外文翻譯--企業(yè)風(fēng)險(xiǎn)管理具體的實(shí)施意見(jiàn)

1、<p>　　2135單詞，3980漢字</p><p>　　出處: James W. DeLoach,2005. “Enterprise Risk Management: Practical Implementation Ideas ” . Protiviti, May , PP1-7.</p><p>　　本科畢業(yè)論文（設(shè)計(jì)）</p><p>　　外

2、文 翻 譯</p><p><b>　　原文：</b></p><p>　　Enterprise Risk Management: Practical Implementation Ideas</p><p>　　One of the most critical challenges for management today is dete

3、rmining how much risk the business is prepared to accept as it strives to create value. Yet, research consistently indicates that six of ten senior executives “l(fā)ack high confidence” that their company’s risk management p

4、ractices identify and manage all potentially significant business risks.</p><p>　　With the heightened focus on risk management, it has become increasingly clear that traditional risk management approaches do

5、 not adequately identify, evaluate and manage risk. Traditional approaches tend to be fragmented, treating risks as disparate and compartmentalized. These risk management approaches often limit the focus to managing unce

6、rtainties around physical and financial assets. Because they focus largely on loss prevention, rather than adding value, traditional approaches do not prov</p><p>　　Under enterprise risk management (ERM), th

7、e focus is on integrating risk management with existing management processes, identifying future events that can have both positive and negative effects, and evaluating effective strategies for managing the organization’

8、s exposure to those possible future events. ERM transforms risk management to a proactive, continuous, value-based, broadly focused and process-driven activity.</p><p>　　A new approach to risk management<

9、/p><p>　　ERM differs from traditional risk management approaches in terms of focus, objective, scope, emphasis and application. It aligns strategy, people, processes, technology and knowledge. The emphasis is o

10、n strategy, and the application is enterprise-wide.</p><p>　　Under an ERM approach, management’s attention is directed to the uncertainties around the enterprise’s entire asset portfolio, including its intan

11、gibles such as customer assets, employee and supplier assets and such organizational assets as its differentiating strategies, distinctive products and brands, and innovative processes and systems. This expanded focus is

12、 important in this era of market capitalizations significantly exceeding balance sheet values and the desire of many companies to focu</p><p>　　The COSO Enterprise Risk Management - Integrated Framework, iss

13、ued in September 2004, defines ERM in broad terms that underscore some fundamental concepts and provides a common language as well as guidance on how to effectively manage risk across the enterprise. Like its internal co

14、ntrol counterpart, the COSO ERM framework is presented as a three-dimensional matrix. It includes four categories of objectives across the top: strategic, operations, reporting and compliance. There are eight componen<

15、;/p><p>　　This ERM framework does not replace the internal control framework. Instead, it incorporates it. As a result, businesses may decide to implement ERM to address their internal control needs and to move

16、 toward a more robust risk management process.</p><p>　　Why implement ERM?</p><p>　　ERM provides a company with the process it needs to become more anticipatory and effective at evaluating, embr

17、acing and managing the uncertainties it faces as it creates sustainable value for stakeholders. It helps an organization manage its risks to protect and enhance enterprise value in three ways. First, it helps to establis

18、h sustainable competitive advantage. Second, it optimizes the cost of managing risk. Third, it helps management improve business performance.</p><p>　　These contributions redefine the value proposition of ri

19、sk management to a business. One way to think about the contribution of ERM to the success of a business is to take a value dynamics approach. Just as potential future events can affect the value of tangible physical and

20、 financial assets, so also can they affect the value of key intangible assets. This is the essence of what ERM contributes to the organization: the elevation of risk management to a strategic level by broadening the appl

21、icat</p><p>　　ERM transitions risk management from “avoiding and hedging bets” to a differentiating skill for protecting and enhancing enterprise value as management seeks to make the best bets in the pursui

22、t of new opportunities for growth and returns. ERM invigorates opportunity-seeking behavior by helping managers develop the confidence that they truly understand the risks and have the capabilities at hand within the org

23、anization to manage those risks.</p><p>　　Five steps to implementing ERM</p><p>　　For organizations choosing to broaden their focus to ERM, there are five practical steps for implementation. Whi

24、le the following steps provide a simplified view of the task of implementing ERM, the implementation process does not occur overnight and, for certain, is not easy to accomplish. ERM is a journey and these steps are a st

