Stages Of Risk Assessment Research Articles

Внутренний аудит как ключевой инструмент менеджмента: целеполагание, оценка и управление рисками

The article reveals the role of internal audit in the process of goal setting and risk management assessment as an integral element of modern management. Companies in modern business conditions and a rapidly changing business environment face many challenges related to potential threats. Internal audit helps management achieve its goals by using a systematic and consistent approach to evaluating and improving the effectiveness of risk management, control and corporate governance processes, which makes it an essential tool for achieving the company's strategic goals. The author updates the modern functions of internal audit in accordance with the International Professional Standards of Internal Audit (IASB), complementing the factors that may affect their content. Highlights the impact of the principles of internal audit, showing their complex impact on the company, ensuring a balance between efficiency, evaluation and rationality. This makes internal audit a key tool for achieving management's goal setting. The research is based on universal scientific methods – observation, practical methods of generalization and professional judgment, the method of critical assessment. The element of scientific novelty is determined by the practical method of generalizing a more in-depth understanding of the role of internal audit to changing market conditions and the business environment. Using professional judgments, the author focuses on the impact of business risks on the risks of distortion of accounting (financial) statements. Internal audit contributes to the creation of a risk management culture where risk management becomes an integrated element in business processes. Revealing the content of the stages of risk assessment and management, the role of internal audit in creating a culture of risk management within the company is assessed, which, in turn, contributes to its sustainable development and competitiveness. The article will be useful for both practicing internal auditors and managers seeking to improve the level of risk management in the organization.

Training in modern statistical methodologies and software tools for the definition and analysis of (stochastic) quantitative microbial risk assessment models with relevant food products for the Italian and Spanish food supply chains.

The fellowship, entitled 'Training in modern statistical methodologies and software tools for the definition and analysis of (stochastic) quantitative microbial risk assessment models with relevant food products for the Italian and Spanish food supply chains', was implemented at the Universidad Politécnica de Cartagena (UPCT), Spain. Supervised by Dr. Alberto Garre and Prof. Pablo S. Fernandez and coordinated by Dr. Virginia Filipello of the Istituto Zooprofilattico Sperimentale della Lombardia e dell'Emilia Romagna, Italy, the fellowship aimed to provide hands-on training in quantitative microbial risk assessment (QMRA). The fellow benefited from UPCT's expertise in microbiological risk assessment, gaining knowledge of methodologies, terminologies and software tools essential for QMRA. The focus of the fellowship was on the risks associated with plant-based milk products, which are increasingly popular as sustainable alternatives to dairy milk. Despite the heat treatments these beverages undergo to ensure safety, risks persist, such as cross-contamination during post-processing or the survival of heat-resistant spores like Bacillus cereus. A recent European outbreak linked to contaminated oat milk underscored the importance of assessing these risks. The project was conducted in two phases: first, at UPCT's Food Microbiology Laboratory, where the fellow handled and characterised the thermal resistance of various B. cereus strains using a thermoresistometer; and second, through remote analysis of experimental data using risk analysis software tools. The fellow developed skills in microbiological techniques, such as spore preparation and thermal resistance evaluation, and became proficient in data analysis using the R programming language and the biorisk package. The fellowship culminated in the development of a QMRA model to estimate the likelihood of B. cereus-related foodborne illness from plant-based milks, considering different heat treatments and bacterial strains. The fellow's training covered all stages of risk assessment, including hazard identification, exposure assessment, hazard characterisation and risk characterisation, providing a comprehensive foundation for a career in food safety and microbial risk assessment.

