Enterprise Financial Security Management System

The basis of ensuring the financial security of the enterprise is the concept of a systemic combination of control functions, planning, feedback and information support.

When developing and creating a financial security management subsystem, it is advisable to comply with the following requirements: it must function continuously; must be well planned; Within the institution, not only the functional independence of this subsystem should be ensured, but also its integration into the overall enterprise management system.

The company's financial security controlling subsystem should solve the following tasks: control over the performance of its functions by other financial security systems of the enterprise; determining the causes and scope of the crisis, as well as the results that need to be achieved in the framework of the implementation of anti-crisis measures; Comparison of the results achieved with expected indicators; determining the degree of deviation of actual financial results from the planned; monitoring the development of operational solutions to normalize the financial activities of the enterprise; Evaluation of the effectiveness of measures to neutralize the crisis; observations of the implementation of the implementation of financial management tasks; Ensuring the exchange of information flows between key financial security management subsystems of the enterprise.

The financial security planning process includes: an assessment of threats to economic security, which have a political and legal nature; assessment of the current level of financial security; evaluation of the effectiveness of preventing possible damage from negative impacts; planning a set of measures to ensure financial security and the development of recommendations for its implementation; budget planning of the practical implementation of the proposed set of measures; planning corporate resources; The operational implementation of planned actions in the process of implementing financial and economic activities.

The main purpose of the financial security analysis subsystem is to in a timely manner about possible problem areas in the work of the enterprise, as well as assess the degree of their threat. In general, the main tasks of the subsystem of financial security management of the enterprise, we propose to form as follows:

1. Determining the priority financial interests of the enterprise and ensure their adjustment if necessary.
2. Creating an effective mechanism for ensuring the financial security of the enterprise, the conditions for operational response to the threats, their timely detection.
3. Prediction of trends leading to the violation of the normal functioning of the financial system of the enterprise and its development.
4. The establishment of the causes and conditions causing financial damage and threaten the implementation of the financial interests of the enterprise, violating the normal functioning of its financial system.
5. Timely detection and elimination of threats to the financial security of the enterprise, reducing risks in its financial activity.
6. Ensuring the interest of leadership and personnel in the effective financial activity of the enterprise.
7. Ensuring the compliance of certain mission and financial strategy of an enterprise of the aggregate of its priority interests.
8. Ensuring the balance of financial interests of individual units and personnel with the priority financial interests of the enterprise as a whole.
9. Creating conditions for the maximum possible compensation or localization of damage to unlawful actions of legal or individuals.
10. Conducting a set of measures to verify business partners of the enterprise.

So, in our opinion, the financial security management system of the enterprise should be a complex of interrelated balanced decisions both in the field of ensuring the protection of the financial interests of the enterprise and in managing its financial activities. The management system should take into account alternative ways to ensure the safety of the enterprise, and the choice of a particular project must comply with the financial strategy and the specific financial policy of the enterprise.

Financial security Financial Security is a concept that includes a complex of measures, methods and means of protecting the economic interests of the state at the macro levels, corporate structures, financial activities of economic entities at the micro level.

The concept of financial security is as wide as, in fact, and interpretation as an economic category. Today there is no uniformly established definition of the concept of "financial security". The existing formulations reflect only certain aspects of financial security and cannot claim its unambiguous and exceptional interpretation. Financial security as definition is considered at different angles, in particular:

• from the standpoint of a resource-functional approach, financial security - the protection of financial interests of business entities at all levels; Security of households, enterprises, organizations and institutions, regions, industries, sectors of the state economy sufficient to meet their needs and fulfill the relevant obligations;
• from the point of view of statics, financial security is such a state, monetary, currency, budgetary, investment, customs and tariff and stock systems characterized by balance, resistant to internal and external negative impacts, the ability to prevent foreign financial expansion, to ensure the effective functioning of the national economic Systems and economic growth;
• in the context of regulatory regulation, financial security provides for the creation of such conditions for the functioning of the financial system, in which, firstly, there is actually no possibility to send financial flows into the sphere of use and, secondly, the possibility of abuse of financial resources is reduced to a minimum. .

Thus, from the standpoint of a versatile approach financial security - the security of financial interests at all levels of financial relations; a certain level of independence, stability and sustainability of the country's financial system under the conditions of exposure to external and internal destabilizing factors constituting the threat of financial security; The ability of the financial system of the state to ensure the effective functioning of the National Economic System and Sustainable.

At the macro-level financial security - the ability of the state in peacetime and in emergency situations to adequately respond to internal and external negative financial influences.

Financial security reflects the state and readiness of the state's financial system for timely and reliable financial support for economic needs sufficient to maintain the necessary level of economic and military security of the country. Financial security is achieved by activities in the financial sector and in the areas associated with it: monetary, economic, social, international financial, etc. Therefore, the concept and strategy of financial security should be reflected in the concept and state strategy of economic security, in economic, budgetary and etc.

Financial security strategy should also ensure the achievement of the main goals of national security.

The main objectives and objectives of ensuring financial security, both the state and the company:

• determination of factors affecting financial and industrial activities, their formalization;
• building a system of restrictions, eliminating unintentional and simulated impact.

