top risk - enterprise risk management handbook (complete)
TRANSCRIPT
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
1/37
| ENTERPRISE RISK MANAGEMENT HANDBOOK |
Enterprise Risk Management Handbook
(Complete)
Produced by
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
2/37
FOREORD
. B
R . I
,
E C 2002, SO A.
T , . ? I ,
. R . L
. B ?
T : M ,
. . 20 ,
,
. C ,
. A : H A
1993 H C 1969, A SD 26.5
, 19 C, 5 . T
.
A ,
. C 20 ;
. T
. T
: M ,
.
?
E R M (ERM)
. T
,
.
, . ERM
SO A, ,
. , ,
. T
2008.
T, ERM .
O , ERM
.
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
3/37
&
A , , ERM ? T
: E. , ,
, ERM
. A CCA, ERM
CCA,
.
T ERM, ERM
. ERM COSO ERM
F ISO 31000.
, ERM . E !
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
4/37
1. DEFINITIONS
1.1 CA
. T , .
T .
? H (2007)
. H, . K (1921) :
. . G
, , ,
. S , .
H,
. T
, . S
, : H
? H ?
1.2 A
, . T
.
.
T , , .
T . F,
. F ,
,
, ,
. M
. T ,
, ,
. I ,
.
M
, . T
. H,
. A S
S, . I ,
, . S S
. I , ,
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
5/37
, E R M S
.
1.3 ADA D
I , . R
. F , ,
, ,
. S
. F , ,
, . I M A, ()
. ,
. I .
1.4 AD
, . A . R, ,
,
. I ,
,
. S, ,
, . T
. H,
, (
) .
1.5 A A CA AD
T . O
. A
. A . T
. E
. A COSO F,
:
.
E . F,
. T :
.
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
6/37
I , . T
. F ,
. I
, . I ,
.
T . D
. F
, . T
, . T
. H,
,
.
E R M, : ?
, ? A
?
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
7/37
2. INTRODCING ENTERPRISE RISK
MANAGEMENT
2.1 D
T ERM . T
C A S, 2003 A O E R M,
E R M
, , , ,
'
."
A, COSO ERM F, E R M
, , ,
,
, ,
.
T ERM.
2.2 5 A CC
A PROCESS
ERM
. ERM
. N ERM
. ERM
.
ERM
. B ERM
, . T
.
EFFECTED B PEOPLE
ERM , . T
, ,
ERM .
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
8/37
O , ERM . I
. I
, .
I . T
. ERM ,
.
APPLIED IN SETTING STRATEG
M . D
. ERM
. I , ERM
.
APPLIED ACROSS THE ENTERPRISE
ERM . ERM , . T
. T
, . R ,
. T, ,
,
,
.
RISK APPETITE
R
. R . A
,
, .
R . ERM
.
R ,
.
R .I , .
O ,
.
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
9/37
2.3 B AA
ERM ;
. T
ERM . L 5
ERM !
ALIGNMENT OF RISK AND STRATEG
. B ? C
,
. T
, ERM
.
IMPROEMENT FROM RISKBASED DECISIONS
ERM , ,
. T
.
REDCTION IN SRPRISES
.
IDENTIFICATION AND MANAGEMENT OF MLTIPLE RISKS
T . S,
. P ,
.
IDENTIFICATION OF OPPORTNITIES
ERM ,
.
2.4 C CC
I ERM , .
I ERM, . I
, 5 ERM. D
!
THE BIGGEST RISK AN ORGANISATION FACES IS FINANCIAL RISK.
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
10/37
I , , ,
. O ,
.
ERM IS A ONEOFF PROJECT.
S ,
ERM . T ERM,
ERM , ERM
.
M COMPAN IS SAFE BECASE E REIE RISKS ON AN ANNAL BASIS.
R
. H
? 88% 2009 C E B
. T,
, . I , .
1:
: C B
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
11/37
THE ORGANISATION IS ELLPROTECTED IF IT HAS A STRONG QANTITATIE MODEL
TO MEASRE RISK.
C ,
. C ,
R (R) ,
2008. F,
,
,
.
RISKS MST BE QANTIFIED.
Q . R
. I . I ,
,
. I , ,
, .
2: C
: ...
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
12/37
3. THE ERM FRAMEORK
3.1 CA BC
ERM . ERM . I , COSO
F :
: R , .
: R
: R
C: R
B , ERM
. I
. T,
.
R :
C
D P R
C E C E
C S
T
D /
C
B
T
/
C I
C L
S
IT
R
3:
: (2009)
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
13/37
3.2 C
ERM 8 . E
ERM . A
. I ERM
, , .
INTERNAL ENIRONMENT
T
ERM.
T
, ERM,
, , . O
. T .
OBJECTIE SETTING
ERM
. S
, , ERM .
EENT IDENTIFICATION
P . T
, , . R
.
