书签分享收藏举报版权申诉 / 49

立即下载

当前位置：首页 > 教育专区 > 大学资料 > COSO-ERM企业风险管理框架.ppt

COSO-ERM企业风险管理框架.ppt

上传人：wuy****n92

文档编号：70742529

上传时间：2023-01-27

格式：PPT

页数：49

大小：476KB

( 4.5 )

《COSO-ERM企业风险管理框架.ppt》由会员分享，可在线阅读，更多相关《COSO-ERM企业风险管理框架.ppt（49页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、Applying COSOsEnterprise Risk Management Integrated FrameworkSeptember29,2004Todays organizations are concerned about:RiskManagementGovernanceControlAssurance(andConsulting)ERM Defined:“a process,effected by an entitys board of directors,management and other personnel,applied in strategy setting and

2、 across the enterprise,designed to identify potential events that may affect the entity,and manage risks to be within its risk appetite,to provide reasonable assurance regarding the achievement of entity objectives.”Source:COSO Enterprise Risk Management Integrated Framework.2004.COSO.Why ERM Is Imp

3、ortant Underlyingprinciples:Everyentity,whetherfor-profitornot,existstorealizevalueforitsstakeholders.Valueiscreated,preserved,orerodedbymanagementdecisionsinallactivities,fromsettingstrategytooperatingtheenterpriseday-to-day.Why ERM Is Important ERMsupportsvaluecreationbyenablingmanagementto:Dealef

4、fectivelywithpotentialfutureeventsthatcreateuncertainty.Respondinamannerthatreducesthelikelihoodofdownsideoutcomesandincreasestheupside.This COSO ERM framework defines essential components,suggests a common language,and provides clear direction and guidance for enterprise risk management.Enterprise

5、Risk Management Integrated Framework The ERM FrameworkEntity objectives can be viewed in thecontext of four categories:Strategic OperationsReportingComplianceThe ERM FrameworkERM considers activities at all levelsof the organization:Enterprise-levelDivision orsubsidiaryBusiness unitprocesses Enterpr

6、iseriskmanagementrequiresanentitytotakeaportfolio viewofrisk.The ERM FrameworkManagementconsidershowindividualrisksinterrelate.Managementdevelopsaportfolioviewfromtwoperspectives:-Businessunitlevel-EntitylevelThe ERM FrameworkTheeightcomponentsoftheframeworkareinterrelated The ERM FrameworkInternal

7、EnvironmentEstablishesaphilosophyregardingriskmanagement.Itrecognizesthatunexpectedaswellasexpectedeventsmayoccur.Establishestheentitysriskculture.Considersallotheraspectsofhowtheorganizationsactionsmayaffectitsriskculture.Objective SettingIsappliedwhenmanagementconsidersrisksstrategyinthesettingofo

8、bjectives.Formstheriskappetiteoftheentityahigh-levelviewofhowmuchriskmanagementandtheboardarewillingtoaccept.Risktolerance,theacceptablelevelofvariationaroundobjectives,isalignedwithriskappetite.Event IdentificationDifferentiatesrisksandopportunities.Eventsthatmayhaveanegativeimpactrepresentrisks.Ev

9、entsthatmayhaveapositiveimpactrepresentnaturaloffsets(opportunities),whichmanagementchannelsbacktostrategysetting.Event IdentificationInvolvesidentifyingthoseincidents,occurringinternallyorexternally,thatcouldaffectstrategyandachievementofobjectives.Addresseshowinternalandexternalfactorscombineandin

10、teracttoinfluencetheriskprofile.Risk AssessmentAllowsanentitytounderstandtheextenttowhichpotentialeventsmightimpactobjectives.Assessesrisksfromtwoperspectives:-Likelihood-ImpactIsusedtoassessrisksandisnormallyalsousedtomeasuretherelatedobjectives.Risk AssessmentEmploysacombinationofbothqualitativean

11、dquantitativeriskassessmentmethodologies.Relatestimehorizonstoobjectivehorizons.Assessesriskonbothaninherentandaresidualbasis.Risk ResponseIdentifiesandevaluatespossibleresponsestorisk.Evaluatesoptionsinrelationtoentitysriskappetite,costvs.benefitofpotentialriskresponses,anddegreetowhicharesponsewil

