资源描述
新形势下的企业内控与风险管理 2014Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division2COSO 财务风险控制框架财务风险控制框架1.风险控制环境风险控制环境2.风险评估风险评估3.风险控制活动风险控制活动4.信息和信息沟通信息和信息沟通5.监控与管理监控与管理业务活动业务活动财务报表财务报表合合规审计规审计单位单位A单位单位B项目项目1项目项目2Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division31.创造良好的风险控制环境创造良好的风险控制环境合理的组织架构合理的组织架构资源保证资源保证独立性保证独立性保证完整的政策流程完整的政策流程认识认识理解一致理解一致尽量简单可行尽量简单可行来自上层的支持与授权来自上层的支持与授权要要让受控方感到让受控方感到上层的约束与自律上层的约束与自律Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division4我们的风控合规组织架构我们的风控合规组织架构合规合规/审计审计财务应付财务应付合规咨询合规咨询委员会委员会公司管理层合规公司管理层合规委员会委员会政策流程控制点制定更新员工培训数据分析调查审计合规,法务,医学,政策事务部的专家咨询团事前判定能否做高管团队成员组成定期审阅讨论合规报告拍板执行惩奖措施由双方母公司和合资公司代表组成提供指导意见和要求协调母公司与合资公司之间的活动常规费用报告审查处理常规供应商付款审查处理与合规部门通气 董事会下属董事会下属合规委员会合规委员会合规先锋合规先锋业务部门受训过的同事帮助公司的合规努力问题解答反馈跟会,监督盖章等Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division5员工合规表现与人力资源政策挂钩员工合规表现与人力资源政策挂钩l如果员工被证明违反了相关合规政策,那他如果员工被证明违反了相关合规政策,那他/她就会收到从书面她就会收到从书面警告,扣除奖金,停止升职直至开除的惩罚警告,扣除奖金,停止升职直至开除的惩罚l 合规做得好的员工,可收到合规奖励合规做得好的员工,可收到合规奖励Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division62.起点于公司的风险评估起点于公司的风险评估最直截了当的方法最直截了当的方法弄清,梳理好流程弄清,梳理好流程找到风险点找到风险点设计出控制方法设计出控制方法按重要性定期审计检验按重要性定期审计检验应当常态化应当常态化新风险会不断出现(按下葫芦浮起瓢)新风险会不断出现(按下葫芦浮起瓢)原有风险会转移原有风险会转移Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division7风险控制评估表举例风险控制评估表举例风险风险风险风险控制目标控制目标控制目标控制目标建议控制措施建议控制措施建议控制措施建议控制措施目前的控制措施目前的控制措施目前的控制措施目前的控制措施PoorvendorPoorvendorqualityofqualityofgoodsgoodsToidentifyandToidentifyandpurchasepurchasefromvendorsfromvendorsthatmeetthatmeetPfizersPfizersstandardsstandardsP2P1.P2P1.AcontrolexiststoadequatelyAcontrolexiststoadequatelyscreenandevaluatevendorsforscreenandevaluatevendorsforfinancial,quality,andlegalstatus.financial,quality,andlegalstatus.P2P2.P2P2.AcontrolexiststoAcontrolexiststoperiodicallyreviewandre-evaluateperiodicallyreviewandre-evaluatevendorsforfinancial,quality,andvendorsforfinancial,quality,andlegalstatus.legalstatus.P2P3.P2P3.AcontrolexiststoAcontrolexiststoperiodicallyreviewthevendorperiodicallyreviewthevendormasterfiletoensureitiscurrentmasterfiletoensureitiscurrentandtode-activateinactivevendors.andtode-activateinactivevendors.P2P1P2P1:Financial,legal,and quality Financial,legal,and quality specifications are reviewed specifications are reviewed before signing on new vendor before signing on new vendor and changes to vendor master and changes to vendor master file requires approval from file requires approval from appropriate level of appropriate level of management.management.P2P2P2P2:Annual review of financial,Annual review of financial,legal and quality status of legal and quality status of existing vendorexisting vendorP2P3P2P3:Changes to vendor Changes to vendor masterfile are reviewed annually masterfile are reviewed annually by management.by management.PoorvendorPoorvendorfinancialfinancialstatusstatusToidentifyandToidentifyandpurchasepurchasefromvendorsfromvendorsthatmeetthatmeettheentitystheentitysstandardsstandardsP2P1.P2P1.AcontrolexiststoadequatelyAcontrolexiststoadequatelyscreenandre-evaluatevendorforscreenandre-evaluatevendorforfinancial,quality,andlegalstatus.financial,quality,andlegalstatus.P2P2.P2P2.AcontrolexiststoAcontrolexiststoperiodicallyreviewthevendorperiodicallyreviewthevendormasterfiletoensureitiscurrentmasterfiletoensureitiscurrentandtode-activateinactivevendors.andtode-activateinactivevendors.P2P1P2P1:Financial,legal,and quality Financial,legal,and quality specifications are reviewed specifications are reviewed before signing on new vendor before signing on new vendor and changes to vendor master and changes to vendor master file requires approval from file requires approval from appropriate level of appropriate level of management.management.P2P2P2P2:Annual review of financial,Annual review of financial,legal and quality status of legal and quality status of existing vendorexisting vendorHisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division8风险控制评估表举例风险控制评估表举例风险风险风险风险现有控制措施现有控制措施现有控制措施现有控制措施缺陷缺陷缺陷缺陷重叠重叠重叠重叠PoorvendorPoorvendorqualityofqualityofgoodsgoodsP2P1P2P1:Financial,legal,and quality Financial,legal,and quality specifications are reviewed before specifications are reviewed before signing on new vendor and changes to signing on new vendor and changes to vendor master file requires approval from vendor master file requires approval from appropriate level of management.appropriate level of management.P2P2P2P2:Annual review of financial,legal Annual review of financial,legal and quality status of existing vendorand quality status of existing vendorP2P3P2P3:Changes to vendor masterfile are Changes to vendor masterfile are reviewed annually by management.reviewed annually by management.P2P1P2P1:Legal is not Legal is not involved in involved in contract draftingcontract draftingP2PP2P:Annual vendor Annual vendor financials