外文翻譯--企業(yè)風險管理具體的實施意見

1、<p>　　2135單詞，3980漢字</p><p>　　出處: James W. DeLoach,2005. “Enterprise Risk Management: Practical Implementation Ideas ” . Protiviti, May , PP1-7.</p><p>　　本科畢業(yè)論文（設計）</p><p>　　外

2、文 翻 譯</p><p><b>　　原文：</b></p><p>　　Enterprise Risk Management: Practical Implementation Ideas</p><p>　　One of the most critical challenges for management today is dete

3、rmining how much risk the business is prepared to accept as it strives to create value. Yet, research consistently indicates that six of ten senior executives “l(fā)ack high confidence” that their company’s risk management p

4、ractices identify and manage all potentially significant business risks.</p><p>　　With the heightened focus on risk management, it has become increasingly clear that traditional risk management approaches do

5、 not adequately identify, evaluate and manage risk. Traditional approaches tend to be fragmented, treating risks as disparate and compartmentalized. These risk management approaches often limit the focus to managing unce

6、rtainties around physical and financial assets. Because they focus largely on loss prevention, rather than adding value, traditional approaches do not prov</p><p>　　Under enterprise risk management (ERM), th

7、e focus is on integrating risk management with existing management processes, identifying future events that can have both positive and negative effects, and evaluating effective strategies for managing the organization’

8、s exposure to those possible future events. ERM transforms risk management to a proactive, continuous, value-based, broadly focused and process-driven activity.</p><p>　　A new approach to risk management<

9、/p><p>　　ERM differs from traditional risk management approaches in terms of focus, objective, scope, emphasis and application. It aligns strategy, people, processes, technology and knowledge. The emphasis is o

10、n strategy, and the application is enterprise-wide.</p><p>　　Under an ERM approach, management’s attention is directed to the uncertainties around the enterprise’s entire asset portfolio, including its intan

11、gibles such as customer assets, employee and supplier assets and such organizational assets as its differentiating strategies, distinctive products and brands, and innovative processes and systems. This expanded focus is

12、 important in this era of market capitalizations significantly exceeding balance sheet values and the desire of many companies to focu</p><p>　　The COSO Enterprise Risk Management - Integrated Framework, iss

13、ued in September 2004, defines ERM in broad terms that underscore some fundamental concepts and provides a common language as well as guidance on how to effectively manage risk across the enterprise. Like its internal co

14、ntrol counterpart, the COSO ERM framework is presented as a three-dimensional matrix. It includes four categories of objectives across the top: strategic, operations, reporting and compliance. There are eight componen<

15、;/p><p>　　This ERM framework does not replace the internal control framework. Instead, it incorporates it. As a result, businesses may decide to implement ERM to address their internal control needs and to move

16、 toward a more robust risk management process.</p><p>　　Why implement ERM?</p><p>　　ERM provides a company with the process it needs to become more anticipatory and effective at evaluating, embr

17、acing and managing the uncertainties it faces as it creates sustainable value for stakeholders. It helps an organization manage its risks to protect and enhance enterprise value in three ways. First, it helps to establis

18、h sustainable competitive advantage. Second, it optimizes the cost of managing risk. Third, it helps management improve business performance.</p><p>　　These contributions redefine the value proposition of ri

19、sk management to a business. One way to think about the contribution of ERM to the success of a business is to take a value dynamics approach. Just as potential future events can affect the value of tangible physical and

20、 financial assets, so also can they affect the value of key intangible assets. This is the essence of what ERM contributes to the organization: the elevation of risk management to a strategic level by broadening the appl

21、icat</p><p>　　ERM transitions risk management from “avoiding and hedging bets” to a differentiating skill for protecting and enhancing enterprise value as management seeks to make the best bets in the pursui

22、t of new opportunities for growth and returns. ERM invigorates opportunity-seeking behavior by helping managers develop the confidence that they truly understand the risks and have the capabilities at hand within the org

23、anization to manage those risks.</p><p>　　Five steps to implementing ERM</p><p>　　For organizations choosing to broaden their focus to ERM, there are five practical steps for implementation. Whi