Penggunaan Aplikasi Atlas dalam Audit Laporan Keuangan

The development of the globalization era, especially through advances in digital technology, has had a significant impact on the practice of auditing financial statements. The application of the ATLAS (Audit Tools and Linked Archive System) application published by the Financial Professional Development Center of the Ministry of Finance is proof of how information technology is changing the audit paradigm from traditional to modern. ATLAS facilitates the audit process in accordance with the audit standards contained in the International Standards on Auditing (ISA) which includes the risk assessment stage, risk response stage, and reporting stage. The research method used is descriptive qualitative, based on historical data which includes literature and studies from previous research as well as the results of interviews with auditor staff from one of the KAPs in Surabaya. All information collected is then analyzed and conclusions are drawn based on the research results. The research findings in this article highlight the advantages of the ATLAS application in collecting and analyzing data more accurately and quickly, as well as strong security features to protect data integrity during the audit process. Although there were initial challenges related to the complexity of using this application, the adaptations made by auditors had a long-term positive impact on the audit process.

Development a risk assessment method for dimensional stone quarries

Over the last 20 years, the global production of dimension stones has grown rapidly. Today, seven countries—China, India, Turkey, Iran, Italy, Brazil, and Spain—account for around two-thirds of the world's output of dimension stones. Each one has annual production levels of nine to over twenty-two million tons. Mining operation in general is one of the most hazardous fields of engineering. A large amount of dimensional stone quarries require a special scheme of risk assessment. Risk Breakdown Structure is one of the major stages of risk assessment. In this paper, a detailed structure of risks of the dimension stone quarrying is formed, and divided into 17 main levels and 128 sublevels. The complexity of identifying different parameters made it requisite to use multi-attribute decision-making methods for prioritizing associated risks. As a case study, the main risks of the Ghasre Dasht marble mine are evaluated using the VIKOR method considering 10 major parameters under a Fuzzy environment. The results showed that the economic, Management, and Schedule risks are the most threatening risks of dimensional stone quarrying.

A deep neural network algorithm-based approach for predicting recovery period of accidents according to construction scale

Despite ongoing safety efforts, construction sites experience a concerningly high accident rate. Notwithstanding that policies and research to reduce the risk of accidents in the construction industry have been active for a long time, the accident rate in the construction industry is considerably higher than in other industries. This trend may likely be further exacerbated by the rapid growth of large-scale construction projects driven by urban population expansion. Consequently, accurately predicting recovery periods of accidents at construction sites in advance and proactively investing in measures to mitigate them is critical for efficiently managing construction projects. Therefore, the purpose of this study is to propose a framework for developing accident prediction models based on the Deep Neural Network (DNN) algorithm according to the scale of the construction site. This study suggests DNN models and applies the DNN for each construction site scale to predict accident recovery periods. The model performance and accuracy were evaluated using mean absolute error (MAE) and root-mean-square error (RMSE) and compared with the widely used multiple regression analysis model. As a result of model comparison, the DNN models showed a lower prediction error rate than the regression analysis models for both small-to-medium and large construction sites. The findings and framework of this study can be applied as the opening stage of accident risk assessment using deep learning techniques, and the introduction of deep learning technology to safety management according to the scale of the construction site is provided as a guideline.