Creating a financial security system is a heuristic process, which consists in solving multicriterial tasks requiring the participation of highly professional specialists in various fields. For companies, the development of a financial security strategy is part of the development strategy, through which its leaders decide the two most important tasks that make up a commercial secret: the development of new and (or) modernization of existing methods for promoting products and services on commodity and financial markets, allowing it to optimize the receipt and distribution monetary and equivalent to them means taking into account the balanced distribution of various kinds of risks and the methods of their coverage, the search for the optimal corporate capital structure; Building in a market medium characterized by a high degree of uncertainty and increased risk.

The most important aspect in solving the Company's financial security task is to build the optimal structure of its capital on the basis of generally accepted coefficients, which allows you to optimize the management of the company's debt and methods to attract additional cash resources to. The main problem in the implementation of the company's financial security concept is the lack of tested and standardized ways to cover various kinds of risks, as well as formalization and description of the structure of the risks themselves.

As a system of financial security, also includes a set of tasks to eliminate the conflict of interest between the infrastructure of the financial market infrastructure at the state level and divisions of the company at the Corporation level. Among the tested methods and means of eliminating the conflict of interest - a clear construction of document management and control over its observance; the rigid distribution of the rights of access of various subjects and units to information; Hierarchy of powers, as well as the establishment of conditional barriers, the so-called "Chinese walls" (English. Chinase Wall), with the help of which employees of various business entities and their units with the potential opportunity of conflict of interest are divided into time and space.

Separately, the security task is solved in transmitting data on local, distributed or global networks from random or deliberate changes, destruction, disclosure, as well as unauthorized use. The system of measures must be transparent - the introduction of safety mechanisms should not disturb the normal operation of the entire system; delays in the data transfer process made by software and technical safety means must be minimal; The reliability of the transfer should not be reduced. At the same time, the security tools themselves must be protected from unauthorized access. Developed tools and technology for protecting computing networks (protective screens, echelonized defense, etc.).

In order to protect databases, apply:

• backup that protects data and programs from errors, damage and removal during failures and various kinds of failures arising in the system or network;
• privacy through the use of various technical and mathematical methods, in particular, cryptography ensuring the secrecy of programs and data that is stored in systems or transmitted over the network;
• registration of subscribers (users) entitled to certain programs and data, which makes it possible to carry out their authentication.

The process of ensuring the safety, integrity and reliability of processing and storage of data is understood as a single data protection process. In a number of highly developed countries, specialized standards are being developed, intended for data protection. For example, in the United States approved the standard "private enhanced mail" used to encrypt information both in commercial and non-commercial tasks and allowing documents to give documents an unrecognizable view.

To ensure a legal framework in a number of countries, relevant laws are adopted. Thus, in the United States since 1974 there is a law on secrecy that defines the data storage rules. Subsequently, in addition to it, the law on the secret of financial transactions (1978), limiting access to banking operations, including public organizations; Information Storage Act (1978), requiring user notification about receiving a third party access to their entries; Electronic Communication Act (1986), prohibiting the interception of data transmitted through the communication network.

National Computer Security Center, NCSC (National Computer Security Center) is engaged in developing data security concepts, where basic work on standards in this area are concentrated.

The financial security of the enterprise is the state of its protection against the negative impact of external and internal threats, destabilizing factors, in which the sustainable implementation of the main commercial interests and the objectives of statutory activities are ensured.

According to I.A. Blanca, the essence of the financial security of the enterprise consists in the ability of the enterprise to independently develop and hold a financial strategy in accordance with the objectives of the general corporate strategy, in conditions of an indefinite and competitive environment. The main condition for the financial security of the enterprise is the ability to resist the existing and hazards and threats, seeking to cause financial damage to the enterprise or undesirable to change the capital structure, or to force the enterprise. To ensure this condition, the enterprise must support financial stability, equilibrium, ensure sufficient financial independence of the enterprise and flexibility in making financial solutions.

Financial sustainability and financial security of the enterprise are inextricably linked, mutually influence and complement each other. I am figuratively, we can say that they are two sides of the same medal. Financial stability is a necessary, but insufficient condition of the financial security of the enterprise. However, if the condition that an enterprise with financial security has both financial stability, it is true, the opposite approval will not be fair.

Consequently, ensuring financial security can only be based on the financially sustainable development of the enterprise, which creates the conditions for the implementation of such a financial mechanism that is capable of adapting to the changing conditions of the internal and external environment. With this approach to the financial stability of the enterprise, the levels of financial sustainability are of particular importance, as the enterprise's financial security is not an absolute, but a rational level of financial stability.

Thus, the need to continuously monitor financial security is predetermined by the objective need for each business entity in ensuring stable functioning and achieving activity goals.

The level of financial security of the enterprise depends on how effectively its leadership and specialists (managers) are able to avoid possible threats and eliminate the harmful effects of individual negative components of the external and internal environment.

Sources of negative impact on the financial security of the enterprise (organization) can be:

Conscious or unconscious actions of individual officials and business entities (government bodies, international organizations, competitors);

The intention of objective circumstances (the state of the financial situation in the markets of this enterprise, scientific discoveries and technological developments, force majeure circumstances, etc.

Depending on the subject condition, negative influences on financial security may be objective and subjective. Objective are considered such negative influences that arise not by the fault of the enterprise itself or its individual workers. Subjective influences are due to the ineffective work of the enterprise as a whole or its individual workers (primarily managers and functional managers).