24、le the following steps provide a simplified view of the task of implementing ERM, the implementation process does not occur overnight and, for certain, is not easy to accomplish. ERM is a journey and these steps are a st

25、arting point.</p><p>　　STEP 1: Conduct an enterprise risk assessment (ERA) to assess and prioritize the critical risks.</p><p>　　An ERA identifies and prioritizes the organization’s risks and pr

26、ovides quality inputs for purposes of formulating effective risk responses, including information about the current state of capabilities around managing the priority risks. If an organization has not identified and prio

27、ritized its risks, ERM becomes a tough sell because the value proposition can only be generic. Using the entity’s priority risks to identify gaps provides the basis for improving the specificity of the ERM value pro</

28、p><p>　　STEP 2: Articulate the risk management vision and support it with a compelling value proposition.</p><p>　　This step provides the economic justification for going forward. The “risk managem

29、ent vision” is a shared view of the role of risk management in the organization and the capabilities desired to manage its key risks. To be useful, this vision must be grounded in specific capabilities that must be devel

30、oped to improve risk management performance and achieve management’s selected goals and objectives.</p><p>　　“Risk management capabilities” include the policies, processes, competencies, reporting, methodolo

31、gies and technology required to execute the organization’s response to managing its priority risks. They also consist of what we call “ERM infrastructure.” To illustrate:</p><p>　　Item A. Defining the specif

32、ic capabilities around managing the priority risks begins with prioritizing the critical risks and determining the current state of capabilities around managing those risks. (See Step 1 with regards to conducting an ERA)

33、. Once the current state of capabilities is determined for each of the key risks, the desired state is assessed with the objective of identifying gaps and advancing the maturity of risk management capabilities to close t

34、hose gaps.</p><p>　　Item B. ERM infrastructure consists of the policies, processes, organization oversight and reporting in place to instill the appropriate discipline around continuously improving risk mana

35、gement capabilities. Examples of elements of ERM infrastructure include, among other things, an overall risk management policy, an enterprise-wide risk assessment process, presence of risk management on the Board and CEO

36、 agenda, a chartered risk committee, clarity of risk management roles and responsibilities, d</p><p>　　Here is the message: The greater the gap between the current state and the desired state of the organiza

37、tion’s risk management capabilities (Item A), the greater the need for ERM infrastructure (Item B) to facilitate the advancement of those risk management capabilities over time. A working group of senior executives shoul

38、d be empowered to articulate the role of risk management in the organization and define relevant goals and objectives for the enterprise as a whole and its business units. </p><p>　　STEP 3: Advance the risk

39、management capability of the organization for one or two priority risks.</p><p>　　This step focuses the organization on improving its risk management capability in an area where management knows improvements

40、 are needed. Like any other initiative, ERM must begin somewhere. There are many possible starting points. Examples include:</p><p>　　1. Compliance with the Sarbanes-Oxley Act (specifically Sections 404 and

41、302 of the Act).</p><p>　　2. Risks other than financial reporting risk (for example, one or two priority financial or operational risks, operational risk in a financial institution, other regulatory complian

42、ce risks and/or governance reform issues, etc.).</p><p>　　3. Evaluating enterprise-wide risk assessment results to identify priority areas. (In other words, migration to ERM begins with first selecting the p

43、riority risks and assessing the current state of risk management capabilities addressing those risks, as discussed in Step 1.)</p><p>　　4. Integration of ERM with the management and operating processes that

44、matter (for example, strategic management, annual business planning, new product launch or channel expansion, quality initiatives, performance measurement and assessment, capital expenditure planning, etc.).</p>&

45、lt;p>　　Many public companies in the U.S. may begin their evolution to ERM with Section 404 compliance because the first-year compliance investment is significant and a company cannot have sound governance without tran

46、sparency in its financial reporting. A strong focus on reliable financial reporting is a good foundation on which to build ERM capabilities. Regardless of where an organization begins its journey, the focus of ERM is the

47、 same: to advance the maturity of risk management capabilities for the</p><p>　　STEP 4: Evaluate the existing ERM infrastructure capability and develop a strategy for advancing it.</p><p>　　It t