Assessment of Environmental Risks of a Shallow Water Body during Dredging Works

Introduction. The increasing anthropogenic impact on water bodies necessitates integrated solutions to assess environmental risks. Literature describes the stages of risk assessment, the possibilities of environmental management, and expert analysis, while risk modeling in this field is being investigated. However, the potential for predicting risks to water quality and biodiversity during frequently performed hydraulic engineering works such as dredging has not been fully explored. The relevance and practical significance of such an approach are evident. This study aims to develop a mathematical model and software package that can assess risks to species diversity of the ecosystem of a shallow reservoir ecosystem during work in its water area.Materials and Methods. The starting point for the simulation was a description of the movement of water masses based on the Navier-Stokes equations and the continuity equation at variable density. We used the diffusion-convection equation to predict the transfer of suspended and dissolved particles, as well as to assess the impact of impurities during eutrophication. To create the algorithm, we utilized the terms and definitions defined by the state standard for risk management in emergency situations.Results. To test the solution, we took data on hydro-mechanical work in the port area of Arkhangelsk. We visualized the concentration fields of suspended particles 0, 15, 30 and 45 minutes after the soil was unloaded. It was found that during the settling of the suspension, the area of its distribution expanded significantly, and this was fully consistent with the data of field experiments during dredging. We calculated and tabulated the volumes of contaminated water at soil dumps in three sites (with a single discharge and in total). To assess the risks to the Sea of Azov, we used the maximum concentrations of pollutant (copper) obtained through measurements, modeling and remote sensing of the Earth. In tests to determine the potential danger of the substance, we assumed that its concentration caused a reaction in 50% of organisms. For fish, the potentially dangerous concentration was 4 mg/l with a duration of 96 hours of exposure. For zooplankton — 50 mg/l and 48 hours. For microalgae, 20 mg/l and 72 hours. The normalized risk value Rn ≈ 0.52 was obtained. The risk of copper concentration of 80 µg/l in the waters of the Azov Sea was recognized as significant. A tendency towards increasing salinity and stratification of water masses in terms of oxygen content has been identified, consistent with the findings of expeditionary research.Discussion and Conclusion. The developed approach has allowed us to assess the change in the quality of the waters of the Azov Sea and describe some transformations of the water area. Specifically, we are talking about the distribution of suspended particles and areas of their deposition. These processes can lead to changes in the bottom topography, which in turn can reduce the species diversity of the ecosystem.

METHODICAL APPROACH TO EFFICIENCY ASSESSMENT OF PUMPING EQUIPMENT OF OIL PUMPING STATIONS

For the successful operation of the pumping station, including all the equipment of the oil transportation system, one of the important and key success factors is a well-organized and energy-efficient operation of pumping equipment. The costs of operating pumping equipment at oil pumping stations make up a significant part of the total cost of pumping. Therefore, there is a need to choose effective pumping equipment of oil pumping stations taking into account different criteria, which actualizes the development of a methodology for efficiency assessment of pumping equipment.The aim is to develop a methodology for efficiency assessment of pumping equipment of oil pumping stations.Objectives: to develop a system of indicators for efficiency assessment of pumping equipment; to develop methodological tools for assessing the risks of using pumping equipment; to develop a methodological approach to efficiency assessment of pumping equipment.The article uses methods of analysis and synthesis, theoretical generalizations and systematization, as well as the expert method.The analysis of scientific and technical literature in the field of efficiency assessment ofpumping equipment of oil pumping stations of the main oil pipeline for the development of methods for calculating the efficiency of pumping equipment.As a result of the study, a methodology for efficiency assessment of pumping equipment of oil pumping stations based on the construction of a loss matrix and an efficiency matrix, which allows choosing priority pumping equipment at oil pumping stations is proposed. A comprehensive indicator of the effectiveness of the use of various types of pumping equipment at oil pumping stations has been developed, taking into account the importance of the criteria for the effectiveness of pumping equipment, allowing for a comprehensive and unambiguous efficiency assessment of the use of various types of pumping equipment at oil pumping stations.An algorithm for assessing risk factors affecting pumping equipment operation, including the stages of risk identification and assessment, calculation of the integral risk level is proposed. It allows determining the risk degree of pumping equipment operation and calculating the amount of the risk premium included in the calculation of the complex indicator of the effectiveness of pumping equipment at oil pumping stations.

