Action Accessories Case $($Action$)$ Part $1($only$)$

Case $2$

ACC $6260$

Winter $2024$

Requirements:

$1.$ Use slides $16$ and $35($and any others$)$ from the Governance and Risk lecture to complete questions $1,2$ and $3$ page$6$ of the case. See also question $2$c below.

$2.$ Action now has a business strategy. You are to come up with risks and risk mitigation strategies for Action. To do this, complete the following steps:

a$.$ Determine risks to the accomplishment of the organization$$s strategy. Consider the strategy tenets mentioned in the case and the customer value proposition. Consider the different types of risk as well as entity$-$wide risks which affect more than one strategy. Do not just list risks but explain why the risks are significant.

b$.$ Determine which of the risks are the most significant. Use a scoring methodology of your choice. Determine metrics which can measure each risk. We are really building a risk model of Action here so comment on the content, criterion and construct validities of the model.

c$.$ Map your strategies into the IT governance goals and metrics template $($slide $42$ of the Control Frameworks Lecture$).$ Decompose your strategies into at least three levels and specify multiple goals and metrics for each level. You can use slide $16$ of the Governance and Risk lecture as a guide or work within just one or two dimensions of the BSC$.$ Make sure you relate your work to the case and not just to abstract concepts.

d$.$ Explain how to mitigate the specific risks which you determined in part $2$b$.$

e$.$ Using your answer in d$,$ discuss the monitoring and feedback which will be necessary in you risk mitigation procedures. This question is asking you to come up with a view of both the control $($feedback$)$ and monitoring components of COSO $($see the Risk and Enterprise Risk Management slides$).$ You have already addressed the control aspects in parts c and d$.$ Now you are relating that to monitoring. Be as specific as possible in your answer by including measures of the efficiency and effectiveness of the control system in your answer.

f$.$ Discuss ways in which the COSO ERM framework can be used to support Action$$s business strategy. Does COSO provide more guidance or less than COBIT? Briefly defend your answer.