coso_erm企业风险管理框架Applying COSO’s�Enterprise Risk Management — Integrated Framework
September 29, 2004
1
Today’s organizations are concerned about:
Risk Management
Governance
Control
Assurance (and Consulting)
2
ERM Defined:
“… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
Source: COSO Enterprise Risk Management – Integrated Framework. 2004. COSO.
3
Why ERM Is Important
Underlying principles:�
Every entity, whether for-profit �or not, exists to realize value for �its stakeholders.
Value is created, preserved, or eroded by management decisions in all activities, from setting strategy to operating the enterprise day-to-day.
4
Why ERM Is Important
ERM supports value creation by enabling management to:
Deal effectively with potential future events that create uncertainty.
Respond in a manner that reduces the likelihood of downside outcomes and increases the upside.
5
This COSO ERM framework defines essential components, suggests a common language, and provides clear direction and guidance for enterprise risk management.
Enterprise Risk Management — Integrated Framework
6
The ERM Framework
Entity objectives can be viewed in the
context of four categories:�
Strategic
Operations
Reporting
Compliance
7
The ERM Framework
ERM considers activities at all levels
of the organization:
Enterprise-level
Division or
subsidiary
Business unit
processes
8
Enterprise risk management�requires an entity to take a portfolio view of risk.
The ERM Framework
9
Management considers how �individual risks interrelate.
Management develops a portfolio view from two perspectives:
- Business unit level
- Entity level
The ERM Framew
coso erm企业风险管理框架 来自淘豆网m.daumloan.com转载请标明出处.
