《2017版COSO新企业风险管理框架20原则》由会员分享,可在线阅读,更多相关《2017版COSO新企业风险管理框架20原则(3页珍藏版)》请在金锄头文库上搜索。
1、COSO新企业风险管理(ERM)框架(2017版)20原则Components and Principles :要素和原则 :1. Exercises Board Risk Oversight The board of directors provides oversight of the strategy and carries out governance responsibilities support to management in achieving strategy and business objectives.1. 董事会执行风险监督 - 董事会对战略进行监督,执行治理责任,
2、支持管理实现 战略和业务目标。2. Establishes Operating StructuresThe organization establishesoperating structures in the pursuit of strategy and business objectives.2. 建立运营机构 - 组织在追求战略和业务目标方面建立运营机构。3. Defines Desired Culture The organization defines the desired behaviors that characterize the entity s desired cult
3、ure.3. 定义崇尚的文化 - 组织定义期望的行为来描述所崇尚的文化。4. Demonstrates Commitment to Core Values The organizationdemonstratesa commitment to the entity s core values.4. 展示对核心价值的承诺 - 组织表现出对核心价值观的承诺。5. Attracts, Develops, and Retains Capable Individuals The organization is committed to building humancapital in alignment
4、 with the strategy and business objectives.5. 吸引,发展和保留有能力的个体 - 组织致力于建立符合战略和业务目标的人力 资本。6. Analyzes Business Context The organization considers potential effects of business context on risk profile.6. 分析业务环境 - 组织考虑业务环境对风险状况的潜在影响。7. Defines Risk Appetite The organization defines risk appetite in the co
5、ntext of creating, preserving, and realizing value.7. 定义风险偏好 - 组织在创造,维护和实现价值的背景下定义风险偏好。8. Evaluates Alternative Strategies The organization evaluates alternative strategies and potential impact on risk profile.8. 评估替代策略 - 组织评估替代策略,并对其潜在影响进行风险预测。9. Formulates Business Objectives The organization cons
6、iders risk while establishing the business objectives at various levels that align and support strategy.9. 制定业务目标 - 组织在确定协调和支持战略的各个层次的业务目标的同时,应 考虑风险。10.Identifies Risk The organization identifies risk that impacts the performance of strategy and business objectives.10. 识别风险 - 组织应确定影响战略和业务目标绩效的风险。11.
7、Assesses Severity of Risk The organization assesses the severity of risk.11. 评估风险的严重程度 - 组织评估风险的严重程度。12.Prioritizes Risks The organization prioritizes risks as a basis for selecting responses to risks.12. 风险排序 - 组织将风险优先排序,作为选择风险应对的基础。13.Implements Risk Responses The organization identifies and selec
8、ts risk responses.13. 实施风险响应 - 组织识别并选择风险响应措施。14. Develops Portfolio View The organization develops and evaluates a portfolio view of risk.14. 建立风险组合观 - 组织开发和评估风险组合观。15. Assesses Substantial Change The organization identifies and assesses changes that may substantially affect strategy and business ob
9、jectives.15. 评估实质性变化 - 组织识别和评估可能严重影响战略和业务目标的变更。16. Reviews Risk and Performance The organization reviews entity performance and considers risk.16. 评估风险和绩效 - 组织评价绩效并考虑风险。17. Pursues Improvement in Enterprise Risk Management The organization pursues improvement of enterprise risk management.17. 企业风险管理
10、持续改进 - 组织应追求企业风险管理的不断完善。18. Leverages Information Systems The organization leverages the entity s information and technology systems to support enterprise risk management.18. 利用信息系统 - 组织利用信息技术系统来支持企业风险管理。19. Communicates Risk Information The organization uses communication channels to support enterprise risk management.19. 沟通风险信息 - 组织使用沟通渠道来支持企业风险管理。20. Reports on Risk, Culture, and Performance The organization reports on risk, culture, and performance at multiple levels and across the entity.20. 风险、文化和绩效报告 - 组织在内部各个层次进行风险、 文化和绩效的报告
