【文章內(nèi)容簡(jiǎn)介】
all strategic and operational policies and [ISO Guide 73:2009, definition ] management policy風(fēng)險(xiǎn)管理政策statement of the overall intentions and direction of an organization related to risk management () 一個(gè)組織對(duì)風(fēng)險(xiǎn)管理的意圖和指導(dǎo)方向的陳述[ISO Guide 73:2009, definition ] attitude風(fēng)險(xiǎn)態(tài)度organization39。s approach to assess and eventually pursue, retain, take or turn away from risk ()組織評(píng)估、追求、保留、采取或避開風(fēng)險(xiǎn)的處理手段[ISO Guide 73:2009, definition ] appetite風(fēng)險(xiǎn)偏好amount and type of risk () that an organization is prepared to pursue, retain or take一個(gè)組織追求、保留或采取風(fēng)險(xiǎn)的數(shù)量和類型[ISO Guide 73:2009, definition ] aversion風(fēng)險(xiǎn)規(guī)避attitude to turn away from risk ()避開風(fēng)險(xiǎn)的態(tài)度[ISO Guide 73:2009, definition ] management plan風(fēng)險(xiǎn)管理計(jì)劃scheme within the risk management framework () specifying the approach, the management ponents and resources to be applied to the management of risk ()為風(fēng)險(xiǎn)管理框架方案指定方法、管理措施、資源以用于管理風(fēng)險(xiǎn)NOTE 1 Management ponents typically include procedures, practices, assignment of responsibilities, sequence and timing of 、做法、職責(zé)分配、序列和及時(shí)的行動(dòng)NOTE 2 The risk management plan can be applied to a particular product, process and project, and part or whole of the 、流程和項(xiàng)目、部分或整個(gè)組織 [ISO Guide 73:2009, definition ] owner風(fēng)險(xiǎn)所有者person or entity with the accountability and authority to manage the risk ()對(duì)風(fēng)險(xiǎn)管理持有權(quán)力和責(zé)任的個(gè)人或?qū)嶓w[ISO Guide 73:2009, definition ] management process風(fēng)險(xiǎn)管理流程systematic application of management policies, procedures and practices to the activities of municating,consulting, establishing the context, and identifying, analyzing, evaluating, treating, monitoring () and reviewing risk ()系統(tǒng)的應(yīng)用管理政策,程序和溝通協(xié)商,在建立的風(fēng)險(xiǎn)管理環(huán)境下,識(shí)別,分析,評(píng)價(jià),處理,監(jiān)測(cè)和審查風(fēng)險(xiǎn)[ISO Guide 73:2009, definition ] the context環(huán)境建設(shè)defining the external and internal parameters to be taken into account when managing risk, and setting the scope and risk criteria () for the risk management policy ()界定風(fēng)險(xiǎn)管理應(yīng)該考慮的外部和內(nèi)部參數(shù),并設(shè)置風(fēng)險(xiǎn)管理政策的范圍和風(fēng)險(xiǎn)的標(biāo)準(zhǔn)[ISO Guide 73:2009, definition ] external context外部環(huán)境external environment in which the organization seeks to achieve its objectivesNOTE External context can include:外部環(huán)境包括? the cultural, social, political, legal, regulatory, financial, technological, economic, natural and petitive environment,whether international, national, regional or local。文化、社會(huì)、政治、法律、監(jiān)管、財(cái)政金融、技術(shù)、經(jīng)濟(jì)、自然和競(jìng)爭(zhēng)環(huán)境,無論是國(guó)際,國(guó)家,區(qū)域或地方? key drivers and trends having impact on the objectives of the organization。 and影響該組織的主要驅(qū)動(dòng)和趨勢(shì)? relationships with, and perceptions and values of, external stakeholders ().與外部利益相關(guān)者之間的關(guān)系和價(jià)值觀[ISO Guide 73:2009, definition ] context內(nèi)部環(huán)境internal environment in which the organization seeks to achieve its objectivesNOTE Internal context can include:內(nèi)部環(huán)境包括? governance, organizational structure, roles and accountabilities。治理、組織結(jié)構(gòu)、角色和責(zé)任? policies, objectives, and the strategies that are in place to achieve them。