T COSO F . H,
,
,
.
RISK ASSESSMENT
T .
T ,
.
4: 8 C C
: C (2004)
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
14/37
RISK RESPONSE
P . T , , ,
. R .
CONTROL ACTIITIES
C
.
INFORMATION AND COMMNICATION
R
. T
. I , ,
.
, .
MONITORING
T ERM
. M
, .
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
15/37
4. THE ENTERPRISE RISK
MANAGEMENT PROCESS
ERM F, , . I ,
1)
I /;
2)
M / ;
3)
I ,
ERM , ERM .
4.1 ACA C
G
:
1.
R
2.
S
3.
C
4.
O
5.
E
6.
P
T
. E
.
4.2 C
R . I
.
T . I
. I
, .
A , . N
. I
, . T
. T
, .
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
16/37
A ,
.
4.3 DCA
R
. T ,
.
4.3.1 INPT
,
.
E
. T
.
6:
: (2009)
5:
: (2009)
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
17/37
E
S,
P
C
F
C
O
S /
C
S
P
C L
R A
I ERM , ,
, . T
( ) .
T
ERM. T .
4.3.2 TOOLS & TECHNIQES
. D
. T
, .
E B PS C
B
C
K
F /
I
N
C
P
C /
O
T
M
S
A
P/
P
T
M
K
K I
K
O H
P/
C /
F
M A / C
T
C
P/
P
A
S
7:
: (2009)
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
18/37
M
T
C
C
/
C
/
F /
P
C
B R
. T
:
1) B A
. ,
,
. T
,
. I . T
.
2) I
. T
, .
3)
C T ,
, . Q
, ,
, .
4) T ,
.
.
5) I
,
, ,
. A KPMG 1997 B
(B). T
,
. T ELBM
.
6) B A A ,
. T KPMG.
8: B
: (2009)
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
19/37
T
, , . T /,
.
4.3.3 OTPT
T , ,
, , , ,
, . T
.
1. I
.
2. P
.
3. R
.
9: B A
: C (2004)
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
20/37
4. T
.
T ,
,
, ,
, C
S F .
R .
R . T
. I
,
. T
, .
4.4 A
T . R
,
, , . T
, .
F, .
4.4.1 INHERENT AND RESID AL RISKS
I . R
. R
. O , . I
,
.
4.4.2 RISK ASSESSMENT TECHNIQES
R .
,
,
. S ,
, . ,
; .
,
. Q
,
.
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
21/37
E :
1) B
, . T
( ), / ( ),
( ). S
.
2)
. H . E
, CR, , . T
.
3)
. E .
P A. I
, , . T
.
4.4.3 METHODS OF REPRESENTING RISK
DESIGN OF SCALE RANGE
T ,
. F , 1 5
, 1 I / E
5 C/ E .
I 1 20. I
,
. T , , ,
.
10: ( )
: (2009)
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
22/37
T . T
. B
, .
RISK MATRI
T ,
. T :
. A 5 5 ,
( F 5).
A ,
, . .
T ,
. I ,
.
,
. P
, , ,
, .
FAILRE MODE AND EFFECTS ANALSIS
T FMEA (F M E A)
, , ,
11:
: (2009)
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
23/37
, .
T :
D =
T , .
D . A 1 5, 1 5
.
T 1 125. 1
, 1 . A
125
.
T
. A , 1 125
.
PROGRAM EALATION AND REIE TECHNIQE
T P E R T (PERT)
. PERT
. I
. I ,
. D
.
4.5
A , . A ,
. T
.
D
R T .
T
, , .
A A ,
.
O
.
T T .
O
(). T . R
.
S D ,
.
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
24/37
A T
. T
.
4.5.1 CONTINGENC PLANNING
A .
.
T
. T , .
,
.
I
. T
.
T . F ,
.
. F,
. A
,
.
O . T
: T
.
4.5.2 OPPORTNITIES IN RIS K RESPONSE
I , ,
. H,
. S
. A
,
.
12: &
: (2009)
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
25/37
4.6 C
T ERM
. I ,
, , .
C , , ,
'
. T . T
.
' , .
4.6.1 CONSIDERATIONS IN IMPLEMENTING CONTROLS
C . M
. T
. ,
. C
:
1.
T
.
2. M
. A
.
3.
T
.
4. F ,
, .
5.
E .
4.6.2 TPES OF CONTROL ACTIITIES
C , , .
1. . T
, , , .
2. D . T ,
, , .
3. C ,
. Q
.
I ,
.
1. ,
. E I T ,
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
26/37
I T ,
.
2. A
. E , ,
.
I :
1. P
2.
P
3.
S
4. A , ,
5. P
6. C
4.6.3 COMMON CONTROL ACTIITIES
S :
AC
.
S , ,
, . M ,
,
. I , ,
.
