Part 2 Section D.1.4. COSO Framework on ERM COSOフレームワークによるERM

ERMの定義

ERM is the culture, capabilities, and practices that organizations integrate with strategy-setting and apply when they carry out that strategy, with a purpose of managing risk in creating, preserving, and realizing value.

Enterprise Risk Management – Integrating with Strategy and Performance @2017 Committee of Sponsoring Organizations of the Treadway Commission (COSO)

5 Components and the 20 Principles of ERM

  • The ERM Framework is a set of principles organized into 5 interrelated components. The 5 components are supported by the 20 principles that cover everything from governance to monitoring.
  • Determining whether an entity’s ERM is effective is a judgement resulting from an assessment of whether the 5 components are present and functioning effectively and efficiently. Therefore, the 5 components are also criteria for evaluating the effectiveness of ERM.

The 5 Components and 20 principles Supporting Each Component

5 components 5つの構成要素(GOPRO

  1. Governance & Culture
  2. Strategy & Objective-Setting
  3. Performance
  4. Review & Revision
  5. Information, Communication & Reporting (Ongoing)

個人的には、GOSPRIGosip princess: “ゴシップを振りまくお姫様”で暗記したいところだが、、、)

20 principles 20の原則

DOVES SOAR VAPIR SIR TIP. (鳩さんたちが急上昇したのは蒸気のせいでそれを見たお客がチップをくれた???)

1. Governance & Culture: DOVES (鳩たち)

  1. Exercises board risk oversight
  2. Establishes operating structures
  3. Defines desired culture
  4. Demonstrates commitment to core values
  5. Attracts, develops, and retains capable individuals (employees)

2. Strategy & Objective-Setting: SOAR(急上昇)

  1. Analyzes business context
  2. Defines risk appetite
  3. Evaluates alternative strategies
  4. Formulates business objectives

3. Performance: VAPIR(Vavor: 蒸気)

  1. Identifies risks
  2. Assesses severity of risk
  3. Prioritize risks
  4. Implements risk responses
  5. Develops portfolio view

4. Review & Revision: SIR(お客様)

  1. Assesses substantial change
  2. Reviews risk & performance
  3. Pursues improvement in enterprise risk management

5. Information, communication, and Reporting (Ongoing) : TIP(チップ)

  1. Leverages information & technology
  2. Communicates risk information
  3. Reports on risk, culture, and performance

20の原則 概要

1. Governance & Culture ガバナンスとカルチャー

  1. Exercises board risk oversight
    • 取締役会がリスク監視を行う
  2. Establishes operating structures
    • 業務構造を確立する
  3. Defines desired culture
    • 望ましいカルチャーを定義づける
  4. Demonstrates commitment to core values
    • コアバリューに対するコミットメントを表明する
  5. Attracts, develops, and retains capable individuals (employees)
    • 有能な人材(従業員)を惹き付け、養成し、維持する

2. Strategy & Objective-Setting 戦略と目標設定

  1. Analyzes business context
    • 事業環境を分析する
  2. Defines risk appetite
    • リスク選好を定める
  3. Evaluates alternative strategies
    • 代替戦略を評価する
  4. Formulates business objectives
    • 事業目標を組み立てる

3. Performance パフォーマンス

  1. Identifies risks
    • リスクを特定する
  2. Assesses severity of risk
    • リスクの重大性を評価する
  3. Prioritizes risks
    • リスクの優先順位付けをする
  4. Implements risk responses
    • リスク対応策を実施する
  5. Develops portfolio view
    • ポートフォリオの視点を策定する

4. Review & Revision レビューと修正

  1. Assesses substantial change
    • 重大な変化を評価する
  2. Reviews risk and performance
    • リスクとパフォーマンスをレビューする
  3. Pursues improvementin enterprise risk management
    • ERMの改善追求する

5. Information, Communication, and Reporting (Ongoing) (日常的)情報、伝達、報告

  1. Leverages information and technology
    • 情報テクノロジーを活用する
  2. Communicationsrisk information
    • リスク情報を伝達する
  3. Reports on risk culture, and performance
    • リスク、カルチャー、パフォーマンスについて報告する

20の原則 条項

1. Governance & Culture ガバナンスとカルチャー

  1. Exercises board risk oversight
    • The board of directors provides oversight of the strategy and carries out governance responsibilities to support management in achieving its strategy and business objectives.
  2. Establishes operating structures
    • The organization establishes operating structures in the pursuit of strategy and business objectives.
  3. Defines desired culture
    • The organization defines the desired behaviors that characterize the entity’s desired culture.
  4. Demonstrates commitment to core values
    • The organization demonstrates a commitment to the entity’s core value.
  5. Attracts, develops, and retains capable individuals (employees)
    • The organization is committed to building human capital in alignment with the strategy and business objectives.

2. Strategy & Objective-Setting 戦略と目標設定

  1. Analyzes business context
    • The organization considers potential effects of business context on risk profile.
  2. Defines risk appetite
    • The organization defines risk appetite in the context of creating, preserving, and realizing value.
  3. Evaluates alternative strategies
    • The organization evaluates alternative strategies and potential impact on risk profile.
  4. Formulates business objectives
    • The organization considers risk while establishing the business objectives at various levels that align with and support strategy.

3. Performance パフォーマンス

  1. Identifies risks
    • The organization identifies risks and risk events that can impact the performance or strategy and business objectives.
  2. Assesses severity of risk
    • The organization assesses the severity of risk.
  3. Prioritizes risks
    • The organization prioritizes risks as a basis for selecting responses to risks.
  4. Implements risk responses
    • The organization evaluates alternative strategies and potential impact on risk profile.
  5. Develops portfolio view
    • The organization develops and evaluates a portfolio view of risk.

4. Review & Revision レビューと修正

  1. Assesses substantial change
    • The organization identifies and assesses changes that may substantially affect strategy and business objectives.
  2. Reviews risk and performance
    • The organization reviews entity performance and considers risk.
  3. Pursues improvement in enterprise risk management
    • The organization pursues improvement of enterprise risk management.

5. Information, Communication, and Reporting (Ongoing) (日常的)情報、伝達、報告

  1. Leverages information and technology
    • The organization leverages the entity’s information and technology systems to support enterprise risk.
  2. Communications risk information
    • The organization uses communication channels to support enterprise risk management.
  3. Reports on risk culture, and performance
    • The organization reports on risk, culture, and performance at multiple levels and across the entity.
Welcome to COSO
COSO is a joint initiative of five private sector organizations dedicated to providing thought leadership through the development of frameworks and guidance on ...

コメント