25、arting point.</p><p>　　STEP 1: Conduct an enterprise risk assessment (ERA) to assess and prioritize the critical risks.</p><p>　　An ERA identifies and prioritizes the organization’s risks and pr

26、ovides quality inputs for purposes of formulating effective risk responses, including information about the current state of capabilities around managing the priority risks. If an organization has not identified and prio

27、ritized its risks, ERM becomes a tough sell because the value proposition can only be generic. Using the entity’s priority risks to identify gaps provides the basis for improving the specificity of the ERM value pro</

28、p><p>　　STEP 2: Articulate the risk management vision and support it with a compelling value proposition.</p><p>　　This step provides the economic justification for going forward. The “risk managem

29、ent vision” is a shared view of the role of risk management in the organization and the capabilities desired to manage its key risks. To be useful, this vision must be grounded in specific capabilities that must be devel

30、oped to improve risk management performance and achieve management’s selected goals and objectives.</p><p>　　“Risk management capabilities” include the policies, processes, competencies, reporting, methodolo

31、gies and technology required to execute the organization’s response to managing its priority risks. They also consist of what we call “ERM infrastructure.” To illustrate:</p><p>　　Item A. Defining the specif

32、ic capabilities around managing the priority risks begins with prioritizing the critical risks and determining the current state of capabilities around managing those risks. (See Step 1 with regards to conducting an ERA)

33、. Once the current state of capabilities is determined for each of the key risks, the desired state is assessed with the objective of identifying gaps and advancing the maturity of risk management capabilities to close t

34、hose gaps.</p><p>　　Item B. ERM infrastructure consists of the policies, processes, organization oversight and reporting in place to instill the appropriate discipline around continuously improving risk mana

35、gement capabilities. Examples of elements of ERM infrastructure include, among other things, an overall risk management policy, an enterprise-wide risk assessment process, presence of risk management on the Board and CEO

36、 agenda, a chartered risk committee, clarity of risk management roles and responsibilities, d</p><p>　　Here is the message: The greater the gap between the current state and the desired state of the organiza

37、tion’s risk management capabilities (Item A), the greater the need for ERM infrastructure (Item B) to facilitate the advancement of those risk management capabilities over time. A working group of senior executives shoul

38、d be empowered to articulate the role of risk management in the organization and define relevant goals and objectives for the enterprise as a whole and its business units. </p><p>　　STEP 3: Advance the risk

39、management capability of the organization for one or two priority risks.</p><p>　　This step focuses the organization on improving its risk management capability in an area where management knows improvements

40、 are needed. Like any other initiative, ERM must begin somewhere. There are many possible starting points. Examples include:</p><p>　　1. Compliance with the Sarbanes-Oxley Act (specifically Sections 404 and

41、302 of the Act).</p><p>　　2. Risks other than financial reporting risk (for example, one or two priority financial or operational risks, operational risk in a financial institution, other regulatory complian

42、ce risks and/or governance reform issues, etc.).</p><p>　　3. Evaluating enterprise-wide risk assessment results to identify priority areas. (In other words, migration to ERM begins with first selecting the p

43、riority risks and assessing the current state of risk management capabilities addressing those risks, as discussed in Step 1.)</p><p>　　4. Integration of ERM with the management and operating processes that

44、matter (for example, strategic management, annual business planning, new product launch or channel expansion, quality initiatives, performance measurement and assessment, capital expenditure planning, etc.).</p>&

45、lt;p>　　Many public companies in the U.S. may begin their evolution to ERM with Section 404 compliance because the first-year compliance investment is significant and a company cannot have sound governance without tran

46、sparency in its financial reporting. A strong focus on reliable financial reporting is a good foundation on which to build ERM capabilities. Regardless of where an organization begins its journey, the focus of ERM is the

47、 same: to advance the maturity of risk management capabilities for the</p><p>　　STEP 4: Evaluate the existing ERM infrastructure capability and develop a strategy for advancing it.</p><p>　　It t

48、akes discipline to advance the capabilities around managing the critical risks. The policies, processes, organization and reporting that instill that discipline is called “ERM infrastructure.” We have asserted that the p

49、urpose of ERM is to eliminate significant gaps between the current state and the desired state of the organization’s capabilities around managing its key risks. We provided some examples of ERM infrastructure above when

50、discussing Step 2. Other examples include a common risk </p><p>　　ERM infrastructure facilitates three very important things with respect to ERM implementation. First, it establishes fact-based understanding