The main goal of the financial security of the enterprise is to ensure its continuous and most effective functioning today and the high potential of development in the future.

From this purpose, the functional goals of the company's financial security flow:

Ensuring high financial efficiency, durability and independence of the enterprise;

Ensuring technological independence and the achievement of high competitiveness of its technical potential;

High management efficiency, optimality and efficiency of its organizational structure;

High level of personnel qualifications and its intellectual potential, efficiency of corporate R & D;

Minimization of the destructive impact of the results of production activities on the state of the environment;

Qualitative legal security of all aspects of the enterprise;

Ensuring the protection of the information field, commercial secrecy and the achievement of the necessary level of information support for all subsections;

Ensuring the safety of enterprise personnel, its capital and property, commercial interests.

The general scheme of the process of organizing financial security of an enterprise, including the implementation of the functional components to prevent possible harm and achieve the minimum level today, has a form (Fig. 4.1).

Fig.4.1. The process of organizing the economic security of the enterprise

It can be concluded that the process of organizing financial security of the enterprise is a rather laborious process that includes many components.

Protection of financial information. New information technologies in managing finance on the basis of modern PEVM, on the one hand, provide high quality of work performed, and on the other hand, create many threats leading to unpredictable and even disastrous consequences. Such threats include penetration of unauthorized persons in the base and financial data base, the widespread distribution of computer viruses, erroneous entry of financial data, errors in the design and implementation of economic systems and others. Contact the possible realization of threats, by adopting the security measures of financial information.
Under the protection of financial information it is understood as the state of the security of information and its supporting infrastructure (computers, communication lines, power systems, etc.) from random or deliberate impacts of a natural or artificial nature, fraught with damage to owners or users of this information.
Information security of financial data in the narrow sense of this word includes: the reliability of the computer; safety of valuable credentials; protection of accounting information from making changes to unauthorized persons; Saving documented accounts in electronic communications.
The scale of threats to the society from the abduction and distortion of information is huge and grows from year to year. Damage only from virus attacks based on Computer Economics in recent years has grown almost 30 times, reaching $ 14.2 billion.
Among those surveyed companies 313 showed total damage to $ 52 million from violations of information security. The results obtained can be approximated to the entire US industries: about 140 million working with an average loss of $ 50 from violations of information security lead to $ 7 billion. Damages for the United States.
The loss of only 20% of the information component of a commercial secret, in 60 cases of 100 leads to the bankruptcy of the company, and losses as a result of the actions of unscrupulous competitors amount to about 30% of all economic damage in the world - this formula has brought the World Bank experts, and unfortunately, Almost always acts.
The problem is not limited to the alarms of information, as the damage can also bring an unauthorized change or removal of information for mercenary purposes, such as the distortion of financial information, etc.
Information security objects in financial management include: information resources containing information assigned to commercial secrets and confidential information presented in the form of financial data bases; Funds and informatization systems - technical means used in information processes (means of computing and organizational equipment, informative and physical fields of computers, system-wide and applied software, generally automated systems of accounting and financial data of enterprises).
The threat of information security of financial management lies in a potentially possible action, which through the impact on the components of the financial management system can lead to damage to the owners of information resources or users of the system.
All many potential threats in the financial management of their nature occurrence can be divided into two classes: natural (objective) and artificial.
Natural threats are caused by objective causes, as a rule, independent of the accountant and the financier leading to the full or partial destruction of accounting together with its components. Such natural phenomena includes earthquakes, blows of lightning, fires, etc.
Artificial threats are associated with people's activities. They can be divided into unintentional (unintentional), caused by the ability of workers to perform any errors due to inattention, fatigue, painful state, etc. For example, an accountant when entering information into a computer can not press the key, make unintentional errors in the program, to take the virus, accidentally disclose passwords.
Deliberate (intentional) threats are associated with the mercenary aspirations of people - intruders who intentionally creating unreliable documents.
Threats of safety in terms of their direction can be divided into the following groups: the threat of penetration and reading data from the database databases and computer programs; the threat to the safety of credentials, leading to either their destruction, or to change, including falsification of payment documents (payment requirements, orders, etc.); the threat of data availability arising when the user cannot access account data; The threat of failure to perform operations, when one user transmits a message to another, and then does not confirm the transmitted data.
Depending on the source of threats, they can be divided into internal and external.
The source of internal threats is the activities of the organization's staff. External threats come from outside the employees of other organizations, from hackers and other persons.
External threats can be divided into local due to the penetration of the violator into the territory of the organization and receive access to a separate computer or local network; Remote, characteristic of systems connected to global networks (Internet, SWIFT international bank settlement system, etc.).
Such hazards arise most often in the electronic payment system when calculating suppliers with buyers, use in the calculations of the Internet. Sources of such information attacks may be thousands of kilometers. At the same time, the impact is exposed not only to the computer, but also accounting information.
Intentional and unintentional accounting errors, leading to an increase in financial risk, the following: errors in records of credentials; incorrect codes; unauthorized accounting; violation of test limits; missed accounts; errors in processing or output data; errors when forming or adjusting reference books; incomplete accounts; incorrect assignment of records in periods; Data falsification; violation of the requirements of regulatory acts; violation of the principles of accounting policies; Maintenance of the quality of service needs of users. Unprotected accounting and financial data lead to
serious shortcomings in the enterprise management system: a set of undocumented control episodes; the absence of a holistic picture of what is happening at the enterprise in separate structural divisions; delay in obtaining relevant at the time of decision-making; disagreements between the structural divisions and individual performers, jointly performing work, due to poor mutual awareness of the state of business processes; complaints of employees of all levels on information overload; unacceptable deadline for developing and distributing business documents; great timing of obtaining retrospective information accumulated in the enterprise; the difficulties of obtaining information on the current state of the document or business process; An unwanted leakage of information occurring due to the disordered storage of large amounts of documents.
