8 principles for op risk mgt framework :
- definition and approval
- internal audit scrutiny
- formulation and implementation
- assessment and identification
- monitoring and reporting
- control and review policies
- contingency strategies
- public disclosure
- roles and responsibilities across managers and fuctional areas must be identified
- dependencies among various functional units must be recognized
- a list of key op risk events and preventive controls must be developed
- objective :
- establish requirements for internal control over financial reporting
- requirements
- 製訂確保財務報表可靠性的流程
- 要將內控如何有效產生可靠的財務報表評估放入年報中
- 在年報中揭露內控虛的地方
- 關於內控效度需要在年報出示 auditor 的認證報告
- 整合管理階層內控評估報告及 auditor 的確認報告於年報中
- 6 implication
- assessment mechanism
- control design
- design testing
- testing methods
- fraud disclosure
- control shortcomings disclosure
- SOX vs. Basel II
- SOX : not mentioned anything spcifically about op risks
- Basel II : not state about financial reporting
- 清楚描述工作和職責
- 提供額外資訊的說明文件
- 列出 specific expectations about achievements on implementation of control standards
- identify 重要的 indicator 提供早期的 warning sign
沒有留言:
張貼留言