51、 about the enterprise’s risks and risk management capabilities. Second, it ensures there is ownership over the critical risks. Finally, it drives closure of gaps. </p><p>　　ERM infrastructure is not one-size

52、-fits-all. What works for one organization might not work for another. The elements of ERM infrastructure vary according to the techniques and tools deployed to implement the eight ERM components (see the COSO ERM framew

53、ork introduced on page 2), the breadth of the objectives addressed, the organization’s culture and the extent of coverage desired across the organization’s operating units. Management should decide the elements of ERM in

54、frastructure needed accord</p><p>　　STEP 5: Advance the risk management capabilities for key risks.</p><p>　　This step begins with selecting the enterprise’s priority risks. After the first four

55、 steps are completed, it will often be necessary to update the ERA for change. Once the priority risks are defined, based on the updated ERA, management must determine the current state of the capabilities for managing e

56、ach risk and then assess the desired state with the objective of advancing the maturity of the capabilities around managing those risks. This has already been accomplished for one or two priority</p><p>　　Ri

57、sk management capabilities must be designed and advanced, consistent with an organization’s finite resources. For each priority risk, management evaluates the relative maturity of the enterprise’s risk management capabil

58、ities. From there, management needs to make a conscious decision: How much added capability do we need to continually achieve our business objectives? Further, what are the expected costs and benefits of increasing risk

59、management capabilities? The goal is to identify the organ</p><p>　　Companies in the early stages of developing their ERM infrastructure often lay the foundation with a common language, a risk management ove

60、rsight structure and an enterprise-wide risk assessment process. Some companies have applied ERM in specific business units. And a few companies have evolved toward more advanced stages, such as the management of market

61、and credit risks in financial institutions and the management of compliance risks in other industries.</p><p>　　Wherever a company stands with respect to developing its risk management, directors and executi

62、ve management would benefit from a dialogue around how capable they want the entity’s risk management to be with respect to each of its priority risks. The capability maturity model provides a scale for evaluating the ma

63、turity of an organization’s risk management capabilities. The model provides five states for rating the maturity or capability of any process ranging from “initial” to “optimizing.”</p><p>　　The capability m

64、aturity model, shown above is a powerful tool for evaluating sustainability. Using this model, management rates the enterprise’s capabilities in key risk areas, identifies gaps based on the level of capability desired in

65、 specific areas, and shifts the dialogue on operating metrics to incorporate appropriate emphasis on process maturity. The ERM infrastructure ensures that the rating process is fact-based and conducted with integrity by

66、the participating risk owners.</p><p><b>　　譯文</b></p><p>　　企業(yè)風(fēng)險(xiǎn)管理：具體的實(shí)施意見(jiàn)</p><p>　　公司在力求創(chuàng)造價(jià)值的同時(shí)準(zhǔn)備接受多大的企業(yè)的風(fēng)險(xiǎn)已成為當(dāng)今企業(yè)管理的最重大挑戰(zhàn)之一。然而，研究表明十分之六的高級(jí)管理人員對(duì)公司的風(fēng)險(xiǎn)管理實(shí)務(wù)的確定和管理所有重大業(yè)務(wù)潛在的風(fēng)

67、險(xiǎn)方面“非常缺乏信心”。</p><p>　　隨著對(duì)風(fēng)險(xiǎn)管理的高度集中，傳統(tǒng)的風(fēng)險(xiǎn)管理方法并不能充分識(shí)別、評(píng)估和管理風(fēng)險(xiǎn)這一情況變得越來(lái)越明顯。由于不同的風(fēng)險(xiǎn)和劃分，傳統(tǒng)的方法常常是相互獨(dú)立的。這些風(fēng)險(xiǎn)管理的方法往往限制和限制注意力集中在不確定性的實(shí)物資產(chǎn)和金融資產(chǎn)周圍。因?yàn)樗麄冎饕丫性陬A(yù)防損失方面，而不是增加價(jià)值方面。傳統(tǒng)方法已不能夠在這個(gè)瞬息萬(wàn)變的世界給大多數(shù)需要重新定義風(fēng)險(xiǎn)管理價(jià)值的組織提供一個(gè)有用

