【正文】 典型的風(fēng)險管理關(guān)注特定業(yè)務(wù)中與戰(zhàn)略選 14 擇或經(jīng)營決策相關(guān)的風(fēng)險與收益比較 ,例如 ,銀行業(yè)的授信管理或市場 (價格 )風(fēng)險管理如匯率、利率風(fēng)險等。 加拿大注冊會計師協(xié)會控制標(biāo)準(zhǔn)委員會 (COCO)認(rèn)為 “控制應(yīng)該包括風(fēng)險的識別與減輕” ,其中的風(fēng)險不僅包括與實現(xiàn)特定目標(biāo)相關(guān)的風(fēng)險 ,而且還包括一般性的 ,如不能識別和利用機會 ,不能使企業(yè)在面臨未預(yù)料到事件以及不確定信息時保持靈活性或彈性。 正因為內(nèi)部控制與風(fēng)險管理有內(nèi)在的聯(lián)系 ,各國分別以不同的方式逐步將內(nèi)部控制與風(fēng)險管理聯(lián)系起來。另一方面 ,環(huán)境保護及消費者權(quán)益保護的加強 ,都強化了企業(yè)的社會責(zé)任 ,若一有不慎 ,企業(yè)就可能遭受來自商品市場或資本市場的懲罰 ,表現(xiàn)為企業(yè)的品牌價值或資本市場上的市值貶損。” COCO在解釋廣義的控制與風(fēng)險時論 述道 :“‘領(lǐng)導(dǎo)’包括在面對不確定性時作出選擇。Jensen(1993)進(jìn)一步分析了美國公司董事會在內(nèi)部控制方面失效的表現(xiàn)與原因。 為了使股權(quán)交易與股東變換不影響企業(yè)經(jīng)營的連續(xù)性 ,也為了使資本與經(jīng)營能力實現(xiàn)更優(yōu)的組合 ,企業(yè)的所有權(quán)與經(jīng)營權(quán)在現(xiàn)代企業(yè)中高度分離開來 ,由此也帶來了新的風(fēng)險 ,即職業(yè)經(jīng)營者有可能不履行其受托責(zé)任而損害股東的利益。在信息與溝通方面 ,風(fēng)險管理強調(diào)了過去、現(xiàn)在以及關(guān)于未來的相關(guān)數(shù)據(jù)的獲取與分析處理 ,規(guī)定了信息的深度與及時性等。另外 ,風(fēng)險管理增加了戰(zhàn)略目標(biāo) ,即與企業(yè)的遠(yuǎn)景或使命相關(guān)的高層次目標(biāo)。它包括五個方面的組成要素 :控制環(huán)境、風(fēng)險評估、控制活動、信息與溝通、監(jiān)督。最終 ,SEC 認(rèn)為 COSO 的《內(nèi)部控制 整體框架》報告是符合上述規(guī)定的 ,同時指出未來符合上述要求的 相關(guān)文件也都認(rèn)可。大幅度提高了對會計舞弊的處罰力度 。該方案強調(diào)了內(nèi)部控制的重要性 ,建議要求所有的上市公司都應(yīng)該在其年報中提供內(nèi)部控制報告。s property security, ply with the law in order to maintain the pany39。s risk preference for enterprises to manage risk, to achieve the goal of providing reasonable assurance. It has eight elements: the internal environment, goal setting, event risk identification, risk assessment, countermeasures, control activities, information and munication, the surveillance. The two reports from the COSO perspective, the enterprise risk management and internal control has the following similar or different places: First, they are made by enterprise board, management and other personnel to implement, emphasize the point, says the participation parties on the internal control and risk management has a corresponding roles and responsibilities. Second, they are all clearly is a process, not as a static thing, such as system files, technical model and so on, also not be alone or extra activities, such as 3 inspection, evaluation is best placed inside enterprise daily management process, as a kind of routine operation mechanism to construction. Third, they are for the realization of the goal of enterprise provide reasonable assurance. Risk management objectives are four categories, including three categories and internal control collocated, namely report targets, business targets and follow the targets. But the report targets have expanded, it not only include financial report, also requires all the accuracy of internal and external nonfinancial class report issued by the accurate and reliable. In addition, risk management increased the strategic target, namely and enterprise vision or mission related highlevel objectives. This means that risk management is not only ensure management efficiency and effect, and intervention in the enterprise strategy (including business objectives) formulation process. Fourth, risk management and internal control elements have five aspects, . (overlap is control or internal) environment, risk assessment, control activities, information and munication, the surveillance. These coincide most of their goals and realization mechanism coincide of similar decision. Risk management increased goal setting, event identification and risk countermeasures three factors. Coincide elements, connotation, for example, has been extended internal control environment including honest character and moral values, staff quality and ability, the board of directors and the audit mittee, management philosophy and management style, the anizational structure, the power and the allocation of responsibility, human resource policies and practices seven aspects. Risk management internal environment in addition to include these seven aspects outside, still include risk management philosophy, risk preference (appetite) and risks associated cultural three new content. In the risk assessment elements, risk management requires the consideration of the inherent risk and residual risk, with expectations, worst case values or probability distribution measure risk and to consider time preferences and risk association between the role. In information and munication, risk management emphasized the past, present and future of the relevant data about obtaining and analysis, provides information of the depth and timeliness, etc. Fifth, risk management proposes risk portfolio and the overall risk management (in tegrated management) are new idea. The enterprise risk management framework in the theory of modern financial borrowing portfolio risk theory, this paper puts forward the concept of bination and overall management from enterprise level, 4 demanding dispersed in the overall grasp all levels and departments of enterprise, the risk exposure with overall consideration risk countermeasures, prevent dispersed consider and coping by department, such as will risk the risk in technology, financial, separated by information technology, environment, safety, quality, auditing departments, and considering the interaction between risk events, prevent two tendencies: one is the department39。s risk in risk preference can withstand ability, but within the overall effect may be beyond sustaining limit, because individual risk influence is not always add, may be multiplied。s reputation and avoid incur pecuniary loss, etc. The historical origin of internal control, the requirements to earlier more basic, easier or appropriate rise to legislative level. Enterprise risk management is in the new technology and the market conditions of natural extension of internal control. COSO in the enterprise risk management fra