48、akes discipline to advance the capabilities around managing the critical risks. The policies, processes, organization and reporting that instill that discipline is called “ERM infrastructure.” We have asserted that the p

49、urpose of ERM is to eliminate significant gaps between the current state and the desired state of the organization’s capabilities around managing its key risks. We provided some examples of ERM infrastructure above when

50、discussing Step 2. Other examples include a common risk </p><p>　　ERM infrastructure facilitates three very important things with respect to ERM implementation. First, it establishes fact-based understanding

51、 about the enterprise’s risks and risk management capabilities. Second, it ensures there is ownership over the critical risks. Finally, it drives closure of gaps. </p><p>　　ERM infrastructure is not one-size

52、-fits-all. What works for one organization might not work for another. The elements of ERM infrastructure vary according to the techniques and tools deployed to implement the eight ERM components (see the COSO ERM framew

53、ork introduced on page 2), the breadth of the objectives addressed, the organization’s culture and the extent of coverage desired across the organization’s operating units. Management should decide the elements of ERM in

54、frastructure needed accord</p><p>　　STEP 5: Advance the risk management capabilities for key risks.</p><p>　　This step begins with selecting the enterprise’s priority risks. After the first four

55、 steps are completed, it will often be necessary to update the ERA for change. Once the priority risks are defined, based on the updated ERA, management must determine the current state of the capabilities for managing e

56、ach risk and then assess the desired state with the objective of advancing the maturity of the capabilities around managing those risks. This has already been accomplished for one or two priority</p><p>　　Ri

57、sk management capabilities must be designed and advanced, consistent with an organization’s finite resources. For each priority risk, management evaluates the relative maturity of the enterprise’s risk management capabil

58、ities. From there, management needs to make a conscious decision: How much added capability do we need to continually achieve our business objectives? Further, what are the expected costs and benefits of increasing risk

59、management capabilities? The goal is to identify the organ</p><p>　　Companies in the early stages of developing their ERM infrastructure often lay the foundation with a common language, a risk management ove

60、rsight structure and an enterprise-wide risk assessment process. Some companies have applied ERM in specific business units. And a few companies have evolved toward more advanced stages, such as the management of market

61、and credit risks in financial institutions and the management of compliance risks in other industries.</p><p>　　Wherever a company stands with respect to developing its risk management, directors and executi

62、ve management would benefit from a dialogue around how capable they want the entity’s risk management to be with respect to each of its priority risks. The capability maturity model provides a scale for evaluating the ma

63、turity of an organization’s risk management capabilities. The model provides five states for rating the maturity or capability of any process ranging from “initial” to “optimizing.”</p><p>　　The capability m

64、aturity model, shown above is a powerful tool for evaluating sustainability. Using this model, management rates the enterprise’s capabilities in key risk areas, identifies gaps based on the level of capability desired in

65、 specific areas, and shifts the dialogue on operating metrics to incorporate appropriate emphasis on process maturity. The ERM infrastructure ensures that the rating process is fact-based and conducted with integrity by

66、the participating risk owners.</p><p><b>　　譯文</b></p><p>　　企業(yè)風險管理：具體的實施意見</p><p>　　公司在力求創(chuàng)造價值的同時準備接受多大的企業(yè)的風險已成為當今企業(yè)管理的最重大挑戰(zhàn)之一。然而，研究表明十分之六的高級管理人員對公司的風險管理實務的確定和管理所有重大業(yè)務潛在的風

67、險方面“非常缺乏信心”。</p><p>　　隨著對風險管理的高度集中，傳統(tǒng)的風險管理方法并不能充分識別、評估和管理風險這一情況變得越來越明顯。由于不同的風險和劃分，傳統(tǒng)的方法常常是相互獨立的。這些風險管理的方法往往限制和限制注意力集中在不確定性的實物資產和金融資產周圍。因為他們主要把精力集中在預防損失方面，而不是增加價值方面。傳統(tǒng)方法已不能夠在這個瞬息萬變的世界給大多數需要重新定義風險管理價值的組織提供一個有用