68、的框架。</p><p>　　在當(dāng)下的企業(yè)風(fēng)險(xiǎn)管理（ERM），重點(diǎn)是在在目前的管理程序中整合現(xiàn)有的風(fēng)險(xiǎn)管理流程，確定今后的活動(dòng)并確定正面和負(fù)面的影響，以及評(píng)價(jià)管理組織將來(lái)可能發(fā)生的風(fēng)險(xiǎn)管理的有效策略。企業(yè)風(fēng)險(xiǎn)管理將風(fēng)險(xiǎn)管理轉(zhuǎn)變?yōu)榉e極進(jìn)取的、連續(xù)的、以價(jià)值為基礎(chǔ)的，著眼于大局和驅(qū)動(dòng)過(guò)程的活動(dòng)。</p><p>　　一個(gè)新的風(fēng)險(xiǎn)管理方法</p><p>　　企業(yè)風(fēng)險(xiǎn)管

69、理系統(tǒng)不同于傳統(tǒng)的企業(yè)風(fēng)險(xiǎn)管理的重點(diǎn)，目標(biāo)，范圍，重點(diǎn)和應(yīng)用方面的管理辦法。企業(yè)風(fēng)險(xiǎn)管理系統(tǒng)策略、人員、流程、技術(shù)和知識(shí)方面做了調(diào)整。重點(diǎn)是對(duì)整個(gè)企業(yè)的戰(zhàn)略和應(yīng)用程序做出調(diào)整。</p><p>　　在當(dāng)前的企業(yè)風(fēng)險(xiǎn)管理方法，管理人員的注意力集中在圍繞在企業(yè)的整個(gè)資產(chǎn)組合的不確定性，其中包括客戶資產(chǎn)，員工和供應(yīng)商的資產(chǎn)以及這些組織資產(chǎn)的無(wú)形資產(chǎn)作為其不同的策略，與眾不同的產(chǎn)品和品牌，和創(chuàng)新的流程和系統(tǒng)。這一擴(kuò)展的重

70、點(diǎn)是在企業(yè)的市場(chǎng)價(jià)值大大超過(guò)資產(chǎn)負(fù)債表和許多企業(yè)都希望集中于保護(hù)他們企業(yè)的聲譽(yù)，以防止未來(lái)的有關(guān)事件對(duì)企業(yè)風(fēng)險(xiǎn)造成不可接受的風(fēng)險(xiǎn)。</p><p>　　2004年9月在COSO企業(yè)的風(fēng)險(xiǎn)綜合管理框架內(nèi)，在這個(gè)定義強(qiáng)調(diào)風(fēng)險(xiǎn)管理的一些基本概念術(shù)語(yǔ)，并提供廣泛的共同語(yǔ)言，以及如何有效地管理整個(gè)企業(yè)的風(fēng)險(xiǎn)指導(dǎo)。像它的內(nèi)部控制副本，COSO的企業(yè)風(fēng)險(xiǎn)管理框架列出了一個(gè)三維矩陣。矩陣上面包括了四個(gè)類別上的首要目標(biāo)：戰(zhàn)略，運(yùn)營(yíng)

71、，報(bào)告和遵守。有八個(gè)企業(yè)風(fēng)險(xiǎn)管理組件橫跨立方體的前面。最后，在矩陣的實(shí)體上，把他的業(yè)務(wù)部門和經(jīng)營(yíng)單位描繪為三維矩陣的一個(gè)部分。</p><p>　　本企業(yè)風(fēng)險(xiǎn)管理框架并不能取代內(nèi)部控制框架。相反，企業(yè)風(fēng)險(xiǎn)管理框架包含了內(nèi)部控制框架。因此，企業(yè)可能會(huì)決定實(shí)施企業(yè)風(fēng)險(xiǎn)管理的內(nèi)部控制，以解決他們的需求和走向一個(gè)更加健全的風(fēng)險(xiǎn)管理過(guò)程。</p><p>　　為什么要實(shí)施企業(yè)風(fēng)險(xiǎn)管理？</p&