Совершенствование методики управления профессиональными рисками

The issue of occupational safety improving methods has been considered based on the example of a single enterprise. The area of improvement of activities a priori aiming at occupational safety has been chosen. In particular, the optimization of risk management stages at the workplace has been proposed. A risk management methodology consisting of standard stages (identification, assessment, management) but including separate improved levels or elements has been developed. A set of tables for volumetric, qualitative, and quantitative identification of hazards enabling the reduction of the number of unaccounted risks at the workplace has been formed. For the risk assessment stage, the application of an increasing human factor coefficient that reflects the individual characteristics of an employee affecting risk levels at the workplace has been proposed. For the relevant cases, it is recommended to use the machinery equipment assessment model to detect more risks at the workplace equipped with a machine. The occupational risk management stage has been improved due to differentiated and clarified formulations of hazards, which allows for choosing a correct and efficient measure. The methodology is also supplemented with a set aiming at occupational and industrial stress. For the identification stage, a set of parameters has been selected to determine psychosocial risks. The risk management process has been improved in the part of stress factors. In order to substantiate the performance and efficiency of the improved methodology as compared with the methodology applied at the enterprise, a comparative analysis of the two methodologies has been conducted at 10 different workplaces. The data confirming the increase of performance and efficiency of the improved methodology has been provided, which logically, on the condition of the consistent implementation of all occupational risk management stages, will reduce risks at the workplace and the number of industrial injuries, and ensure increased occupational safety.

Development of a risk map for a teacher on the example of the St. Petersburg College of Railway Transport

The procedure for assessing and managing occupational risks for the provision, creation and functioning of the labor protection management system is considered. The stages of risk assessment, the sequence of establishing the degree of risk are given. A map of hazard identifi cation and determination of the level of occupational risk has been formed. The assessment of the risk level is carried out to rank them and identify the priority of measures to reduce the levels of the highest risks, control measures for less signifi cant risks, as well as methods for assessing the measures taken and monitoring their eff ectiveness. Risk assessment helps to improve the effi ciency and validity of decision-making on occupational safety management, reduce the risk of accidents and occupational diseases at a particular workplace, and also helps to increase: motivation of employees to comply with labor protection requirements; social protection of workers; personnel qualification. Methods for assessing the level of professional risks are determined taking into account the nature of the activity and the complexity of the operations or processes performed in the organization. The practical signifi cance for the teaching staff lies in improving the quality of the educational process, developing new approaches to professional situations and developing the creative capabilities of students, including participation in championships in the most popular professions.

Audit Entitas Kecil dan Menengah serta Penggunaan Cloud dalam Berbagi Data (Studi Kasus pada Kantor Akuntan Publik ABC)

This study aims to implement a special audit manual for small and medium-sized entities (SME) and the application of the cloud in the audit process to improve the efficiency of financial statement audits by small and medium-sized practitioners (SMP). This a qualitative research with a case study approach in a public accounting firm in Indonesia (KAP). The design of the audit manual and the use of the cloud in this study has been designed by the authors in previous research. The cloud can speed up the audit process through easy data sharing, electronic data archives, and teamwork monitoring. In addition, the scalability of using the cloud can help SMPs increase their productivity. The scope of the implementation manual design is only at the risk assessment stage. Applying the cloud in the audit process only uses the free features of the service provider. The results of the study helped SMPs to implement a simple audit manual and use the cloud to increase the audit efficiency of SMEs. This study pays great and specific attention to the audit of SMEs. The majority of the audit research studies concentrate on big audit firm practices.

Use of oxidative stress biomarkers in the study of exposure to pesticides

The extensive use of chemical compounds in agriculture has been related to the occupational exposure of farmers, in addition to environmental degradation and contamination. Such factors can potentiate the imbalance between oxidant and antioxidant compounds, thus allowing the excessive production of reactive oxygen species, which can damage biomolecules and lead to various diseases, including Alzheimer's and cancer. To correlate the toxic effects with exposure to pesticides, oxidative stress biomarkers have become a viable alternative, as they are more stable, specific, and sensitive molecules, with greater measurement capacity, being able to express normal and pathological biological processes or pharmacological responses to therapeutic interventions. Thus, this work aimed to evaluate the application of the use of oxidative stress biomarkers in the study of exposure to pesticides. After reviewing the literature in online databases (PubMed, Science Direct, Web of Science, and Google Scholar), it was possible to conclude that different parameters have been used as fundamental tools during all stages of risk assessment after exposure to pesticides.

