Enterprise risk management ERM fundamental roles
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (557.2 KB, 42 trang )
Enterprise Risk Management (ERM)
‘Integrated Framework’
FUNDAMENTALS & ROLES
The Fundamentals
FUNDAMENTALS & ROLES
•
•
•
•
•
•
•
The Fundamentals
COSO Enterprise Risk Management
Role of Executive Management
Role of the Director
Role of the Chief Risk Officer
Risk Management Oversight Structure
Role of Internal Audit
2
IMPLEMENTATION
•
•
•
•
•
•
•
•
Risk Management Vision and Objectives
Conducting Risk Assessments
Getting Started – Set the Foundation
Building & Enhancing Capabilities
Building a Compelling Business Case
Making it Happen
Relevance to Sarbanes-Oxley Compliance
Other Questions
3
The Fundamentals
What is Enterprise Risk Management (ERM)?
“a process, effected by an entity’s board of
directors, management and other personnel,
applied in strategy-setting and across the
enterprise,
designed to identify potential events that may
affect the entity, and
manage risk to be within its risk appetite,
to provide reasonable assurance regarding the
achievement of entity objectives.”
4
The Fundamentals
•
•
•
•
A process, ongoing and flowing through an entity
Effected by people at every level of an organization
Applied in strategy-setting
Applied across the enterprise, at every level and unit, and
includes taking an entity-level portfolio view of risk
• Designed to identify potential events affecting the entity
and manage risk within its risk appetite
• Able to provide reasonable assurance to an entity’s
management and board
• Geared to the achievement of objectives in one or more
separate but overlapping categories – it is “a means to an
end, not an end in itself.”
5
The Fundamentals
Why implement ERM?
Reduce unacceptable performance variability
Align and integrate varying views of risk
management
Build confidence of investment community and
stakeholders
Enhance corporate governance
Successfully respond to a changing business
environment
Align strategy and corporate culture
6
The Fundamentals
Traditional Risk Management
protecting the tangible assets reported on a
company’s balance sheet and the related
contractual rights and obligations (physical
and financial assets)
ERM
enhancing business strategy
7
The Fundamentals
Five broad categories of assets representing sources of
value
•
•
•
•
•
Physical
Financial
Customer
Employee Supplier
Organizational
8
The Fundamentals
9
10
The Fundamentals
11
12
The Fundamentals
13
14
The Fundamentals
What is the value proposition for implementing ERM?
• to become more anticipatory and effective at
evaluating, embracing and managing the
uncertainties it faces as it creates sustainable value
for stakeholders.
• ERM elevates risk management to a strategic level
15
The Fundamentals
ERM Value Proposition
• establishing sustainable competitive
advantage
• optimizes the cost of managing risk
• helps management improve business
performance
16
The Fundamentals
17
18
The Fundamentals
Which companies are implementing ERM?
• Few, if any, companies can claim they have fully
implemented ERM, as defined by COSO. For most
companies, the chasm between the traditional risk
management model and ERM is simply too
overwhelming to address.
• NOT “applied … across the enterprise.”
19
The Fundamentals
If companies are not implementing ERM, then what
are they doing?
• Most companies are applying the traditional risk
management model in their business, which makes
ERM a “future goal state”
20
The Fundamentals
21
22
The Fundamentals
Who is responsible for ERM?
Top Down strategy-setting
Ownership begins at the top of the organization with
executive management and cascades downward
into the organization to unit and functional
managers
23
The Fundamentals
What are the steps companies can take immediately to implement ERM?
Adopt a common risk language
Conduct an enterprise risk assessment to identify and prioritize the
organization’s critical risks
Perform a gap analysis of the current and desired capabilities around
managing the critical risks
Articulate the risk management vision, goals and objectives, along with a
compelling value proposition to provide the economic justification for
going forward
Advance the risk management capability of the organization for one or
two critical risks, i.e., start with a risk area where senior management
knows improvements are needed to successfully execute the business
strategy
24
The Fundamentals
Is ERM applicable to smaller and less complex
organizations?
While some small and mid-size entities may
implement component[s of ERM] differently
than large ones, they still can have effective
enterprise risk management. The methodology
… is likely to be less formal and less structured
in smaller entities than in larger ones, but the
basic concepts should be present in every entity.
25
