9512.net
甜梦文库
当前位置:首页 >> >>

各种内部控制或风险管理模型比较


Using Standards & Models and Events Database to Construct an Operational Risk Management Programme

Presented by Phill Robinson-Welsh Robinson-

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

! CoCo

! COSO

! COBIT

! CONCT

! KontraG

! Loss Events

Coming Up…

! Cadbury, Turnbull

! BS7799 / ISO17799

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

COSO
! Committee of Sponsoring Organisations ! Of the Treadway Commission ! US, 1992 ! www.coso.org ! ‘Internal Control – Integrated Framework’ Report ! Compliance not mandatory in the same way as Cadbury.

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

COSO
! Key Concepts
" Internal control is a process. It is a means to an end, not an end in itself. " Internal control is effected by people. " Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board. " Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

COSO
! Internal Control – Integrated Framework

Definition of Internal Control
Internal control is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
!Effectiveness and efficiency of operations !Reliability of financial reporting !Compliance with applicable laws and regulations

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

COSO
! Internal control consists of 5 interrelated components:
" " " " " Control Environment Risk Assessment Control Activities Information and Communication Monitoring

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

COSO

! Roles & Responsibilities:
" " " " Management Board of Directors Internal Auditors Other Personnel

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

COSO
! Conclusion
" " " " All parties to use a common internal control framework Common language Assessment of controls against a standard Strengthen controls progressively

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

CoCo
! Criteria of Control Board ! Canadian Institute of Chartered Accountants ! www.cica.ca/cica/cicawebsite.nsf ! 1995 ‘Guidance on Control’ Report (C$15) ! 20 criteria for effective control under four headings
" " " " Purpose Commitment Capability Monitoring and Learning

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

Cadbury & Combined Code
! London Stock Exchange ! Adrian Cadbury, 1992 ! Almost identical control definitions as COSO ! Since 1995 Directors of UK Listed companies required to give annual statement of effectiveness of internal Financial controls ! Combined Code, 1998 (Turnbull)
" Combines Cadbury with the findings of 1995 Greenbury Committee regarding roles & responsibilities of directors " Annual report from directors on effectiveness of all internal controls, not just financial controls

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

KonTraG
! www.bmi.bund.de/misc/e_kont.htm ! Control and transparency in business (KonTraG) Corporate Governance reform in Germany ! German near equivalent of UK’s “Turnbull” ! German Federal Ministry of Justice ! Enshrined in law from April 1998 for all plc’s ! Impacting the following areas:
" " " " " Board of Directors Supervisory Board AGM & Shares Banks as Stakeholders Audit

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

COBIT
! Control Objectives for Information and related Technology ! Version 2, 1998 ! Version 3, 2000 (Benchmarking) ! ISACF ! www.isaca.org / www.itgovernanceinstitute.org ! The model for IT Governance ! Control in IT is approached by looking at information that is needed to support the business objectives or requirements

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

COBIT

Effectiveness

Quality

Efficiency

Business Requirements

Compliance Reliability Integrity Confidentiality Availability

Fiduciary Security

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

COBIT

! IT resources

" " " " " Data Application systems Technology Facilities People

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

COBIT

! Domains

" " " " Planning & Organisation Acquisition & Implementation Delivery & Support Monitoring

! Audit Guidelines

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

! ISACF

CONCT

! www.isaca.org

! An extension of COBIT

! Control Objectives for Net Centric Technology

! Covers the emerging technologies (i.e. e-commerce)

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

CONCT

! Four volumes

" " " " Framework Intranet/Extranet/Internet Data warehouse On-Line Transaction Processing

! 20 high-level IT control objectives

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

! Parts 1 & 2

BS7799 / ISO17799

! information of security has 3 major components:
" Confidentiality " Integrity " Availability

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

BS7799 / ISO17799
! 10 sections
" " " " " " " " " " Security Policy Security organisation Assets classification and control Personal security Physical and environmental security Computer and network management System access control System development and maintenance Business continuity planning Compliance

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

BS7799 / ISO17799
! 10 Key Controls
" " " " " " " " " " Information Security Policy Document Allocation of Security Responsibilities Information Security Education and Training Reporting of Security Incidents Virus Controls Business Continuity Planning Process Control of Propriety Copying Safeguarding of Company Records Compliance with Data Protection Legislation Compliance with Security Policy

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

BS7799 / ISO17799
! ISO17799 ! 'fast track' BS 7799 to turn it into an International Standard within 6 months (from 10 August 2000). ! The document is now accorded the status of 'FDIS' (Final Draft International Standard) ! This refers to Part 1 of the standard only. A similar proposal is envisaged for part two when 'part 1' is published

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

ANZ 4360:1999
! Australia & New Zealand Standards institutes ‘Risk Management’ ! www.standards.com.au ! Generic guide for the establishment and implementation of the risk management process ! Risk management process is as much about identifying opportunities (per CoCo) as avoiding or mitigating losses

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

ANZ 4360:1999
! Risk Management Process ! Requirements:
" " " " Risk Management Policy Risk Management support structure and resources Implementation programme Continuous assessment / review

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

! 7 Steps

ANZ 4360:1999

" " " " " " " Establish the context Risk Identification Risk Analysis Risk Evaluation Risk Treatment Monitor & review Documentation

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

ANZ 4360:1999

! Establish the context
" " " " Strategic Organisation Risk management Risk evaluation criteria