72、gt;<p>　　企業(yè)風(fēng)險(xiǎn)管理提供了一個(gè)需要更加預(yù)期，有效的評(píng)估，以及包含和管理面臨的不確定性的流程，因?yàn)樗鼮楣蓶|創(chuàng)造了可持續(xù)的公司價(jià)值。它有三種方式可以幫助組織管理風(fēng)險(xiǎn)，以保護(hù)和提高企業(yè)的價(jià)值。第一、它有助于建立可持續(xù)的競(jìng)爭(zhēng)優(yōu)勢(shì)；第二、它優(yōu)化了管理風(fēng)險(xiǎn)成本；第三、它有助于管理者提高經(jīng)營(yíng)業(yè)績(jī)。</p><p>　　這些貢獻(xiàn)重新界定一個(gè)企業(yè)風(fēng)險(xiǎn)管理的價(jià)值。單方面的從企業(yè)風(fēng)險(xiǎn)管理的貢獻(xiàn)考慮商業(yè)是否成功取

73、決于建立一個(gè)動(dòng)態(tài)的方法。正如未來(lái)潛在的事件可以對(duì)有形實(shí)物資產(chǎn)和金融資產(chǎn)的價(jià)值造成影響，所以也可以影響企業(yè)主要的無(wú)形資產(chǎn)的價(jià)值。這就是企業(yè)風(fēng)險(xiǎn)管理有助于組織的實(shí)質(zhì)：風(fēng)險(xiǎn)管理的升級(jí)擴(kuò)張應(yīng)用程序和風(fēng)險(xiǎn)管理程序關(guān)注的焦點(diǎn)在于所有價(jià)值的來(lái)源，而不僅僅是物質(zhì)和經(jīng)濟(jì)上的一個(gè)戰(zhàn)略層面。</p><p>　　企業(yè)風(fēng)險(xiǎn)管理轉(zhuǎn)變風(fēng)險(xiǎn)管理，由“避免和對(duì)沖賭注”向用不同的技術(shù)為保護(hù)和提升企業(yè)價(jià)值，像管理者力圖尋找最佳方式，使企業(yè)得到能帶來(lái)

74、企業(yè)增長(zhǎng)和高回報(bào)的新機(jī)遇。企業(yè)風(fēng)險(xiǎn)管理給尋求機(jī)會(huì)的管理者以鼓舞，以幫助管理者尋求發(fā)展的信心。那些管理者真正了解這些風(fēng)險(xiǎn)，并在公司里的能力范圍內(nèi)管理這些風(fēng)險(xiǎn)。</p><p>　　實(shí)施企業(yè)風(fēng)險(xiǎn)管理的五個(gè)步驟</p><p>　　對(duì)公司來(lái)說(shuō)選擇企業(yè)風(fēng)險(xiǎn)管理的重點(diǎn)，有五個(gè)實(shí)施的實(shí)際步驟。而下面的步驟提供了實(shí)施企業(yè)風(fēng)險(xiǎn)管理任務(wù)的簡(jiǎn)化視圖，執(zhí)行過(guò)程不會(huì)在一夜之間發(fā)生和肯定的，是不容易完成的任務(wù)。企業(yè)

75、風(fēng)險(xiǎn)管理是一個(gè)過(guò)程，這些步驟只是一個(gè)起點(diǎn)。</p><p>　　第一步：進(jìn)行企業(yè)風(fēng)險(xiǎn)評(píng)估（ERA）來(lái)評(píng)估和優(yōu)先考慮關(guān)鍵風(fēng)險(xiǎn)。</p><p>　　上述的ERA是指識(shí)別和優(yōu)先排列的組織的風(fēng)險(xiǎn)，并為制定有效的風(fēng)險(xiǎn)對(duì)策，包括現(xiàn)行狀態(tài)關(guān)于優(yōu)化風(fēng)險(xiǎn)管理的能力的信息。如果一個(gè)公司不能確定和優(yōu)化風(fēng)險(xiǎn)，企業(yè)風(fēng)險(xiǎn)管理將會(huì)變成一場(chǎng)攻堅(jiān)戰(zhàn)，因?yàn)閮r(jià)值取向是通用的。使用實(shí)體來(lái)優(yōu)化風(fēng)險(xiǎn)，分析差距為提高企業(yè)風(fēng)險(xiǎn)管理專一

