การบริหารความเสี่ยงองค์กรตามกรอบ COSO-ERM: กรณีศึกษา บริษัทประเมินมูลค่าทรัพย์สิน / นันทิยา นันทนวิจิตร=An Enterprise Risk Management Based on COSO ERM Framework: A Case Study of Property Appraisal Company
The objective of this independent study is to analyze and assess Enterprise Risk Management of a property appraisal company based on COSO ERM 2004 framework. The framework consists of 8 components which are Internal Environment, Objective Setting, Event Identification, Risk Assessment, Risk Response, Control Activities, Information and Communication, and Monitoring in order to achieve the 4 Enterprise Risk Management objectives including Strategic, Operation, Reporting and Compliance. In this independent study, the author collected the information from the in-depth interview with Managing Director and related personnel, and the observation of the working operation and documentation to identify and assess risks, as well as preparing the risk management plans and suggest the additional control activities to mitigate the risks. The independent study indicated that Internal environment could enhance the company’s business objectives and covered 4 Enterprise Risk Management Objectives. There are 15 risks identified, which are 4 strategic risks, 8 operational risks, 1 financial risk and 2 compliance risks. The adequacy of existing control activities had been assessed for all identified risks. From the risk assessment and prioritization, it is found that there is no highest-level risk, 3 high-level risks, 3 medium-level risks, 6 low-level risks, and 3 lowest-level risks. Therefore, the two risk management plans have been created for high-level risks, the additional control activities have been created for medium-level risk. Moreover, the low-level and lowest-level risk is the acceptable risk level which the company can accept and well managed.