COSO-ERM(pdf 246页)内容简介
COSO-ERM目录:
Executive Summary......................................................3
Framework ......11
1. DefinITion ..........................................................13
2. Internal Environment ........................................27
3. Objective Setting...............................................35
4. Event Identification...........................................41
5. Risk Assessment ...............................................49
6. Risk Response...................................................55
7. Control ActivITIEs..............................................61
8. Information and Communication......................67
9. MonIToring ........................................................75
10. Roles and ResponsibilITIEs ................................83
11. LimITations of EntERPrise Risk Management ....93
12. What to Do........................................................97
Appendices
A. Objectives and Methodology ............................99
B. Summary of Key Principles ............................101
C. Relationship Between EntERPrise Risk Management – Integrated Framework and
Internal Control – Integrated Framework......109
D. Selected bibliography.....................................113
E. Consideration of Comment Letters.................115
F. Glossary ..........................................................121
G. Acknowledgments...........................................125
COSO-ERM内容提要:
An event is an incident or occurrence from internal or external sources that affects
achIEvement of objectives. Events can have negative impact, posITive impact, or both. Events
wITh negative impact represent risks. Accordingly, risk is defined as follows:
Risk is the possibilITy that an event will occur and adversely affect the achIEvement of
objectives.
Events wITh adverse impact prevent value creation or erode existing value. Examples include
plant machinery breakdowns, fire, and credit losses. Events wITh an adverse impact can
derive from seemingly positive condITions, such as where customer demand for product
exceeds production capacity, causing failure to meet buyer demand, eroded customer loyalty,
and decline in future orders.
Events with positive impact may offset negative impacts or represent opportunITIEs.
OpportunITy is defined as follows:
OpportunITy is the possibility that an event will occur and posITively affect the
achIEvement of objectives.
Opportunities support value creation or preservation. Management channels opportunITIEs
back to ITs strategy or objective-setting processes, so that actions can be formulated to seize
the opportunITIEs.
DefinITion of EntERPrise Risk Management
EntERPrise risk management deals with risks and opportunITIEs to create or preserve value. IT
is defined as follows:
EntERPrise risk management is a process, effected by an entITy’s bOArd of directors,
management and other personnel, applIEd in strategy setting and across the
entERPrise, designed to identify potential events that may affect the entITy, and manage
risk to be within its risk appetITe, to provide reasonable assurance regarding the
achIEvement of entITy objectives.
DefinITion
..............................