Analysis of Security and Risk Management at Tesco: A Report

Verified

Added on 2020/10/04

AI Summary

This report provides a comprehensive analysis of security and risk management practices within Tesco, a leading UK-based retail firm. It delves into the importance of information systems for operational efficiency, communication, and decision-making. The report examines the role of general management control (GMC) in risk mitigation, emphasizing the significance of professional accountants in establishing integrated risk management and internal control systems. It explores various application controls (ACs) for information systems, including input, processing, and output controls, and compares them with GMC. Furthermore, the report discusses risk management techniques adopted by Tesco, highlighting the alignment of risk management with strategic objectives and customer satisfaction. The importance of safeguarding data quality and conducting information system audits is also addressed, including an overview of Tesco's audit plan and process. The report concludes with recommendations for improvement and emphasizes the need for clear objectives, enhanced general management control, and updated risk management techniques to ensure the effectiveness of security and risk management practices within Tesco.

SECURITY AND RISK
MANAGEMENT

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INTRODUCTION
Security and risk management is crucial for firms in order to provide customer
satisfaction and loyalty. The report will cover aims, objectives and roles of Tesco and
employees. General management control of Tesco and application controls will be discussed in
this report. Risk management techniques and importance of auditing and safeguarding data
quality for Tesco will be explained in this report.
Organisation services and importance of information system
It can be said that Tesco is one of the biggest grocery and retail sector firms operating in
United Kingdom. Tesco Plc is a British multinational general merchandise and grocery retail
firm with headquarters in Hertfordshire, England, UK. The business is third largest retailer
measured by profitability and ninth largest measured by revenues effectively. The firm provides
luxury food items and also clothing accessories for customers in the market. The firm also started
selling petrol in 1974. There are some financial services also provided by firm and a joint
venture also with The Royal bank of Scotland with formerly 50:50 ratios which includes
products such as credit cards, mortgages, loans, different types of insurance and hole, car, travel
and life loans.
Information system is important for every organization in order to gain profits effectively.
Information system increase Tesco profitability by processing the data from firm inputs in order
to generate useful and crucial information for Tesco and managers that will help to manage
various operational activities (McNeil, Frey and Embrechts, 2015).
Communication system: Distribution and gathering information is a main part of management
and information system is useful to provide more efficiency towards this by allowing managers
within Tesco to communicate rapidly with employees.
Operation management: Information is required to manage operational activities that
information system provides recent and complete information which helps to manage operations
in an effective way. A cost advantage can be created by information system over competitors by
offering better services to the customers in the market.

Decision making: Information system of Tesco will help to make effective decisions regarding
business operational activities. Managers are also able to choice between decisions by an
effective information system with confidence.
Record keeping: Financial and non-financial both activities and their records are important for
Tesco and other firms in order to make them effective towards decision making by managers.
The information system will help to store communication records, histories, documents and
operational data.
Use of general management control GMC to manage risk
General management control in Tesco will help organization to manage proper risk
management and internal control which will help to understand risk factors and put controls in
place to manage and counter threats effectively (Olson, and Wu, 2017). Therefore, it is a crucial
object of firm management, governance and operational activities effectively. Professional
accountants are the main role player in this system that they help Tesco to achieve an integrated
and wide approach towards risk management and internal controls (Evans, 2016). This will help
firm to increase and create value of stakeholders effectively.
Tesco risk in the round
The main group define objective is customer satisfaction and loyalty. An easy balance scorecard
will help all members in Tesco to understand their roles and responsibilities. Risk management is
embedded in daily operational activities but also very rarely discussed. Tesco is performing as a
best successful business and a lot of thanks to coherent strategy which helps to drive a part of
firm effectively and efficiently. The approach to risk management in business is aligned with
culture of Tesco and also defined and managed by an effective leadership team and clear system
of management with simple objectives.
General management control will help to manage and control risk in Tesco which helps
to form a strong foundation of internal control system that will also help to remove threats from
business effectively (Webb, Ahmad and Shanks, 2014). Apart from this, financial risks are
managed and controlled by treasury functions. There are financial risks in Tesco that have to be
managed differently and effectively. A more standard governance hierarchy will help business to
ensure strong consistency of process for strategy and risk management.
Different types of AC’s for IS
It can be said that online security services and policies should be managed by firm in
order to maintain customer security and safety. Tesco has proven that they take online security
very seriously and also their systems are protected to the high level of standards effectively.
In this process when a customer enters a secure site, his web browser will go into security
mode. The firm is also providing facility to see and check that you are purchasing from a secure
environment by looking for key icon in the grey bar at the bottom of screen or a locked padlock

