ERM企业风险管理框架英文.pptx
- 文档编号:18905234
- 上传时间:2024-02-10
- 格式:PPTX
- 页数:49
- 大小:511.58KB
ERM企业风险管理框架英文.pptx
《ERM企业风险管理框架英文.pptx》由会员分享,可在线阅读,更多相关《ERM企业风险管理框架英文.pptx(49页珍藏版)》请在冰点文库上搜索。
ApplyingCOSOsEnterpriseRiskManagementIntegratedFrameworkSeptember29,2004Todaysorganizationsareconcernedabout:
RiskManagementGovernanceControlAssurance(andConsulting)ERMDefined:
“aprocess,effectedbyanentitysboardofdirectors,managementandotherpersonnel,appliedinstrategysettingandacrosstheenterprise,designedtoidentifypotentialeventsthatmayaffecttheentity,andmanageriskstobewithinitsriskappetite,toprovidereasonableassuranceregardingtheachievementofentityobjectives.”Source:
COSOEnterpriseRiskManagementIntegratedFramework.2004.COSO.WhyERMIsImportantUnderlyingprinciples:
Everyentity,whetherfor-profitornot,existstorealizevalueforitsstakeholders.Valueiscreated,preserved,orerodedbymanagementdecisionsinallactivities,fromsettingstrategytooperatingtheenterpriseday-to-day.WhyERMIsImportantERMsupportsvaluecreationbyenablingmanagementto:
Dealeffectivelywithpotentialfutureeventsthatcreateuncertainty.Respondinamannerthatreducesthelikelihoodofdownsideoutcomesandincreasestheupside.ThisCOSOERMframeworkdefinesessentialcomponents,suggestsacommonlanguage,andprovidescleardirectionandguidanceforenterpriseriskmanagement.EnterpriseRiskManagementIntegratedFrameworkTheERMFrameworkEntityobjectivescanbeviewedinthecontextoffourcategories:
StrategicOperationsReportingComplianceTheERMFrameworkERMconsidersactivitiesatalllevelsoftheorganization:
Enterprise-levelDivisionorsubsidiaryBusinessunitprocessesEnterpriseriskmanagementrequiresanentitytotakeaportfolioviewofrisk.TheERMFrameworkManagementconsidershowindividualrisksinterrelate.Managementdevelopsaportfolioviewfromtwoperspectives:
-Businessunitlevel-EntitylevelTheERMFrameworkTheeightcomponentsoftheframeworkareinterrelatedTheERMFrameworkInternalEnvironmentEstablishesaphilosophyregardingriskmanagement.Itrecognizesthatunexpectedaswellasexpectedeventsmayoccur.Establishestheentitysriskculture.Considersallotheraspectsofhowtheorganizationsactionsmayaffectitsriskculture.ObjectiveSettingIsappliedwhenmanagementconsidersrisksstrategyinthesettingofobjectives.Formstheriskappetiteoftheentityahigh-levelviewofhowmuchriskmanagementandtheboardarewillingtoaccept.Risktolerance,theacceptablelevelofvariationaroundobjectives,isalignedwithriskappetite.EventIdentificationDifferentiatesrisksandopportunities.Eventsthatmayhaveanegativeimpactrepresentrisks.Eventsthatmayhaveapositiveimpactrepresentnaturaloffsets(opportunities),whichmanagementchannelsbacktostrategysetting.EventIdentificationInvolvesidentifyingthoseincidents,occurringinternallyorexternally,thatcouldaffectstrategyandachievementofobjectives.Addresseshowinternalandexternalfactorscombineandinteracttoinfluencetheriskprofile.RiskAssessmentAllowsanentitytounderstandtheextenttowhichpotentialeventsmightimpactobjectives.Assessesrisksfromtwoperspectives:
-Likelihood-ImpactIsusedtoassessrisksandisnormallyalsousedtomeasuretherelatedobjectives.RiskAssessmentEmploysacombinationofbothqualitativeandquantitativeriskassessmentmethodologies.Relatestimehorizonstoobjectivehorizons.Assessesriskonbothaninherentandaresidualbasis.RiskResponseIdentifiesandevaluatespossibleresponsestorisk.Evaluatesoptionsinrelationtoentitysriskappetite,costvs.benefitofpotentialriskresponses,anddegreetowhicharesponsewillreduceimpactand/orlikelihood.Selectsandexecutesresponsebasedonevaluationoftheportfolioofrisksandresponses.ControlActivitiesPoliciesandproceduresthathelpensurethattheriskresponses,aswellasotherentitydirectives,arecarriedout.Occurthroughouttheorganization,atalllevelsandinallfunctions.Includeapplicationandgeneralinformationtechnologycontrols.Managementidentifies,captures,andcommunicatespertinentinformationinaformandtimeframethatenablespeopletocarryouttheirresponsibilities.Communicationoccursinabroadersense,flowingdown,across,anduptheorganization.Information&CommunicationMonitoringEffectivenessoftheotherERMcomponentsismonitoredthrough:
