Enterprise risk management (ERM)

34 5 0
  • Loading ...
1/34 trang

Thông tin tài liệu

Ngày đăng: 30/11/2016, 22:29

ERM 101 Lisanne Sison Director ERM Bickmore What is ERM? Enterprise Risk Management (ERM) is defined by the Committee of Sponsoring Organizations (COSO) as “a process, effected by an entity’s board of directors, management and other personnel, applied in strategysetting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” What is ERM? Enterprise Risk Management (ERM) is defined by the Committee of Sponsoring Organizations (COSO) as “a process, effected by an entity’s board of directors, management and other personnel, applied in strategysetting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” What is ERM? (cont’d) To help assist with the implementation of the ERM process, COSO developed the ERM Integrated Framework (2004), also known as the COSO Cube This cube is an update to the initial COSO I framework developed in 1992: What is ERM? (cont’d) These are the high level goals that are aligned with and support the institution’s mission What is ERM? (cont’d) Relate to the ongoing management process and daily activities of the organization What is ERM? (cont’d) Relates to the protection of the organization’s assets and quality of financial reporting What is ERM? (cont’d) Relates to the organization’s adherence to applicable laws and regulations What is ERM? (cont’d) Each of these components are considered at multiple levels of the organization, rather than within a single function, unit, or department ERM… • • • Provides a comprehensive and systematic approach to more proactive and holistic risk management Provides a common lexicon of risk terminology, and provides direction and guidance for implementing ERM Requires that organizations examine their complete portfolio of risks, consider how those risks interrelate, and that management develops an appropriate risk mitigation approach to address these risks in a manner that is consistent with the organization’s strategy and risk appetite ERM is not… • • A silver bullet to prevent risks from occurring A methodology or a checklist of items that need to be completed that guarantee results • The only way organizations can take a more proactive approach to managing risk Other Frameworks CoCo – Stands for “Criteria of Control” and is a risk management tool developed by the Canadian Institute of Chartered Accountants to assist managers and internal auditors in designing, assessing, and reporting on control systems of an organization Other Frameworks (cont’d) Cadbury Report – Published in 1992, this report sets out recommendations on the arrangement of company boards and accounting systems to mitigate corporate governance risks and failures Recommendations focus primarily on practices related to transparency and accountability at the top levels of an organization, (e.g – Board of Directors members) rather than in throughout organization as a whole Other Frameworks (cont’d) Australian and New Zealand Standard on Risk Management (AS/NZS 4360:2004, or ASNZS) – Considered by some to be the gold standard for all other risk management standards The ASNZS is widely used internationally, and is desirable for its simplicity (Where the original draft of the COSO ERM Model ran about 154 pages, the ASNZS is only 23 pages.) Other Frameworks (cont’d) Below is a diagram of the ASNZS framework: Other Frameworks (cont’d) ISO 31000:2009 – Developed by the International Organization for Standardization (ISO) and based off the AS/NZS, ISO 31000 provides principles and generic guidelines on risk management Provides a universally recognized paradigm for practitioners and companies employing risk management processes across different industries, subject matters and regions ISO 31000 is defined as “a process that provides confidence that planned objectives will be achieved within an acceptable degree of residual risk.” ISO 31000 Framework Overview Where’s the Value??? • The biggest value in each of these frameworks lay in their promotion of continuous improvement, diligent management practices and ongoing monitoring Relevance (cont’d) • Organizations are increasingly looking to expand their risk management functions to help reduce potential future losses through: – Improved monitoring and reporting – Better risk identification and response – More risk-based decision making Relevance (cont’d) Based on a recent survey conducted by Towers Watson, the table below illustrates motivating factors to improving various risk management activities in the near term Relevance (cont’d) A survey conducted by RIMS and Marsh titled “Excellence in Risk Management VI (2009)”, lists the main barriers to adopting a more strategic approach to risk management as follows: Questions? Lisanne Sison Bickmore lsison@bickmore.net (916) 244-1119 [...]... holistic risk management Provides a common lexicon of risk terminology, and provides direction and guidance for implementing ERM Requires that organizations examine their complete portfolio of risks, consider how those risks interrelate, and that management develops an appropriate risk mitigation approach to address these risks in a manner that is consistent with the organization’s strategy and risk appetite... and prioritizing related risks What is ERM? (cont’d) Risk Response relates to determining how management will respond to the risks an organization faces Will they avoid the risk, share the risk, or mitigate the risk through updated practices and policies What is ERM? (cont’d) Control Activities represent policies and procedures that an institution implements to address the risks the organization chooses... conducted by Towers Watson, the table below illustrates motivating factors to improving various risk management activities in the near term Relevance (cont’d) A survey conducted by RIMS and Marsh titled “Excellence in Risk Management VI (2009)”, lists the main barriers to adopting a more strategic approach to risk management as follows: Questions? Lisanne Sison Bickmore lsison@bickmore.net (916) 244-1119... provides principles and generic guidelines on risk management Provides a universally recognized paradigm for practitioners and companies employing risk management processes across different industries, subject matters and regions ISO 31000 is defined as “a process that provides confidence that planned objectives will be achieved within an acceptable degree of residual risk. ” ISO 31000 Framework Overview Where’s... frameworks lay in their promotion of continuous improvement, diligent management practices and ongoing monitoring Relevance (cont’d) • Organizations are increasingly looking to expand their risk management functions to help reduce potential future losses through: – Improved monitoring and reporting – Better risk identification and response – More risk- based decision making Relevance (cont’d) Based on a recent... Life Cycle Evaluate Performance Implement Confirm next Evaluate options steps Identify and prioritize Goal setting risks Culture Internal Internal Environment Environment Objective Objective Event Event Risk Risk Setting Setting Identification Identification Assessment Assessment Risk Risk Response Response Control Control Activities Activities Information Information & & Communication Communication... relates to the process management uses to set its strategic goals and objectives Establishes the organization’s risk appetite and risk tolerance What is ERM? (cont’d) Event Identification is the process by which an organization identifies events that influence strategy and objectives, or could affect an organization’s ability to achieve its objectives What is ERM? (cont’d) Risk Assessment relates... strategy and risk appetite ERM is not… • • A silver bullet to prevent risks from occurring A methodology or a checklist of items that need to be completed that guarantee results • The only way organizations can take a more proactive approach to managing risk Other Frameworks CoCo – Stands for “Criteria of Control” and is a risk management tool developed by the Canadian Institute of Chartered Accountants... risks and failures Recommendations focus primarily on practices related to transparency and accountability at the top levels of an organization, (e.g – Board of Directors members) rather than in throughout organization as a whole Other Frameworks (cont’d) Australian and New Zealand Standard on Risk Management (AS/NZS 4360:2004, or ASNZS) – Considered by some to be the gold standard for all other risk. .. throughout organization as a whole Other Frameworks (cont’d) Australian and New Zealand Standard on Risk Management (AS/NZS 4360:2004, or ASNZS) – Considered by some to be the gold standard for all other risk management standards The ASNZS is widely used internationally, and is desirable for its simplicity (Where the original draft of the COSO ERM Model ran about 154 pages, the ASNZS is only 23 pages.) Other
- Xem thêm -

Xem thêm: Enterprise risk management (ERM) , Enterprise risk management (ERM) , Enterprise risk management (ERM)

Gợi ý tài liệu liên quan cho bạn

Nạp tiền Tải lên
Đăng ký
Đăng nhập