2008 12 Page - 1 -
COSO Page - 2 -
Abstract By analyzing the concept of Risk Management, demonstrating the global representative framework of Enterprise Risk Management, considering the requirement of Sarbanes-Oxley Act (SOX) and China's State Council "Direction" ( ), the article designed a standard constructing process of building up the Risk Management framework for modern enterprises. It also helps enterprises to identify the cause of the great loss brought to them, and narrates in detail how to control and manage those risks in practice. At the same time when enterprises take up the framework of risk management, Modern Internal Audit becomes an indivisible part of it. By illustrating the concept of Internal Audit and the relationship between internal audit and Risk Management, this article emphasizes the responsibility and great function have been taken by internal audit in modern Enterprise Risk Management. The author summarizes the insufficient application of Risk Management and Internal Audit in our country when compared with that in Global. Finally, with the detail analysis of the case of "BaoSteel Development Ltd,.Co" ( ) to approve the effectiveness of the method to build up the risk management framework, the author assumes and appeals for a further development of Risk Management and Internal Audit in the China's further. [Key words] Risk Risk Management Sarbanes-Oxley Act Management Framework Internal audit Enterprise Risk Page - 3 -
... - 6-1.1... - 6-1.2... - 6-1.3... - 7-1.4... - 7 -... - 9-2.1... - 9-2.2... - 9-2.3... - 10-2.4... - 11-2.5... - 12-2.5.1... - 13-2.5.2... - 14 -... - 16-3.1... - 16-3.2... - 18 -... - 20-4.1 COSO ERM... - 20-4.2 ERM... - 22-4.3... - 24-4.4... - 26 -... - 28-5.1... - 28-5.2... - 29-5.3... - 30-5.4... - 32-5.4.1... - 33-5.4.2... - 34-5.4.3... - 35 - Page - 4 -
5.4.4... - 36-5.4.5... - 37-5.4.6... - 38-5.4.7... - 38-5.5... - 39 -... - 41-6.1... - 41-6.2... - 42-6.3... - 43-6.4... - 45 -... - 51-7.1... - 51-7.2... - 51-7.3... - 52-7.4... - 53-7.4.1... - 53-7.4.2... - 54-7.4.3... - 55-7.4.4... - 55-7.4.5... - 56-7.4.6... - 57-7.4.7... - 58 -... - 59 -... - 60 - Page - 5 -
ERM SOX 1 COSO, COSO Enterprise Risk Management-Integrated Framework 2004 Page - 6 -
COSO Page - 7 -
2 16 2005 5 Page - 8 -
risk 3 uncertainty 1. 2. 3. 4 Risk 3 1976 G.&.C.MERRIAM COMPANY.PUBLISHERS SPRINGFIELD.MASSACHUSETTS.U.S.A. Page - 9 -
/ Page - 10 -
5 PWC 6 Deloitte 7 COSO Committee of Sponsoring Organizations of the Treadway Commission ERM / Australian/New Zealand Standard 5. (Henri Fayol 1841 1925) 6 7 Page - 11 -
IIA Page - 12 -
1) 2) 3) 8 http://www.chinaacc.com/new/2004_6/4060809335172.htm Page - 13 -
2) 3) 4) 9 L.B.Sawyer, The Practice of Modern Internal Auditing ( ) 1990 Page - 14 -
Page - 15 -
1000 500 2001 6.4 ( ) 5 1997 5 14 Page - 16 -