Implementasi ATLAS dalam Prosedur Penilaian Risiko Audit (Studi Kasus pada KAP Luthfi Muhammad & Rekan)

This study aims to determine the implementation of ATLAS in audit risk assessment at the Public Accounting Firm Luthfi Muhammad & Partners. The research method used is descriptive qualitative including theoretical studies, previous research, and interview results. Then the results of the theoretical review, previous research and interviews will be analyzed, and conclusions drawn. Until now ATLAS has become a tool used by auditors in carrying out audit procedures. This is because ATLAS has been systematically arranged to make it easier for auditors to carry out their work. In addition, ATLAS will also speed up the audit implementation process and improve audit quality. Based on the results of the interviews conducted, the implementation carried out by the Public Accounting Firm Luthfi Muhammad & Partners is in accordance with auditing standards. The auditing standard in question is Auditing Standard 315 regarding the identification and assessment of the risks of material misstatement through an understanding of the entity and its environment. The renewal of this research is to present the implementation of ATLAS, especially the risk assessment stage, whereas previous research only discussed the implementation of ATLAS in general.

Spatially Consistent Drought Hazard Modeling Approach Applied to West Africa

A critical stage in drought risk assessment is the measurement of drought hazard, the probability of occurrence of a potentially damaging event. The standard approach to assess drought hazard is based on the standardized precipitation index (SPI) and a drought intensity classification established according to a fixed set of SPI values. We show that this method does not allow for the assessment of region-specific hazards, and we propose an alternative method based on the extreme value theory. We model precipitation using an extreme value mixture model, with a normal distribution for the bulk, and a generalized Pareto distribution for the upper and lower tails. The model estimation allows us to identify the threshold value below which precipitation can be qualified as extreme. The quantile function is used to measure the intensity of each category of droughts and calculate the drought hazard index (DHI). By construction, the DHI value varies according to the specific characteristics of the left tail of the precipitation distribution. To test the relevance of our approach, we estimate the DHI over a gridded set of rainfall data covering West Africa, a large and climatically heterogeneous region. The results show that our mixture model fits the data better than the model used for SPI calculation. In particular, our model performs better to identify extreme precipitation in the left tail of the distribution. The DHI map highlights clusters of high drought hazard located in the central part of the region under study.

ОЦЕНКА ЭКОЛОГИЧЕСКОГО СОСТОЯНИЯ ГОРОДСКОЙ СРЕДЫ ПО ФЛУКТУИРУЮЩЕЙ АСИММЕТРИИ ДРЕВЕСНЫХ РАСТЕНИЙ

The article presents an analysis of the results of calculations of indicators of the annual amount of air exchange in the atmosphere, pollution of the air exchange of the urban environment in the city of Angarsk and a comparison of the pollution fields of the Irkutsk-Cheremkhovo industrial hub. Hazard identification was carried out using the value of conditional exposure, which is the first stage of environmental risk assessment

Identification of potential hazard of consumption of novel products to public health (systematic review)

Introduction. Declining volumes of meat production are associated, among other things, with fight against global warming. This unavoidably stimulates the scientific community to look for alternative sources of protein. However, novel foods can pose a potential health threat for consumers.
 The aim was to search for data on a potential threat for human health posed by consuming the most widely spread novel foods.
 Materials and methods. To achieve that, we accomplished a systematic review of relevant information sources using PRISMA recommendations on how to perform a systemic review of research articles. Overall, we analyzed more than two thousand sources to identify their relevance to the aim of this study; ultimately 64 sources were selected for analysis. 
 Results. Within this review, three groups of novel foods of animal origin were identified and considered. They were the most frequently mentioned in studies investigating potential health hazards for humans. We analyzed these potential hazards caused by consuming novel foods; it was established that attention should be paid to probable changes in biological values of protein in a novel food, undeclared or unintended chemicals in it, and hyper-reactivity of the human immune system. Besides, when insect or GM-animal proteins are used as food raw materials, a probability of pathogenic microorganisms in them should not be neglected. A distinctive feature of foods manufactured from GM-animals is estimation of a potential hazard associated with probable transfer of changed genes to the opportunistic gut microflora.
 Limitations. The study addressing potential health hazards posed by consumption of new foods considered only ‘new food products’ of animal origin.
 Conclusion. The systemic review of relevant information sources was aimed to identify potential health hazards posed by consumption of novel food of animal origin and allowed fulfilling hazard identification as the first stage in health risk assessment.