76、性的價(jià)值取向提供基礎(chǔ)。消息：避免了無(wú)休止的關(guān)于企業(yè)風(fēng)險(xiǎn)管理的對(duì)話。從企業(yè)風(fēng)險(xiǎn)評(píng)估作為開(kāi)始來(lái)了解你的風(fēng)險(xiǎn)。</p><p>　　第二步：闡明風(fēng)險(xiǎn)管理的遠(yuǎn)景和用一個(gè)引人注目的價(jià)值主張支持</p><p>　　此步驟通過(guò)的經(jīng)濟(jì)理由向前推進(jìn)?！帮L(fēng)險(xiǎn)管理的遠(yuǎn)景”是公司風(fēng)險(xiǎn)管理者的一個(gè)共同觀點(diǎn)和希望管理他關(guān)鍵風(fēng)險(xiǎn)的能力。為了有用，這個(gè)愿景必須立足于發(fā)展，必須改善風(fēng)險(xiǎn)管理績(jī)效，實(shí)現(xiàn)管理的目標(biāo)和選擇目標(biāo)的

77、具體能力。</p><p>　　“風(fēng)險(xiǎn)管理能力”，包括政策，程序，權(quán)限，報(bào)告，方法和技術(shù)。他們也包括我們所說(shuō)的“企業(yè)風(fēng)險(xiǎn)管理的基礎(chǔ)設(shè)施?！闭f(shuō)明：</p><p>　　A：界定圍繞風(fēng)險(xiǎn)管理項(xiàng)目的特殊功能，從考慮優(yōu)先權(quán)風(fēng)險(xiǎn)開(kāi)始，并確圍繞當(dāng)前狀態(tài)風(fēng)險(xiǎn)管理的能力。一旦當(dāng)前狀態(tài)的功能是確定每一個(gè)主要風(fēng)險(xiǎn)，對(duì)所期望的狀態(tài)進(jìn)行評(píng)估，以期查明差距和推進(jìn)風(fēng)險(xiǎn)管理的能力成熟度來(lái)減少這些差距。</p>

78、;<p>　　B：企業(yè)風(fēng)險(xiǎn)管理基礎(chǔ)設(shè)施包括政策、流程、組織監(jiān)督和灌輸?shù)牡胤疥P(guān)于不斷提高風(fēng)險(xiǎn)管理能力的適當(dāng)?shù)募o(jì)律報(bào)告。企業(yè)風(fēng)險(xiǎn)管理的基礎(chǔ)設(shè)施要素的例子包括，除其他外，全面風(fēng)險(xiǎn)管理政策，企業(yè)范圍的風(fēng)險(xiǎn)評(píng)估過(guò)程中，風(fēng)險(xiǎn)董事會(huì)和首席執(zhí)行官的議程，特許風(fēng)險(xiǎn)委員會(huì)，風(fēng)險(xiǎn)管理角色和責(zé)任不明確管理的存在，儀表板和其他風(fēng)險(xiǎn)報(bào)告，專有工具，描繪的風(fēng)險(xiǎn)投資組合的看法。</p><p>　　下面是該消息：在現(xiàn)行狀況和理想狀

79、態(tài)的公司風(fēng)險(xiǎn)管理能力有較大的差距（A項(xiàng)），隨著時(shí)間的推移企業(yè)風(fēng)險(xiǎn)管理基礎(chǔ)設(shè)施需要較大來(lái)促進(jìn)企業(yè)風(fēng)險(xiǎn)能力的前進(jìn)（B項(xiàng)）。一個(gè)工作組的高級(jí)管理人員應(yīng)有權(quán)闡明風(fēng)險(xiǎn)管理中的組織作用和定義其相關(guān)業(yè)務(wù)部門的企業(yè)目標(biāo)和目的。</p><p>　　第三步：推進(jìn)公司風(fēng)險(xiǎn)管理的一個(gè)或兩個(gè)優(yōu)先風(fēng)險(xiǎn)的能力。</p><p>　　這一步的重點(diǎn)在于提高公司的風(fēng)險(xiǎn)管理能力在他需要提高這一能力的地方。像任何其他倡議，企業(yè)

80、風(fēng)險(xiǎn)管理必須從某個(gè)地方開(kāi)始。有很多可能的出發(fā)點(diǎn)。例子包括：</p><p>　　1、遵守薩班斯-奧克斯利法案（特別是第404和第302號(hào)法令）。 </p><p>　　2、不同于財(cái)務(wù)報(bào)告風(fēng)險(xiǎn)的風(fēng)險(xiǎn)（例如，一個(gè)或兩個(gè)優(yōu)先財(cái)務(wù)或經(jīng)營(yíng)風(fēng)險(xiǎn)，操作風(fēng)險(xiǎn)的金融機(jī)構(gòu)，其他監(jiān)管合規(guī)風(fēng)險(xiǎn)和/或管理改革問(wèn)題等）。 </p><p>　　3、評(píng)價(jià)企業(yè)范圍的風(fēng)險(xiǎn)評(píng)估結(jié)果，確定優(yōu)先領(lǐng)域。（換

