【正文】 改進。將來的研究可以建立在一個既定的基礎之上。企業(yè)風險管理使管理當局能夠識別、評估和管理面對不確定性的風險，它對于價值創(chuàng)造和保持而言是必不可少的。A key objective of this framework is to help managements of businesses and other entities better deal with risk in achieving an entity’s objectives. But enterprise risk management means different things to different people, with a wide variety of labels and meanings preventing a mon understanding. An important goal, then, is to integrate various risk management concepts into a framework in which a mon definition is established, ponents are identified, and key concepts are described. This framework acmodates most viewpoints and provides a starting point for individual entities’ assessment and enhancement of enterprise risk management, for future initiatives of rulemaking bodies, and for education.本框架的一個關鍵目標是幫助企業(yè)和其他主體的管理當局在實現(xiàn)主體目標的過程中更好地處理風險。Uncertainty and Value 不確定性與價值An underlying premise of enterprise risk management is that every entity, whether forprofit, notforprofit, or a governmental body, exists to provide value for its stakeholders. All entities face uncertainty, and the challenge for management is to determine how much uncertainty the entity is prepared to accept as it strives to grow stakeholder value. Uncertainty presents both risk and opportunity, with the potential to erode or enhance value. Enterprise risk management enables management to effectively deal with uncertainty and associated risk and opportunity and thereby enhance the entity’s capacity to build value.企業(yè)風險管理的一個基本前提是每一個主體，不管是營利性的、非營利性的，還是政府機構，存在的目的都是為它的利益相關者提供價值。Enterprises operate in environments where factors such as globalization, technology, restructurings, changing markets, petition, and regulation create uncertainty.Uncertainty emanates from an inability to precisely determine the likelihood that events will occur and the associated impacts. Uncertainty also is presented and created by the entity’s strategic choices. For example, an entity has a growth strategy based on expanding operations to another country. This chosen strategy presents risks and opportunities associated with the stability of the country’s political environment, resources, markets, channels, workforce capabilities, and costs.在企業(yè)經(jīng)營所處的環(huán)境中，諸如全球化、技術、重組、變化中的市場、競爭和管制等因素都會導致不確定性。所選擇的這個戰(zhàn)略帶來了與該國政治環(huán)境的穩(wěn)定性、資源、市場、渠道、勞動力技能和成本相關的風險和機會。當由于糟糕的戰(zhàn)略或執(zhí)行導致這些目標不能達成時，價值就會被破壞。例如，一家制藥公司與其品牌價值相關的風險容量較低?？赡艿倪x擇包括通過有效的司機招聘和培訓來降低風險，通過外包運送業(yè)務來回避風險，通過保險來分擔風險，或者簡單地承擔風險。該公司采用多重標準來評估故障的影響，包括維修時間、不能滿足客戶需要、員工案例以及預定維修與非預定維修的成本，并據(jù)此制訂維護方案來加以應對。這個信息系統(tǒng)可以向下追溯到部門、客戶或同行、交易商和交易層次，并針對既定類別的風險容量對風險進行量化。管理當局以公司戰(zhàn)略、目標和備選的應對為背景識別和評估風險，開發(fā)了一套廣泛拓展的存貨控制系統(tǒng)。例如，一家食品公司考慮可能影響其收入持續(xù)增長的潛在事項。例如，一家金融機構面臨新的監(jiān)管，除非管理當局更加精確地計算信用和經(jīng)營風險水平以及相關的資本需求，否則就要提高資本要求量。企業(yè)風險管理有助于確保有效的報告。事項可能有負面影響，也可能有下面影響，或者兩者兼而有之。例子包括機器設備故障、火災和信用損失等。Opportunities support value creation or preservation. Management channels opportunities back to its strategy or objectivesetting processes, so that actions can be formulated to seize the opportunities.機會支持價值創(chuàng)造或保持。This definition reflects certain fundamental concepts. Enterprise risk management is:? A process, ongoing and flowing through an entity ? Effected by people at every level of an organization ? Applied in strategy setting ? Applied across the enterprise, at every level and unit, and includes taking an Entity level portfolio view of risk? Designed to identify potential events affecting the entity and manage risk within its risk appetite ? Able to provide reasonable assurance to an entity’s management and board ? Geared to the achievement of objectives in one or more separate but overlapping categories – it is a means to an end, not an end in itself這個定義反映了幾個基本概念。它直接關注特定主體既定目標的實現(xiàn)，并為界定將在本章后文中討論的企業(yè)管理的有效性提供了依據(jù)。Enterprise risk management is different from the perspective of some observers who view it as something added on to an entity’s activities. That is not to say effective enterprise risk management does not require incremental effort, as it may. In considering credit and currency risks, for example, incremental effort may be required to develop needed models and make necessary analyses and calculations. However, these enterprise risk management mechanisms are intertwined with an entity’s operating activities and exist for fundamental business reasons. Enterprise risk management is most effective when these mechanisms are built into the entity’s infrastructure and are part of the essence of the enterprise. By building in enterprise risk management, an entity can directly affect its ability to implement its strategy and achieve its mission.企業(yè)風險管理并不像一些觀察家所認為的那樣是加在主體活動之上的東西。當這些機制被構建到主體的結構之中，并成為企業(yè)核心要件的一部分時，企業(yè)風險管理就會更加有效。通過關注現(xiàn)有的經(jīng)營業(yè)務以及它們對有效的企業(yè)風險管理的貢獻，并將風險管理整合到基本的經(jīng)營活動之中，企業(yè)就能夠避免不必要的程序和成本。人制訂主體的使命、戰(zhàn)略和目標，并使企業(yè)風險管理機制得以落實。These realities affect, and are affected by, enterprise risk management. Each person has a unique point of reference, which influences how he or she identifies, assesses, and responds to risk. Enterprise risk management provides the mechanisms needed to help people understand risk in the context of the entity’s objectives. People must know their responsibilities and limits of authority. Accordingly, a clear and close linkage needs to exist between people’s duties and the way in which they are carried out, as well as with the entity’s strategy and objectives.這些現(xiàn)實影響企業(yè)風險管理，同時也受到企業(yè)管理的影響。因此，在人們的職責和他們履行職責的方式以及主體的戰(zhàn)略和目標之間，需要有一個而又密切的聯(lián)系。Applied in Setting Strategy 應用于戰(zhàn)略制訂An entity sets out its mission or vision and establishes strategic objectives, which are the highlevel goals that align with and support its mission or vision. An entity establishes a strategy for achieving its strategic objectives. It also sets related objectives it wants to achieve, flowing from the strategy, cascading to entity business units, divisions, and processes.一個主體設定其使命或愿景，并制訂戰(zhàn)略目標，它們是協(xié)調(diào)和支撐其使命或愿景的高層次的目的。舉例來說，一個選擇可能是收購其他公司以擴大市場份額。對于第二個而言，風險包括必須利用新的技術或供應商，或者建立新的聯(lián)盟。企業(yè)風險管理還應用于特殊項目和目前在主體的層級和組織結構圖中還沒有一個明確位置的新的活動。高層管理當局采用復合的觀念看待組織中的所有層級，以便確定該主體的整體風險組合是否與它的風險容量相稱。相互關聯(lián)的風險需要識別和發(fā)揮作用，以便使整體風險符合主體的風險容量