《企业风险管理框架》由会员分享,可在线阅读,更多相关《企业风险管理框架(29页珍藏版)》请在金锄头文库上搜索。
1、中国培训师大联盟www.china-XXEnterprise RiskManagement IntegratedFrameworkThe Institute of Internal AuditorsTodays organizations are concerned about: Risk Management Gove m ance Con trol Assurance (and Con suiting)“a process, effected by an entitys board of directors, management and other personnel, applied
2、in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectivesSource: COSO Enterprise Risk Management 一 Integrated Framewo
3、rk. 2004. COSO.Why ERM Is ImportantUnderlying principles: Every entity, whether for-profit or not, exists to realize value for its stakeholders Value is created, preserved, or eroded by management decisions in all activities, from setting strategy to operating the enterprise day-to-day.Why ERM Is Im
4、portantERM supports value creation by enabling management to: Deal effectively with potential future events that create uncertainty. Respond in a manner that reduces the likelihood of downside outcomes and increases the upsideEnterprise Risk Management Integrated FrameworkThis COSO ERM framework def
5、ines essential components, suggests a common Ianguage, and provides clear direction and guidance for enterprise risk management.The ERM FrameworkEntity objectives can be viewed in the context of four categories: Strategic Operations Reporting ComplianceInternal Environment| Even 11 dujnif ioiHonEZZ1
6、RiskAssipssmentRUkRcjControl JActivities IInfoimatlon & i*ommunic1itionMonilorin9The ERM FrameworkERM considers activities at all levelsof the organization: En terprise-level Division or subsidiary Business unit processesInternal EnvironmentEvent IdeMificationEZZ11pssmentRhkRlControl iActivities IIn
7、foimation & G*ommunic1itionMoniorin9The ERM FrameworkEnterprise risk management requires an entity to take a portfolio view of risk4The ERM Framework Management considers how individual risks interrelate Management develops a portfolio view from two perspectives:-Business unit level-Entity levelThe
8、ERM FrameworkThe eight comp on entsof the framework are interrelated Internal Environment Establishes a philosophy regarding risk management It recognizes thatunexpected as well as expected events may occur Establishes the entitys risk culture Considers all other aspects of how the organizations act
9、ions may affect its risk culture Objective Setting Is applied when management considers risks strategy in the setting of objectives Forms the risk appetite of the entity a high-level view of how much risk management and the board are willing to accept Risk tolerance, the acceptable level of variatio
10、n around objectives, is aligned with risk appetiteEvent Identification Differentiates risks and opportunities Events that may have a negative impact represent risks Events that may have a positive impact represent natural offsets (opportunities), which management channels back to strategy settingEve
11、nt Identification In volves ide ntifying those in cidents, occurring internally or externally, that could affect strategy and achievement of objectives Addresses how internal and external factors com bine and in teract toin flue nee the risk profile 4Risk Assessment Allows an entity to understand th
12、e extent to which potential events might impact objectives Assesses risks from two perspectives:-Likelihood-Impact Is used to assess risks and is normally also used to measure the related objectives Risk Assessment Employs a combination of both qualitative and quantitative risk assessment methodolog
13、ies Relates time horizons to objective horiz ons. Assesses risk on both an in here nt and a residual basisRisk Response Identifies and evaluates possible responses to risk Evaluates options in relation to entitys risk appetite, cost vs. ben efit ofpotential risk responses, and degree to which a resp
14、onse will reduce impact and/or likelihood Selects and executes response based on evaluation of the portfolio of risks and responsesControl Activities Policies and procedures that help ensure that the risk responses, as well as other entity directives, are carried out. Occur throughout the organizati
15、on, at all levels and in all functions. Include application and general information tech no logy controls Information & Communication Management identifies, captures, and communicates pertinent in formation in a form and timeframe that enables people to carry out theirresp on sibilities Communication occurs in a broader sense, flowing down, across, and up the organ