81、句話說(shuō)，遷移到企業(yè)風(fēng)險(xiǎn)管理開(kāi)始。與第一優(yōu)先選擇的風(fēng)險(xiǎn)和評(píng)估風(fēng)險(xiǎn)管理能力應(yīng)對(duì)這些風(fēng)險(xiǎn)的當(dāng)前狀態(tài)，如步驟1中討論）</p><p>　　4、整合的管理和運(yùn)作流程，風(fēng)險(xiǎn)管理事項(xiàng)。（例如戰(zhàn)略管理，年度經(jīng)營(yíng)計(jì)劃，新產(chǎn)品推出或渠道拓展，質(zhì)量的倡議，性能測(cè)量和評(píng)估，資本支出計(jì)劃等）。</p><p>　　第四步：評(píng)估現(xiàn)有的企業(yè)風(fēng)險(xiǎn)管理能力和發(fā)展基礎(chǔ)設(shè)施為推進(jìn)企業(yè)風(fēng)險(xiǎn)管理的戰(zhàn)略。 </p>

82、<p>　　這需要紀(jì)律，以促進(jìn)全世界管理關(guān)鍵風(fēng)險(xiǎn)的能力。這政策，流程，組織和報(bào)告方面的灌輸，管理是所謂的“企業(yè)風(fēng)險(xiǎn)管理的基礎(chǔ)設(shè)施”。我們已經(jīng)斷言，企業(yè)風(fēng)險(xiǎn)管理的目的是為了消除有關(guān)管理的主要風(fēng)險(xiǎn)。我們提供基礎(chǔ)設(shè)施的例子,在上面時(shí)討論風(fēng)險(xiǎn)第2步。其他例子包括一個(gè)共同的風(fēng)險(xiǎn)語(yǔ)言和其他框架，知識(shí)共享，以確定最佳做法，共同培訓(xùn)，首席風(fēng)險(xiǎn)官（或相當(dāng)于總裁），風(fēng)險(xiǎn)偏好的定義和風(fēng)險(xiǎn)公差、集成的風(fēng)險(xiǎn)與業(yè)務(wù)計(jì)劃和支持反應(yīng)技術(shù)。</p>

83、<p>　　企業(yè)風(fēng)險(xiǎn)管理的基礎(chǔ)設(shè)施有利于落實(shí)企業(yè)風(fēng)險(xiǎn)管理方面的三個(gè)非常重要的事情。首先，它確立了以事實(shí)為基礎(chǔ)對(duì)企業(yè)的風(fēng)險(xiǎn)和風(fēng)險(xiǎn)管理能力的認(rèn)識(shí)。第二，它可以確保有超過(guò)臨界風(fēng)險(xiǎn)的所有權(quán)。最后，它達(dá)成減少差距的目的。</p><p>　　企業(yè)風(fēng)險(xiǎn)管理的基礎(chǔ)設(shè)施不是適合所有企業(yè)。對(duì)一個(gè)公司最有效的方式可能無(wú)法使用于另一個(gè)公司。企業(yè)風(fēng)險(xiǎn)管理基礎(chǔ)設(shè)施的要素是根據(jù)不同的技術(shù)和工具部署到實(shí)施八項(xiàng)企業(yè)風(fēng)險(xiǎn)管理組件（參

84、見(jiàn)了COSO風(fēng)險(xiǎn)管理框架第2頁(yè)的介紹），該處理的目標(biāo)，該組織的文化和覆蓋范圍的廣度需要整個(gè)組織的經(jīng)營(yíng)單位。管理者根據(jù)這些問(wèn)題和其他有關(guān)因素決定企業(yè)風(fēng)險(xiǎn)管理的基礎(chǔ)設(shè)施所需的要素。</p><p>　　第五步：推進(jìn)處理關(guān)鍵風(fēng)險(xiǎn)的風(fēng)險(xiǎn)管理能力。</p><p>　　這一步開(kāi)始選擇企業(yè)的首要風(fēng)險(xiǎn)。前面的四步完成以后只是開(kāi)始，風(fēng)險(xiǎn)評(píng)估有必要常有更新。一旦風(fēng)險(xiǎn)的優(yōu)先權(quán)的確定，基于更新的風(fēng)險(xiǎn)評(píng)估，管理者

