COSO_ERM企业风险管理框架复习过程.ppt

Applying COSO’sEnterprise Risk Management — Integrated Framework;Today’s organizations are concerned about:;ERM Defined:;Why ERM Is Important ;Why ERM Is Important ;This COSO ERM framework defines essential components, suggests a common language, and provides clear direction and guidance for enterprise risk management.;The ERM Framework;;Enterprise risk managementrequires an entity to take a portfolio view of risk. ;Management considers how individual risks interrelate. Management develops a portfolio view from two perspectives: - Business unit level - Entity level;The eight components of the framework are interrelated …;Internal Environment;Objective Setting;Event Identification;Event Identification;Risk Assessment;Risk Assessment;Risk Response;Control Activities;Management identifies, captures, and communicates pertinent information in a form and timeframe that enables people to carry out their responsibilities.  Communication occurs in a broader sense, flowing down, across, and up the organization. ;Monitoring;Internal Control;Expands and elaborates on elements of internal control as set out in COSO’s“control framework.” Includes objective setting as a separate component. Objectives are a “prerequisite” for internal control. Expands the control framework’s “Financial Reporting” and “Risk Assessment.”;ERM Roles Responsibilities;Internal Auditors;Visit the guidance section of The IIA’s Web site for The IIA’s position paper, “Role of Internal Auditing’s in Enterprise Risk Management.”;2010.A1 – The internal audit activity’s plan of engagements should be based on a risk assessment, undertaken at least annually. 2120.A1 – Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organization’s governance, operations, and information systems. 2210.A1 – When planning the engagement, the internal auditor should identify and assess risks relevant to the activity under r