Professional Documents
Culture Documents
แนวทาง กรอบการบริหารความเสี่ยงทั่วทั้งองค์กร
แนวทาง กรอบการบริหารความเสี่ยงทั่วทั้งองค์กร
com/author/admin/page/25/
8 COSO
ERM
ERM
8
ERM 8
ERM
ERM ERM
ERM ERM
ERM
ERM
ERM
(Internal Environment)
ERM 8 COSO
!
Healthcare IT Security
15th, 2009 Metha Suvanasarn
( Segregration of duty )
500
Healthcare IT Security
Virginia
Eletronic Medical Record
Virginia
35
Backup Files 8.5
10 7
30 2552
Virginia (www.dhp.virginia.gov ) ( 9 .. 2552 )
1.
( Backup Files Off Site
Backup )
2.
Cyber Crime Cyber Terrorism
8
3.
Identiy Theft
(
2
)
4. Virginia
5.
Compromised
6.
7.
Virginia
10
ITG
()
Performance Measurement
IT Governance
. .
ITG
IT Risk
Business Risk
IT Risk
Impact Business Process
IT
COSO ERM
S O F C
(word)
Article
ITG
GRC_Value Creation
CG ITG
4 5
4 :
1.
3
///
2.
) / /
(
/
3.
(Value Enhancement)
3.1
3.2 /
(Growth, Return)
/ /
/
(Value Creation)
(Learning Organization)
3.3
)
( /
4.
-
-
/
-
5.
6.
6.1
IT
6.1.1
(Off-Site Back Up)
6.1.2
(IT Security Room)
BS/EN1047-2 COBIT
.
(Recovery Time : t0 t1
(Recovery Point)
. IT Security Room (EN 1047-2)
(Recovery Time: t0 t1)
-
(Recovery Point)
- Critical Infrastructure
2) 2549
(
/Critical Infrastructure
4 (
)
/Critical Infrastructure
3.95 (
)
BCM
( IT, IT
Related Non IT
)
6.2
IT
IT (IT Strategy Committee)
6.3 IT
IT
6.4 e-DOC (Electronic Department Operation Center)
S-O-F-C
7.
-
(
1
/
)
-
-
( =
)
x
Strategic Risk /Operational Risk/ Financial Risk
Compliance Risk (S-O-F-C)
(Key Risk Indicators : KRI) 2550
-
KRI
/ KRI
()
15th, 2009 Metha Suvanasarn
.
400
Mornitor
Operation
Risk
People, Process Technology Compliance Risk
Business Process Business Objective
ISO 27001
COBIT IT Governance
Corporate Governance
COSO ERM
Business Process
Business Model
COSO ERM
IT Non IT
Scenario
(Root Cause)
(Business Process) (Technology)
(People)
- Poor Security & Reporting
- Poor Management Control
7
- Poor Financial Transparency
IT Investments
ITG
COBIT IT Security
- Fraud
Business Process Business Objective
Internal Control
Risk
Management Internal Audit Risk Based Audit Instinct
IT Audit Non IT Audit
Non IT
Impact IT Risk
Business Risk
IT Audit Non IT Audit
2
IT Risk
(ERM Enterprise Risk
COSO
Management)
8
1.
2.
ERM
/
3.
4.
5.
6.
7.
8. ERM
ERM
8 ERM
ERM 8
ERM 3
ERM
- 4
- 8
-
3
. IT Governance
CG ITG + GRC
1
2 3 4
COSO ERM
COSO ERM v2.
8
8
COSO ERM
CG ITG
3 5
3 :
1.
2
2.
()
(Risk Appetite)
(Risk Tolerance)
Risk Appetite/Risk Tolerance
Strategic Risk /Operational Risk/ Financial Risk Compliance Risk (S-O-F-C)
Risk Appetite Risk Tolerance
/ /
3.
3.1 /
(
)
(
)
3.2 /
- /
-
-
/
(Workshop)
(Integration)
4.
// //
4.1
4.2
(
Risk Map )
Risk Map
2550
5.
5.1 IT ITG
5.2
IT
-
One Stop Service
-
5.3
IT
5.4 (Charter)
IT
5.5 e-DOC (Electronic Department Operation Center)
6.
-
(
1
/
)
-
-
( =
)
x
Strategic Risk /Operational Risk/ Financial Risk
Compliance Risk (S-O-F-C)
(Key Risk Indicators : KRI) 2550
-
KRI
/ KRI
12th, 2009 Metha Suvanasarn
.
1. COSO 1.
IT
(Exposure)
2. CSA 1.
Scenario
(Technology)
(Process)
3 )
)
)
3.
Online
10 30
2 4
4. .
2
3.
.
Suspense Account
Conseptual Flow Processing Flow Data Flow Activity
Flow
Computer Control
Manual Control
Override
5.
Suspense Account Sundry
Account
COSO ERM
Risk Appetite Risk
Tolerance
Suspense Account
Suspense Account
Suspense Account
Sundry Account
(Embed) Code
6.
5.
IT Non IT
Suspense Account
Mind
Map (Audit Instinct)
PPT
People Risk + Process Risk + Technology Risk
Compliance Risk
?
Risk Appetite
Risk Appetite
Stakeholders
(Process Risk) System Risk
Suspense Account
IT Governance
9th, 2009 Metha Suvanasarn
IT Governance
IT
Intangible Assets
Tangible Assets
IT Governance
IT Governance
.
IT Governance
Corporate Governance
.
5
1
/
3
///
5
(Value
Creation)
4
update
US
Excalibur
Metal Storm
IT Security
COSO ERM
Strategic
Risk S, Operational Risk O, Financial / Reporting Risk F, Compliance Risk C
Data & Information
COBIT 7
CG
Fighter Bomber
Society Generale
. Audit Risk
9th, 2009 Metha Suvanasarn
400 .
Society Generale SG
FSA
CSA
11. .
11.1 .
.
11.2 .
Reconciliations
12. .
12.1
. Front office , Back office Risk Management
Custodians / Nostro account / Broker .
12.2
Confirmations
13. .
(Confirmation)
(Unconfirmed trade)
Outstanding
14. .
confirmation
14.1 .
Position
.
. . (Track)
Outstanding confirmation
Service level agreement
14.2 . Confirmation Back office . Back office
( Front office)
14.3 .
Confirmation
Margin
15.1
Margin
.
Margin
Margin
Position
15.2 .
Gross Net cash-flow
Net cashflow
Net cash-flow
Offset Unrealized gain/loss
Unmargined/Uncollaterized gain/loss
Segregation of duties and IT security
16. .
Access control
17. .
User
.
17.1 . IT security Access control
User
(Makerchecker)
.
3
Front office, Middle office Back office
17.2
Password Password
User
Password Lock
Password
Front office Back office .
Password Password
Gap Analysis
COSO
ERM FSA
FSA
Risk Appetite Risk Tolerance