D M .
F , ,
() , ,
. I ,
. B ,
. R
, .
A , ,
. D
. A , ,
. N ,
. D
, , , .
C
/ .
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
27/37
E , : ;
; ; . P
, . F ,
, .
C
.
C
,
, , .
C
.
, C
. E
.
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
28/37
4.6.4 LIMITATIONS OF CONTROLS
C , ,
. T
. T :
T
,
.
B E , . P
. E
.
E ,
. T
,
.
C C . I
.
C I ,
. E . T .
A .
E
.
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
29/37
5. MONITORING, COMMNICATION &
ADIT
T ERM, , I A .
5.1
5.1.1 IMPORTANCE OF MONITORING
T
. T
. I
,
.
I , . E ,
, . T
, . I
ERM ,
ERM .
5.1.2 TPES OF MONITORING MECHANISMS
T ERM O M S E.
T O , ERM . T
.
O , S E ERM
, ERM
.
ONGOING MONITORING
O ,
. T , . T
, ,
, . O ,
, ,
.
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
30/37
I O M ,
. F ,
. I ,
. T
. T ,
/ . E
.
I ,
. E
ERM .
A .
T .
,
. T
, . T
.
SEPARATE EALATION
O , S E
ERM . S
. S E?
D
? F .
T , .
T . A ERM
, ,
, , .
? . T
ERM . H
.
? E .
E
ERM .. ERM .
T ERM
.
, ,
.
T ERM
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
31/37
ERM. I
, ,
,
.
D A
. I , ,
, , .
I ,
ERM ,
.
S
1) O M ,
2)
C ,
3)
R ,
, , ERM
.4)
P E,
ERM , .
? F ERM
,
.
R . , ERM
,
.
C
.
PROS AND CONS OF THE TO MONITORING MECHANISMS
O M
. I ,
. T, O M .
H, O M S E. O
M . A ERM O
M S E .
13:
: (2009)
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
32/37
5.2 CCA & A
H ,
, .
I ,
. T ,
; ,
; .
E
.
5.2.1 INFORMATION QALIT
R
.
ERM
.
D D . T
,
,
. I
, ,
.
T
. A ,
.
5.2.2 INTEGRATED INFORMATION SSTEMS
T
, . I
. M E R P,
, ,
,
.
N ERM . M
,
. R
.
H, ,
,
. H,
ERM .
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
33/37
5.2.3 COMMNICATION
I . H,
. I ,
.
INTERNAL COMMNICATION
C , ,
. T
. I
, , /
ERM .
F
. T
, . M
.
,
. M
.
M , ,
, ERM ,
. T . O ,
. T ,
.
ETERNAL COMMNICATION
T
, , , , , ,
. O
.
O
,
, .
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
34/37
5.3 A AD
A . A
. T ,
, . T
.
A . T
. A
. O ,
. H, .
5.3.1 THE INTERNAL ADITOR
T (IA)
ERM. T IA
, .
T . O
. E
IA . S
IA.
H IA ,
.
A ,
IA. S ,
ERM . T IA
, /
. R CEO, C ,
A C . S
, ,
, IA .
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
35/37
6. CONCLSION AND FTRE
OTLOOK
ERM , ERM ERM . I, ERM
. , ERM
. T
ERM ,
. T 2010 COSO ERM S 3.4% 460 ERM
ERM .
H, 2008 ERM
S ERM . A
ERM .
ERM ,
, .
, ERM . I , S
, KPMG 50% ERM
, 35% 2006 51% 2010. T ERM
.
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
36/37
REFERENCES
C A S, 2003. .
://..///.
C S O T C, 2004. C .
C S O T C, 2004. C
: A .
C S O T C, 2004. C 2010 .
://..//COSOSRFLLR6FINALEBPOSTING111710.
C E B I, 2010. .
://..//26301480/SRMM
G, N., 2010. 2011 B.
://..///153779131.
H, J., 2009. B : . ://../2009/04/15/
/
J, S., 2010. C . ://../2010/12/14/
/
KPMG, 2010. C :
2010.
O F M, 2008. C 20: C A.
://...//20.
P, O., 2009. .
://.///8776816841/E%20R%20M,%20P.%20D.%20O
%20P/
T , 2009. : .
://..///625/ERMRA122809.
-
7/23/2019 TOP Risk - Enterprise Risk Management Handbook (Complete)
37/37
Disclaimer
The information set forth herein has been obtained or derived from sources generally available to the public and believed
by the author(s) to be reliable, but the author(s) does not make any representation or warranty, express or implied, as to
its accuracy or completeness. The information is not intended to be used as the basis of any investment decisions by anyperson or entity. This information does not constitute investment advice, nor is it an offer or a solicitation of an offer to
buy or sell any security. This report should not be considered to be a recommendation by any individual affiliated with NTU
Risk Management Society.