Particular danger represents the information that make up commercial secrets and related to financial information (data on partners, clients, banks, analytical information on the activity in the market). In order for this and similar information to be protected, it is necessary to issue a contract with accounting staff, financial services and other economic units with an indication of a list of information not subject to publicity.
In the process of analyzing the security system of financial management, it is necessary to determine: what is important for the company (key resources and business processes); that she can threaten; What consequences for the business will carry out the implementation of each threat (revenue reduction, legal implications, operating activities, trust of clients and investors, etc.); What are the main risks of the company and what is their assessment in value or qualitative terms.
The legal mode of information resources is determined by the rules setting: the procedure for documenting information; ownership of individual documents and individual arrays of documents, documents and arrays of documents in information systems of financial management; category of information on access to it; The procedure for legal protection of information.
The basic principle, violated when implementing an information threat in financial management, is the principle of documenting information. The document received from the automated information system of accounting acquires legal force after its signing by an official in the manner prescribed by the legislation of the Russian Federation.
Protection of information in automated accounting and financial systems is based on the following basic principles. Ensuring the physical separation of areas intended for processing secret and non-negious information. Providing cryptographic information protection. Ensuring the authentication of subscribers and subscriber installations. Ensuring the delimitation of access of subjects and their processes to information. Ensuring the authentication and integrity of documentary messages when they are transmitted through communication channels. Ensuring protection against refusals from authorship and content of electronic documents. Ensuring the protection of equipment and technical means of the system, premises where they are placed, from leakage of confidential information on technical channels. Ensuring the protection of cipher-engineering, equipment, technical and software from information leakage due to hardware and software bookmarks. Ensuring controlling the integrity of the software and information part of the automated system. Use as domestic development protection mechanisms. Providing organizational and regime protection measures. It is advisable to use and additional communication security measures in the system. Organization of protection of information about intensity, duration and traffic exchange traffic. Use to transmit and process information information and methods that make interception difficult.
Protection of information from unauthorized access is aimed at creating three main properties in protected information: confidentiality (classified information should only be accessible to the one to whom it is intended); integrity (information on the basis of which important decisions are made should be reliable, accurate and fully protected from possible unintentional and malicious distortions); Readiness (information and related information services should be available, ready for interested persons always when they need a need).
To ensure the protection of accounting information, obstacles, access control, disguise, regulation, coercion, prompting are used.
An obstacle is the method of physical blockage of the path of the attacker to the protected accounting information. This method is implemented by the enterprise bandwidth, including the presence of the entrance to it, the blockage of the path of unauthorized persons to the accounting department, the cashier, etc.
Access control is a method for protecting accounting and reporting information implemented by: identifying information system users. (Each user receives its own personal identifier); authentication - setting the authenticity of an object or subject to the identifier submitted to them (carried out by mapping the entered identifier with the computer stored in the memory); authorization checks - verification of the compliance of the requested resources and operations performed on allocated resources and permitted procedures; registration of appeals to protected resources; Informing and response when trying unauthorized actions.
Disguise - method of cryptographic protection of information in the automated information system of the enterprise.
Forcing - the method of protection of information due to the threat of material, administrative or criminal liability. The last one is implemented by three articles of the Criminal Code: "Unauthorized access to computer information" (Art. 272); "Creation, use and dissemination of malware for computers" (Art. 273); Violation of the rules of operation of computer, computer systems or their networks "(Art. 274).
Movement is a method of protecting information by complying with users of the established moral and ethical standards in the enterprise team. In the United States, for example, to moral and ethical means, in particular, the Code of Professional Behavior of Members of the Association of EMM users.
The legal force of the document, stored, processed and transmitted using automated and telecommunication systems, can be confirmed by an electronic digital signature.
When transferring documents (payment orders, contracts, orders) on computer networks, proof of the truth is that the document was really created and sent by the author, and not falsified or modified by the recipient or by any third party. In addition, there is a threat of the denial of authorship by the sender in order to relieve responsibility for the transfer of the document. To protect against such threats in the practice of sharing financial documents, the methods of message authentication are used in the absence of the parties to confidence in each other. The document (message) is complemented by a digital signature and a secret cryptographic key. Fake signature without key knowledge with unauthorized persons is excluded and irrefutable indicates authorship.
The accountant (user) signs the electronic digital signature using the personal key, known only to it, documents, transfers them in accordance with the document management scheme, and the hardware and software system conducts a signature test. Confidential documents can be encrypted on individual keys and are not available for intruders. The system is based on Russian standards and regulations of office work, the practice of organizing the accounting of documents and monitor the actions of performers in the structures of any form of ownership (state and non-state).
Financial data protection makes it possible: to provide identification / user authentication; Determine for each user functional rights - the rights to perform certain functions of the system (in particular, to access those or other log registration logs); Determine the privacy level for each document, and for each user - the rights of access to documents of various privacy levels; confirm the authorship of the user using the electronic signature mechanism; ensure the confidentiality of documents by encrypting them, as well as encryption of all information transmitted by open communication channels (for example, by email); Encryption is performed using certified cryptographic drugs; Lock all user actions in audit logs (in the log in the entry and exit audit log, the journal of perfect operations).
Feeding the signature without knowledge of the key by attackers is excluded. When protecting account information, you need to comply with the following principle: if you evaluate information at 100 rubles, then you should not spend 150 on its protection.
Controls in automated financial systems are placed at those points where possible risk is able to turn into damages.
Such points are called risk points, or check points. These are those points where control will be most efficient and at the same time the most economical. But no matter how effective means of control, they cannot provide a 100% guarantee, in particular, by virtuous errors.
Evaluation of the effectiveness of investment in information security. Realities of the modern business are such that in the conditions of the market, almost any company focuses on maintaining its competitiveness - not only products and services, but also companies in general.
