COSO Enterprise Risk Management How do we use the COSO ERM framework?
Slide 22
Slide 23
Slide 24
Slide 25
Slide 26
Slide 27
Slide 28
Slide 29
Slide 30
Role of Executive Management
Slide 32
Slide 33
Slide 34
Slide 35
Slide 36
Slide 37
Slide 38
Slide 39
Slide 40
Role of the Director
Slide 42
Slide 43
Slide 44
Slide 45
Slide 46
Slide 47
Slide 48
Slide 49
Slide 50
Slide 51
Slide 52
Slide 53
Slide 54
Slide 55
Role of the Chief Risk Officer
Slide 57
Slide 58
Slide 59
Slide 60
Slide 61
Slide 62
Slide 63
Slide 64
Slide 65
Slide 66
Slide 67
Risk Management Oversight Structure
Slide 69
Slide 70
Slide 71
Slide 72
Slide 73
Slide 74
Slide 75
Slide 76
Slide 77
Slide 78
Slide 79
Slide 80
Slide 81
Slide 82
Slide 83
Slide 84
Slide 85
Slide 86
Slide 87
Slide 88
Slide 89
Role of Internal Audit
Slide 91
Slide 92
Slide 93
Slide 94
Slide 95
Slide 96
Slide 97
Vision and Objectives
Conducting Risk Assessments
Getting Started – Set the Foundation
Building & Enhancing Capabilities
Building a Compelling Business Case
Making it Happen
Relevance to SOX Compliance
Other Questions
Nội dung
Enterprise Risk Management (ERM) ‘Integrated Framework’ FUNDAMENTALS & ROLES COSO Enterprise Risk Management Roles & Oversight Structure FUNDAMENTALS & ROLES • • • • • • • The Fundamentals COSO Enterprise Risk Management Role of Executive Management Role of the Director Role of the Chief Risk Officer Risk Management Oversight Structure Role of Internal Audit IMPLEMENTATION • • • • • • • • Risk Management Vision and Objectives Conducting Risk Assessments Getting Started – Set the Foundation Building & Enhancing Capabilities Building a Compelling Business Case Making it Happen Relevance to Sarbanes-Oxley Compliance Other Questions COSO Enterprise Risk Management What is COSO? (“Committee of Sponsoring Organizations” formed in 1985) voluntary private-sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls and corporate governance sponsor the National Commission on Fraudulent Financial Reporting - the Treadway Commission causal factors that can lead to fraudulent financial reporting and developed recommendations for public companies and their independent auditors, for SEC and other regulators, and for educational institutions COSO Enterprise Risk Management COSO sponsoring organizations? American Institute of Certified Public Accountants (AICPA) Institute of Internal Auditors (IIA) Financial Executives International (FEI) Institute of Management Accountants (IMA) American Accounting Association (AAA) COSO Enterprise Risk Management Why was the COSO Enterprise Risk Management – Integrated Framework created? “recent years have seen heightened concern and focus on risk management, and it became increasingly clear that a need exists for a robust framework to effectively identify, assess, and manage risk.” develop a framework that “would be readily usable by managements to evaluate and improve their organizations’ enterprise risk management.” high-profile business failures occurred during the period of the framework’s development, there were “calls for enhanced corporate governance and risk management, with new law, regulatory and listing standards.” need for a framework to provide a common language and give clear direction and guidance COSO Enterprise Risk Management What is the COSO Enterprise Risk Management – Integrated Framework? “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” COSO Enterprise Risk Management COSO ERM – Integrated Framework four categories of objectives – strategic, operations, reporting and compliance entity, its divisions, business units & subsidiaries eight components of ERM COSO Enterprise Risk Management Eight components of ERM Internal environment - risk management philosophy Objective setting - strategic objectives Event identification - potential events (SWOT) Risk assessment - impact of potential events Risk response - response options and effect Control activities - policies & procedures Information and communication - reporting Monitoring - assess performance COSO Enterprise Risk Management 10 Role of Internal Audit Core roles for internal audit Giving assurance on the risk management processes Giving assurance that risks are correctly evaluated Evaluating risk management processes Evaluating the reporting of key risks Reviewing the management of key risks 91 Role of Internal Audit Roles that are not appropriate for internal audit Setting the risk appetite Authorizing and dictating the implementation of risk management processes Assuming the role of management in providing assurance on risks and risk management performance Making decisions on risk responses Implementing risk responses on management’s behalf Accepting accountability for risk management 92 Role of Internal Audit “legitimate internal audit roles” Facilitating identification and evaluation of risks Coaching management in responding to risks Coordinating ERM activities Consolidating reporting on risks Maintaining and developing the ERM framework Championing establishment of ERM Developing a risk management strategy for BOD 93 94 Role of Internal Audit Should internal audit lead the ERM effort? NO Should internal audit integrate the COSO ERM framework into its work? Recommended Hasn’t internal audit evaluated the application of ERM within the organization? Not necessarily 95 Role of Internal Audit Does the Institute of Internal Auditors (IIA) support the COSO Enterprise Risk Management – Integrated Framework? Yes Do The IIA standards require the use of the COSO Enterprise Risk Management – Integrated Framework? Not required – Issued guidance 96 IMPLEMENTATION • • • • • • • • Vision and Objectives Conducting Risk Assessments Getting Started – Set the Foundation Building & Enhancing Capabilities Building a Compelling Business Case Making it Happen Relevance to Sarbanes-Oxley Compliance Other Questions 97 Vision and Objectives 98 Conducting Risk Assessments 99 Getting Started – Set the Foundation 100 Building & Enhancing Capabilities 101 Building a Compelling Business Case 102 Making it Happen 103 Relevance to SOX Compliance 104 Other Questions 105 ... Risk Management 10 COSO Enterprise Risk Management Internal environment: risk management philosophy This component reflects an entity’s enterprise risk management philosophy, risk appetite, board... 4360: Risk Management Risk Management Standard (Institute of Risk Management, Association of Insurance and Risk Management) COSO did not publish a reconciliation – but considered them 26 COSO Enterprise. .. COSO Enterprise Risk Management Integration of risk responses within business plans Integration of risk management with strategy-setting Alignment of organizational behavior with risk appetite Risk