《bsl某某年下半年有色行业投资策略短期风险积聚等待再次入市机会PPT课件》由会员分享,可在线阅读,更多相关《bsl某某年下半年有色行业投资策略短期风险积聚等待再次入市机会PPT课件(48页珍藏版)》请在金锄头文库上搜索。
1、bsl_某某年下半年有色行某某年下半年有色行业投投资策略策略-短期短期风险积聚,等待再次入市机会聚,等待再次入市机会Todays organizations are concerned about:RiskManagementGovernanceControlAssurance(andConsulting)ERM Defined:“ a process, effected by an entitys board of directors, management and other personnel, applied in strategy setting and across the ent
2、erprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”Source: COSO Enterprise Risk Management Integrated Framework. 2004. COSO.Why ERM Is Important Un
3、derlyingprinciples:Everyentity,whetherfor-profitornot,existstorealizevalueforitsstakeholders.Valueiscreated,preserved,orerodedbymanagementdecisionsinallactivities,fromsettingstrategytooperatingtheenterpriseday-to-day.Why ERM Is Important ERMsupportsvaluecreationbyenablingmanagementto:Dealeffectively
4、withpotentialfutureeventsthatcreateuncertainty.Respondinamannerthatreducesthelikelihoodofdownsideoutcomesandincreasestheupside.This COSO ERM framework defines essential components, suggests a common language, and provides clear direction and guidance for enterprise risk management.Enterprise Risk Ma
5、nagement Integrated Framework The ERM FrameworkEntity objectives can be viewed in thecontext of four categories:Strategic OperationsReportingComplianceThe ERM FrameworkERM considers activities at all levelsof the organization:Enterprise-levelDivision orsubsidiaryBusiness unitprocesses Enterpriserisk
6、managementrequiresanentitytotakeaportfolio viewofrisk. The ERM FrameworkManagementconsidershowindividualrisksinterrelate.Managementdevelopsaportfolioviewfromtwoperspectives:-Businessunitlevel-EntitylevelThe ERM FrameworkTheeightcomponentsoftheframeworkareinterrelated The ERM FrameworkInternal Enviro
7、nmentEstablishesaphilosophyregardingriskmanagement.Itrecognizesthatunexpectedaswellasexpectedeventsmayoccur.Establishestheentitysriskculture.Considersallotheraspectsofhowtheorganizationsactionsmayaffectitsriskculture.Objective SettingIsappliedwhenmanagementconsidersrisksstrategyinthesettingofobjecti
8、ves.Formstheriskappetiteoftheentityahigh-levelviewofhowmuchriskmanagementandtheboardarewillingtoaccept.Risktolerance,theacceptablelevelofvariationaroundobjectives,isalignedwithriskappetite.Event IdentificationDifferentiatesrisksandopportunities.Eventsthatmayhaveanegativeimpactrepresentrisks.Eventsth
9、atmayhaveapositiveimpactrepresentnaturaloffsets(opportunities),whichmanagementchannelsbacktostrategysetting.Event IdentificationInvolvesidentifyingthoseincidents,occurringinternallyorexternally,thatcouldaffectstrategyandachievementofobjectives.Addresseshowinternalandexternalfactorscombineandinteract
10、toinfluencetheriskprofile.Risk AssessmentAllowsanentitytounderstandtheextenttowhichpotentialeventsmightimpactobjectives.Assessesrisksfromtwoperspectives:-Likelihood-ImpactIsusedtoassessrisksandisnormallyalsousedtomeasuretherelatedobjectives.Risk AssessmentEmploysacombinationofbothqualitativeandquant
11、itativeriskassessmentmethodologies.Relatestimehorizonstoobjectivehorizons.Assessesriskonbothaninherentandaresidualbasis.Risk ResponseIdentifiesandevaluatespossibleresponsestorisk.Evaluatesoptionsinrelationtoentitysriskappetite,costvs.benefitofpotentialriskresponses,anddegreetowhicharesponsewillreduc