Under these conditions, the quality and efficacy of the information system affect the final financial indicators indirectly, through the quality of business processes. Play companies where funding for information protection is carried out on the residual principle.
How to treat attachments in information security - how to cost or how to invest? If both to the cost, then the reduction of these costs is an important problem for the company. However, this will noticeably give the company from solving the strategic task associated with an increase in its market adaptability, where security as a whole and information in particular plays an important role. Therefore, if the company has a long-term development strategy, it usually considers these investments as an investment. The difference is that costs are primarily a need, investment is the prospect of payback. And in this case, careful assessment of the effectiveness of such investments and the economic rationale for planned costs is required.
Investments in information security are necessary and justified, since it is an integral part of the overall security of the organization, which includes the economic security of entrepreneurial activity. How to estimate the required level of costs to build an effective information security management system (ISMIM) and how to minimize risks?
For business in modern conditions, a weighted estimate is required when making a decision. Every day, each company is influenced by financial, operating or other risks. Its success and stability lies in the ability to withstand potential risks, correctly and timely assess them. To increase the capitalization of business, the cost and significance of the company in the market, serious and permanent investments are needed, so in the process of enterprise's activities, investing in assets subsequently plays a key role, i.e. Investing becomes one of the main zones of financial risks.
The main economic effect to which the company seeks to create a system for the protection of information (SZI) is a significant reduction in material damage due to the implementation of existing information security threats. The return on such investments in the development of the company should be quite projected.
Based on most of the methods for assessing the effectiveness of investment in information security, there is a comparison of the costs required for the creation of SZI, and damage, which can be caused by the company due to the lack of this system.
When making a decision on investments, the importance is compared with the average industry or choose a project with the best value of the "Return of Investments" (ROI, the interest rate ratio of profit (or economic effect) from the project to investments necessary for the implementation of this project) from the available options. Despite the extensive experience of using this indicator, today there is no reliable methods for calculating the return of investments, and attempts to determine it by analyzing the performance of companies that have implemented certain information technologies led to the emergence of the TCO indicator proposed by Gartner Group.
The basis of the general model of calculating the total cost of ownership is the separation of all costs for direct and indirect. Under indirect costs, as a rule, are the hidden costs that arise during the operation of the SZI. These unplanned costs can significantly exceed the cost of the protection system itself. According to the Gartner Group, direct costs make up 15-21% of the total amount of costs for using information technology.
One of the key advantages of the indicator "The total cost of ownership" is that it allows us to draw conclusions about the feasibility of implementing the project in the field of information security on the basis of the estimate of the only costs. Moreover, in the case of the defense of the information, the situation often arises when the economic effect of the introduction of NIZ cannot be appreciated, but the objective need for its creation exists.
Another advantage of this indicator is that the TSO calculation model includes an assessment of not only the initial costs for the creation of SZI, but also costs that may occur at various stages of the entire life cycle of the system. But despite this, the indicator of the TSO, however,, like the ROI, is static, reflecting a certain temporary cut, without taking into account changes in the situation in time. Over time, information systems are subjected to constant changes, new threats and vulnerabilities appear. Thus, the provision of information security is the process to be considered in time. Therefore, to analyze the effectiveness of investment in information security, it is proposed to consider the possibility of using a system of dynamic indicators based on the method of discounted cash flows.
The purpose of any investment is to increase the flow of funds (in this case, a decrease in the amount of damage as a result of the implementation of information security threats) compared to the existing one. When evaluating the investment project, it is necessary to consider all cash flows related to the implementation of this project. In this case, it is necessary to take into account the dependence of the flow of cash on time. Therefore, future cash flows (reduction of damage) must be discounted, i.e. Led to current cost. For this, the discount rate is used, the size of which reflects the risks associated with the depreciation of money due to inflation and the possibility of failure of an investment project that may not bring the expected effect. In other words, the higher the risks associated with the project, the greater the value of the discount rate. This bid also reflects the overall level of credit value for investment.
Often the discount rate is determined by the indicator of the weighted average cost value. This is the average rate of income on the attached capital, which is to pay for its use. Typically, this indicator is considered as the minimum rate of return, which should be provided with an investment project.
Directly for assessing the effectiveness of investments use the "Clean current value" indicator, considered earlier. With the value of this indicator, more or equal to zero, it is believed that capital investment effectively. When comparing several projects, one of them is accepted, which has a greater value of this indicator, unless it is positive.
Obviously, to assess the effectiveness of investments in the creation of a system for protecting financial information not enough for indicators. It is also necessary to take into account the risks associated with the implementation of a project. These may be risks associated with specific providers of information protection tools, or risks associated with the competence and experience of the implementation team.
In addition, it is useful to carry out the sensitivity analysis of the indicators.
Not all the damage from the realization of the threats of information security can be unambiguously expressed in monetary terms. For example, the company's intellectual property damage can lead to such consequences as loss of positions in the market, loss of permanent and temporary competitive advantages or reducing the value of the trademark. Therefore, it is often often necessary to create a system for creating a system for the protection of information on the basis of a qualitative assessment of possible effects.
Any method of evaluating the effectiveness of investment in information security is just a set of mathematical formulas and logical calculations, the correctness of the application of which is only a matter of justification. Therefore, the quality of information necessary to make a decision on the feasibility of investment will primarily depend on the source data on the basis of computation. A vulnerable place in any method of calculation is precisely the collection and processing of primary data, their quality and accuracy.
In addition, a clear understanding of the goals for which SZFI is being created, and the direct participation of the leading of these goals in the decision-making process is also the key to high quality and accuracy of assessing the effectiveness of investment in information security. Such an approach ensures that the information protection system will not be an artificial addition to an already implemented management system, but is originally designed as an essential element supporting the company's basic business processes.