Ongoingmonitoringactivities.Separateevaluations.Acombinationofthetwo.InternalControlAstrongsystemofinternalcontrolisessentialtoeffectiveenterpriseriskmanagement.ExpandsandelaboratesonelementsofinternalcontrolassetoutinCOSOs“controlframework.”Includesobjectivesettingasaseparatecomponent.Objectivesarea“prerequisite”forinternalcontrol.Expandsthecontrolframeworks“FinancialReporting”and“RiskAssessment.”RelationshiptoInternalControlIntegratedFrameworkERMRoles&ResponsibilitiesManagementTheboardofdirectorsRiskofficersInternalauditorsInternalAuditorsPlayanimportantroleinmonitoringERM,butdoNOThaveprimaryresponsibilityforitsimplementationormaintenance.Assistmanagementandtheboardorauditcommitteeintheprocessby:
-Monitoring-Evaluating-Examining-Reporting-RecommendingimprovementsVisittheguidancesectionofTheIIAsWebsiteforTheIIAspositionpaper,“RoleofInternalAuditingsinEnterpriseRiskManagement.”InternalAuditors2010.A1Theinternalauditactivitysplanofengagementsshouldbebasedonariskassessment,undertakenatleastannually.2120.A1Basedontheresultsoftheriskassessment,theinternalauditactivityshouldevaluatetheadequacyandeffectivenessofcontrolsencompassingtheorganizationsgovernance,operations,andinformationsystems.2210.A1Whenplanningtheengagement,theinternalauditorshouldidentifyandassessrisksrelevanttotheactivityunderreview.Theengagementobjectivesshouldreflecttheresultsoftheriskassessment.Standards1.Organizationaldesignofbusiness2.EstablishinganERMorganization3.Performingriskassessments4.Determiningoverallriskappetite5.Identifyingriskresponses6.Communicationofriskresults7.Monitoring8.Oversight&periodicreviewbymanagementKeyImplementationFactorsOrganizationalDesignStrategiesofthebusinessKeybusinessobjectivesRelatedobjectivesthatcascadedowntheorganizationfromkeybusinessobjectivesAssignmentofresponsibilitiestoorganizationalelementsandleaders(linkage)Example:
LinkageMissionToprovidehigh-qualityaccessibleandaffordablecommunity-basedhealthcareStrategicObjectiveTobethefirstorsecondlargest,full-servicehealthcareproviderinmid-sizemetropolitanmarketsRelatedObjectiveToinitiatedialoguewithleadershipof10topunder-performinghospitalsandnegotiateagreementswithtwothisyearEstablishERMDetermineariskphilosophySurveyriskcultureConsiderorganizationalintegrityandethicalvaluesDeciderolesandresponsibilitiesExample:
ERMOrganizationERMDirectorVicePresidentandChiefRiskOfficerCorporateCreditRiskManagerInsuranceRiskManagerERMManagerERMManagerStaffStaffStaffFESCommodityRiskMg.DirectorRiskassessmentistheidentificationandanalysisofriskstotheachievementofbusinessobjectives.Itformsabasisfordetermininghowrisksshouldbemanaged.AssessRiskEnvironmentalRisksCapitalAvailabilityRegulatory,Political,andLegalFinancialMarketsandShareholderRelationsProcessRisksOperationsRiskEmpowermentRiskInformationProcessing/TechnologyRiskIntegrityRiskFinancialRiskInformationforDecisionMakingOperationalRiskFinancialRiskStrategicRiskExample:
RiskModelSource:
BusinessRiskAssessment.1998TheInstituteofInternalAuditorsControlItShareorTransferItDiversifyorAvoidItRiskManagementProcessLevelActivityLevelEntityLevelRiskMonitoringIdentificationMeasurementPrioritizationRiskAssessmentRiskAnalysisDETERMINERISKAPPETITERiskappetiteistheamountofriskonabroadlevelanentityiswillingtoacceptinpursuitofvalue.Usequantitativeorqualitativeterms(e.g.earningsatriskvs.reputationrisk),andconsiderrisktolerance(rangeofacceptablevariation).Keyquestions:
Whatriskswilltheorganizationnotaccept?
