Enterprise risk management ERM intergrated framwork
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (544.17 KB, 57 trang )
Enterprise Risk Management (ERM)
‘Integrated Framework’
The Fundamentals
FUNDAMENTALS & ROLES
•
•
•
•
•
•
•
The Fundamentals
COSO Enterprise Risk Management
Role of Executive Management
Role of the Director
Role of the Chief Risk Officer
Risk Management Oversight Structure
Role of Internal Audit
2
IMPLEMENTATION
•
•
•
•
•
•
•
•
Risk Management Vision and Objectives
Conducting Risk Assessments
Getting Started – Set the Foundation
Building & Enhancing Capabilities
Building a Compelling Business Case
Making it Happen
Relevance to Sarbanes-Oxley Compliance
Other Questions
3
The Fundamentals
What is Enterprise Risk Management (ERM)?
“a process, effected by an entity’s board of
directors, management and other personnel,
applied in strategy-setting and across the
enterprise,
designed to identify potential events that may affect
the entity, and
manage risk to be within its risk appetite,
to provide reasonable assurance regarding the
achievement of entity objectives.”
4
The Fundamentals
•
•
•
•
A process, ongoing and flowing through an entity
Effected by people at every level of an organization
Applied in strategy-setting
Applied across the enterprise, at every level and unit, and
includes taking an entity-level portfolio view of risk
• Designed to identify potential events affecting the entity
and manage risk within its risk appetite
• Able to provide reasonable assurance to an entity’s
management and board
• Geared to the achievement of objectives in one or more
separate but overlapping categories – it is “a means to an
end, not an end in itself.”
5
The Fundamentals
Why implement ERM?
Reduce unacceptable performance variability
Align and integrate varying views of risk
management
Build confidence of investment community and
stakeholders
Enhance corporate governance
Successfully respond to a changing business
environment
Align strategy and corporate culture
6
The Fundamentals
Traditional Risk Management
protecting the tangible assets reported on a
company’s balance sheet and the related
contractual rights and obligations (physical
and financial assets)
ERM
enhancing business strategy
7
The Fundamentals
Five broad categories of assets representing
sources of value
• Physical
• Financial
• Customer
• Employee Supplier
• Organizational
8
The Fundamentals
9
10
The Fundamentals
11
12
The Fundamentals
13
14
The Fundamentals
What is the value proposition for implementing
ERM?
• to become more anticipatory and effective at
evaluating, embracing and managing the
uncertainties it faces as it creates sustainable
value for stakeholders.
• ERM elevates risk management to a strategic
level
15
The Fundamentals
ERM Value Proposition
• establishing sustainable competitive
advantage
• optimizes the cost of managing risk
• helps management improve business
performance
16
The Fundamentals
17
18
The Fundamentals
Which companies are implementing ERM?
• Few, if any, companies can claim they have
fully implemented ERM, as defined by COSO.
For most companies, the chasm between the
traditional risk management model and ERM
is simply too overwhelming to address.
• NOT “applied … across the enterprise.”
19
The Fundamentals
If companies are not implementing ERM, then
what are they doing?
• Most companies are applying the traditional
risk management model in their business,
which makes ERM a “future goal state”
20
The Fundamentals
21
22
The Fundamentals
Who is responsible for ERM?
Top Down strategy-setting
Ownership begins at the top of the organization
with executive management and cascades
downward into the organization to unit and
functional managers
23
The Fundamentals
What are the steps companies can take immediately to implement ERM?
Adopt a common risk language
Conduct an enterprise risk assessment to identify and prioritize the
organization’s critical risks
Perform a gap analysis of the current and desired capabilities around
managing the critical risks
Articulate the risk management vision, goals and objectives, along with a
compelling value proposition to provide the economic justification for
going forward
Advance the risk management capability of the organization for one or two
critical risks, i.e., start with a risk area where senior management knows
improvements are needed to successfully execute the business strategy
24
The Fundamentals
Is ERM applicable to smaller and less complex
organizations?
While some small and mid-size entities may
implement component[s of ERM] differently than
large ones, they still can have effective enterprise
risk management. The methodology … is likely to
be less formal and less structured in smaller
entities than in larger ones, but the basic
concepts should be present in every entity.
25