Topic 10. Strategy and tactics of financial security of the enterprise

10.1 Essence and Elements of the Financial and Economic Security Management Strategy

10.3 Tactics for ensuring the financial security of the enterprise.

10.4 Financial security strategy and tactics tools.

10.Quality of the choice of strategy and methods for solving management tasks.

10.6 Main activities aimed at neutralizing the threat of a financial crisis.

Strategies for solutions under risk. Risk management includes strategy and management tactics.

Strategy - This is a long-term approach to achieving the goal. The general security strategy is expressed through the overall concept of a comprehensive system for ensuring entrepreneurial security. As part of the General Strategy, special and functional strategies are allocated, incl. Financial.

Under management Strategymeet the direction and method of using funds to achieve the goal. This method corresponds to a certain set of rules and restrictions for making a decision. The strategy allows you to concentrate efforts on solutions that do not contradict the adopted strategy, paying all other options. After reaching the goal, the strategy as a direction and the means of achieving it ceases to exist. New goals set the task of developing a new strategy.

For companies Development financial security strategies - Part of the development strategy, through which its leaders decide the two most important tasks that make up a commercial mystery:

1) development of new and (or) modernization of existing methods for promoting products and services on commodity and financial markets allowing it optimizethe admission and distribution of cash and equivalent funds taking into account balanced distribution of various risks and methods of their coverage, search optimal corporate capital structure;

2) Building financial Management in a market medium characterized by a high degree of uncertainty and increased risk.

Includes:

1.C. street of preventive measuresimplemented through regular, continuous, work of all divisions of the entity entrepreneurial activity on the verification of counterparties, analysis of alleged transactions, examination of documents, fulfilling the rules for working with confidential information, etc. The security service in this case acts as a controller.

2. Strategy of reactive measures, applied in the event of or real implementation of any threats to the financial security of entrepreneurship. This strategy based on the use of a situational approach and accounting for all external and internal factors is implemented by the Financial Security Service through a system of measures specific to this situation.

The most important aspect in solving the task of ensuring the financial security of the company is to build the optimal structure of its capital on the basis of generally accepted coefficients, which makes it possible to optimize the management of the Company's debt and methods for attracting additional money resources in the financial market.

- ensuring sustainable financial equilibrium over the entire period of functioning of the organization.

Financial Security Strategy Enterprises in the conditions of unstable existence should include the following elements:

Diagnosis of crisis situations;

Separation of objective and subjective negative impacts;

Definition of a list of measures to prevent the threats of economic security; Evaluation of the effectiveness of planned measures in terms of neutralization of negative impacts;

Assessment of the cost of the proposed measures to eliminate the threats to economic security.

Financial security strategy Enterprises include directions:

1. Definition of criteria and parameters (quantitative and high-quality threshold values) of the financial system of the enterprise that meet the requirements of its financial security;

2. Development of mechanisms and measures to identify the threats to the financial security of enterprises and their carriers;

3. Characteristics of the areas of their manifestation (areas of the localization of threats);

4. Establishing the main subjects of threats, mechanisms for their functioning, the criteria for their impact on the economic (including financial) system of the enterprise;

5. Development of the methodology for predicting, identifying and preventing the emergence of factors determining the emergence of threats to financial security, conducting research to identify trends and opportunities for the development of such threats;

6. Organization of an adequate financial security system of the firm;

7. Formation of mechanisms and measures of financial and economic policies, neutralizing or mitigating the impact of negative factors;

8. Defining objects, subjects, control parameters for ensuring the financial security of the enterprise.

Tactics- These are specific methods and techniques to achieve the goal in specific conditions. Financial Security Tactics It intends to apply specific procedures and perform specific actions in order to ensure the economic security of the entrepreneurship. These actions, depending on the nature of the threats and severity of the consequences of their implementation, may be, for example: expansion of the legal service of the company; Adoption of additional measures to preserve commercial secrets; creation of a computer security unit of financial information, presentation of claims to the violator counterparty; appeal to the judiciary; Contacting law enforcement agencies.

