《KPMG给某制造业公司做的风险管理指导书Risk Management Guide (NXPowerLite).doc》由会员分享,可在线阅读,更多相关《KPMG给某制造业公司做的风险管理指导书Risk Management Guide (NXPowerLite).doc(10页珍藏版)》请在三一办公上搜索。
1、Risk Management Guideline Siemens Limited ChinaOverviewAppendix AA1) Z-Circular “Risk Management in the company” (Z CR 20/99)A2) Siemens Risk Policy PrinciplesAppendix BTools for risk identification and risk evaluation1. Siemens Risk Categorization- Siemens risk categorization- Risk definitions2. Ri
2、sk questionnaire- Siemens risk questionnaire3. Risk workshop methodologyAppendix CRisk Reporting of Regional CompaniesAppendix AA1) Z-Circular “Risk Management in the company” (Z CR 20/99)A2) Siemens Risk Policy Principles Appendix BTools for risk identification and risk evaluation1. Siemens Risk Ca
3、tegorization The basis for risk identification is a company-wide risk categorization model. This ensures that all known entrepreneurial risks can be taken into consideration and that the same systematic approach is used within the whole company. This improves risk communication and at the same time
4、allows the identification of possible cumulative effects between different business units.This standard risk categorization model is sufficiently generic to accommodate the diverse businesses within the Siemens Group. It is used as a template for developing specific risk categorization models to fit
5、 the precise nature of the individual business units and the environment in which they operate. When modifying the standard risk categorization, the risk categories and the general structure of the risk types (including the numbering) should not be changed, but risks can be added. The modifications
6、should be carried out at Group or Company level and not individually for every business unit in order to allow an encompassing risk analysis.The Siemens risk categorization model and definitions for the risk types included are explained below. - Siemens risk categorization- Risk definitionsUpdates c
7、an be obtained from the Corporate Risk Management Homepage: https:/intranet.cf.siemens.de/SAPPortal/2. Risk questionnaireThe evaluation of risks and risk handling measures can be supported using a risk questionnaire which is based on the Siemens risk categorization model. The standard questionnaire
8、is not supposed to be understood as a comprehensive check list which includes all potential risks but as a guide to identifying risks. Before the questionnaire is used, it should therefore be established whether it is suitable for the particular business or if Group or Company specific modifications
9、 need to be carried out. Risk evaluation by means of risk questionnaires is carried out using the criteria of impact and probability (before and after risk handling measures) as well as the degree of implementation/the effectiveness of the measures / specific systems for risk handling. Along with th
10、e evaluation, all essential risks should be described for the specific business and also existing/planned measures should be described.Risks are evaluated both before and after risk handling measures. The evaluation of risks before measures identifies the generic risk situation of the business unit
11、and thus helps to prioritize areas on which risk measures need to focus. The evaluation of risks after measures shows whether the risk position of the business unit - taking measures into account - is acceptable or whether additional or different measures are necessary.To simplify the evaluation, im
12、pact, probability and degree of implementation are rated on a scale of 1-5. These scales represent quantitative ranges and ensure comparability between different business units (e.g. Divisions of a Group).The scale 1-5 reflects the following standard ranges for impact (in EUR), probability and degre
13、e of implementation/effectiveness. ImpactProbabilityDegree of implementation/ effectiveness1 50 EUR60 - 100%Very high80 - 100%The ranges for the probability and degree of implementation/effectiveness should not be changed but the impact in EUR has to be adjusted according to the size of the business
14、 unit in order to ensure comparability. The risks should be evaluated in a differentiated way which encompasses the whole scale.The ranges for the impact in EUR should be set in such a way that the different business units of an organizational unit (e.g. Divisions within a Group) can be summarized i
15、nto a Group risk portfolio for risk reporting. Evaluating risks and risk handling measures by means of scales and ranges helps to simplify the risk assessment and risk analysis. However, for risk reporting, the essential risks (in particular the financial impact) should be quantified in more detail
16、and split up into fiscal years.Example of evaluation conceptThe procedure for evaluating risks and risk handling measures can be illustrated as follows:It is assumed that a Division receives an important part from one supplier only (risk type: dependency risk). The deliveries are made in a just-in-t
