【正文】 典型的風(fēng)險(xiǎn)管理關(guān)注特定業(yè)務(wù)中與戰(zhàn)略選 14 擇或經(jīng)營(yíng)決策相關(guān)的風(fēng)險(xiǎn)與收益比較 ,例如 ,銀行業(yè)的授信管理或市場(chǎng) (價(jià)格 )風(fēng)險(xiǎn)管理如匯率、利率風(fēng)險(xiǎn)等。 加拿大注冊(cè)會(huì)計(jì)師協(xié)會(huì)控制標(biāo)準(zhǔn)委員會(huì) (COCO)認(rèn)為 “控制應(yīng)該包括風(fēng)險(xiǎn)的識(shí)別與減輕” ,其中的風(fēng)險(xiǎn)不僅包括與實(shí)現(xiàn)特定目標(biāo)相關(guān)的風(fēng)險(xiǎn) ,而且還包括一般性的 ,如不能識(shí)別和利用機(jī)會(huì) ,不能使企業(yè)在面臨未預(yù)料到事件以及不確定信息時(shí)保持靈活性或彈性。 正因?yàn)閮?nèi)部控制與風(fēng)險(xiǎn)管理有內(nèi)在的聯(lián)系 ,各國(guó)分別以不同的方式逐步將內(nèi)部控制與風(fēng)險(xiǎn)管理聯(lián)系起來(lái)。另一方面 ,環(huán)境保護(hù)及消費(fèi)者權(quán)益保護(hù)的加強(qiáng) ,都強(qiáng)化了企業(yè)的社會(huì)責(zé)任 ,若一有不慎 ,企業(yè)就可能遭受來(lái)自商品市場(chǎng)或資本市場(chǎng)的懲罰 ,表現(xiàn)為企業(yè)的品牌價(jià)值或資本市場(chǎng)上的市值貶損?！?COCO在解釋廣義的控制與風(fēng)險(xiǎn)時(shí)論 述道 :“‘領(lǐng)導(dǎo)’包括在面對(duì)不確定性時(shí)作出選擇。Jensen(1993)進(jìn)一步分析了美國(guó)公司董事會(huì)在內(nèi)部控制方面失效的表現(xiàn)與原因。 為了使股權(quán)交易與股東變換不影響企業(yè)經(jīng)營(yíng)的連續(xù)性 ,也為了使資本與經(jīng)營(yíng)能力實(shí)現(xiàn)更優(yōu)的組合 ,企業(yè)的所有權(quán)與經(jīng)營(yíng)權(quán)在現(xiàn)代企業(yè)中高度分離開(kāi)來(lái) ,由此也帶來(lái)了新的風(fēng)險(xiǎn) ,即職業(yè)經(jīng)營(yíng)者有可能不履行其受托責(zé)任而損害股東的利益。在信息與溝通方面 ,風(fēng)險(xiǎn)管理強(qiáng)調(diào)了過(guò)去、現(xiàn)在以及關(guān)于未來(lái)的相關(guān)數(shù)據(jù)的獲取與分析處理 ,規(guī)定了信息的深度與及時(shí)性等。另外 ,風(fēng)險(xiǎn)管理增加了戰(zhàn)略目標(biāo) ,即與企業(yè)的遠(yuǎn)景或使命相關(guān)的高層次目標(biāo)。它包括五個(gè)方面的組成要素 :控制環(huán)境、風(fēng)險(xiǎn)評(píng)估、控制活動(dòng)、信息與溝通、監(jiān)督。最終 ,SEC 認(rèn)為 COSO 的《內(nèi)部控制 整體框架》報(bào)告是符合上述規(guī)定的 ,同時(shí)指出未來(lái)符合上述要求的 相關(guān)文件也都認(rèn)可。大幅度提高了對(duì)會(huì)計(jì)舞弊的處罰力度 。該方案強(qiáng)調(diào)了內(nèi)部控制的重要性 ,建議要求所有的上市公司都應(yīng)該在其年報(bào)中提供內(nèi)部控制報(bào)告。s property security, ply with the law in order to maintain the pany39。s risk preference for enterprises to manage risk, to achieve the goal of providing reasonable assurance. It has eight elements: the internal environment, goal setting, event risk identification, risk assessment, countermeasures, control activities, information and munication, the surveillance. The two reports from the COSO perspective, the enterprise risk management and internal control has the following similar or different places: First, they are made by enterprise board, management and other personnel to implement, emphasize the point, says the participation parties on the internal control and risk management has a corresponding roles and responsibilities. Second, they are all clearly is a process, not as a static thing, such as system files, technical model and so on, also not be alone or extra activities, such as 3 inspection, evaluation is best placed inside enterprise daily management process, as a kind of routine operation mechanism to construction. Third, they are for the realization of the goal of enterprise provide reasonable assurance. Risk management objectives are four categories, including three categories and internal control collocated, namely report targets, business targets and follow the targets. But the report targets have expanded, it not only include financial report, also requires all the accuracy of internal and external nonfinancial class report issued by the accurate and reliable. In addition, risk management increased the strategic target, namely and enterprise vision or mission related highlevel objectives. This means that risk management is not only ensure management efficiency and effect, and intervention in the enterprise strategy (including business objectives) formulation process. Fourth, risk management and internal control elements have five aspects, . (overlap is control or internal) environment, risk assessment, control activities, information and munication, the surveillance. These coincide most of their goals and realization mechanism coincide of similar decision. Risk management increased goal setting, event identification and risk countermeasures three factors. Coincide elements, connotation, for example, has been extended internal control environment including honest character and moral values, staff quality and ability, the board of directors and the audit mittee, management philosophy and management style, the anizational structure, the power and the allocation of responsibility, human resource policies and practices seven aspects. Risk management internal environment in addition to include these seven aspects outside, still include risk management philosophy, risk preference (appetite) and risks associated cultural three new content. In the risk assessment elements, risk management requires the consideration of the inherent risk and residual risk, with expectations, worst case values or probability distribution measure risk and to consider time preferences and risk association between the role. In information and munication, risk management emphasized the past, present and future of the relevant data about obtaining and analysis, provides information of the depth and timeliness, etc. Fifth, risk management proposes risk portfolio and the overall risk management (in tegrated management) are new idea. The enterprise risk management framework in the theory of modern financial borrowing portfolio risk theory, this paper puts forward the concept of bination and overall management from enterprise level, 4 demanding dispersed in the overall grasp all levels and departments of enterprise, the risk exposure with overall consideration risk countermeasures, prevent dispersed consider and coping by department, such as will risk the risk in technology, financial, separated by information technology, environment, safety, quality, auditing departments, and considering the interaction between risk events, prevent two tendencies: one is the department39。s risk in risk preference can withstand ability, but within the overall effect may be beyond sustaining limit, because individual risk influence is not always add, may be multiplied。s reputation and avoid incur pecuniary loss, etc. The historical origin of internal control, the requirements to earlier more basic, easier or appropriate rise to legislative level. Enterprise risk management is in the new technology and the market conditions of natural extension of internal control. COSO in the enterprise risk management fra