The task of management tactics is the choice of the optimal solution and the most acceptable management methods and methods in this economic situation.

Factors determining the choice of the basic concept of ensuring financial security of the enterprise:

General Development Strategy ("Mission"), for example, orientation for servicing highly profitable industries or shadow economies;

The degree of aggressiveness of the competitive strategy;

The degree of "criminalization" of the placement region;

Financial opportunities to ensure their own security;

Qualification of the Bank's Security Service personnel;

The presence of support from local government bodies.

The total sequence of implementing the selected strategy:

Determination of the overall list of real and potential security threats, as well as their possible sources;

Formation of a ranked list of protection objects;

Determination of the resources required to implement the strategy;

Determination of rational forms of protection for specific objects;

Definition of functions, rights and responsibility of the security service of the company;

Determination of the tasks of other structural divisions and management instances of the Bank as part of the implementation of the Strategy;

Development of an operational plan of events and targeted programs.

Basic eventsdirected to the neutralization of the threat of financial crisis are:

· Insurance of the financial risks of the enterprise;

· Implementation of unnecessary or unused company assets;

· Taking measures to recover receivables;

· Reduction of financial transactions in the most risky directions of the financial activity of the enterprise;

· Saving investment resources due to the suspension of the implementation of individual real investment projects;

· Saving current costs associated with enterprise economic activities;

· Evaluation of production capacity;

· Preservation of expensive environmental activities;

· Transfer of non-production facilities on the balance of urban authorities and reducing the cost of their maintenance, etc.

Topic 11. Financial Risk Management (Risk Management)

11.1 Essence and classification of financial risks.

11.2 Methods for assessing the level of financial security.

11.3 Economic assessment of possible damage from various threats.

11.4 Risk management, its functions.

11.5 Organization of risk management.

11.6 Rules and risk management methods.

11.7 Basic concepts of risk management.

11.8 Methods for determining the likelihood and consequences of risks.

11.9 Risk processing.

11.10 Methods of game theory.

11.11 Analysis of the sensitivity of the project.

11.12 Methods of minimizing project risks.

11.13 Risk response planning, monitoring and risk control. Evaluation of the economic effect of risk management.

11.14 Risk management strategies.

Basic risk management concepts.Uncertainty. Risk. Risk probability. Case, probability and impact. Objective and subjective methods for determining the likelihood of unwanted events. Risk tree (risk breaking structure) project. External risk factors. Internal risk factors.

Risk - This is the uncertainty of the financial performance of the enterprise in the future, due to the uncertainty of this future itself.

The concept of "risk" from economic positions primarily implies losses or damage, but still caused by the property rights of the "moral damage" enterprise, the likelihood of which is associated with the emergence of the uncertainty of the final result from the economic operation.

Regarding the management, the concept of "risk" in this area should be associated with the complexity and nature of the problems, the conditions for making management decisions, forecasting the situation consequently, management risk should be considered as a characteristic of management activities, occurs in conditions of uncertainty or uncertainty, as a result of the factors in this The moment of time that may cause future negative effects of DKi for the enterprise, influence the level of financial security.

Risk, along with innovations and investment policies, anti-crisis management technologies should be attributed to the defining management factors and especially this concerns anti-crisis management for enterprises that is why it is necessary to consider this category in the context of investment, innovation, anti-crisis management technologies.

In crisis conditions, the company has a risk of bankruptcy, the risk of onset of certain unforeseen events, and therefore the manager in this situation should risk, but weigly, within the framework that allow you to achieve the targets scheduled for previously, therefore, analyzing the situation that has developed, should be considered risk and his character.

There are many different risk classifications. The most famous in world practice exist risk separation for systematic and non-systematic

Non-systematic risk is called another characteristic risk of the company, it can be caused by a number of reasons: strikes, unsuccessful marketing programs, termination of duties (official) on major contracts for this company, etc. Systematic or market risk can be caused by wars, catastrophes, inflation, growth of interest rates and a number of other reasons.

Reasons of risk are: the uncertainty of the situation arising due to many accidents; Informant information about it, as well as the psychological features of the personality of entrepreneurs.

Hence, risk measurement - This is a measurement of uncertainty. And from the point of view of the theory of probability, this means that it is necessary to determine the distribution of probabilities for the corresponding set of scenarios for the development of the situation.

There are risks of action, but also risks of inaction. Risks are predicted and unpredictable, voluntary and involuntary, permissible and catastrophic.

Risks for the enterprise are internal and external and integration. If the external disorders caused by the macroeconomic equilibrium, the internal - microeconomic, then the integration - manifestation of international division of labor among the internal production and technological, marketing, financial, organizational and risks of personnel management.

Any financial activity is always associated with a certain risk, the possibility of unforeseen cash loss.

Financial risk is manifested in:

1 disadvantage of free working capital;

2 lack of innovative and investment costs;

3 low estate liquidity;

4 lossless production, etc.

