《202X年ERM企业风险管理框架英文》由会员分享,可在线阅读,更多相关《202X年ERM企业风险管理框架英文(49页珍藏版)》请在金锄头文库上搜索。
1、ApplyingCOSO sEnterpriseRiskManagement IntegratedFramework September29 2004 Today sorganizationsareconcernedabout RiskManagementGovernanceControlAssurance andConsulting ERMDefined aprocess effectedbyanentity sboardofdirectors managementandotherpersonnel appliedinstrategysettingandacrosstheenterprise
2、 designedtoidentifypotentialeventsthatmayaffecttheentity andmanageriskstobewithinitsriskappetite toprovidereasonableassuranceregardingtheachievementofentityobjectives Source COSOEnterpriseRiskManagement IntegratedFramework 2004 COSO WhyERMIsImportant Underlyingprinciples Everyentity whetherfor profi
3、tornot existstorealizevalueforitsstakeholders Valueiscreated preserved orerodedbymanagementdecisionsinallactivities fromsettingstrategytooperatingtheenterpriseday to day WhyERMIsImportant ERMsupportsvaluecreationbyenablingmanagementto Dealeffectivelywithpotentialfutureeventsthatcreateuncertainty Res
4、pondinamannerthatreducesthelikelihoodofdownsideoutcomesandincreasestheupside ThisCOSOERMframeworkdefinesessentialcomponents suggestsacommonlanguage andprovidescleardirectionandguidanceforenterpriseriskmanagement EnterpriseRiskManagement IntegratedFramework TheERMFramework Entityobjectivescanbeviewed
5、inthecontextoffourcategories StrategicOperationsReportingCompliance TheERMFramework ERMconsidersactivitiesatalllevelsoftheorganization Enterprise levelDivisionorsubsidiaryBusinessunitprocesses Enterpriseriskmanagementrequiresanentitytotakeaportfolioviewofrisk TheERMFramework Managementconsidershowin
6、dividualrisksinterrelate Managementdevelopsaportfolioviewfromtwoperspectives Businessunitlevel Entitylevel TheERMFramework Theeightcomponentsoftheframeworkareinterrelated TheERMFramework InternalEnvironment Establishesaphilosophyregardingriskmanagement Itrecognizesthatunexpectedaswellasexpectedevent
7、smayoccur Establishestheentity sriskculture Considersallotheraspectsofhowtheorganization sactionsmayaffectitsriskculture ObjectiveSetting Isappliedwhenmanagementconsidersrisksstrategyinthesettingofobjectives Formstheriskappetiteoftheentity ahigh levelviewofhowmuchriskmanagementandtheboardarewillingt
8、oaccept Risktolerance theacceptablelevelofvariationaroundobjectives isalignedwithriskappetite EventIdentification Differentiatesrisksandopportunities Eventsthatmayhaveanegativeimpactrepresentrisks Eventsthatmayhaveapositiveimpactrepresentnaturaloffsets opportunities whichmanagementchannelsbacktostra
9、tegysetting EventIdentification Involvesidentifyingthoseincidents occurringinternallyorexternally thatcouldaffectstrategyandachievementofobjectives Addresseshowinternalandexternalfactorscombineandinteracttoinfluencetheriskprofile RiskAssessment Allowsanentitytounderstandtheextenttowhichpotentialeven
10、tsmightimpactobjectives Assessesrisksfromtwoperspectives Likelihood ImpactIsusedtoassessrisksandisnormallyalsousedtomeasuretherelatedobjectives RiskAssessment Employsacombinationofbothqualitativeandquantitativeriskassessmentmethodologies Relatestimehorizonstoobjectivehorizons Assessesriskonbothaninh
11、erentandaresidualbasis RiskResponse Identifiesandevaluatespossibleresponsestorisk Evaluatesoptionsinrelationtoentity sriskappetite costvs benefitofpotentialriskresponses anddegreetowhicharesponsewillreduceimpactand orlikelihood Selectsandexecutesresponsebasedonevaluationoftheportfolioofrisksandrespo
12、nses ControlActivities Policiesandproceduresthathelpensurethattheriskresponses aswellasotherentitydirectives arecarriedout Occurthroughouttheorganization atalllevelsandinallfunctions Includeapplicationandgeneralinformationtechnologycontrols Managementidentifies captures andcommunicatespertinentinfor
13、mationinaformandtimeframethatenablespeopletocarryouttheirresponsibilities Communicationoccursinabroadersense flowingdown across anduptheorganization Information Communication Monitoring EffectivenessoftheotherERMcomponentsismonitoredthrough Ongoingmonitoringactivities Separateevaluations Acombinatio
14、nofthetwo InternalControl Astrongsystemofinternalcontrolisessentialtoeffectiveenterpriseriskmanagement ExpandsandelaboratesonelementsofinternalcontrolassetoutinCOSO s controlframework Includesobjectivesettingasaseparatecomponent Objectivesarea prerequisite forinternalcontrol Expandsthecontrolframewo
15、rk s FinancialReporting and RiskAssessment RelationshiptoInternalControl IntegratedFramework ERMRoles Responsibilities ManagementTheboardofdirectorsRiskofficersInternalauditors InternalAuditors PlayanimportantroleinmonitoringERM butdoNOThaveprimaryresponsibilityforitsimplementationormaintenance Assi
16、stmanagementandtheboardorauditcommitteeintheprocessby Monitoring Evaluating Examining Reporting Recommendingimprovements VisittheguidancesectionofTheIIA sWebsiteforTheIIA spositionpaper RoleofInternalAuditing sinEnterpriseRiskManagement InternalAuditors 2010 A1 Theinternalauditactivity splanofengagementsshouldbebasedonariskassessment undertakenatleastannually 2120 A1 Basedontheresultsoftheriskassessment theinternalauditactivityshouldevaluatetheadequacyandeffectivenessofcontrolsencompassingtheorg