12、lreduceimpactand/orlikelihood.Selectsandexecutesresponsebasedonevaluationoftheportfolioofrisksandresponses.Control ActivitiesPoliciesandproceduresthathelpensurethattheriskresponses,aswellasotherentitydirectives,arecarriedout.Occurthroughouttheorganization,atalllevelsandinallfunctions.Includeapplicat

13、ionandgeneralinformationtechnologycontrols.Managementidentifies,captures,andcommunicatespertinentinformationinaformandtimeframethatenablespeopletocarryouttheirresponsibilities.Communicationoccursinabroadersense,flowingdown,across,anduptheorganization.Information&CommunicationMonitoringEffectivenesso

14、ftheotherERMcomponentsismonitoredthrough:Ongoingmonitoringactivities.Separateevaluations.Acombinationofthetwo.Internal ControlAstrongsystemofinternalcontrolisessentialtoeffectiveenterpriseriskmanagement.ExpandsandelaboratesonelementsofinternalcontrolassetoutinCOSOs“controlframework.”Includesobjectiv

15、esettingasaseparatecomponent.Objectivesarea“prerequisite”forinternalcontrol.Expandsthecontrolframeworks“FinancialReporting”and“RiskAssessment.”Relationship to Internal Control Integrated FrameworkERM Roles&ResponsibilitiesManagementTheboardofdirectorsRiskofficersInternalauditorsInternal AuditorsPlay

16、animportantroleinmonitoringERM,butdoNOThaveprimaryresponsibilityforitsimplementationormaintenance.Assistmanagementandtheboardorauditcommitteeintheprocessby:-Monitoring-Evaluating-Examining-Reporting-RecommendingimprovementsVisittheguidancesectionofTheIIAsWebsiteforTheIIAspositionpaper,“RoleofInterna

17、lAuditingsinEnterpriseRiskManagement.”Internal Auditors2010.A1Theinternalauditactivitysplanofengagementsshouldbebasedonariskassessment,undertakenatleastannually.2120.A1Basedontheresultsoftheriskassessment,theinternalauditactivityshouldevaluatetheadequacyandeffectivenessofcontrolsencompassingtheorgan

18、izationsgovernance,operations,andinformationsystems.2210.A1Whenplanningtheengagement,theinternalauditorshouldidentifyandassessrisksrelevanttotheactivityunderreview.Theengagementobjectivesshouldreflecttheresultsoftheriskassessment.Standards1.Organizationaldesignofbusiness2.EstablishinganERMorganizati

19、on3.Performingriskassessments4.Determiningoverallriskappetite5.Identifyingriskresponses6.Communicationofriskresults7.Monitoring8.Oversight&periodicreviewbymanagementKey Implementation FactorsOrganizational DesignStrategiesofthebusinessKeybusinessobjectivesRelatedobjectivesthatcascadedowntheorganizat

20、ionfromkeybusinessobjectivesAssignmentofresponsibilitiestoorganizationalelementsandleaders(linkage)Example:LinkageMissionToprovidehigh-qualityaccessibleandaffordablecommunity-basedhealthcareStrategic ObjectiveTobethefirstorsecondlargest,full-servicehealthcareproviderinmid-sizemetropolitanmarketsRela

21、ted ObjectiveToinitiatedialoguewithleadershipof10topunder-performinghospitalsandnegotiateagreementswithtwothisyearEstablish ERMDetermineariskphilosophySurveyriskcultureConsiderorganizationalintegrityandethicalvaluesDeciderolesandresponsibilitiesExample:ERM OrganizationERM DirectorVice President andC

22、hief Risk OfficerCorporate Credit Risk ManagerInsurance Risk ManagerERMManagerERMManagerStaffStaffStaffFES Commodity Risk Mg.DirectorRiskassessmentistheidentificationandanalysisofriskstotheachievementofbusinessobjectives.Itformsabasisfordetermininghowrisksshouldbemanaged.Assess RiskEnvironmental Ris

23、ksCapitalAvailabilityRegulatory,Political,andLegalFinancialMarketsandShareholderRelationsProcess RisksOperationsRiskEmpowermentRiskInformationProcessing/TechnologyRiskIntegrityRiskFinancialRiskInformation for Decision MakingOperationalRiskFinancialRiskStrategicRiskExample:Risk ModelSource:Business R

24、isk Assessment.1998 The Institute of Internal AuditorsControl ItShare orTransfer ItDiversify orAvoid ItRiskManagementProcessLevelActivityLevelEntity LevelRiskMonitoring IdentificationMeasurementPrioritizationRiskAssessmentRisk AnalysisDETERMINE RISK APPETITERiskappetiteistheamountofriskonabroadlevel

