【正文】 d manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.企業(yè)風(fēng)險(xiǎn)管理處理風(fēng)險(xiǎn)和機(jī)會(huì)，以便創(chuàng)造或保持價(jià)值。This definition reflects certain fundamental concepts. Enterprise risk management is:? A process, ongoing and flowing through an entity ? Effected by people at every level of an organization ? Applied in strategy setting ? Applied across the enterprise, at every level and unit, and includes taking an Entity level portfolio view of risk? Designed to identify potential events affecting the entity and manage risk within its risk appetite ? Able to provide reasonable assurance to an entity’s management and board ? Geared to the achievement of objectives in one or more separate but overlapping categories – it is a means to an end, not an end in itself這個(gè)定義反映了幾個(gè)基本概念。This definition is purposefully broad for several reasons. It captures key concepts fundamental to how panies and other organizations manage risk, providing a basis for application across types of organizations, industries, and sectors. It focuses directly on achievement of objectives established by a particular entity. And, the definition provides a basis for defining enterprise risk management effectiveness, discussed later in this chapter. The fundamental concepts outlined above are discussed in the following paragraphs.這個(gè)定義之所以比較寬泛，是出于幾個(gè)方面的原因。它直接關(guān)注特定主體既定目標(biāo)的實(shí)現(xiàn)，并為界定將在本章后文中討論的企業(yè)管理的有效性提供了依據(jù)。A Process 一個(gè)過(guò)程Enterprise risk management is not static, but rather a continuous or iterative interplay of actions that permeate an entity. These actions are pervasive and inherent in the way management runs the business.企業(yè)風(fēng)險(xiǎn)管理并不是靜止的，而是滲透于一個(gè)主體的各種活動(dòng)的持續(xù)的或反復(fù)的相互影響。Enterprise risk management is different from the perspective of some observers who view it as something added on to an entity’s activities. That is not to say effective enterprise risk management does not require incremental effort, as it may. In considering credit and currency risks, for example, incremental effort may be required to develop needed models and make necessary analyses and calculations. However, these enterprise risk management mechanisms are intertwined with an entity’s operating activities and exist for fundamental business reasons. Enterprise risk management is most effective when these mechanisms are built into the entity’s infrastructure and are part of the essence of the enterprise. By building in enterprise risk management, an entity can directly affect its ability to implement its strategy and achieve its mission.企業(yè)風(fēng)險(xiǎn)管理并不像一些觀察家所認(rèn)為的那樣是加在主體活動(dòng)之上的東西。例如，在考慮信用和貨幣風(fēng)險(xiǎn)時(shí)，可能需要進(jìn)一步努力去開(kāi)發(fā)所需的模型和進(jìn)行必要的分析和計(jì)算。當(dāng)這些機(jī)制被構(gòu)建到主體的結(jié)構(gòu)之中，并成為企業(yè)核心要件的一部分時(shí)，企業(yè)風(fēng)險(xiǎn)管理就會(huì)更加有效。Building in enterprise risk management has important implications for cost containment, especially in the highly petitive marketplaces many panies face.Adding new procedures separate from existing ones adds costs. By focusing on existing operations and their contribution to effective enterprise risk management, and integrating risk management into basic operating activities, an enterprise can avoid unnecessary procedures and costs. And, a practice of building enterprise risk management into the fabric of operations helps identify new opportunities for management to seize in growing the business.建立企業(yè)風(fēng)險(xiǎn)管理對(duì)于抑制成本具有重要意義，尤其是在許多公司所面臨的高度競(jìng)爭(zhēng)的市場(chǎng)中更是如此。