17、ime concept without stocking. If the supplier fails to deliver, the production comes to a halt within one day. If the supplier fails temporarily or permanently, new suppliers have to identified and contracts have to be concluded, which will take around four weeks. The sales impact of a four-week pro
18、duction stop is estimated to be 160 EUR. The damage caused by supplier failure (impact before risk handling measures) can now be estimated by multiplying the sales volume with the average gross margin of e.g. 25%. Thus the impact on EBIT of this risk can be estimated by multiplying the expected sale
19、s loss with the gross margin: Sales loss of 4 weeks 160 EUR * 25% = 40 EUR impact on EBIT. According to the above mentioned standard evaluation scales, the impact before risk handling measures would be rated as 4.There is a long term relationship with the supplier and in the past there were only a f
20、ew and short supply delays. However it is known that the supplier runs currently at full production levels and is currently switching production processes. Thus the probability before risk handling measures that this supplier will fail to deliver is estimated to be 20% and thus rated as 2.Measures f
21、or risk handling are for example setting up a second source or preparation of master agreements with other suppliers. With these risk handling measures, a delivery failure by the main supplier can then be compensated relatively easily by the second source or other suppliers within the master agreeme
22、nt. As a result there is a maximum potential production stop of one week. However the second source has not yet been fully set up. The second supplier will be eligible next quarter and the first potential deliveries are expected in 6 months. The degree of implementation of this risk handling measure
23、 will thus be rated as 3 which corresponds to medium (40-60%).The impact on EBIT taking into account fully implemented measures corresponds to a production halt of one week. Thus the approximate impact on EBIT is 40 EUR * 25% = 10 EUR. As a result the impact after measures is rated as 2. Since most
24、of the supply is still coming from a single supplier, the probability of occurrence is more or less unchanged. According to the evaluation scheme above, the probability is rated as 2 (20%).The standard risk questionnaire which is based on the risk categorization model is shown below:- Siemens risk q
25、uestionnaireUpdates can be obtained from the Corporate Risk Management Homepage: https:/intranet.cf.siemens.de/SAPPortal/3. Risk workshop methodologyGoals of the risk workshopA common problem when identifying risks is that some risks may go across the whole value chain of an organizational unit or t
26、hat the effect of a risk may crystallize somewhere else than its cause. For instance, some risks have their cause within research and development, purchasing or production while their impact is measured within the sales department.Based on these situation, ZFF 4 developed the method of risk workshop
27、s, in which the risk identification and evaluation is carried out jointly by a group of participants from different functions of a business unit. The participants therefore have in-depth knowledge about the business situation and value chain processes. The main objectives of risk workshops are to: i
28、mprove risk transparency and promote a common understanding of risks; identify and record key risks with the participation of all key functions and risk responsibles of the respective business unit: assess the significance of these risks for the achievement of the business targets, in particular EBI
29、T; identify and evaluate existing / planned risk handling measures and develop new measures; generate the relevant information for risk reportingIn particular, improving risk transparency and a common understanding of the risks within a business unit can only be achieved by risk workshops and the ac
30、tive participation of all relevant function managers in a business unit. The risk workshops also meet the legal requirements of the statuary auditors for a bottom-up process of risk assessment. Procedure within the risk workshopThe risk analysis procedure within a risk workshop consists of two steps
31、:Step 1: Preselection of risks by means of risk questionairesIn the first step of the risk analysis, the risk questionaire helps to identify relevant risks in the business unit. Therefore the risk questionaires are sent to the various participants in the respective business unit and answered individ
32、ually by the different participants. The participants should come from different functions and together they should cover all important areas of the business unit.In order to achieve a methodically sound risk evaluation it is advisable to have a kick off meeting to introduce participants to the obje
