近年來,由於企業弊案與作業風險事件層出不窮,嚴重打擊投資人信心,造成社會經濟動盪。全球各主要國家及國際組織為撥亂反正,紛紛推行各項法令與風險管理準則,要求企業強化公司治理與風險管理機制,使得企業風險管理(ERM)實務日受重視。 企業風險管理雖有助企業營運,然實際建制成功之案例尚在少數。由於推行效益不易評估、投入成本過高、組織成員觀念錯誤、業務掛帥及高層敷衍心態,使得原本立意良善之機制,無法完全展現效益,再加上相關準則內容過於抽象冗長,不易轉換成簡單明瞭之實際步驟,使得企業風險管理推動成效不佳。 金融機構因性質特殊,在監理機關推動下,早即投入各項風險管理機制之建立。除市場及信用風險管理技術已臻成熟外,作業風險管理實務亦日趨完善。故此,本研究擬藉金融機構作業風險管理實務,探討企業風險管理內容與精神,期有助一般企業推動相關機制。 本研究分為兩個主要部份。首先,針對四種國際知名之風險管理準則,說明主要特性並比較異同,藉以說明企業風險管理流程所涵蓋之項目與內容,協助一般企業了解企業風險管理之精神。其次,說明金融機構作業風險管理機制與架構,以自我評估(RCSA)及損失資料收集作為個案研討,逐一說明作業風險管理流程實際步驟、各項工作過程中之挑戰與實益,作為推動企業風險管理之參考。 本研究主要係藉由各項準則與文獻資料歸納分析,並以實際案例闡述企業風險管理之實際步驟。研究結果發現: 一、本研究所示四種風險管理準則之定義或有不同,然其實際流程並無太大差異,主要為風險辨識、風險評估、風險回應與監督陳報。四者皆以風險辨識為首要工作。金融機構作業風險管理與企業風險管理所強調之精神與實質內容相同。 二、金融機構作業風險管理實務具有實益,可以系統化方法,改善作業流程、協助管理階層掌握風險概況、提升風險管理文化。 三、一般企業可仿效金融機構採行系統化風險管理流程,在日常作業、專案推行及營運決策中分析各項風險,以採行控制措施,將企業風險管理融入營運流程,促進企業永續發展。
A Study of the Enterprise Risk Management from the Financial Institution’s Operational Risk Management Practices The recent rash of business scandals and fraudulent operational events have seriously worn down investors’ confidence and wreaked dreadful havoc to the social and economic system. In order to reform these abuses, the global leading countries and international organizations have legislated laws and risk management regulations to require enterprises to enhance corporate governance and risk management mechanism, which made the enterprise risk management (ERM) practices more important than ever. Though ERM is conducive to the business operation, cases of successful implementation are still very few. Because of the non-calculable benefit, high initial investment, misunderstanding to the general ERM concept, business-oriented mentality and top management’s indifferent attitude, this well designed mechanism has not yet fully shown its true effect. Furthermore, the abstract and tedious contents of related ERM guidelines are not easily translated into practical steps, making ERM less efficient than it has to be. Financial institutions, on the other hand, have been actively engaged into the establishment of risk management processes under Supervisor’s close watch. In addition to the market and credit risk processes, the operational risk management (ORM) skill is also gaining ground gradually. In the this regard, this paper tries to discuss the essence and contents of ERM by introducing financial institutions’ practical ORM processes in an effort to assist enterprises to implement the ERM mechanism with ease. This paper consists of two parts. First, it describes and makes comparisons of the characteristics of four major international risk management guidelines namely, Basel II, COSO ERM, AS/NZS 4360 and Canadian IRMF, so as to elaborate the items and contents that ERM covers. Secondly, it illustrates financial institutions’ ORM structure and mechanism by using Risk Control Self Assessment (RCSA) and Loss data collection as case studies to explain in details the relevant steps, challenges and real benefits as references for the enterprises while planning to implement the ERM. The major findings of this paper are as followed: 1. The definitions and contents of the above mentioned risk management guidelines might differ, however, the practical processes are much the same, which are basically risk identification, risk assessment, risk response and monitor/report. All four Guidelines take risk identification as the first step. The essence and contents of ORM of the financial institutions and ERM are also much the same. 2. The ORM practices undertaken by financial institutions are proved to be beneficial, which are able to systematically improve operational processes, assist top management to get a grip of the risk profile and enhance risk culture. 3. The enterprises can follow financial institutions’ ORM for the ERM processes to analyze various risks in their daily works, project implementation and operational decisions to adopt control measures and incorporate risk management into the on-going operational processes.