COSO_ERM企业风险管理框架(ppt 49).pptx
《COSO_ERM企业风险管理框架(ppt 49).pptx》由会员分享,可在线阅读,更多相关《COSO_ERM企业风险管理框架(ppt 49).pptx(49页珍藏版)》请在淘文阁 - 分享文档赚钱的网站上搜索。
1、Applying COSOsEnterprise Risk Management Integrated FrameworkSeptember29,2004Todays organizations are concerned about:RiskManagementGovernanceControlAssurance(andConsulting)ERM Defined:“a process,effected by an entitys board of directors,management and other personnel,applied in strategy setting and
2、 across the enterprise,designed to identify potential events that may affect the entity,and manage risks to be within its risk appetite,to provide reasonable assurance regarding the achievement of entity objectives.”Source:COSO Enterprise Risk Management Integrated Framework.2004.COSO.Why ERM Is Imp
3、ortant Underlyingprinciples:Everyentity,whetherfor-profitornot,existstorealizevalueforitsstakeholders.Valueiscreated,preserved,orerodedbymanagementdecisionsinallactivities,fromsettingstrategytooperatingtheenterpriseday-to-day.Why ERM Is Important ERMsupportsvaluecreationbyenablingmanagementto:Dealef
4、fectivelywithpotentialfutureeventsthatcreateuncertainty.Respondinamannerthatreducesthelikelihoodofdownsideoutcomesandincreasestheupside.This COSO ERM framework defines essential components,suggests a common language,and provides clear direction and guidance for enterprise risk management.Enterprise
5、Risk Management Integrated Framework The ERM FrameworkEntity objectives can be viewed in thecontext of four categories:Strategic OperationsReportingComplianceThe ERM FrameworkERM considers activities at all levelsof the organization:Enterprise-levelDivision orsubsidiaryBusiness unitprocesses Enterpr
6、iseriskmanagementrequiresanentitytotakeaportfolio viewofrisk.The ERM FrameworkManagementconsidershowindividualrisksinterrelate.Managementdevelopsaportfolioviewfromtwoperspectives:-Businessunitlevel-EntitylevelThe ERM FrameworkTheeightcomponentsoftheframeworkareinterrelated The ERM FrameworkInternal
7、EnvironmentEstablishesaphilosophyregardingriskmanagement.Itrecognizesthatunexpectedaswellasexpectedeventsmayoccur.Establishestheentitysriskculture.Considersallotheraspectsofhowtheorganizationsactionsmayaffectitsriskculture.Objective SettingIsappliedwhenmanagementconsidersrisksstrategyinthesettingofo
8、bjectives.Formstheriskappetiteoftheentityahigh-levelviewofhowmuchriskmanagementandtheboardarewillingtoaccept.Risktolerance,theacceptablelevelofvariationaroundobjectives,isalignedwithriskappetite.Event IdentificationDifferentiatesrisksandopportunities.Eventsthatmayhaveanegativeimpactrepresentrisks.Ev
9、entsthatmayhaveapositiveimpactrepresentnaturaloffsets(opportunities),whichmanagementchannelsbacktostrategysetting.Event IdentificationInvolvesidentifyingthoseincidents,occurringinternallyorexternally,thatcouldaffectstrategyandachievementofobjectives.Addresseshowinternalandexternalfactorscombineandin
10、teracttoinfluencetheriskprofile.Risk AssessmentAllowsanentitytounderstandtheextenttowhichpotentialeventsmightimpactobjectives.Assessesrisksfromtwoperspectives:-Likelihood-ImpactIsusedtoassessrisksandisnormallyalsousedtomeasuretherelatedobjectives.Risk AssessmentEmploysacombinationofbothqualitativean
11、dquantitativeriskassessmentmethodologies.Relatestimehorizonstoobjectivehorizons.Assessesriskonbothaninherentandaresidualbasis.Risk ResponseIdentifiesandevaluatespossibleresponsestorisk.Evaluatesoptionsinrelationtoentitysriskappetite,costvs.benefitofpotentialriskresponses,anddegreetowhicharesponsewil
12、lreduceimpactand/orlikelihood.Selectsandexecutesresponsebasedonevaluationoftheportfolioofrisksandresponses.Control ActivitiesPoliciesandproceduresthathelpensurethattheriskresponses,aswellasotherentitydirectives,arecarriedout.Occurthroughouttheorganization,atalllevelsandinallfunctions.Includeapplicat
13、ionandgeneralinformationtechnologycontrols.Managementidentifies,captures,andcommunicatespertinentinformationinaformandtimeframethatenablespeopletocarryouttheirresponsibilities.Communicationoccursinabroadersense,flowingdown,across,anduptheorganization.Information&CommunicationMonitoringEffectivenesso
14、ftheotherERMcomponentsismonitoredthrough:Ongoingmonitoringactivities.Separateevaluations.Acombinationofthetwo.Internal ControlAstrongsystemofinternalcontrolisessentialtoeffectiveenterpriseriskmanagement.ExpandsandelaboratesonelementsofinternalcontrolassetoutinCOSOs“controlframework.”Includesobjectiv
15、esettingasaseparatecomponent.Objectivesarea“prerequisite”forinternalcontrol.Expandsthecontrolframeworks“FinancialReporting”and“RiskAssessment.”Relationship to Internal Control Integrated FrameworkERM Roles&ResponsibilitiesManagementTheboardofdirectorsRiskofficersInternalauditorsInternal AuditorsPlay
16、animportantroleinmonitoringERM,butdoNOThaveprimaryresponsibilityforitsimplementationormaintenance.Assistmanagementandtheboardorauditcommitteeintheprocessby:-Monitoring-Evaluating-Examining-Reporting-RecommendingimprovementsVisittheguidancesectionofTheIIAsWebsiteforTheIIAspositionpaper,“RoleofInterna
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- COSO_ERM企业风险管理框架ppt 49 COSO_ERM 企业 风险 管理 框架 ppt 49
限制150内