COSO_ERM企业风险管 理框架.ppt

* * * * * * * * Monitoring helps determine the effectiveness of the processes, technologies and personnel executing enterprise risk management. The entity establishes minimum standards for each component of enterprise risk management. The entity’s performance against these standards can then be monitored objectively. Monitoring can be done in two ways: through ongoing activities or separate evaluations. Enterprise risk management mechanisms usually are structured to monitor themselves on an ongoing basis, at least to some degree. Ongoing monitoring is built into the normal, recurring operating activities of an entity. Ongoing monitoring is performed on a real-time basis, reacts dynamically to changing conditions and is ingrained in the entity. As a result, it is more effective than separate evaluations. The greater the degree and effectiveness of ongoing monitoring, the lesser need for separate evaluations. The frequency of separate evaluations is a matter of managements judgment. In making that determination, consideration is given to the nature and degree of changes occurring, from both internal and external events, and their associated risks; the competence and experience of the personnel implementing risk responses and related controls; and the results of the ongoing monitoring. Usually, some combination of ongoing monitoring and separate evaluations will ensure that enterprise risk management maintains its effectiveness over time. Deficiencies in an entity’s enterprise risk management may surface from many sources, including the entitys ongoing monitoring procedures, separate evaluations and external parties. All enterprise risk management deficiencies that affect the entity’s ability to develop and implement its strategy and to achieve its established objectives should be reported to those who can take necessary action, as discussed in the next section * Risk Assessment - ERM encompasses the need for management to develop an entity-level portfoli