tdj (where Tej < Tdj ). See Figures 3 and 4.
If the ICS does not detect the event, Management is deemed to be cognisant of the event at time Tmj (where Tej < Tmj). See Figure 4. The cost of the ICS detecting the event is included in Cics. The cost of fixing the damage caused by the event is Cfj. See Figures 3 and 4. The damage cannot be fixed unless the associated event has been detected, i.e. Tdj < Tfj and/or Tmj < Tfj. See Figures 3 and 4. The impact of the event depends on when that event is detected. Specifically:
Note that in this second case the time at which the event is detected TDj (or indeed Tmj) may be within Twj. The problem is that the event is detected too late for anything to be done about it within the time window and consequently an impact penalty is incurred as well as the cost of fixing the damage. The impact of the event could have a widespread effect until the situation caused by the event has been corrected; in extremis putting the organisation out of business, and/or causing widespread damage external to the organisation. In these cases, see Figure 5, the effect is generally referred to as a disaster and the steps taken to fix it are generally referred to as a Business Continuity Plan (BCP). Despite the successful deployment of an appropriate BCP, it may be some time before the organisation and/or the environment recovers to a satisfactory state. Indeed, the impact may be such that the organisation/or the environment never does.
Having introduced the basic parameters we are now able to describe the seven classes of control.
|
|||||||||||||||||||||||||||||||||||||||
|
18 March, 2004 |
|
