COSO-ERM-Presentation-September-2017原版完整详细

EnterpriseRiskManagement

Framework:IntegratingwithStrategyandPerformance1Mission2COSO’sMissionis“Toprovidethoughtleadershipthroughthedevelopmentofcomprehensiveframeworksandguidanceonenterpriseriskmanagement,internalcontrolandfraud

deterrencedesignedtoimproveorganizationalperformanceandgovernanceandtoreducetheextentoffraudin

organizations.”COSO’sFundamental

PrincipleGoodriskmanagementandinternalcontrolarenecessaryfor

longtermsuccessofall

organizationsCOSOProjecttoUpdatetheEnterpriseRiskManagement

Framework3TheCOSOBoardreleasedinSeptember2017anupdateto

the2004EnterpriseRiskManagement–Integrated

FrameworkThatframeworkisusedwidelyusedbymanagementtoenhance

anorganization’sabilitytomanageuncertaintyandtoconsiderhowmuchrisktoacceptasitstrivestoincrease

valueThisinitiativeenhancedtheframework’scontentandrelevanceinanincreasinglycomplexbusinessenvironmentsothatorganizationscanattainbettervaluefromenterpriserisk

managementAbout

COSO…>

600,000professionalsOriginally

formed

in1985,COSOis

a

joint

initiativeof

five

private

sector

organizationsandis

dedicated

toproviding

thought

leadershipthrough

thedevelopment

of

frameworks

andguidance

onenterprise

riskmanagement

(ERM)internal

control

and

fraud

deterrence4ThoughtLeadershiptoImproveYourOrganization5Specifictopicsfor

discussion6Settingthe

StagePathto

Publication10KeyThingstoKnowaboutthe

FrameworkPublicExposure

ProcessKey

TakeawaysSettingthe

Stage7Project

StructurePwCProject

Team:ServedastheauthorandprojectleaderConductedresearch,interviews,surveys,AdvisoryCouncilmeetings,andone-on-oneandgroupforumstocapturefeedbackonthe

updateCapturedfeedbackfromacrossNorthAmerica,CentralAmerica,Europe,Asia,and

AustraliaAdvisoryCounciland

Observers:Consistedofover25

professionalsProvidedinput,feedback,insight,andideasthroughoutthe

update8COSO

BoardPwC

ProjectTeamAdvisoryCouncilObservers8AKey

Introduction…9Ourunderstandingofthenatureofrisk,theartandscienceof

choiceliesatthecoreofourmodernmarket

economyEverychoicewemakeinthepursuitofobjectiveshasitsrisks.

Fromday-to-dayoperationaldecisionstothefundamentaltrade-offsintheboardroom,dealingwithuncertainlyinthesechoicesisapartofourorganizational

lives.ANew

TitleRetitledasEnterpriseRiskManagement—IntegratingwithStrategyandPerformanceRecognizestheimportanceofstrategyandentityperformanceFurtherdelineatesenterpriseriskmanagementfrominternalcontrol10Pathto

Publication11KeyEffortsinUpdatingthe

Framework12Extensiveresearch,including

surveyInteractionwithanAdvisoryCouncilandPwCExtended

TeamMeetingsheldaroundtheworldtohelpenvisionthe

updatePubliccomment

processMeetingsheldaroundtheworldtocapturefeedbackon

updateSummaryofPublicCommentFeedback:SurveyOver200responses–doublethat

oftheinternalcontrol

updateOver70%ofresponsesfrom

individualsOver50%ofparticipationoutside

ofNorth

AmericaAlmost50%hadaffiliations

beyondCOSO

membershipsAlmost50%ofrespondentshad10

ormoreyearsofriskmanagementexperiencePositiveratingsoutnumbered

negativeratingsby

4.5:113SummaryofPublicCommentFeedback:Letters48lettersreceived–manyof

whichdemonstratedconsiderableinvestmentCommentsonconcepts(flawedmissing,unnecessary)collectivelyrepresentedlessthan15%ofthetotalnumberofcomments

receivedGreatestnumberofcommentsrequestedclarityofdrafted

contentversusadding/deleting

content1410KeyThingstoKnowabout

theFramework151)ProvidesaNewDocument

StructureFrameworkfocusedonfewercomponents

(five)Usesfocusedcall-outexamplestoemphasizekeypoints(>

30)Followsthebusinessmodelversusanisolatedrisk

managementprocess162)Introduces

Principles20keyprincipleswithineachofthefive

components173)IncorporatesNew

GraphicsGraphichasstrongertiestothebusiness

model184)Focuseson

integration19IntegratingERMwithbusinesspracticesresults

inbetterinformationthatsupports

improveddecision-makingandleadstoenhanced

performanceIthelpsorganizations

to:Anticipaterisksearlierormoreexplicitly,openingupmoreoptionsformanagingthe

risksIdentifyandpursueexistingandnew

opportunitiesRespondtodeviationsinperformancemorequicklyand

consistentlyDevelopandreportamorecomprehensiveandconsistentportfolioviewofriskImprovecollaboration,trust,andinformation

sharing5)Emphasizes

Value20Enhancesthefocusonvalue–how

entitiescreate,preserve,andrealize

valueEmbedsvaluethroughouttheframework,asevidencedby

its:–Prominenceinthecoredefinitionofenterpriserisk

management–Extensivediscussionin

principles–Linkagetorisk

appetite–Focusontheabilitytomanagerisktoacceptable

levels6)Linksto

StrategyExploresstrategyfromthreedifferent

perspectives:–Thepossibilityofstrategyandbusinessobjectivesnotaligning

withmission,visionand

values–Theimplicationsfromthestrategy

chosen–Risktoexecutingthe

strategy217)Linksto

Performance22Enablestheachievementofstrategybyactivelymanagingrisk

andperformanceFocusesonhowriskisintegraltoperformance

by:–Exploringhowenterpriseriskmanagementpracticessupport

theidentificationandassessmentofrisksthatimpact

performance–Discussingtoleranceforvariationsin

performanceManagesriskinthecontextofachievingstrategyand

businessobjectives–notasindividual

risks7)Linksto

PerformanceIntroducesanew

depictionreferredtoasarisk

profileIncorporates:RiskPerformanceRisk

appetiteRisk

capacityOffersacomprehensiveview

ofriskandenablesmorerisk-awaredecision

makingTheframeworkprovidesacompletedepictionofhowtobuilda

riskprofileinan

appendix238)RecognizesImportanceof

CultureAddressesthegrowingfocus,attentionandImportanceof

culturewithinenterpriserisk

managementInfluencesallaspectsofenterpriserisk

managementExploresculturewithinthebroadercontextofoverall

coreDepictsculturebehaviorwithinarisk

spectrumExploresthepossibleeffectsofcultureondecision

makingExploresthealignmentofculturebetweenindividualand

entitybehavior249)Focuseson

Decision-makingExploreshowenterpriseriskmanagement

drives risk

awaredecision

makingHighlightshowriskawarenessoptimizesandaligns

decisionsimpacting

performanceExploreshowrisk

awaredecisionsaffecttherisk

profileRiskAwareDecision

MakingAssumptionsRiskAppetiteCultureStrategyBusinessContextRisk

Profile2510)Buildslinkstointernal

controlThedocumentdoesnotreplacetheInternalControl–

IntegratedFrameworkThetwoframeworksare

distinctand

complementaryBothuseacomponents

andprinciples

structureAspectsofinternalcontrol

commontoenterpriseriskmanagementarenot

repeatedSomeaspectsofinternal

controlaredevelopedfurtherinthisframework