review financials review is performed by is performed by procurement,procurement,and by medical and by medical or marketing as or marketing as well.well.PoorvendorPoorvendorfinancialfinancialstatusstatusP2P1P2P1:Financial,legal,and quality Financial,legal,and quality specifications are reviewed before specifications are reviewed before signing on new vendor and changes to signing on new vendor and changes to vendor master file requires approval from vendor master file requires approval from appropriate level of management.appropriate level of management.P2P2P2P2:Annual review of financial,legal Annual review of financial,legal and quality status of existing vendorand quality status of existing vendor Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division93.风险控制活动设计原则风险控制活动设计原则尽量用系统控制尽量用系统控制错误少错误少长期看成本低长期看成本低依赖制度而不是依赖人依赖制度而不是依赖人职责应有的分离职责应有的分离四只眼原则四只眼原则运动员不能兼职裁判员运动员不能兼职裁判员Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division10SAPT&E Sys FACEPurchaseSystemSpeaker DB maintainSpeaker fee payment目标目标:尽量用系统控制 确保系统数据的完整一致 减少系统重复,数据重复 Master Data Sys10BI Sys风险控制系统图标风险控制系统图标Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division11FACE系统系统:加强合规同时给业务部门减负加强合规同时给业务部门减负Faster paymentsAccurate expenses detailsCompliant with FCPA requirementsF A C EAnnual certification of nearly 16,000 speakersOnline speaker vendor maintenanceSemi-annual certification of gimmicks categoriesSystem limit standards for meals,gimmicks,etc.Easy use by employeesSales reps fill in the online report only onceManagers approve the online report only onceAvailable timely payment statusDetail expense data for management purposeDetails by city,by DM and by REPSpeaker Fee Employee paymentsHisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division124.信息和信息沟通的注意事项信息和信息沟通的注意事项信息的一致对称信息的一致对称出自同一套系统出自同一套系统各个层级相一致各个层级相一致培训沟通的重要培训沟通的重要标准培训与特殊培训相结合标准培训与特殊培训相结合正式与非正式相结合正式与非正式相结合内部与外部相结合(有时需要借内部与外部相结合(有时需要借consultant的口说你想说的话)的口说你想说的话)从上层那儿拉帮助从上层那儿拉帮助Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division13罚款罚款罚款罚款罚款罚款罚款罚款风险控制风险控制违规问题违规问题沟通举例:风险控制也对公司业绩做贡献沟通举例:风险控制也对公司业绩做贡献Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division14THANK YOUSUCCESS2024/5/8 周三14可编辑Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division16Ask on lineSubmit successfullyHisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division17Ask on lineClink”I Want to submit a question”Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division18Check the answerCheck the answer-clink“my question”-find the answer prepared by COCHisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division19Search on lineSearch PTE,you will find all PTE related questions and answers Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division205.监管要有效监管要有效要建立自己的要建立自己的Forensic团队团队出出数据分析的重要数据分析的重要好好用用好外部帮助好外部帮助保持独立性保持独立性学习好方法好经验学习好方法好经验控制成本控制成本Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division21Forensic 检查检查/审计审计Extra Layer of audit/investigation at the company:2 teams of 10 professionals(for employee pay and vendor pay)Regular sample audit/review based on pre-set metrics(FPR,Expense Pattern,risk profile,etc.)Non-traditional audit methodology(visit,phone check,online check,etc.)Issues reported to LT Compliance Committee and Board Compliance CommitteeGreat helper in 3rd party investigationDeterrentHisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division22适当地利用第三方资源帮助适当地利用第三方资源帮助When:Independence is required We are not sure the long-term prospect of the engagement Its more cost effective due to synergy We dont have the expertise seek 3rd party helpHisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division23How:leveraging internal resources such as Forensic Team Ensuring project focus Capitalizing on the learning opportunityWhen using a 3rd party,We strive for better results by:适当地利用第三方资源帮助适当地利用第三方资源帮助Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division24行业内的协作行业内的协作Do you think its possible that a KOL could receive 1000 payments for speaker engagement a year?Or Do you think its possible 10M RMB could be solicited for a medical education project that cost only 2M RMB?Answer:If we had more industry wide coordinationHisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division25We are doing much better now than a few years ago,but we can do more and betterSome Ideas:Central depository of grants/sponsorship dataAssociation level monitoringRegular standard updates行业内的协作行业内的协作Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division26你喜欢做风险控制管理工作么?你喜欢做风险控制管理工作么?Keep in mind:Compliance never endsThere is always something new to followLet others know your better ideasHave fun风控合规Hisun Pfizer Pharmaceuticals Company Limited|Compliance and Internal Audit Division27THANK YOUSUCCESS2024/5/8 周三27可编辑
展开阅读全文
浙ICP备2021020529号-1 | 浙B2-20240490 