68、的框架。</p><p>　　在當下的企業(yè)風險管理（ERM），重點是在在目前的管理程序中整合現有的風險管理流程，確定今后的活動并確定正面和負面的影響，以及評價管理組織將來可能發(fā)生的風險管理的有效策略。企業(yè)風險管理將風險管理轉變?yōu)榉e極進取的、連續(xù)的、以價值為基礎的，著眼于大局和驅動過程的活動。</p><p>　　一個新的風險管理方法</p><p>　　企業(yè)風險管

69、理系統(tǒng)不同于傳統(tǒng)的企業(yè)風險管理的重點，目標，范圍，重點和應用方面的管理辦法。企業(yè)風險管理系統(tǒng)策略、人員、流程、技術和知識方面做了調整。重點是對整個企業(yè)的戰(zhàn)略和應用程序做出調整。</p><p>　　在當前的企業(yè)風險管理方法，管理人員的注意力集中在圍繞在企業(yè)的整個資產組合的不確定性，其中包括客戶資產，員工和供應商的資產以及這些組織資產的無形資產作為其不同的策略，與眾不同的產品和品牌，和創(chuàng)新的流程和系統(tǒng)。這一擴展的重

70、點是在企業(yè)的市場價值大大超過資產負債表和許多企業(yè)都希望集中于保護他們企業(yè)的聲譽，以防止未來的有關事件對企業(yè)風險造成不可接受的風險。</p><p>　　2004年9月在COSO企業(yè)的風險綜合管理框架內，在這個定義強調風險管理的一些基本概念術語，并提供廣泛的共同語言，以及如何有效地管理整個企業(yè)的風險指導。像它的內部控制副本，COSO的企業(yè)風險管理框架列出了一個三維矩陣。矩陣上面包括了四個類別上的首要目標：戰(zhàn)略，運營

71、，報告和遵守。有八個企業(yè)風險管理組件橫跨立方體的前面。最后，在矩陣的實體上，把他的業(yè)務部門和經營單位描繪為三維矩陣的一個部分。</p><p>　　本企業(yè)風險管理框架并不能取代內部控制框架。相反，企業(yè)風險管理框架包含了內部控制框架。因此，企業(yè)可能會決定實施企業(yè)風險管理的內部控制，以解決他們的需求和走向一個更加健全的風險管理過程。</p><p>　　為什么要實施企業(yè)風險管理？</p&

72、gt;<p>　　企業(yè)風險管理提供了一個需要更加預期，有效的評估，以及包含和管理面臨的不確定性的流程，因為它為股東創(chuàng)造了可持續(xù)的公司價值。它有三種方式可以幫助組織管理風險，以保護和提高企業(yè)的價值。第一、它有助于建立可持續(xù)的競爭優(yōu)勢；第二、它優(yōu)化了管理風險成本；第三、它有助于管理者提高經營業(yè)績。</p><p>　　這些貢獻重新界定一個企業(yè)風險管理的價值。單方面的從企業(yè)風險管理的貢獻考慮商業(yè)是否成功取

73、決于建立一個動態(tài)的方法。正如未來潛在的事件可以對有形實物資產和金融資產的價值造成影響，所以也可以影響企業(yè)主要的無形資產的價值。這就是企業(yè)風險管理有助于組織的實質：風險管理的升級擴張應用程序和風險管理程序關注的焦點在于所有價值的來源，而不僅僅是物質和經濟上的一個戰(zhàn)略層面。</p><p>　　企業(yè)風險管理轉變風險管理，由“避免和對沖賭注”向用不同的技術為保護和提升企業(yè)價值，像管理者力圖尋找最佳方式，使企業(yè)得到能帶來

74、企業(yè)增長和高回報的新機遇。企業(yè)風險管理給尋求機會的管理者以鼓舞，以幫助管理者尋求發(fā)展的信心。那些管理者真正了解這些風險，并在公司里的能力范圍內管理這些風險。</p><p>　　實施企業(yè)風險管理的五個步驟</p><p>　　對公司來說選擇企業(yè)風險管理的重點，有五個實施的實際步驟。而下面的步驟提供了實施企業(yè)風險管理任務的簡化視圖，執(zhí)行過程不會在一夜之間發(fā)生和肯定的，是不容易完成的任務。企業(yè)