Analysis of the possibility of environmental risk assessment using the Fine-Kinney scoring method

The article is devoted to the issue of environmental risk assessment, which underlies the regulation of the quality of the state of the environment. Examples of negative impact on the environment due to human anthropogenic impact have been studied. The concept of environmental risk is considered, which is currently considered as the probability of occurrence of emergency events in a certain period of time and is expressed in quantitative terms. Also, which is quite important, the issue of legislative regulation of the environmental risk assessment procedure has been studied by studying the current legislative acts in the Russian Federation. Two legislative acts were singled out separately: GOST R 54135-2010 and GOST R 14.09-2005. From their analysis, a general evaluation algorithm has been compiled, which includes 4 stages: determination of restrictions on the use of products; identification of hazards and dangerous situations; preliminary risk assessment; final risk assessment. In addition, the authors of the article have considered a method for assessing environmental risk based on the Fine-Kinney method, which is now actively used in assessing occupational risks in production. The method consists in quantifying environmental damage by determining the possible severity and consequences, as well as the likelihood of an event that may negatively affect the environment. During the analysis of the method, it was concluded that using the Fine-Kinney method of environmental risk assessment, it is difficult to study the small details described in the recommendations, but at the stage of preliminary environmental risk assessment, we consider its use to be quite appropriate. In particular, this method can be used in the final stage of environmental monitoring, which is an effective tool in terms of studying the likelihood of a negative impact on the environment and preventing the occurrence of emergency situations.

2D-QSAR modeling for risk assessment of pharmacotherapy applied during pregnancy.

The risk evaluation for pharmacological therapy during pregnancy is critical for maternal and fetal health. The initial risk assessment stage, the risk measurement, begins with pregnancy-labeling categories (A, B, C, D, and X) for pharmaceuticals defined by the US Food and Drug Administration (FDA). Recently, in silico methods have been preferred in toxicology studies to eliminate ethical issues before conducting clinical toxicology studies and animal experiments. Quantitative structure-activity relationship (QSAR) modeling is one of the in silico methodologies. The research focuses on creating a QSAR model that predicts the five FDA pregnancy categories of medications. Our dataset included 868 pharmaceuticals containing nearly every pharmacological group collected from the FDA. 2D-molecular descriptors were calculated using PaDEL software. Twenty-four QSAR models were developed, and the best four models were discussed. The results of the models were compared according to sensitivity, accuracy, F-score, specificity, ROC values, and Matthews correlation coefficient. Considering the statistical results, Random Forest is the best model for determining the pregnancy risk category of drugs. The accuracy of the model was 76.49% for internal and 93.58% for external validation. According to the kappa statistics, there is an average agreement of 0.583 for internal and a perfect agreement of 0.893 for external validation. Since the error rates of the model are very close to 0, the model is highly accurate. Consequently, our novel QSAR model gives guidance on the safe use of pharmaceuticals during pregnancy without requiring animal tests or clinical trials on pregnant women.

