董事會責(zé)任內(nèi)部控制與風(fēng)險管理

1、Board responsibility for internal control and risk managementby Kiattisak JelatianranatChairman, The Institute of Internal Auditors of ThailandDirector, PricewaterhouseCoopers 1pwc2nd Asian Roundtable on Corporate GovernanceResponsibility VS Accountability Responsibility What, and Who will do ? Acco

2、untability How, and For whom ?. Both need independence and objectivityKiattisak Jelatianranatpwc 231 May 20002nd Asian Roundtable on Corporate GovernanceBalanced Scorecard in Corporate Governancepwc Financial & non-financial information. Equitable Treatment of stakeholders. Combination of Laggin

3、g and Leading Information. Alignment of short-term objectivesKiattisak Jelatianranat 331 May 20002nd Asian Roundtable on Corporate GovernanceBalanced Responsibility legal & moralpwc Create strategic vision Select CEO & Senior management Establish strategic, accountable information Independen

4、t, objective and competent oversight of day-to-day operationsBoard “core” responsibilities.Kiattisak Jelatianranat 431 May 20002nd Asian Roundtable on Corporate GovernanceBoard Effectivenesspwc Corporate governance framework Risk management system Internal control system Auditing xx Board initiative

5、 & Ownership of : x x Selection of CEO & senior management x x Oversight of CEO & senior management to establish Accounting system MIS Compliance program Operating systemsKiattisak Jelatianranat 531 May 20002nd Asian Roundtable on Corporate GovernanceWhy corporate governance matters ?pwc

6、 Effective governance, and Proper communication with your stakeholdersSustainable GrowthPleasant Working EnvironmentSubstanceFormSpiritKiattisak Jelatianranat 631 May 20002nd Asian Roundtable on Corporate GovernanceSearching for the upside of risk managementpwcValue Chain VS RiskOpportunityUncertain

7、tyHarzardRisk is any issue which could impact your ability to meet your objectivesbase-lineEnhancementPreservationPreventionKiattisak Jelatianranat 731 May 20002nd Asian Roundtable on Corporate GovernanceRisk .pwc Risk Assessment- Identify- Measure- Prioritize Risk Management- Assess adequacy of exi

8、sting controls- Develop a control improvement plan- Create a continuous program for objectives, risk and control assessmentKiattisak Jelatianranat 831 May 20002nd Asian Roundtable on Corporate GovernanceRisk Management Action OptionspwcKiattisak Jelatianranat 931 May 20002nd Asian Roundtable on Corp

9、orate GovernanceFix ControlsRe-Engineer ProcessTrainingsTransfer Risk (Insurance)Outsource the FunctionDo nothing-BetWell-controlled Organizationspwc Key attributes of a well-controlled organization include :# 1. Leadership of Board# 2. Translation of strategic vision to day-to-day management# 3. Co

10、mmunication of objectives & values to all levels# 4. Individual accountability# 5. Risk management system# 6. Human resources reinforcement# 7. Independent, objective and competent oversightKiattisak Jelatianranat 1031 May 20002nd Asian Roundtable on Corporate GovernanceRisk & Control : The

11、twin systemspwc Define strategic risk Articulate risk philosophy Define values and behavioral expectations Assess risk Manage risk Assess existing controls Select control model Continuous communication Continuous program for ORC Develop a control improvement plan Operations are dynamic and evolving.

12、Communications & AuditAlignmentControlRiskObjectiveKiattisak Jelatianranat 1131 May 20002nd Asian Roundtable on Corporate GovernanceComplexity of Value chain.pwc A board must have the capability to respond to and manage changes. “Risk Management” and “Business Control” are the first thing for an

13、y board consideration. Kiattisak Jelatianranat 1231 May 20002nd Asian Roundtable on Corporate GovernanceInternal Control Learned in Real Worldpwc Focus on “Soft Control” in assessing all of COSOs “Five Components” and “Three Objectives”. Soft Controls are subjective in nature, thus self-assessment i

14、s crucial for success. Implementation as an integral cultural change. Internal Control training is a “must”. Tailor practices to an organization to assure the surpassing expected benefits from the implementation. Kiattisak Jelatianranat 1331 May 20002nd Asian Roundtable on Corporate GovernanceCOSOs

15、Internal Control Definitionpwcis a process, effected by an entitys people (board of directors, management, and other personnel), designed to provide reasonable assurance regarding the achievement of objectives in the following categories : Effectiveness and efficiency of operations Reliability of fi

16、nancial reporting Compliance with applicable laws and regulationsKiattisak Jelatianranat 1431 May 20002nd Asian Roundtable on Corporate GovernanceControl Realitypwc Focus on people and process, not merely policy manuals and forms Require dynamic and interactive evaluation techniques. Verifying compl

17、iance with policies and procedures is not sufficient Kiattisak Jelatianranat 1531 May 20002nd Asian Roundtable on Corporate GovernanceFive Components of COSOs Control Frameworkpwc Kiattisak Jelatianranat Control Environment: The Foundation on which everything rests. Risk Assessment: Aware of and dea

18、l with the risks it faces. Control Activities: Actions identified by management as necessary to address risks to achievement of objectives. Information & Communication: People to capture and exchange the information needed to conduct, manage and control operations. Monitoring: React dynamically,

19、 changing as condition warrant. 1631 May 2000From Backroom To Board Roompwc Kiattisak JelatianranatOrganizations in the 21st Century must move internal control issues from their “Backroom” (Operating Level) to “Board Room” (the strategic level) 1731 May 20002nd Asian Roundtable on Corporate Governan

20、ceInternal Audit Paradigm Shiftpwc Kiattisak JelatianranatToday internal auditors are management partners and consultants to add values to the organization. . No longer as a watch dog or a policeman 1831 May 20002nd Asian Roundtable on Corporate GovernanceInternal Auditing Definitionpwc Kiattisak Je

21、latianranat Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organizations operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing is an independent appraisal function established within an organization to examine and evaluate its objectives as a service to the orga