75、風險管理是一個過程，這些步驟只是一個起點。</p><p>　　第一步：進行企業(yè)風險評估（ERA）來評估和優(yōu)先考慮關鍵風險。</p><p>　　上述的ERA是指識別和優(yōu)先排列的組織的風險，并為制定有效的風險對策，包括現行狀態(tài)關于優(yōu)化風險管理的能力的信息。如果一個公司不能確定和優(yōu)化風險，企業(yè)風險管理將會變成一場攻堅戰(zhàn)，因為價值取向是通用的。使用實體來優(yōu)化風險，分析差距為提高企業(yè)風險管理專一

76、性的價值取向提供基礎。消息：避免了無休止的關于企業(yè)風險管理的對話。從企業(yè)風險評估作為開始來了解你的風險。</p><p>　　第二步：闡明風險管理的遠景和用一個引人注目的價值主張支持</p><p>　　此步驟通過的經濟理由向前推進?！帮L險管理的遠景”是公司風險管理者的一個共同觀點和希望管理他關鍵風險的能力。為了有用，這個愿景必須立足于發(fā)展，必須改善風險管理績效，實現管理的目標和選擇目標的

77、具體能力。</p><p>　　“風險管理能力”，包括政策，程序，權限，報告，方法和技術。他們也包括我們所說的“企業(yè)風險管理的基礎設施。”說明：</p><p>　　A：界定圍繞風險管理項目的特殊功能，從考慮優(yōu)先權風險開始，并確圍繞當前狀態(tài)風險管理的能力。一旦當前狀態(tài)的功能是確定每一個主要風險，對所期望的狀態(tài)進行評估，以期查明差距和推進風險管理的能力成熟度來減少這些差距。</p>

78、;<p>　　B：企業(yè)風險管理基礎設施包括政策、流程、組織監(jiān)督和灌輸的地方關于不斷提高風險管理能力的適當的紀律報告。企業(yè)風險管理的基礎設施要素的例子包括，除其他外，全面風險管理政策，企業(yè)范圍的風險評估過程中，風險董事會和首席執(zhí)行官的議程，特許風險委員會，風險管理角色和責任不明確管理的存在，儀表板和其他風險報告，專有工具，描繪的風險投資組合的看法。</p><p>　　下面是該消息：在現行狀況和理想狀

79、態(tài)的公司風險管理能力有較大的差距（A項），隨著時間的推移企業(yè)風險管理基礎設施需要較大來促進企業(yè)風險能力的前進（B項）。一個工作組的高級管理人員應有權闡明風險管理中的組織作用和定義其相關業(yè)務部門的企業(yè)目標和目的。</p><p>　　第三步：推進公司風險管理的一個或兩個優(yōu)先風險的能力。</p><p>　　這一步的重點在于提高公司的風險管理能力在他需要提高這一能力的地方。像任何其他倡議，企業(yè)

80、風險管理必須從某個地方開始。有很多可能的出發(fā)點。例子包括：</p><p>　　1、遵守薩班斯-奧克斯利法案（特別是第404和第302號法令）。 </p><p>　　2、不同于財務報告風險的風險（例如，一個或兩個優(yōu)先財務或經營風險，操作風險的金融機構，其他監(jiān)管合規(guī)風險和/或管理改革問題等）。 </p><p>　　3、評價企業(yè)范圍的風險評估結果，確定優(yōu)先領域。（換

81、句話說，遷移到企業(yè)風險管理開始。與第一優(yōu)先選擇的風險和評估風險管理能力應對這些風險的當前狀態(tài)，如步驟1中討論）</p><p>　　4、整合的管理和運作流程，風險管理事項。（例如戰(zhàn)略管理，年度經營計劃，新產品推出或渠道拓展，質量的倡議，性能測量和評估，資本支出計劃等）。</p><p>　　第四步：評估現有的企業(yè)風險管理能力和發(fā)展基礎設施為推進企業(yè)風險管理的戰(zhàn)略。 </p>

