Академический Документы
Профессиональный Документы
Культура Документы
GOVERNANCE
- The Institute of Internal Auditors (IIA) defines Governance as, “the system
by which organizations are directed and controlled. It includes the rules and
procedures for making decisions on corporate affairs to ensure success while
maintaining the right balance with the stakeholders’ interest.
1.) Governance begins with the Board of Directors and its committees.
2.) The Board must understand and focus on the needs of the key
stakeholders.
3.) Day-to-day governance is executed by management of the
organization.
4.) Internal and external auditors provide management and the board
with assurances regarding effectiveness of governance activities.
3.) Ensure that the board has sufficient authority, funding, and resources
4.) Create an organizational structure that supports enterprise in achieving
its strategy.
ENTERPRISE RISK MANAGEMENT
- as defined by the Institute of Internal Auditors (IIA), “is a process to
identify, assess, manage and control potential events or situations to provide
reasonable assurance regarding the achievement of its objectives.”
8 COMPONENTS OF ERM:
1.) Internal Environment – similar to the control environment of one of the
control components, it encompasses the tone of the organization, and sets basis
for how risk is viewed and addressed by the organization’s people, including risk
management philosophy and risk appetite, and integrity, and ethical values.
• Risk Appetite – is the amount of risk an organization is willing to
accept to achieve its goals.
• Risk Tolerance – is the acceptable variation with respect to the
objectives.
2.) Objective Setting – the organization sets forth in broad terms what the
organization aspires to achieve. Objectives may be divided into three
categories: operations objectives, reporting objectives and compliance
objectives.
d. Interviews
e. Process flow analysis
C. Sharing
D. Acceptance
6.) Control Activities – policies and procedures that are established and
implemented to help ensure the risk response are effectively carried out.
-End-