33、ctives, procedures and evaluation concept of the risk questionaires and risk workshops. On the basis of the risk questionaires returned, several analysis can be carried out. The key risks, as well as the risks with the most diverse ratings among the participants, can be filtered out.These risks, inc
34、luding the business specific description of risks and measures by the participants, are part of the risk workshop. Thus the risk questionnaire is not only guidance for systematic risk identification and evaluation but also a filter for identifying the key risks which are subsequently discussed and a
35、nalyzed in greater detail in the risk workshop with the relevant business and process representatives. Therefore the risk workshop can be carried out in a short time without losing relevant information.Step 2: Conducting risk workshopsOn the basis of the analysis of the risk questionaires, the risk
36、workshop is conducted. The risk workshop generally involves the participants who answered the questionaires, i.e. the representatives of all essential functions and relevant units and eventually representatives of Specialist Departments.In the risk assessment workshop, the individual assessments of
37、the participants are compared, potential discrepancies are discussed and the key risks are jointly quantified and defined specifically for the Business unit. In addition, the risk handling measures for the identified key risks are described and assessed according to their effectiveness and implement
38、ation status. Alternative risk handling mechanisms are considered as part of this process.Results of the risk workshopsThe results of the risk workshops are the identification of the essential risks before and after measures, a specific description of these risks as well as a description and evaluat
39、ion of the key risk handling measures. Thus the risk workshop is a sound basis for risk reporting. The figure below demonstrates the output of the risk workshop.The particular value of the risk workshop lies in the cross-functional discussion of risks and risk handling measures. In this respect ther
40、e is a common picture of the risk situation of a business unit, priorities can be set clearly and a cross-functional approach to risk handling measures can be adopted. As a result, risk workshops are improving risk awareness and risk transparencies to a great extent.Support for the risk workshop usi
41、ng the risk analysis workshop toolIn order to simplify the analysis of the risk questionaires and the preparation of the risk workshop, there is an Excel based RAWS tool (Risk Analysis and WorkShop Tool). This tool has the following features: Automatic import of risk questionaires (including risk ev
42、aluation, business specific-risk descriptions, as well as the description of risk handling measures) as the basis for the analysis; Analysis of risk questionaires using standard analyses, e.g. top risks over all risk categories, top risks within risk categories as well as the individual risk assessm
43、ent per risk; Visualization of the results as a basis for discussion in the risk workshop; Data entry of new risk evaluations which are agreed on in the risk workshop. The advantage of the RAWS tool is therefore its assistance in analyzing risk questionnaires and in conducting the risk workshop itse
44、lf.The RAWS tool is flexible enough to be used in different business units. Therefore the risk questionaires and the ranges of the EUR impact can be adapted for each business unit. Different languages can also be selected (German/English).The RAWS tool and a comprehensive user documentation can be o
45、btained on the Corporate Risk Management homepage (https:/intranet.cf.siemens.de/SAPPortal/). Password protected access for the download of the RAWS-Tool can be obtained via the Group risk manager.Appendix C Risk reporting of Regional Companies1. General regulation of risk reporting by the Regional
46、CompaniesThe risk reporting of the consolidated Regional Companies is addressed directly to the Groups. The Groups have to set up regulations concerning risk management and risk reporting together with the Regional Companies. ZF provides only recommendations that are laid out in the following point
47、2.Concerning central risks of the consolidated Regional Companies, the Regional Companies should directly report to ZF. The respective regulations are mentioned in point 3.The procedure of risk identification and evaluation as well as risk reporting in the Regional Companies should follow the risk m
48、anagement methodology by ZFF 4. This methodology is also presented in this guideline.2. Risk reporting of the Regional Companies to the GroupsFor the Group specific risks in the Regional Company, the Regional Company has to report directly to the respective Group.Herefore ZF provides the following recommendations (which correspond to the risk reporting regulations fo
