top risk - enterprise risk management handbook (complete)

7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)

1/37

| ENTERPRISE RISK MANAGEMENT HANDBOOK |

Enterprise Risk Management Handbook

(Complete)

Produced by


2/37

FOREORD

. B

R . I

,

E C 2002, SO A.

T , . ? I ,

. R . L

. B ?

T : M ,

. . 20 ,

,

. C ,

. A : H A

1993 H C 1969, A SD 26.5

, 19 C, 5 . T

.

A ,

. C 20 ;

. T

. T

: M ,

.

?

E R M (ERM)

. T

,

.

, . ERM

SO A, ,

. , ,

. T

2008.

T, ERM .

O , ERM

.


3/37

&

A , , ERM ? T

: E. , ,

, ERM

. A CCA, ERM

CCA,

.

T ERM, ERM

. ERM COSO ERM

F ISO 31000.

, ERM . E !


4/37

1. DEFINITIONS

1.1 CA

. T , .

T .

? H (2007)

. H, . K (1921) :

. . G

, , ,

. S , .

H,

. T

, . S

, : H

? H ?

1.2 A

, . T

.

.

T , , .

T . F,

. F ,

,

, ,

. M

. T ,

, ,

. I ,

.

M

, . T

. H,

. A S

S, . I ,

, . S S

. I , ,


5/37

, E R M S

.

1.3 ADA D

I , . R

. F , ,

, ,

. S

. F , ,

, . I M A, ()

. ,

. I .

1.4 AD

, . A . R, ,

,

. I ,

,

. S, ,

, . T

. H,

, (

) .

1.5 A A CA AD

T . O

. A

. A . T

. E

. A COSO F,

:

.

E . F,

. T :

.


6/37

I , . T

. F ,

. I

, . I ,

.

T . D

. F

, . T

, . T

. H,

,

.

E R M, : ?

, ? A

?


7/37

2. INTRODCING ENTERPRISE RISK

MANAGEMENT

2.1 D

T ERM . T

C A S, 2003 A O E R M,

E R M

, , , ,

'

."

A, COSO ERM F, E R M

, , ,

,

, ,

.

T ERM.

2.2 5 A CC

A PROCESS

ERM

. ERM

. N ERM

. ERM

.

ERM

. B ERM

, . T

.

EFFECTED B PEOPLE

ERM , . T

, ,

ERM .


8/37

O , ERM . I

. I

, .

I . T

. ERM ,

.

APPLIED IN SETTING STRATEG

M . D

. ERM

. I , ERM

.

APPLIED ACROSS THE ENTERPRISE

ERM . ERM , . T

. T

, . R ,

. T, ,

,

,

.

RISK APPETITE

R

. R . A

,

, .

R . ERM

.

R ,

.

R .I , .

O ,

.


9/37

2.3 B AA

ERM ;

. T

ERM . L 5

ERM !

ALIGNMENT OF RISK AND STRATEG

. B ? C

,

. T

, ERM

.

IMPROEMENT FROM RISKBASED DECISIONS

ERM , ,

. T

.

REDCTION IN SRPRISES

.

IDENTIFICATION AND MANAGEMENT OF MLTIPLE RISKS

T . S,

. P ,

.

IDENTIFICATION OF OPPORTNITIES

ERM ,

.

2.4 C CC

I ERM , .

I ERM, . I

, 5 ERM. D

!

THE BIGGEST RISK AN ORGANISATION FACES IS FINANCIAL RISK.


10/37

I , , ,

. O ,

.

ERM IS A ONEOFF PROJECT.

S ,

ERM . T ERM,

ERM , ERM

.

M COMPAN IS SAFE BECASE E REIE RISKS ON AN ANNAL BASIS.

R

. H

? 88% 2009 C E B

. T,

, . I , .

1:

: C B


11/37

THE ORGANISATION IS ELLPROTECTED IF IT HAS A STRONG QANTITATIE MODEL

TO MEASRE RISK.

C ,

. C ,

R (R) ,

2008. F,

,

,

.

RISKS MST BE QANTIFIED.

Q . R

. I . I ,

,

. I , ,

, .

2: C

: ...


12/37

3. THE ERM FRAMEORK

3.1 CA BC

ERM . ERM . I , COSO

F :

: R , .

: R

: R

C: R

B , ERM

. I

. T,

.

R :

C

D P R

C E C E

C S

T

D /

C

B

T

/

C I

C L

S

IT

R

3:

: (2009)


13/37

3.2 C

ERM 8 . E

ERM . A

. I ERM

, , .

INTERNAL ENIRONMENT

T

ERM.

T

, ERM,

, , . O

. T .

OBJECTIE SETTING

ERM

. S

, , ERM .

EENT IDENTIFICATION

P . T

, , . R

.