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

effectively. Secured policies are related to customers that the information will be safe and secure
by organization itself and no one allow to see else on internet (Luhmann, 2017). ACS is a
security system in which managers controls what is allowed in environment and facility. Tesco
accept orders from web browsers that are permitted communication through Secure Socket
Layers SSL a technology.
Payroll systems are also managed under the Tesco security policies. The policy is actually a
benefit for customers that they are able to see where the organization collects their data store it
and use it. There are a lot of products and services offered by Tesco in the market towards
customers so that the firm wants to clear their policies towards consumers and what it covers as
well.
Online learning system: Online learning system is a tool from which the organization is able to
provide information regarding business operational activities to new customers and candidates.
The system is secure and under the secured policies managed by firm that helps customers to
ensure their personal data is in safe hands (Bessis, 2015). This will also help to fill the vacancies
within firm to enhance human force energy and strength effectively.
Comparing application controls for IS and general management controls
There are some certain policies and procedures used by Tesco in order to ensure that important
and appropriate actions are taken by management that helps to identify risk factors effectively.
Such controls are specifically related to the IT environment, information technology control and
other activities. Thus, there are some procedures and policies related to many different
applications and supporting activities and functioning of controls by helping to ensure proper
operational information system effectively.
 The management should have an effective control over data centre and network
operations to deal with the access of main data storage of systems effectively.
 Access security helps to control and protect computers and software from fraudulent
actions (Eriksson, 2017).
 Application system acquisition, maintenance and development should be managed.
General management controls have two types such as information technology control and
physical control. The two groups such as general control and application control are used to
manage effective business towards risks management. Physical controls relates to the human
activities within Tesco employed in accounting system (DeAngelo and Stulz, 2015). This will
help to manage and control physical security of firm such as assets, property, records,
equipments and secured facilities effectively and efficiently. There is also a authorization for
access in computer programs and data files control on file security in order to provide reliability.

Application controls are specific to an accounting application effectively. These are
helpful to ensure accuracy and completeness for all the procedures and validity of entries made
in accounts.
1.INPUT CONTROLS
Controls over input are designed to assure that the information processed by the computer is
valid, complete, and accurate.
2.PROCESSINGCONTROLS
Controls over processing are designed to assure that data input into the system is accurately
processed.
3.OUTPUTCONTROLS
Controls over output are designed to assure that data generated by the computer are valid,
accurate ,and complete.
4.CONTROLSOVERMASTERFILEINFORMATION
There should be procedures in place to verify that the correct version of the Master File is being
used.
Risk management techniques adopted by Tesco
It can be said that risk management is now concerned with Tesco strategic objectives and
also ensure the achievement effectively. One of the UK's largest retailers, Tesco plc, is used to
show how ERM can be introduced as part of an existing strategic control system. Different
communication system, strategic controls and risk controls used by organization in order to
achieve a common target and goals (Hopkin, 2017). Such integrated approach and their
implications for enhancing profitability and controlling risk factors within firm.
The head of Tesco internal audit says that “having a risk management function probably gets in
the way of actually managing the risks because people are thinking about the risks as opposed to
thinking about the customer, so all we are worried about is serving the customer and what can go
wrong with that.”
The core risk within firm are buying products from suppliers, sending them for
distribution, transferring goods and taking cash. The key elements of risk management in
practice within Tesco are discussed below:
International CEO and local board hold owns risk. The process is same at functional level
also. The firm is caring towards its staff and employees that it creates value for them in order to
earn life time loyalty.

