Study On Construction Of Risk Management System Based On System Parameters Under The ERP Environment

ERP provides an excellent platform and strong support for enterprises to improvetheir core competitiveness. To bring a broad and far-reaching influence on modernenterprises, it also gives the original risk, such as systemic risk, business risk and datarisk.etc, brandly new content and meanings. In May2008, the Basic Standards forEnterprise Internal Control issued by the Ministry of Finance pointed out that enterprisesshould utilize information technology to strengthen their internal control. Then, practiceand theoretical circle set off a boom on the research of internal control and riskmanagement.First, this article analyzes the present situation of risk management on informationsystem under ERP environment. Focus on complex content of risk identification, undefinedcriteria of risk assessment, ineffective approach of risk supervision and many otherproblems like these, the article begins with common controlling parameters in businessprocess of information systems. It proposes to construct a closed-loop and timely riskmanagement system which includes four major function modules: risk identification,assessment, rating and monitoring.First of all, based on State-owned Enterprises Comprehensive Risk ManagementGuidelines promulgate by SASAC and Corporate Strategic and Risk Managementcompiled CICPA, the article subdivides enterprise risk into five categories horizontally:financial risk, market risk, operational risk, legal risk and strategic risk, and3levelsvertically: risk classification, risk level and risk point. Then refine the most basic level——risk points associated with parameters one by one, so that the structure of Risk Fault Treeis formed which can clearly reflect where the risk comes from and goes to; On this basis,scan and summarize the vulnerability of parameter settings, and quantitatively analyse eachrisk event on the Risk Fault Tree with improved weight determination method of AHP;After risk assessment value is calculated, risk assessment matrix is carried out bymultiplying equally divided weight vector with probability vector which inherits fromstandards of contingency confirming in accounting. According to the principles of risk classification and calculation results of risk assessment matrix, valuation range of each risklevel will be achieved. At this point, the corporate already get their risk level. According totheir risk preferences, the corporate can choose an appropriate risk coping strategies to settone for the risk monitoring following by. Risk monitoring module can monitorinformation system risk in the background with setting trigger conditions for differentnodes of the Risk Fault Tree. The control method, time-point and intensity should beadjusted in accordance with the coping strategies in order to manage information systemrisk in the foreground.In addition to achieve the goal of real-time monitoring and management to preventionrisk, the article attempts to explore subtle relationships betweento the parameter value,operation performance and efficiency, too. Security gains and risk investment equilibriummodel is constructed so as to take the first step towards seeking for optimal allocation ofparameters value.Finally, in accordance with the above method and train of thought, Risk ManagementSystem Based on ERP system parameters is designed and developed with programmingtechnology.