12、eimpactand/orlikelihood.Selectsandexecutesresponsebasedonevaluationoftheportfolioofrisksandresponses.Control ActivitiesPoliciesandproceduresthathelpensurethattheriskresponses,aswellasotherentitydirectives,arecarriedout.Occurthroughouttheorganization,atalllevelsandinallfunctions.Includeapplicationand
13、generalinformationtechnologycontrols.Managementidentifies,captures,andcommunicatespertinentinformationinaformandtimeframethatenablespeopletocarryouttheirresponsibilities.Communicationoccursinabroadersense,flowingdown,across,anduptheorganization.Information & CommunicationMonitoringEffectivenessofthe
14、otherERMcomponentsismonitoredthrough:Ongoingmonitoringactivities.Separateevaluations.Acombinationofthetwo.Internal ControlAstrongsystemofinternalcontrolisessentialtoeffectiveenterpriseriskmanagement.ExpandsandelaboratesonelementsofinternalcontrolassetoutinCOSOs“controlframework.”Includesobjectiveset
15、tingasaseparatecomponent.Objectivesarea“prerequisite”forinternalcontrol.Expandsthecontrolframeworks “FinancialReporting”and“RiskAssessment.”Relationship to Internal Control Integrated FrameworkERM Roles & ResponsibilitiesManagementTheboardofdirectorsRiskofficersInternalauditorsInternal AuditorsPlaya
16、nimportantroleinmonitoringERM,butdoNOThaveprimaryresponsibilityforitsimplementationormaintenance.Assistmanagementandtheboardorauditcommitteeintheprocessby:-Monitoring -Evaluating-Examining -Reporting-RecommendingimprovementsVisittheguidancesectionofTheIIAsWebsiteforTheIIAspositionpaper,“RoleofIntern
17、alAuditingsinEnterpriseRiskManagement.”Internal Auditors2010.A1Theinternalauditactivitysplanofengagementsshouldbebasedonariskassessment,undertakenatleastannually.2120.A1Basedontheresultsoftheriskassessment,theinternalauditactivityshouldevaluatetheadequacyandeffectivenessofcontrolsencompassingtheorga
18、nizationsgovernance,operations,andinformationsystems.2210.A1Whenplanningtheengagement,theinternalauditorshouldidentifyandassessrisksrelevanttotheactivityunderreview.Theengagementobjectivesshouldreflecttheresultsoftheriskassessment.Standards1.Organizationaldesignofbusiness2.EstablishinganERMorganizat
19、ion3.Performingriskassessments4.Determiningoverallriskappetite5.Identifyingriskresponses6.Communicationofriskresults7.Monitoring8.Oversight&periodicreviewbymanagementKey Implementation FactorsOrganizational DesignStrategiesofthebusinessKeybusinessobjectivesRelatedobjectivesthatcascadedowntheorganiza
20、tionfromkeybusinessobjectivesAssignmentofresponsibilitiestoorganizationalelementsandleaders(linkage)Example: LinkageMissionToprovidehigh-qualityaccessibleandaffordablecommunity-basedhealthcareStrategic ObjectiveTobethefirstorsecondlargest,full-servicehealthcareproviderinmid-sizemetropolitanmarketsRe
21、lated ObjectiveToinitiatedialoguewithleadershipof10topunder-performinghospitalsandnegotiateagreementswithtwothisyearEstablish ERMDetermineariskphilosophySurveyriskcultureConsiderorganizationalintegrityandethicalvaluesDeciderolesandresponsibilitiesExample: ERM OrganizationERM DirectorVice President a
22、ndChief Risk OfficerCorporate Credit Risk ManagerInsurance Risk ManagerERMManagerERMManagerStaffStaffStaffFES Commodity Risk Mg.DirectorRiskassessmentistheidentificationandanalysisofriskstotheachievementofbusinessobjectives.Itformsabasisfordetermininghowrisksshouldbemanaged.Assess RiskEnvironmental