EVALUATION OF NATURAL RISK CHANGES WITHIN EROSIONAL THERMOKARST PLAINS UNDER THE IMPACT OF CLIMATIC TRENDS

The relevance of assessing risk to engineering structures from geohazards is determined by changing natural conditions in the permafrost zone. Risk assessment by statistical methods directly is accompanied by certain difficulties. Accumulation of statistics requires a significant amount of time, and this time is often comparable to the time of engineering structure operation. The most difficult stage of risk assessment is the assessment of the probability of damage to engineering structures caused by a hazardous geological process. The aim of the study was to substantiate the method for solving this problem on the territory of thermokarst plains with fluvial erosion for linear engineering structures using the methods of mathematical landscape morphology. Mathematical landscape morphology allows us to proceed to the quantitative risk assessment. The first step of applying methods of mathematical landscape morphology is to divide the area into homogenous by the process development sections. The method is based on the model that was proposed by the authors for the development of the morphological structure of thermokarst plains with fluvial erosion under conditions of an asynchronous start, which is realized according to empirical verification in most of cases. The model of risk assessment was applied to 4 key areas located under different physico-geographical conditions, but having morphological homogeneity. Using satellite images of different periods, the delineation of thermokarst lakes and khasyreys was carried out. The average density of the number of lesions in different areas varies from 0.00026 year–1 to 0.00104 year–1, and there is no clear trend of change with time. According to quantitative experimental data, there has been a site-differentiated change in the risk of damage to linear structures within the thermokarst plains with fluvial erosion over the past few decades (46–56 years). The probability of damage to linear engineering structures has changed significantly in plot 35 (Yano-Indigirskaya lowland), which confirms the chi-square test. The probability of defeat increased by 6–9 times according to the estimates obtained. This situation is observed when the lengths of linear structures are 3–4 km. However, in most of the key areas, there is no significant change in the probability of damage, despite ongoing climate change.

Управление метагеосистемами региона на основе идентификации, анализа и мониторинга рисков

The article presents a solution to the problem of introducing spatial data infrastructures (SDI) and geoportal systems as a tool for solving the problem of integration, distribution and visualization of geospatial information. The role of geoportals is proved as a tool to support managerial decision-making in the field of ensuring the conditions for sustainable development. It is proposed to organize the SDI implementation process on the basis of identification, analysis and monitoring of risks. The risk management process can be integrated into the process of iterative implementation and use of the SDI as an input to the requirements analysis stage. The results of assessing the strength of risk events make it possible to form a set of controllable risks in the management of territorial systems. In this case, the results of the risk assessment stage become the starting point in solving the problem of designing functional and qualitative requirements for the infrastructure of spatial data as a tool for managing spatially distributed systems. The solution of the problem of optimizing the processes of using spatial data for solving management problems should be focused on achieving the target effects of SDI, while assessing and controlling the resource intensity and complexity of management processes. It is shown that an important feature of the approach is the focus on flexible organization of the process of developing geoinformation systems. The solution to the problem of effective iterative development of SDI is possible based on the observance of the SOLID principles, which determine the expediency of implementing the basic principles of object-oriented programming and design.

Cybersecurity Risk Assessment: A Systematic Mapping Review, Proposal, and Validation

Incorporating technologies across all sectors has meant that cybersecurity risk assessment is now a critical step in cybersecurity risk management. However, risk assessment can be a complicated process for organizations. Therefore, many authors have attempted to automate this step using qualitative and quantitative tools. The problems with the tools and the risk assessment stage in general are (1) not considering all the sub-steps of risk assessment and (2) not identifying the variables necessary for an accurate risk calculation. To address these issues, this article presents a systematic mapping review (SMR) of tools that automate the cybersecurity risk assessment stage based on studies published in the last decade. As a result, we identify and describe 35 tools from 40 primary studies. Most of the primary studies were published between 2012 and 2020, indicating an upward trend of cyber risk assessment tool publication in recent years. The main objectives of this paper are to: (I) identify the differences (reference models and applications) and coverage of the main qualitative and quantitative models, (II) identify relevant risk assessment variables, (III) propose a risk assessment model (qualitative and quantitative) that considers the main variables and sub-stages of risk assessment stage, and (IV) obtain an assessment of the proposed model by experts in the field of cybersecurity. The proposal was sent to a group of 28 cybersecurity experts who approved the proposed variables and their relevance in the cybersecurity risk assessment stage, identifying a majority use of qualitative tools but a preference of experts for quantitative tools.