T COSO F . H,

,

,

.

RISK ASSESSMENT

T .

T ,

.

4: 8 C C

: C (2004)


14/37

RISK RESPONSE

P . T , , ,

. R .

CONTROL ACTIITIES

C

.

INFORMATION AND COMMNICATION

R

. T

. I , ,

.

, .

MONITORING

T ERM

. M

, .


15/37

4. THE ENTERPRISE RISK

MANAGEMENT PROCESS

ERM F, , . I ,

1)

I /;

2)

M / ;

3)

I ,

ERM , ERM .

4.1 ACA C

G

:

1.

R

2.

S

3.

C

4.

O

5.

E

6.

P

T

. E

.

4.2 C

R . I

.

T . I

. I

, .

A , . N

. I

, . T

. T

, .


16/37

A ,

.

4.3 DCA

R

. T ,

.

4.3.1 INPT

,

.

E

. T

.

6:

: (2009)

5:

: (2009)


17/37

E

S,

P

C

F

C

O

S /

C

S

P

C L

R A

I ERM , ,

, . T

( ) .

T

ERM. T .

4.3.2 TOOLS & TECHNIQES

. D

. T

, .

E B PS C

B

C

K

F /

I

N

C

P

C /

O

T

M

S

A

P/

P

T

M

K

K I

K

O H

P/

C /

F

M A / C

T

C

P/

P

A

S

7:

: (2009)


18/37

M

T

C

C

/

C

/

F /

P

C

B R

. T

:

1) B A

. ,

,

. T

,

. I . T

.

2) I

. T

, .

3)

C T ,

, . Q

, ,

, .

4) T ,

.

.

5) I

,

, ,

. A KPMG 1997 B

(B). T

,

. T ELBM

.

6) B A A ,

. T KPMG.

8: B

: (2009)


19/37

T

, , . T /,

.

4.3.3 OTPT

T , ,

, , , ,

, . T

.

1. I

.

2. P

.

3. R

.

9: B A

: C (2004)


20/37

4. T

.

T ,

,

, ,

, C

S F .

R .

R . T

. I

,

. T

, .

4.4 A

T . R

,

, , . T

, .

F, .

4.4.1 INHERENT AND RESID AL RISKS

I . R

. R

. O , . I

,

.

4.4.2 RISK ASSESSMENT TECHNIQES

R .

,

,

. S ,

, . ,

; .

,

. Q

,

.


21/37

E :

1) B

, . T

( ), / ( ),

( ). S

.

2)

. H . E

, CR, , . T

.

3)

. E .

P A. I

, , . T

.

4.4.3 METHODS OF REPRESENTING RISK

DESIGN OF SCALE RANGE

T ,

. F , 1 5

, 1 I / E

5 C/ E .

I 1 20. I

,

. T , , ,

.

10: ( )

: (2009)


22/37

T . T

. B

, .

RISK MATRI

T ,

. T :

. A 5 5 ,

( F 5).

A ,

, . .

T ,

. I ,

.

,

. P

, , ,

, .

FAILRE MODE AND EFFECTS ANALSIS

T FMEA (F M E A)

, , ,

11:

: (2009)


23/37

, .

T :

D =

T , .

D . A 1 5, 1 5

.

T 1 125. 1

, 1 . A

125

.

T

. A , 1 125

.

PROGRAM EALATION AND REIE TECHNIQE

T P E R T (PERT)

. PERT

. I

. I ,

. D

.

4.5

A , . A ,

. T

.

D

R T .

T

, , .

A A ,

.

O

.

T T .

O

(). T . R

.

S D ,

.


24/37

A T

. T

.

4.5.1 CONTINGENC PLANNING

A .

.

T

. T , .

,

.

I

. T

.

T . F ,

.

. F,

. A

,

.

O . T

: T

.

4.5.2 OPPORTNITIES IN RIS K RESPONSE

I , ,

. H,

. S

. A

,

.

12: &

: (2009)


25/37

4.6 C

T ERM

. I ,

, , .

C , , ,

'

. T . T

.

' , .

4.6.1 CONSIDERATIONS IN IMPLEMENTING CONTROLS

C . M

. T

. ,

. C

:

1.

T

.

2. M

. A

.

3.

T

.

4. F ,

, .

5.

E .

4.6.2 TPES OF CONTROL ACTIITIES

C , , .

1. . T

, , , .

2. D . T ,

, , .

3. C ,

. Q

.

I ,

.

1. ,

. E I T ,


26/37

I T ,

.

2. A

. E , ,

.

I :

1. P

2.

P

3.

S

4. A , ,

5. P

6. C

4.6.3 COMMON CONTROL ACTIITIES

S :

AC

.

S , ,

, . M ,

,

. I , ,

.