通過(guò)關(guān)注現(xiàn)有的經(jīng)營(yíng)業(yè)務(wù)以及它們對(duì)有效的企業(yè)風(fēng)險(xiǎn)管理的貢獻(xiàn)，并將風(fēng)險(xiǎn)管理整合到基本的經(jīng)營(yíng)活動(dòng)之中，企業(yè)就能夠避免不必要的程序和成本。Effected by People 由人員來(lái)實(shí)施Enterprise risk management is effected by an entity’s board of directors, management and other personnel. It is acplished by the people of an organization, by what they do and say. People establish the entity’s mission, strategy, and objectives, and put enterprise risk management mechanisms in place.企業(yè)風(fēng)險(xiǎn)管理由一個(gè)主體的董事會(huì)、管理當(dāng)局和其他人員實(shí)施。人制訂主體的使命、戰(zhàn)略和目標(biāo)，并使企業(yè)風(fēng)險(xiǎn)管理機(jī)制得以落實(shí)。企業(yè)風(fēng)險(xiǎn)管理認(rèn)識(shí)到人們并不總是始終如一地理解、溝通和行動(dòng)。These realities affect, and are affected by, enterprise risk management. Each person has a unique point of reference, which influences how he or she identifies, assesses, and responds to risk. Enterprise risk management provides the mechanisms needed to help people understand risk in the context of the entity’s objectives. People must know their responsibilities and limits of authority. Accordingly, a clear and close linkage needs to exist between people’s duties and the way in which they are carried out, as well as with the entity’s strategy and objectives.這些現(xiàn)實(shí)影響企業(yè)風(fēng)險(xiǎn)管理，同時(shí)也受到企業(yè)管理的影響。企業(yè)風(fēng)險(xiǎn)管理提供所需的機(jī)制，幫助在主體目標(biāo)的背景下去理解。因此，在人們的職責(zé)和他們履行職責(zé)的方式以及主體的戰(zhàn)略和目標(biāo)之間，需要有一個(gè)而又密切的聯(lián)系。盡管董事主要是提供監(jiān)督，他們也提供指導(dǎo)，審批戰(zhàn)略和特定的交易與政策。Applied in Setting Strategy 應(yīng)用于戰(zhàn)略制訂An entity sets out its mission or vision and establishes strategic objectives, which are the highlevel goals that align with and support its mission or vision. An entity establishes a strategy for achieving its strategic objectives. It also sets related objectives it wants to achieve, flowing from the strategy, cascading to entity business units, divisions, and processes.一個(gè)主體設(shè)定其使命或愿景，并制訂戰(zhàn)略目標(biāo)，它們是協(xié)調(diào)和支撐其使命或愿景的高層次的目的。它還設(shè)定所希望實(shí)現(xiàn)的相關(guān)目標(biāo)，上至戰(zhàn)略，下至主體的業(yè)務(wù)單元、分部和流程。舉例來(lái)說(shuō)，一個(gè)選擇可能是收購(gòu)其他公司以擴(kuò)大市場(chǎng)份額。這些戰(zhàn)略選擇中的每一個(gè)都會(huì)帶來(lái)許多風(fēng)險(xiǎn)。對(duì)于第二個(gè)而言，風(fēng)險(xiǎn)包括必須利用新的技術(shù)或供應(yīng)商，或者建立新的聯(lián)盟。Applied Across the Enterprise 應(yīng)用貫穿于企業(yè)In applying enterprise risk management, an entity should consider its entire scope of activities. Enterprise risk management considers activities at all levels of the organization, from enterpriselevel activities such as strategic planning and resource allocation, to business unit activities such as marketing and human resources, to business processes such as production and new customer credit review. Enterprise risk management also applies to special projects and new initiatives that might not yet have a designated place in the entity’s hierarchy or organization chart.在應(yīng)用企業(yè)風(fēng)險(xiǎn)管理時(shí)，主體應(yīng)該考慮其全部活動(dòng)。企業(yè)風(fēng)險(xiǎn)管理還應(yīng)用于特殊項(xiàng)目和目前在主體的層級(jí)和組織結(jié)構(gòu)圖中還沒(méi)有一個(gè)明確位置的新的活動(dòng)。這可能要求負(fù)責(zé)一個(gè)業(yè)務(wù)單元、職能機(jī)構(gòu)、流程或其他活動(dòng)的每一名管理人員對(duì)各自的活動(dòng)形成一個(gè)風(fēng)險(xiǎn)評(píng)估。高層管理當(dāng)局采用復(fù)合的觀念看待組織中的所有層級(jí)，以便確定該主體的整體風(fēng)險(xiǎn)組合是否與它的風(fēng)險(xiǎn)容量相稱。主體中單個(gè)單元的風(fēng)險(xiǎn)可能在該單元的風(fēng)險(xiǎn)容限范圍之內(nèi)，但是湊到一起可能會(huì)超出該主體作為一個(gè)整體的風(fēng)險(xiǎn)容量。相互關(guān)聯(lián)的風(fēng)險(xiǎn)需要識(shí)別和發(fā)揮作用，以便使整體風(fēng)險(xiǎn)符合主體的風(fēng)險(xiǎn)容量。它反映了主體的風(fēng)險(xiǎn)管理理念，進(jìn)而影響主體的文化和經(jīng)營(yíng)風(fēng)格