政策、目標(biāo)、實(shí)現(xiàn)目標(biāo)的戰(zhàn)略? the capabilities, understood in terms of resources and knowledge (. capital, time, people, processes, systems and technologies)。能力、資源和知識(shí)(如資本、時(shí)間、人、流程、系統(tǒng)和技術(shù))? perceptions and values of internal stakeholders。內(nèi)部利益相關(guān)者的價(jià)值觀? information systems, information flows and decisionmaking processes (both formal and informal)。信息系統(tǒng)、信息流和(正式的和非正式的)決策流程? relationships with, and perceptions and values of, internal stakeholders。內(nèi)部利益相關(guān)者價(jià)值觀之間的關(guān)系? the organization39。s culture。組織文化? standards, guidelines and models adopted by the organization。 and標(biāo)準(zhǔn)、指引和組織采用的模式? form and extent of contractual [ISO Guide 73:2009, definition ] and consultation溝通和協(xié)商continual and iterative processes that an organization conducts to provide, share or obtain information and to engage in dialogue with stakeholders () and others regarding the management of risk ()一個(gè)組織提供,共享或獲取信息,與利益相關(guān)者和其他風(fēng)險(xiǎn)管理者持續(xù)和反復(fù)對(duì)話的流程N(yùn)OTE 1 The information can relate to the existence, nature, form, likelihood (), severity, evaluation, acceptability,treatment or other aspects of the management of 、性質(zhì)、形式、可能性、嚴(yán)重程度、評(píng)價(jià)、可接受性、處理或者其他與管理風(fēng)險(xiǎn)相關(guān)的方面NOTE 2 Consultation is a twoway process of informed munication between an organization and its stakeholders or others on an issue prior to making a decision or determining a direction on a particular issue. Consultation is:協(xié)商是一個(gè)組織與它的利益相關(guān)者或其他利益相關(guān)者雙向溝通的過程,目的在于就以問題提前做出決策或就某一問題決定方向。協(xié)商是:? a process which impacts on a decision through influence rather than power。 and通過影響而非權(quán)力影響決策的過程? an input to decision making, not joint decision [ISO Guide 73:2009, definition ]person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity 可以影響、被影響或者覺得自己會(huì)被決策或者活動(dòng)影響的個(gè)人或組織NOTE A decision maker can be a [ISO Guide 73:2009, definition ] assessment風(fēng)險(xiǎn)評(píng)估overall process of risk identification (), risk analysis () and risk evaluation ()風(fēng)險(xiǎn)識(shí)別,風(fēng)險(xiǎn)分析和風(fēng)險(xiǎn)評(píng)價(jià)的整個(gè)過程 [ISO Guide 73:2009, definition ] identification風(fēng)險(xiǎn)識(shí)別process of finding, recognizing and describing risks ()發(fā)現(xiàn)、識(shí)別、描述風(fēng)險(xiǎn)的過程N(yùn)OTE 1 Risk identification involves the identification of risk sources (), events (), their causes and their potential consequences ().風(fēng)險(xiǎn)識(shí)別包括風(fēng)險(xiǎn)源的識(shí)別、風(fēng)險(xiǎn)事件的識(shí)別、風(fēng)險(xiǎn)原因及潛在后果的識(shí)別NOTE 2 Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholder39。s () 、技術(shù)分析、知情人、專家和利益相關(guān)者的意見[ISO Guide 73:2009, definition ] source風(fēng)險(xiǎn)源element which alone or in bination has the intrinsic potential to give rise to risk ()單獨(dú)或聯(lián)合具有內(nèi)在的潛在引起危險(xiǎn)的因素NOTE A risk source can be tangible or [ISO Guide 73:2009, definition ]occurrence or change of a particular set of circumstances特別環(huán)境的產(chǎn)生或者變化NOTE 1 An event can be one or more occurrences, and can have several ,并且會(huì)有多種原因NOTE 2 An event can consist of something not NOTE 3 An event can sometimes be referred to as an “incident” or “accident”.一個(gè)事件有時(shí)被稱為“偶然事件”或“事故”NOTE 4 An event without consequences can also be referred to as a “near miss”, “incident”, “near hit” or “close call”.一個(gè)不會(huì)產(chǎn)生后果的事件可以被稱為“近乎為零”、“偶然事件”、“near hit” or “close call”[ISO Guide 73:2009, definition ]oute of an event () affecting objectives事件對(duì)目標(biāo)的影響結(jié)果NOTE 1