The implication of risk management will be in terms of customer focus and attention,
performance, measurements and risk management structure to reflect this philosophy (Olson and
Wu, 2015). The steering wheel managed by firm will help to increase customer satisfaction and
employee loyalty which leads towards risk management. The integrating risk and performance is
one of the reasons Tesco is a successful company is because of risk management – people do it
without actually knowing they are doing it, it’s part of their accountabilities.
Importance of safeguarding data quality and IS auditing with audit plan and
process
Data quality audit tools will help Tesco to mitigate potential risk and the audit will help
to make all areas transparent by showing structural changes and transactional activities. The
transparency will help to in data recovery which will be easier, faster and cost effective for the
firm. This will also help to reduce compromisation. This will also provide timely and accurate
information to manage services and accountability. Best use of resources and will help to make
judgments about company performance. Audit plan and process used by Tesco is provided
below:
Research and audit area: It is important for Tesco to understand business function and process
which should be audited (McIlwraith, Cole, Giné and Vickery, 2017). Research will help to
achieve these objectives which will be in the firm of internal and external process.
Open communication: Open communication will help to allow all the employees within firm to
provide suggestions in order to make changes in audit plan. Communication is a effective way to
manage changes.
Map risk to organization process and function: The risk factors should be associated with
process and function of organization in order to make solution for that effectively. This will also
help to determine effectiveness of control system within firm and will audit different operational
activities.
Recommendations
It can be said from the above analysis it can be said that the firm is going good in the
market and the roles, responsibilities, objectives and targets are clear for everyone working in the
firm. General management control should be more improved that will help to manage different
operational activities (Mayer and De Smet, 2017). Application control will also help to manage
operational activities and risk management techniques should be upgraded in order to manage
risk factors more effectively. Safeguarding data quality and audit plan should be regular changed
to maintain effectiveness.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CONCLUSION
It can be concluded from the above analysis that roles and objectives should be clear to
employees in order to maintain integrated business communication. Information system will help
to enhance operational activities effectiveness. General management controls and risk
management techniques will increase reliability and availability with security within Tesco.
Audit plan and process will help to assess safeguarding and auditing effectiveness within firm.
REFERENCE
Books and journals
McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Olson, D.L. and Wu, D.D., 2017. Data Mining Models and Enterprise Risk Management.
In Enterprise Risk Management Models (pp. 119-132). Springer, Berlin, Heidelberg.
Webb, J., Ahmad, A,. and Shanks, G., 2014. A situation awareness model for information
security risk management. Computers & security, 44, pp.1-15.
Bessis, J., 2015. Risk management in banking. John Wiley & Sons.
Eriksson, J. ed., 2017. Threat Politics: New Perspectives on Security, Risk and Crisis
Management: New Perspectives on Security, Risk and Crisis Management. Routledge.
DeAngelo, H. and Stulz, R.M., 2015. Liquid-claim production, risk management, and bank
capital structure: Why high leverage is optimal for banks. Journal of Financial
Economics, 116(2), pp.219-236.
Hopkin, P., 2017. Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
Olson, D.L. and Wu, D.D., 2015. Enterprise risk management (Vol. 3). World Scientific
Publishing Company.

McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk through
employee education, training and awareness. Routledge.
Cole, S., Giné, X. and Vickery, J., 2017. How does risk management influence production
decisions? Evidence from a field experiment. The Review of Financial Studies, 30(6), pp.1935-
1970.
Mayer, N. and De Smet, D., 2017. Systematic Literature Review and ISO Standards analysis to
Integrate IT Governance and Security Risk Management. International Journal for Infonomics
(IJI), 10(1), pp.1255-1263.
Luhmann, N., 2017. Risk: a sociological theory. Routledge.
Evans, L., 2016. Protecting information assets using ISO/IEC security standards. Information
Management, 50(6), p.28.