25、anentityiswillingtoacceptinpursuitofvalue.Usequantitativeorqualitativeterms(e.g.earningsatriskvs.reputationrisk),andconsiderrisktolerance(rangeofacceptablevariation).Keyquestions:Whatriskswilltheorganizationnotaccept?(e.g.environmental or quality compromises)Whatriskswilltheorganizationtakeonnewinit

26、iatives?(e.g.new product lines)Whatriskswilltheorganizationacceptforcompetingobjectives?(e.g.gross profit vs.market share?)DETERMINE RISK APPETITEQuantificationofriskexposureOptionsavailable:-Accept=monitor-Avoid=eliminate(get out of situation)-Reduce=institutecontrols-Share=partnerwithsomeone(e.g.i

27、nsurance)Residualrisk(unmitigated risk e.g.shrinkage)IDENTIFY RISK RESPONSESImpact vs.ProbabilityControlShareMitigate&ControlAcceptHigh RiskMedium RiskMedium RiskLow RiskLowHighHighIMPACTPROBABILITYLowHighHighIMPACTPROBABILITYHigh RiskMedium RiskMedium RiskLow RiskExample:Call Center Risk Assessment

28、LossofphonesLossofcomputersCreditriskCustomerhasalongwaitCustomercantgetthroughCustomercantgetanswersEntryerrorsEquipmentobsolescenceRepeatcallsforsameproblemFraudLosttransactionsEmployeemoraleControlRiskControlObjectiveActivityCompletenessMaterialAccrualoftransactionopenliabilitiesnotrecordedInvoic

29、esaccruedafterclosingIssue:Invoices go to field and AP is not aware of liability.Example:Accounts Payable ProcessDashboardofrisksandrelatedresponses(visualstatusofwherekeyrisksstandrelativetorisktolerances)FlowchartsofprocesseswithkeycontrolsnotedNarrativesofbusinessobjectiveslinkedtooperationalrisk

30、sandresponsesListofkeyriskstobemonitoredorusedManagementunderstandingofkeybusinessriskresponsibilityandcommunicationofassignmentsCommunicate ResultsMonitorCollectanddisplayinformationPerformanalysis-Risksarebeingproperlyaddressed-ControlsareworkingtomitigaterisksAccountabilityforrisksOwnershipUpdate

31、s-Changesinbusinessobjectives-Changesinsystems-ChangesinprocessesManagement Oversight&Periodic Review Internal auditors can add value by:Reviewingcriticalcontrolsystemsandriskmanagementprocesses.Performinganeffectivenessreviewofmanagementsriskassessmentsandtheinternalcontrols.Providingadviceinthedes

32、ignandimprovementofcontrolsystemsandriskmitigationstrategies.Implementingarisk-basedapproachtoplanningandexecutingtheinternalauditprocess.Ensuringthatinternalauditingsresourcesaredirectedatthoseareasmostimportanttotheorganization.Challengingthebasisofmanagementsriskassessmentsandevaluatingtheadequac

33、yandeffectivenessofrisktreatmentstrategies.Internal auditors can add value by:FacilitatingERMworkshops.Definingrisktoleranceswherenonehavebeenidentified,basedoninternalauditingsexperience,judgment,andconsultationwithmanagement.Internal auditors can add value by:For more informationOnCOSOsEnterprise Risk Management Integrated Framework,visitorwww.theiia.orgThispresentationwasproducedbyApplying COSOsEnterprise Risk Management Integrated Framework

文档加载中……请稍候！
如果长时间未打开，您也可以点击刷新试试。

下载文档到电脑，查找使用更方便

11.9 金币

版权申诉 word格式文档无特别注明外均可编辑修改；预览文档经过压缩，下载后原文更清晰！ 立即下载

配套讲稿：: 如PPT文件的首页显示word图标，表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
特殊限制：: 部分文档作品中含有的国旗、国徽等图片，仅作为作品整体效果示例展示，禁止商用。设计者仅对作品中独创性部分享有著作权。
关键词：: COSO ERM 企业风险管理框架

淘文阁 - 分享文档赚钱的网站所有资源均是用户自行上传分享，仅供网友学习交流，未经上传用户书面授权，请勿作他用。

限制150内

关于本文

本文标题：COSO-ERM企业风险管理框架.ppt
链接地址：https://www.taowenge.com/p-70742529.html