23、RisksCapitalAvailabilityRegulatory,Political,andLegalFinancialMarketsandShareholderRelationsProcess RisksOperationsRiskEmpowermentRiskInformationProcessing/TechnologyRiskIntegrityRiskFinancialRiskInformation for Decision MakingOperationalRiskFinancialRiskStrategicRiskExample: Risk ModelSource: Busin
24、ess Risk Assessment. 1998 The Institute of Internal AuditorsControl ItShare orTransfer ItDiversify orAvoid ItRiskManagementProcessLevelActivityLevelEntity LevelRiskMonitoring IdentificationMeasurementPrioritizationRiskAssessmentRisk AnalysisDETERMINE RISK APPETITERiskappetiteistheamountofriskonabroa
25、dlevelanentityiswillingtoacceptinpursuitofvalue.Usequantitativeorqualitativeterms(e.g.earningsatriskvs.reputationrisk),andconsiderrisktolerance(rangeofacceptablevariation).Keyquestions:Whatriskswilltheorganizationnotaccept?(e.g. environmental or quality compromises)Whatriskswilltheorganizationtakeon
26、newinitiatives?(e.g. new product lines)Whatriskswilltheorganizationacceptforcompetingobjectives? (e.g. gross profit vs. market share?)DETERMINE RISK APPETITEQuantificationofriskexposureOptionsavailable:-Accept=monitor-Avoid=eliminate(get out of situation)-Reduce=institutecontrols-Share=partnerwithso
27、meone(e.g. insurance)Residualrisk(unmitigated risk e.g. shrinkage)IDENTIFY RISK RESPONSESImpact vs. ProbabilityControlShareMitigate & ControlAcceptHigh RiskMedium RiskMedium RiskLow RiskLowHighHighIMPACTPROBABILITYLowHighHighIMPACTPROBABILITYHigh RiskMedium RiskMedium RiskLow RiskExample: Call Cente
28、r Risk AssessmentLossofphonesLossofcomputersCreditriskCustomerhasalongwaitCustomercantgetthroughCustomercantgetanswersEntryerrorsEquipmentobsolescenceRepeatcallsforsameproblemFraudLosttransactionsEmployeemoraleControlRiskControlObjectiveActivityCompletenessMaterialAccrualoftransactionopenliabilities
29、notrecordedInvoicesaccruedafterclosingIssue: Invoices go to field and AP is not aware of liability.Example: Accounts Payable ProcessDashboardofrisksandrelatedresponses(visualstatusofwherekeyrisksstandrelativetorisktolerances)FlowchartsofprocesseswithkeycontrolsnotedNarrativesofbusinessobjectiveslink
30、edtooperationalrisksandresponsesListofkeyriskstobemonitoredorusedManagementunderstandingofkeybusinessriskresponsibilityandcommunicationofassignmentsCommunicate ResultsMonitorCollectanddisplayinformationPerformanalysis-Risksarebeingproperlyaddressed-ControlsareworkingtomitigaterisksAccountabilityforr
31、isksOwnershipUpdates-Changesinbusinessobjectives-Changesinsystems-ChangesinprocessesManagement Oversight & Periodic Review Internal auditors can add value by:Reviewingcriticalcontrolsystemsandriskmanagementprocesses.Performinganeffectivenessreviewofmanagementsriskassessmentsandtheinternalcontrols.Pr
32、ovidingadviceinthedesignandimprovementofcontrolsystemsandriskmitigationstrategies.Implementingarisk-basedapproachtoplanningandexecutingtheinternalauditprocess.Ensuringthatinternalauditingsresourcesaredirectedatthoseareasmostimportanttotheorganization.Challengingthebasisofmanagementsriskassessmentsan
33、devaluatingtheadequacyandeffectivenessofrisktreatmentstrategies.Internal auditors can add value by:FacilitatingERMworkshops.Definingrisktoleranceswherenonehavebeenidentified,basedoninternalauditingsexperience,judgment,andconsultationwithmanagement.Internal auditors can add value by:For more informationOnCOSOsEnterprise Risk Management Integrated Framework,visitwww.coso.orgorwww.theiia.org
