coso_erm企業(yè)風(fēng)險(xiǎn)管理框架ppt49-展示頁(yè)
2025-01-12 07:39本頁(yè)面
【正文】 out. ? Occur throughout the anization, at all levels and in all functions. ? Include application and general information technology controls. ? Management identifies, captures, and municates pertinent information in a form and timeframe that enables people to carry out their responsibilities. ? Communication occurs in a broader sense, flowing down, across, and up the anization. Information Communication Monitoring Effectiveness of the other ERM ponents is monitored through: ? Ongoing monitoring activities. ? Separate evaluations. ? A bination of the two. Internal Control A strong system of internal control is essential to effective enterprise risk management. ? Expands and elaborates on elements of internal control as set out in COSO’s ―control framework.‖ ? Includes objective setting as a separate ponent. Objectives are a ―prerequisite‖ for internal control. ? Expands the control framework’s “Financial Reporting‖ and ―Risk Assessment.‖ Relationship to Internal Control — Integrated Framework ERM Roles Responsibilities ? Management ? The board of directors ? Risk officers ? Internal auditors Internal Auditors ? Play an important role in monitoring ERM, but do NOT have primary responsibility for its implementation or maintenance. ? Assist management and the board or audit mittee in the process by: Monitoring Evaluating Examining Reporting Remending improvements Visit the guidance section of The IIA’s Web site for The IIA’s position paper, ―Role of Internal Auditing’s in Enterprise Risk Management.‖ Internal Auditors ? – The internal audit activity’s plan of engagements should be based on a risk assessment, undertaken at least annually. ? – Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls enpassing the anization’s governance, operations, and information systems. ? – When planning the engagement, the internal auditor should identify and assess risks relevant to the activity under review. The engagement objectives should reflect the results of the risk assessment. Standards 1. Organizational design of business 2. Establishing an ERM anization 3. Performing risk assessments 4. Determining overall risk appetite 5. Identifying risk responses 6. Communication of risk results 7. Monitoring
教學(xué)課件相關(guān)推薦
鄂ICP備17016276號(hào)-1