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

ANZ 4360:1999
! Risk Identification
" " " " Must identify all risks Including those you can or cannot control Consider possible causes for the risks to occur Develop risk categories…e.g.
" " " " " Diseases Economic Financial Human Security…

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

Consequence
High Low

! Risk Analysis

ANZ 4360:1999

" Prioritise Gross / Absolute risks

Likelihood
High

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

ANZ 4360:1999
! Risk Analysis
" Ultimate aim to arrive at Net Risk figure " Takes into account adequacy and effectiveness of existing controls " Plot Net Risk matrix

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

! Risk Analysis

ANZ 4360:1999

" Consequence & Likelihood " Types of analysis
" Qualitative " Semi Qualitative " Quantitative

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

ANZ 4360:1999
! Risk Analysis
" Consequence

Level 1 2 3

Descriptor Insignificant Minor Moderate

Example detail description No injuries, low financial loss First aid treatment, on-site release immediately contained, medium financial loss Medical treatment required, on-site release contained with outside assistance, high financial loss Extensive injuries, loss of production capability, off-site release with no detrimental effects, major financial loss Death, toxic release off-site with detrimental effect, huge financial loss

4

Major

5

Catastrophic

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

ANZ 4360:1999
! Risk Analysis
" Likelihood

Level A

D e s c rip to r A lm o s t C e r t a in

E x a m p le d e t a i l d e s c r i p t io n Is e x p e c t e d t o o c c u r in m o s t c ir c u m s t a n c e s

B

L ik e ly

W ill p r o b a b ly o c c u r in m o s t c ir c u m s t a n c e s

C D E

P o s s ib le U n lik e ly R are

M ig h t o c c u r a t s o m e t im e C o u ld o c c u r a t s o m e t im e M a y o c c u r o n ly in e x c e p t io n a l c ir c u m s t a n c e s

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

ANZ 4360:1999
! Risk Analysis & Evaluation
" Risk Analysis Matrix

Consequences Likelihood A (Alm ost Certain) B (Likely) C (Possible) D (Unlikely) E (Rare)
Insignificant 1 Minor 2 Moderate 3 Major 4 Catastrophic 5

H M L L L

H H M L L

E H H M M

E E E H H

E E E E H

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

! Risk Treatment

ANZ 4360:1999

" " " " " Avoid risk (cease activity) Reduce likelihood Reduce consequence Transfer the risk Retain the risk

Amelia Financial Systems Ltd, New Hibernia House, Winchester Walk, London SE1 9AG,, Tel: +44 (0) 20 7378 0500 Fax: +44 (0) 20 7378 0900, www.amelia.co.u

! ‘Experienced risk’

! External databases

! Corporate database

! Facilitates risk measurement

Loss Events (and Near Misses)

Thank You


赞助商链接

更多相关文章:
COSO企业内控风险管理模式
COSO 企业内控风险管理模式 张玉 翻译 前言 10年前,COSO 发布了《内部控制---整合框架》来帮助企业界和其他实体评价和加强他们的内部控制 制度。从那时起该框架被...
高校内部财务控制风险管理评价模型构建及实证研究
高校内部财务控制风险管理评价模型构建及实证研究 随着我国高校规模的不断扩大,对于高校发展而言,存在的主要问题是资金不足的问题。多 数高校的资金来源于政府拨款...
最佳内部控制、萨氏法案、风险管理
风险管理基础 3. 控制活动 4. 信息与交流 5. 监督 6. 其他控制模型 7. ...风险评估 4. 以 COSO 为标准,用于评估的各种工具 六、 某跨国公司内部控制...
内部控制风险管理测试题
《企业内部控制基本规范》 ,对"控制"的最全面的定义是: )( A、设计用以保证...传统风险管理模式与全面风险管理相同的焦点是( ) A、内部控制 B、财务风险 C...
企业内部控制风险管理关系与研究
企业内部控制风险管理关系研究近年来,企业风险管理...的各种潜在事件,并 按照企业的风险偏好管理风险,为...模型 等,也不是单独或额外的活动,如检查评估等,最...
内部控制风险管理
分析评估风险管理模型内控流程的有效性,发现问题,制定改进措 施的方法是( )...(即雷曼兄弟破产前的最后一 个周五)召开了会议,讨论和雷曼兄弟业务对口的各种...
内部控制风险管理
大量公司都将全面风险管理作为企业战略管理工具,标志着这种新的风险 管理模式的...企业规模是设计和使用管理内控系统的一个重要影响因素。 ERM 作为管理控制系统的...
COSO企业内控风险管理模式
企业内控和管理企业内控和管理隐藏>> COSO 企业内控风险管理模式 前言 10年前,COSO 发布了《内部控制---整合框架》来帮助企业界 和其他实体评价和加强他们的内部...
风险管理内部控制
风险管理内部控制 课程背景: 如何确保企业经营的效率和效果? 如何确保企业财务...(一)企业风险模型 (二)环境风险、流程风险(含营运风险、财务风险、授权风险、...
内控稿
强化内部控制,有效落实制度,防范岗位风险,既是履行...做好支行各项工作的内在需求,更是防范各类风险和案件...二是 运用风险量化管理模型,提高风险识别与检测水平...
更多相关标签:

All rights reserved Powered by 甜梦文库 9512.net

copyright ©right 2010-2021。
甜梦文库内容来自网络,如有侵犯请联系客服。zhit325@126.com|网站地图