82、<p>　　這需要紀律，以促進全世界管理關鍵風險的能力。這政策，流程，組織和報告方面的灌輸，管理是所謂的“企業(yè)風險管理的基礎設施”。我們已經斷言，企業(yè)風險管理的目的是為了消除有關管理的主要風險。我們提供基礎設施的例子,在上面時討論風險第2步。其他例子包括一個共同的風險語言和其他框架，知識共享，以確定最佳做法，共同培訓，首席風險官（或相當于總裁），風險偏好的定義和風險公差、集成的風險與業(yè)務計劃和支持反應技術。</p>

83、<p>　　企業(yè)風險管理的基礎設施有利于落實企業(yè)風險管理方面的三個非常重要的事情。首先，它確立了以事實為基礎對企業(yè)的風險和風險管理能力的認識。第二，它可以確保有超過臨界風險的所有權。最后，它達成減少差距的目的。</p><p>　　企業(yè)風險管理的基礎設施不是適合所有企業(yè)。對一個公司最有效的方式可能無法使用于另一個公司。企業(yè)風險管理基礎設施的要素是根據不同的技術和工具部署到實施八項企業(yè)風險管理組件（參

84、見了COSO風險管理框架第2頁的介紹），該處理的目標，該組織的文化和覆蓋范圍的廣度需要整個組織的經營單位。管理者根據這些問題和其他有關因素決定企業(yè)風險管理的基礎設施所需的要素。</p><p>　　第五步：推進處理關鍵風險的風險管理能力。</p><p>　　這一步開始選擇企業(yè)的首要風險。前面的四步完成以后只是開始，風險評估有必要常有更新。一旦風險的優(yōu)先權的確定，基于更新的風險評估，管理者

85、必須確定管理每種風險的能力這現行狀況，然后評估目標所希望的狀態(tài)推進在有關這些風險管理能力的成熟度。這已經完成了從一個或兩個優(yōu)先權風險（見步驟3）。現在管理者可以把更大的注意力放在其他有優(yōu)先權的風險上。</p><p>　　在風險的管理能力上面，必須有所計劃和改進，且與企業(yè)有限資源相一致。對于每個優(yōu)先級的風險 ，管理者評估這些企業(yè)風險管理能力的相對成熟。從那里，管理層需要有意識地決定：要做多少附加功能，才能使我們不

86、斷地實現我們的經營目標？此外，什么是預期的成本和由風險管理能力提高所帶來的利益？我們的目標是確定企業(yè)風險的最緊迫之處和不確定性，集中改善管理這些暴露的和不確定的風險的能力。企業(yè)風險管理的基礎設施，管理可以有選擇地施行控制以達到目標。</p><p>　　在企業(yè)風險管理發(fā)展早期階段的基礎設施方面，公司往往通過規(guī)范語言，建立風險管理監(jiān)督結構和確定企業(yè)范圍的風險評估過程來奠定基礎。一些公司已經把企業(yè)風險管理應用在特殊的

87、商業(yè)部門。一些公司已經朝著更先進的階段發(fā)展，例如在金融機構市場和信用風險管理以及其他行業(yè)的合規(guī)風險管理。</p><p>　　無論多么有能力的公司代表，他們希望該公司能夠與風險管理方面的風險，董事和高級行政管理人員受益于這個意見，關于如何處理個體的風險管理就每個優(yōu)先考慮的風險而言。能力成熟度模型是評估一個組織的風險管理能力成熟度的模模。該模型提供五個等級來評價企業(yè)從“起步”到 “優(yōu)化”的成熟過程或能力。</

88、p><p>　　能力成熟度模型，上面顯示的是評價可持續(xù)發(fā)展的有力工具。利用這種模式，管理者認為企業(yè)在風險管理方面的能力，識別在特定領域所需的能力水平為基礎的差距，并改變運營指標，以適當的過程成熟度的方法。企業(yè)風險管理的基礎設施的決定，等級程序是基于事實依據，并通過參與風險負責人進行正確的引導。</p><p>　　出處：詹姆?W?迪洛克，《企業(yè)風險管理：具體的實施意見》,甫瀚咨詢公司.2005