COSO-ERM企业风险管理框架

ApplyingCOSO'sEnterpriseRiskManagement—IntegratedFrameworkSeptember29,2004TheInstituteofInternalAuditorsToday'sorganizationsareconcernedabout:RiskManagementGovernanceControlAssurance(andConsulting)@4ERMDefined:”…aprocess,effectedbyanentity'sboardofdirectors,managementandotherpersonnel,appliedinstrategysettingandacrosstheenterprise,designedtoidentifypotentialeventsthatmayaffecttheentity,andmanageriskstobewithinitsriskappetite,toprovidereasonableassuranceregardingtheachievementofentityobjectives・〃Source:8SQEnterpriseRiskManaqement一IntegratedFramework.2004.COSO.WhyERMIsImportantUnderlyingprinciples:•Everyentity,whetherfor-profitornot,existstorealizevalueforitsstakeholders・•Valueiscreated,preserved,orerodedbymanagementdecisionsinallactivities,fromsettingstrategytooperatingtheenterpriseday-to-day.WhyERMIsImportantERMsupportsvaluecreationbyenablingmanagementto:Dealeffectivelywithpotentialfutureeventsthatcreateuncertainty.Respondinamannerthatreducesthelikelihoodofdownsideoutcomesandincreasestheupside・EnterpriseRiskManagement—IntegratedFrameworkThisCOSOERMframeworkdefinesessentialcomponents,suggestsacommonIanguage,andprovidescleardirectionandguidanceforenterpriseriskmanagement.TheERMFrameworkEntityobjectivescanbeviewedinthecontextoffourcategories:StrategicOperationsReportingComplianceInternalEnvironment|Even11dujnifioiHonEZZ1]RiskAssipssmentRUkRcjControlJActivitiesIInfoimatlon&i*ommunic1itionMonilorin9TheERMFrameworkERMconsidersactivitiesatalllevelsoftheorganization:Enterprise-levelDivisionorsubsidiaryBusinessunitprocessesInternalEnvironmentEventIdeMificationEZZ11pssmentRhkR