85、必須確定管理每種風(fēng)險(xiǎn)的能力這現(xiàn)行狀況，然后評(píng)估目標(biāo)所希望的狀態(tài)推進(jìn)在有關(guān)這些風(fēng)險(xiǎn)管理能力的成熟度。這已經(jīng)完成了從一個(gè)或兩個(gè)優(yōu)先權(quán)風(fēng)險(xiǎn)（見(jiàn)步驟3）?，F(xiàn)在管理者可以把更大的注意力放在其他有優(yōu)先權(quán)的風(fēng)險(xiǎn)上。</p><p>　　在風(fēng)險(xiǎn)的管理能力上面，必須有所計(jì)劃和改進(jìn)，且與企業(yè)有限資源相一致。對(duì)于每個(gè)優(yōu)先級(jí)的風(fēng)險(xiǎn) ，管理者評(píng)估這些企業(yè)風(fēng)險(xiǎn)管理能力的相對(duì)成熟。從那里，管理層需要有意識(shí)地決定：要做多少附加功能，才能使我們不

86、斷地實(shí)現(xiàn)我們的經(jīng)營(yíng)目標(biāo)？此外，什么是預(yù)期的成本和由風(fēng)險(xiǎn)管理能力提高所帶來(lái)的利益？我們的目標(biāo)是確定企業(yè)風(fēng)險(xiǎn)的最緊迫之處和不確定性，集中改善管理這些暴露的和不確定的風(fēng)險(xiǎn)的能力。企業(yè)風(fēng)險(xiǎn)管理的基礎(chǔ)設(shè)施，管理可以有選擇地施行控制以達(dá)到目標(biāo)。</p><p>　　在企業(yè)風(fēng)險(xiǎn)管理發(fā)展早期階段的基礎(chǔ)設(shè)施方面，公司往往通過(guò)規(guī)范語(yǔ)言，建立風(fēng)險(xiǎn)管理監(jiān)督結(jié)構(gòu)和確定企業(yè)范圍的風(fēng)險(xiǎn)評(píng)估過(guò)程來(lái)奠定基礎(chǔ)。一些公司已經(jīng)把企業(yè)風(fēng)險(xiǎn)管理應(yīng)用在特殊的

87、商業(yè)部門。一些公司已經(jīng)朝著更先進(jìn)的階段發(fā)展，例如在金融機(jī)構(gòu)市場(chǎng)和信用風(fēng)險(xiǎn)管理以及其他行業(yè)的合規(guī)風(fēng)險(xiǎn)管理。</p><p>　　無(wú)論多么有能力的公司代表，他們希望該公司能夠與風(fēng)險(xiǎn)管理方面的風(fēng)險(xiǎn)，董事和高級(jí)行政管理人員受益于這個(gè)意見(jiàn)，關(guān)于如何處理個(gè)體的風(fēng)險(xiǎn)管理就每個(gè)優(yōu)先考慮的風(fēng)險(xiǎn)而言。能力成熟度模型是評(píng)估一個(gè)組織的風(fēng)險(xiǎn)管理能力成熟度的模模。該模型提供五個(gè)等級(jí)來(lái)評(píng)價(jià)企業(yè)從“起步”到 “優(yōu)化”的成熟過(guò)程或能力。</

88、p><p>　　能力成熟度模型，上面顯示的是評(píng)價(jià)可持續(xù)發(fā)展的有力工具。利用這種模式，管理者認(rèn)為企業(yè)在風(fēng)險(xiǎn)管理方面的能力，識(shí)別在特定領(lǐng)域所需的能力水平為基礎(chǔ)的差距，并改變運(yùn)營(yíng)指標(biāo)，以適當(dāng)?shù)倪^(guò)程成熟度的方法。企業(yè)風(fēng)險(xiǎn)管理的基礎(chǔ)設(shè)施的決定，等級(jí)程序是基于事實(shí)依據(jù)，并通過(guò)參與風(fēng)險(xiǎn)負(fù)責(zé)人進(jìn)行正確的引導(dǎo)。</p><p>　　出處：詹姆?W?迪洛克，《企業(yè)風(fēng)險(xiǎn)管理：具體的實(shí)施意見(jiàn)》,甫瀚咨詢公司.2005