公司治理概論與實(shí)務(wù)課件

勤業(yè)眾信會(huì)計(jì)師事務(wù)所企業(yè)風(fēng)險(xiǎn)管理組蘇啟中經(jīng)理

Agenda公司治理概論公司治理實(shí)務(wù)Q&A公司治理概論公司治理的源起公司治理概念興起(1970)金融危機(jī)發(fā)生(1997) 經(jīng)濟(jì)合作暨開發(fā)組織部長(zhǎng)級(jí)會(huì)議揭示(1998)安(恩)隆會(huì)計(jì)交易醜聞(2001)

全錄及默克會(huì)計(jì)交易醜聞(2002)臺(tái)灣也陸續(xù)發(fā)生會(huì)計(jì)交易醜聞，如國際票券(交易員挪用資金)東隆五金(高階經(jīng)理人挪用資金)太平洋電線電纜(關(guān)係人交易)博達(dá)、訊碟及皇統(tǒng)…等公司治理的原則保障股東權(quán)益強(qiáng)化董事會(huì)職能提升資訊透明度遵循相關(guān)法規(guī)發(fā)揮監(jiān)察人功能尊重利害關(guān)係人權(quán)益公司治理原則內(nèi)涵 遵循相關(guān)法規(guī)公司法證券交易法公開發(fā)行公司建立內(nèi)部控制制度…等

保障股東權(quán)益鼓勵(lì)股東參與公司治理公司與關(guān)係企業(yè)間公司治理關(guān)係強(qiáng)化董事會(huì)職能董事會(huì)結(jié)構(gòu)獨(dú)立董事制度審計(jì)委員會(huì)及其他專門委員會(huì)董事會(huì)議事規(guī)則及決策程序董事之忠實(shí)注意義務(wù)與責(zé)任 公司治理實(shí)務(wù)

企業(yè)公司治理架構(gòu)企業(yè)風(fēng)險(xiǎn)管理建立以風(fēng)險(xiǎn)為基礎(chǔ)之內(nèi)部稽核機(jī)制建立及改善公司治理架構(gòu)完善的公司治理機(jī)制公司治理的架構(gòu)內(nèi)容包括:總則董事會(huì)監(jiān)察人風(fēng)險(xiǎn)管理內(nèi)部稽核股東會(huì)關(guān)係企業(yè)利害關(guān)係人資訊掲露及透明度建立公司治理相關(guān)政策及程序企業(yè)風(fēng)險(xiǎn)管理步驟企業(yè)營(yíng)運(yùn)流程風(fēng)險(xiǎn)企業(yè)的目標(biāo)策略哪些事項(xiàng)可能出錯(cuò)或需要保護(hù)?公司優(yōu)化風(fēng)險(xiǎn)及管理風(fēng)險(xiǎn)之程序有哪些：公司的風(fēng)險(xiǎn)在哪裡？公司能承受多少風(fēng)險(xiǎn)？公司想要承受多少風(fēng)險(xiǎn)(風(fēng)險(xiǎn)的偏好）？我們可接受風(fēng)險(xiǎn)程度為何?企業(yè)風(fēng)險(xiǎn)管理程序公司治理導(dǎo)入公司治理稽核規(guī)劃公司治理體系建置風(fēng)險(xiǎn)辨識(shí)公司策略及現(xiàn)況評(píng)估風(fēng)險(xiǎn)管理矩陣中度發(fā)生之可能性不太可能極不可能微小中度重大具毀滅性影響之重大性1a2a5aCCC幾乎確定2b3b4a1b2b1a重大的高中低=總風(fēng)險(xiǎn)=剩餘風(fēng)險(xiǎn)總風(fēng)險(xiǎn)水準(zhǔn)可能讓企業(yè)整體目標(biāo)及流程目標(biāo)無法達(dá)成之因素剩餘風(fēng)險(xiǎn)水準(zhǔn)在考慮適當(dāng)且有效之控制後，剩餘之風(fēng)險(xiǎn)水準(zhǔn)MMLLLHMCMHLMM1b4a3a3b6a2a6a企業(yè)風(fēng)險(xiǎn)管理需考量之事項(xiàng)ManagementManagementManagementMonitoringRiskManagementRiskManagementComplianceComplianceIncidentResponseIncidentResponseLogging&ReportingLogging&ReportingAdministrationPolicies&StandardsPolicies&StandardsClassification&ControlClassification&ControlSystemsPlanningSystemsPlanningConfigurationManagementConfigurationManagementDevelopment&MaintenanceDevelopment&MaintenanceProceduresProceduresOrganizationThird-PartyAccessThird-PartyAccessTraining&AwarenessTraining&AwarenessRoles&ResponsibilityRoles&ResponsibilityPersonnelPersonnelInfrastructureInfrastructureInfrastructureIntegrityInfrastructureIntegrityInfrastructureIntegrityAvailabilityRedundancyRedundancyBackupBackupContinuityContinuityRecoveryRecoveryConfigurationSegmentationSegmentationNetworkDevicesNetworkDevicesOperatingSystemsOperatingSystemsProtectionPhysicalPhysicalIntrusion/MisuseIntrusion/MisuseContentContentVirusVirusEnvironmentAccessEnvironmentAccessEnvironmentAccessPerimeterNetworkInternalNetworkApplicationFacilityInternetInternetWirelessWirelessExtranetExtranetDial-UpDial-UpWorkstationWorkstationLANLANServersServersWANWANWeb/eMailWeb/eMailMiddlewareMiddlewareEnterpriseEnterpriseDatabaseDatabaseAreasAreasEquipmentEquipmentMediaMediaAccessControlAccessControlAccessControlSecureCommunicationsConfidentialityConfidentialityReliableTransactionsAccountabilityAccountabilityNon-RepudiationNon-RepudiationIntegrityIntegrityValidatedAccessAdministrationAdministrationAuthenticationAuthenticationAuthorizationAuthorizationManagementManagementManagementMonitoringRiskManagementComplianceIncidentResponseLogging&ReportingAdministrationPolicies&StandardsClassification&ControlSystemsPlanningConfigurationManagementDevelopment&MaintenanceProceduresOrganizationThird-PartyAccessTraining&AwarenessRoles&ResponsibilityPersonnelInfrastructure

InfrastructureIntegrityInfrastructure/ResourceInfrastructureEnvironmentRedundancyBackupContinuityRecoveryHumanResourceSegmentationNetworkDevicesOperatingSystemsFinancialPhysicalIntrusion/MisuseContentVirusEnvironmentAccessCoreProcessCoreProcessSupportInter-ControlInter-AuditInternetWirelessExtranetDial-UpWorkstationLANServersWANWeb/eMailMiddlewareEnterpriseDatabaseAreasEquipmentMediaAcc