D M .

F , ,

() , ,

. I ,

. B ,

. R

, .

A , ,

. D

. A , ,

. N ,

. D

, , , .

C

/ .


27/37

E , : ;

; ; . P

, . F ,

, .

C

.

C

,

, , .

C

.

, C

. E

.


28/37

4.6.4 LIMITATIONS OF CONTROLS

C , ,

. T

. T :

T

,

.

B E , . P

. E

.

E ,

. T

,

.

C C . I

.

C I ,

. E . T .

A .

E

.


29/37

5. MONITORING, COMMNICATION &

ADIT

T ERM, , I A .

5.1

5.1.1 IMPORTANCE OF MONITORING

T

. T

. I

,

.

I , . E ,

, . T

, . I

ERM ,

ERM .

5.1.2 TPES OF MONITORING MECHANISMS

T ERM O M S E.

T O , ERM . T

.

O , S E ERM

, ERM

.

ONGOING MONITORING

O ,

. T , . T

, ,

, . O ,

, ,

.


30/37

I O M ,

. F ,

. I ,

. T

. T ,

/ . E

.

I ,

. E

ERM .

A .

T .

,

. T

, . T

.

SEPARATE EALATION

O , S E

ERM . S

. S E?

D

? F .

T , .

T . A ERM

, ,

, , .

? . T

ERM . H

.

? E .

E

ERM .. ERM .

T ERM

.

, ,

.

T ERM


31/37

ERM. I

, ,

,

.

D A

. I , ,

, , .

I ,

ERM ,

.

S

1) O M ,

2)

C ,

3)

R ,

, , ERM

.4)

P E,

ERM , .

? F ERM

,

.

R . , ERM

,

.

C

.

PROS AND CONS OF THE TO MONITORING MECHANISMS

O M

. I ,

. T, O M .

H, O M S E. O

M . A ERM O

M S E .

13:

: (2009)


32/37

5.2 CCA & A

H ,

, .

I ,

. T ,

; ,

; .

E

.

5.2.1 INFORMATION QALIT

R

.

ERM

.

D D . T

,

,

. I

, ,

.

T

. A ,

.

5.2.2 INTEGRATED INFORMATION SSTEMS

T

, . I

. M E R P,

, ,

,

.

N ERM . M

,

. R

.

H, ,

,

. H,

ERM .


33/37

5.2.3 COMMNICATION

I . H,

. I ,

.

INTERNAL COMMNICATION

C , ,

. T

. I

, , /

ERM .

F

. T

, . M

.

,

. M

.

M , ,

, ERM ,

. T . O ,

. T ,

.

ETERNAL COMMNICATION

T

, , , , , ,

. O

.

O

,

, .


34/37

5.3 A AD

A . A

. T ,

, . T

.

A . T

. A

. O ,

. H, .

5.3.1 THE INTERNAL ADITOR

T (IA)

ERM. T IA

, .

T . O

. E

IA . S

IA.

H IA ,

.

A ,

IA. S ,

ERM . T IA

, /

. R CEO, C ,

A C . S

, ,

, IA .


35/37

6. CONCLSION AND FTRE

OTLOOK

ERM , ERM ERM . I, ERM

. , ERM

. T

ERM ,

. T 2010 COSO ERM S 3.4% 460 ERM

ERM .

H, 2008 ERM

S ERM . A

ERM .

ERM ,

, .

, ERM . I , S

, KPMG 50% ERM

, 35% 2006 51% 2010. T ERM

.


36/37

REFERENCES

C A S, 2003. .

://..///.

C S O T C, 2004. C .

C S O T C, 2004. C

: A .

C S O T C, 2004. C 2010 .

://..//COSOSRFLLR6FINALEBPOSTING111710.

C E B I, 2010. .

://..//26301480/SRMM

G, N., 2010. 2011 B.

://..///153779131.

H, J., 2009. B : . ://../2009/04/15/

/

J, S., 2010. C . ://../2010/12/14/

/

KPMG, 2010. C :

2010.

O F M, 2008. C 20: C A.

://...//20.

P, O., 2009. .

://.///8776816841/E%20R%20M,%20P.%20D.%20O

%20P/

T , 2009. : .

://..///625/ERMRA122809.


37/37

Disclaimer

The information set forth herein has been obtained or derived from sources generally available to the public and believed

by the author(s) to be reliable, but the author(s) does not make any representation or warranty, express or implied, as to

its accuracy or completeness. The information is not intended to be used as the basis of any investment decisions by anyperson or entity. This information does not constitute investment advice, nor is it an offer or a solicitation of an offer to

buy or sell any security. This report should not be considered to be a recommendation by any individual affiliated with NTU

Risk Management Society.

top risk - enterprise risk management handbook (complete)

Documents