Causes of financial risk:

1 lack of proper financial and economic planning;

2 unprofitable activities or functioning of the enterprise;

3 Availability of a large share of outdated equipment;

4 Missing products available to consumers.

Classification of financial risks:

1. By the degree of danger (sizes of consequences) for the company allocate:

- reasonablefinancial risk involving current losses, such as partial or full profit loss;

- unwanted risk (threat of full revenue loss);

- unacceptable Risk (bankruptcy).

2. By appropriate You can talk about justified and unjustified risks, the boundaries between which are in various areas of financial activities of the company of unequal.

3. For reasons Allocate:

1. Currency risk (associated with the influence of currency exchange rate fluctuations to the position of exporters and importers). The main variety is the economic risk due to the fact that expenses and income take place in different currencies. With direct economic risk, there is a threat of the profitability of operations on concluded contracts, it is necessary to pay for which in unprofitable conditions.

2. Investment risk - This is the risk of an erroneous investment of funds, the fall of the company's securities course and as a result of this impairment or the full loss of invested capital and expected income, the impossibility of implementing available assets (due to their illiquidity).

3. Credit risk (Credit Risk) is the risk of losses arising from the inability of the transaction partner in a timely manner to fulfill its obligations, i.e. The risk arising from a partial or complete insolvency of the partner. The banking organizations and other financial institutions are subject to the greatest degree of risk. The generally accepted measure of the assessment of the credit risk of the enterprise, the company or the bank are credit ratings. In Russia, the construction of such ratings is just beginning, but you can already find them in the journal "Expert", Reed (Russian Institute of Directors), Institute of Corporate Law and Management. Credit risks (arise due to non-fulfillment of obligations, unscrupiance): trade (non-payment of debt on a commercial loan) and bank (Bank insolvency).

4. Interest risks (changes of the absolute and relative level of interest rate; its unpredictable oscillations due to unfavorable incurability, changes in the central bank of the refinancing rate, the rate of economic growth, inflation, public debt, government policy).

5 . Market risk (Market Risk) is the risk of changing the price of goods or shares, interest rates on loans, the relationship between different parameters of the market and the variability of these parameters.

6. Risk of liquidity (Liquidity Risk) is a risk that occurs when selling an existing financial asset. This type of risk means the inability to quickly implement the asset without a significant cost reduction.

7. Operational risk (Operational Risk) - the risk associated with the unscrupulous execution of his official duties (from theft to a deliberate conspiracy with competitors).

With such a number of risks, the need for PM is based on a targeted search and organization of work to reduce the degree of risk, the practice of obtaining and increasing profits in an uncertain economic situation. The final role of the Republic of Moldova fully corresponds to the target business function - obtaining the greatest profit with the optimal ratio of profits and risk.

From the point of view of the PM, approach different types of risks should be different. Thus, when working with operational risks and risks of liquidity, risk management is the nature of the problem solved by building the right organizational procedure based on the knowledge of experts. And when working with market and credit risks, it should be understood that the management of such risks is the most formalized and regular task associated with mathematical measurements, calculations and procedures.

Anti-crisis management in a significant part of the problems to be solved is risky. In certain crisis situations, many risks of various content, nature, sources of manifestation, and speech of the onset of the occurrence, loss or negative consequences for the enterprise as a whole, determines the need to form a risk management system with the involvement of qualified risky situations management specialists ( Consultants) This can be both direct specialists of certain activities in the enterprise and specialists from.

In any case, the process of developing and making solutions displays the following stages of the implementation of risky solutions:

Information analysis

Situation diagnostics

Development of solutions

Decision-making,

Organization and implementation of management activities.

Diagnosis of financial security threats implies the definition and monitoring of factors that determine the sustainability of the financial and economic situation on the short-term and medium term, as well as indicators (indicators) of assessing the level of economic security; Determining their threshold values.

From the right selection of meters of manifestation of threats or a system of indicators for monitoring (that is, indicators) depends on the adequacy of the economic safety of the enterprise.

Methods for determining the likelihood and consequences of risks. The essence of statistical methods and models of identifying and evaluating the risks of the enterprise. Statistical methods that determine the degree of risk of an enterprise using the probability of occurrence of events. The risk of a measure of the uncertainty of the expected income. The risk of a measure of income amounts. Mathematical and statistical indicators of risk in terms of probability distribution of the expected income and the standard deviation from the middle-lifted income. Variation, covariance, correlation. RMS deviation from medium income observed. Reducing these indicators as a goal and risk management content. Positive and negative aspects of statistical methods.

Methods for assessing the level of financial security, on the use of functional components, can be applied both on large and small enterprises, regardless of their form of ownership or organizational and legal form of activity, however, due to the threats of criminal nature, and because the majority of economic security indicators are a commercial secret, The assessment of the overall level of safety and its functional components is possible only within this enterprise, the analysis of threats and safety indicators is carried out by the company's economic security service, for small enterprises - head, accountant, or under the contract - consulting firm.

Evaluation of the level of financial security of consumer enterprises, suppliers, competitors is carried out under a simplified methodology, in which the level of financial security of the enterprise is determined on the basis of the analysis of financial performance of the enterprise and stock availability indicators and costs by their own working capital (KBA).