coso.docVIP

2. FRAMEWORK OVERVIEW 框架概览 Chapter Summary: Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within the entity’s risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. The definition is broad, relating to all aspects of a business. Enterprise risk management consists of eight interrelated components, which complement the way management runs the enterprise and are integrated with other management processes. The components are linked and serve as criteria for determining whether enterprise risk management is effective. 本章概要：企业风险管理是一个过程，受组织的董事会、管理层和其他人员影响，企业风险管理应用于战略制定，贯穿整个企业，旨在识别影响组织的潜在事件，在组织的风险胃口范围内管理风险，为组织目标的实现提供合理的保证。这个定义很宽泛，涉及企业的方方面面。企业风险管理由八个互相关联的部分组成，这些组成部分辅助企业管理方式，并和其他管理流程有机整合。这八个部分互相关联，是评价企业风险管理是否有效的标准。 A key objective of this framework is to help managements of businesses and other entities better deal with risk inherent in achieving an entity’s objectives. But enterprise risk management means different things to different people. The wide variety of labels and meanings prevents a common understanding of enterprise risk management. An important goal, then, is to integrate various risk management concepts into a framework in which a common definition is established and components identified. This framework is designed to accommodate most viewpoints and provide a starting point for individual entities’ assessments and enhancement of enterprise risk management, for future initiatives of rule-making bodies and for education. 本框架的一个主要目标是帮助企业或其他机构的管理层更好应对风险以实现组织目标。但是，企业风险管理的含义因人而异。一个包罗万象的标签无助于对企业风险管理达成共识。于是，就需要把众多的风险管理概念集成在一个框架之中，在框架里确立一个普遍接受的定义及确定其组成部分。这个框架融众多观点于一炉，为单个组织识别和加强企业风险管理提供一个支点，也为规则制定机构和教育界人士进一步的研究和行动提供基础。 Events and Risks 事件和风险 A myriad of events from internal or external sources has the potential to