(e.g.environmentalorqualitycompromises)Whatriskswilltheorganizationtakeonnewinitiatives?
(e.g.newproductlines)Whatriskswilltheorganizationacceptforcompetingobjectives?
(e.g.grossprofitvs.marketshare?
)DETERMINERISKAPPETITEQuantificationofriskexposureOptionsavailable:
-Accept=monitor-Avoid=eliminate(getoutofsituation)-Reduce=institutecontrols-Share=partnerwithsomeone(e.g.insurance)Residualrisk(unmitigatedriske.g.shrinkage)IDENTIFYRISKRESPONSESImpactvs.ProbabilityControlShareMitigate&ControlAcceptHighRiskMediumRiskMediumRiskLowRiskLowHighHighIMPACTPROBABILITYLowHighHighIMPACTPROBABILITYHighRiskMediumRiskMediumRiskLowRiskExample:
CallCenterRiskAssessmentLossofphonesLossofcomputersCreditriskCustomerhasalongwaitCustomercantgetthroughCustomercantgetanswersEntryerrorsEquipmentobsolescenceRepeatcallsforsameproblemFraudLosttransactionsEmployeemoraleControlRiskControlObjectiveActivityCompletenessMaterialAccrualoftransactionopenliabilitiesnotrecordedInvoicesaccruedafterclosingIssue:
InvoicesgotofieldandAPisnotawareofliability.Example:
AccountsPayableProcessDashboardofrisksandrelatedresponses(visualstatusofwherekeyrisksstandrelativetorisktolerances)FlowchartsofprocesseswithkeycontrolsnotedNarrativesofbusinessobjectiveslinkedtooperationalrisksandresponsesListofkeyriskstobemonitoredorusedManagementunderstandingofkeybusinessriskresponsibilityandcommunicationofassignmentsCommunicateResultsMonitorCollectanddisplayinformationPerformanalysis-Risksarebeingproperlyaddressed-ControlsareworkingtomitigaterisksAccountabilityforrisksOwnershipUpdates-Changesinbusinessobjectives-Changesinsystems-ChangesinprocessesManagementOversight&PeriodicReviewInternalauditorscanaddvalueby:
Reviewingcriticalcontrolsystemsandriskmanagementprocesses.Performinganeffectivenessreviewofmanagementsriskassessmentsandtheinternalcontrols.Providingadviceinthedesignandimprovementofcontrolsystemsandriskmitigationstrategies.Implementingarisk-basedapproachtoplanningandexecutingtheinternalauditprocess.Ensuringthatinternalauditingsresourcesaredirectedatthoseareasmostimportanttotheorganization.Challengingthebasisofmanagementsriskassessmentsandevaluatingtheadequacyandeffectivenessofrisktreatmentstrategies.Internalauditorscanaddvalueby:
FacilitatingERMworkshops.Definingrisktoleranceswherenonehavebeenidentified,basedoninternalauditingsexperience,judgment,andconsultationwithmanagement.Internalauditorscanaddvalueby:
FormoreinformationThispresentationwasproducedbyApplyingCOSOsEnterpriseRiskManagementIntegratedFramework
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ERM 企业 风险 管理 框架 英文