diff --git a/Processes/Finance/Budgeting/General Department Budget Template.xlsx b/Processes/Finance/Budgeting/General Department Budget Template.xlsx index 4f8968d..e49027c 100644 Binary files a/Processes/Finance/Budgeting/General Department Budget Template.xlsx and b/Processes/Finance/Budgeting/General Department Budget Template.xlsx differ diff --git a/Processes/Finance/Budgeting/HR Budget Template.xlsx b/Processes/Finance/Budgeting/HR Budget Template.xlsx index 6cdc2c7..a46aac0 100644 Binary files a/Processes/Finance/Budgeting/HR Budget Template.xlsx and b/Processes/Finance/Budgeting/HR Budget Template.xlsx differ diff --git a/Processes/Finance/Budgeting/Investment Budget Template.xlsx b/Processes/Finance/Budgeting/Investment Budget Template.xlsx index 74cb9b5..d3eaf63 100644 Binary files a/Processes/Finance/Budgeting/Investment Budget Template.xlsx and b/Processes/Finance/Budgeting/Investment Budget Template.xlsx differ diff --git a/Processes/Finance/Budgeting/Marketing Budget Template.xlsx b/Processes/Finance/Budgeting/Marketing Budget Template.xlsx index 81fb420..ab37712 100644 Binary files a/Processes/Finance/Budgeting/Marketing Budget Template.xlsx and b/Processes/Finance/Budgeting/Marketing Budget Template.xlsx differ diff --git a/Processes/Finance/Budgeting/Sales Budget Template.xlsx b/Processes/Finance/Budgeting/Sales Budget Template.xlsx index 59366a9..f246c8b 100644 Binary files a/Processes/Finance/Budgeting/Sales Budget Template.xlsx and b/Processes/Finance/Budgeting/Sales Budget Template.xlsx differ diff --git a/Processes/Finance/Reporting/Cash Management.xlsx b/Processes/Finance/Reporting/Cash Management.xlsx index 2104bc1..324008b 100644 Binary files a/Processes/Finance/Reporting/Cash Management.xlsx and b/Processes/Finance/Reporting/Cash Management.xlsx differ diff --git a/Processes/Finance/Reporting/Struktur.xlsx b/Processes/Finance/Reporting/Reporting.xlsx similarity index 57% rename from Processes/Finance/Reporting/Struktur.xlsx rename to Processes/Finance/Reporting/Reporting.xlsx index 01e10f7..e8850c8 100644 Binary files a/Processes/Finance/Reporting/Struktur.xlsx and b/Processes/Finance/Reporting/Reporting.xlsx differ diff --git a/Processes/General/Project Management.xlsx b/Processes/General/Project Management.xlsx new file mode 100644 index 0000000..d284b68 Binary files /dev/null and b/Processes/General/Project Management.xlsx differ diff --git a/Processes/Quality Management/COSO/Risk Management/Risk Register.md b/Processes/Quality Management/COSO/Risk Management/Risk Register.md deleted file mode 100644 index aa0111f..0000000 --- a/Processes/Quality Management/COSO/Risk Management/Risk Register.md +++ /dev/null @@ -1,31 +0,0 @@ -# Risk Register - -The risk register is a central repository to describe and track risks as well as record actions. It includes information for each risk such as risk category, likelihood, consequence, mitigation measures, risk owner and documentation of changes. Additional risks can be found in the corresponding **Risk Control Matrix** of every process. - -| No. | R | Category | Risk Event | L | C | O | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences | -| -------- | ---- | ---------------- | ------------------------------------------------------------ | ---- | ---- | ---- | ------------------------------------------------------------ | ---- | ---- | ------- | ------------------------------------------------------------ | ---- | ---- | ---- | ---- | ---- | -| 1 | DE | Operational Risk | Loss of source code | 1 | 5 | | | | Avoiding: Store source code in cloud (github). At least one local developer PC and project server. | | | | | yes | yes | | -| 2 | DE | Operational Risk | Source code leak | 5 | 1 | | | | Controlling: The programming language is compiled at runtime. The value of the software lies in the updates, support and licenses. | | | | Many companies transferred the revenue model to subscriptions (e.g. Adobe, Microsoft) in order to avoid similar problems. | yes | yes | | -| 3 | DE | Operational Risk | User acquires additional permissions without authorization (every software which uses permissions) | 2 | 5 | | | | Avoiding: Permissions can only be granted by users which have received the permissions to do so. Users which can change permissions may also only have the permission to change specific users/permissions (single application elements, not the whole application.). We provide a documentation on who to manage permissions incl. best practices. Customers with a maintenance contract also receive additional advice based on their account permission handling. We also check regularly if features can be used by default without the necessary permissions. | | | | The consequences or severities depend on the permissions which can be acquired. | yes | yes | | -| 4 | DE | Operational Risk | User code execution (every software which allows data upload/input) | 3 | 5 | | | | Avoiding: User provided code is a critical part of some modules (e.g. Helper, Job). These modules provided by OMS execute code user code in iframes. We provide guidelines regarding this sensitive topic which explains that only developers in a company should have access to such functionalities. | | | | | yes | yes | | -| 5 | DE | Operational Risk | Data leak (e.g. database data, file uploads) (every software which stores data) | 2 | 5 | | | | Avoiding: We regularly check if users have access to data without the necessary permissions. Our modules may use encryption for extremely sensitive data. Media files are only accessible through the media module which allows to check the necessary reading permissions. We also provide a general policy for customers who to secure and maintain their servers. | | | | This is a big problem for almost every company working with data. The biggest known leaks happened among others to Adobe, ebay, Equifax, LinkedIn, Yahoo, ... | yes | yes | | -| 6 | DE | Operational Risk | Corrupt/malicious data injection (every software which accepts data input) | 3 | 3 | | | | Avoiding: Data is validated client side (minimal protection) and server side. Generally, user input is only accepted if it matches the specified allowed format. Data is usually not sanitized to avoid mistakes during the sanitizing process. Database query statements are prepared and encoded. | | | | | yes | yes | | - -## Abbreviations - -* R: Responsible -* L: Likelihood (1-5) -* C: Consequence (1-5) -* L\*/C\*: Likelihood and Consequence after mitigation -* O: Occurrence (many times a day, daily, weekly, monthly, annually) -* ES: Effective -* EY: Efficient - -## Responsible - -* DE: Dennis Eichhorn - - - -2022-01-01 - diff --git a/Processes/Quality Management/COSO/Risk Management/Risk Report.xlsx b/Processes/Quality Management/COSO/Risk Management/Risk Report.xlsx index 4b7767a..69483c9 100644 Binary files a/Processes/Quality Management/COSO/Risk Management/Risk Report.xlsx and b/Processes/Quality Management/COSO/Risk Management/Risk Report.xlsx differ diff --git a/Processes/Sales/Calculations/Default Sales Price.xlsx b/Processes/Sales/Calculations/Default Sales Price.xlsx index a87cd0b..d1a708b 100644 Binary files a/Processes/Sales/Calculations/Default Sales Price.xlsx and b/Processes/Sales/Calculations/Default Sales Price.xlsx differ diff --git a/Processes/Sales/Calculations/Hourly Rate.xlsx b/Processes/Sales/Calculations/Hourly Rate.xlsx index a202ed3..6410793 100644 Binary files a/Processes/Sales/Calculations/Hourly Rate.xlsx and b/Processes/Sales/Calculations/Hourly Rate.xlsx differ