企业风险管理整合框架讲解资料(编辑修改稿)

企业风险管理整合框架讲解资料(编辑修改稿)内容摘要：

consider information about internal and external environments, deploy precious resources, and recalibrate activities to changing circumstances. 从战略制订到企业的日常经营，在所有的活动中，管理当局的决策都会创造、保持或破坏价值。 通过把资源，包括人、资本、技术和 品牌，调配到能够产生比过去更多的利益的地方，就会发生价值创造。 当创造的价值通过更高的产品质量、生产能力和顾客满意度以及其他方式得以维持时，就会发生价值保持。 当由于糟糕的战略或执行导致这些目标不能达成时，价值就会被破坏。 决策中伴生着对风险和机会的认识，要求管理当局有关内部和外部环境的信息，调配宝贵的资源，并针对变化的环境重新校准行动。 Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives. Enterprise risk management enpasses: 当管理当局制订战略和目标，去追求增长和报酬目的以及相关的风险之间的最优平衡，并且为了实现主体的目标而提高效率和有效地配置资源时，价值得以最大化。 企业风险管理包括： • Aligning risk appetite and strategy – Management considers the entity’s risk appetite first in evaluating strategic alternatives, then in setting objectives aligned with the selected strategy and in developing mechanisms to manage the related risks. For example, a pharmaceutical pany has a low risk appetite relative to its brand value. Accordingly, to protect its brand, it maintains extensive protocols to ensure product safety and regularly invests significant resources in earlystage research and development to support brand value creation. ● 协调风险容量与战略 —— 管理当局首先要在评价备选战略的过程中考虑主体的风险容量，然后在设定与选定的战略相协调的目标的过程中，以及在构建管理相关风险的机制的过程中，也要考虑主体的风险容量。 例如，一家制药公司与其品牌价值相关的风险容量较低。 因此，为了保护它的品牌，它坚持了大量的规程以确保产品的安全性，并且经常性地投入巨额的资源用于早期的研究与开发以支 12 持品牌价值创造。 • Enhancing risk response decisions – Enterprise risk management provides the rigor to identify and select among alternative risk responses – risk avoidance, reduction, sharing, and acceptance. For example, management of a pany that uses pany owned and operated vehicles recognizes risks inherent in its delivery process, including vehicle damage and personal injury costs. Available alternatives include reducing the risk through effective driver recruiting and training, avoiding the risk by outsourcing delivery, sharing the risk via insurance, or simply accepting the risk. Enterprise risk management provides methodologies and techniques for making these decisions. ● 增进风险应对决策 —— 企业风险管理为识别和在备选的风险应对 —— 风险回避、降低、分担和承受 —— 之间进行选择提供了严密性。 例如，一家利用公司自有和运营的车辆的公司的管理当局认识到在其运送过程中存在的风险，包括车辆损坏和人身伤害成本。 可能的选择包括通过有效的司机招聘和培训来降低风险，通过外包运送业务来回避风险，通过保险来分担风险 ，或者简单地承担风险。 企业风险管理为这些决策提供方法和技巧。 • Reducing operational surprises and losses – Entities gain enhanced capability to identify potential events, assess risk, and establish responses, thereby reducing the occurrence of surprises and related costs or losses. For example, a manufacturing pany tracks production parts and equipment failure rates and deviation around averages. The pany assesses the impact of failures using multiple criteria, including time to repair, inability to meet customer demand, employee safety, and cost of scheduled versus unscheduled repairs, and responds by setting maintenance schedules accordingly. ● 抑减经营意外和损失 —— 主体增强了识别潜在事项、评估风险和加以应对的能力，从而降低意外的发生和由此带来的成本或损失。 例如，一家制造公司调整生产部件和设备故障率和误差使其接近正常水平。 该公司采用多重标准来评估故障的影响，包括维修时间、不能满足客户需要、员工案例以及预定维修与非预定维修的成本，并据此制订维护方案来加以应对。 • Identifying and managing crossenterprise risks – Every entity faces a myriad of risks affecting different parts of the anization. Management needs to not only manage individual risks, but also understand interrelated impacts. For example, a bank faces a variety of risks in trading activities across the enterprise, and management developed an information system that analyzes transaction and market data from other internal systems, which, together with relevant externally generated information, provides an aggregate view of risks across all trading activities. The information system allows drilldown capability to department, customer or counterparty, trader, and transaction levels, and quantifies the risks relative to risk tolerances in established categories. The system enables the bank to bring together previously disparate data to respond more effectively to risks using aggregated as well as targeted views. ● 识别和管理贯穿于企业的风险 —— 每一个主体都面临着影响组织的不同部分 13 的无数风险。 管理当局不仅需要管理个别风险，还需要了解相互关联的影响。 例如，一家银行面临着贯穿于企业的交易活动的一系列风险，管理当局开发一套信息系统来分析来自其他内部系统的交易和市场数据，它与外部生成的有关信息一起，提供了关于贯穿于所有交易活动的风险的整体看法。 这个信息系统可以向下追溯到部门、客户或同行、交易商和交易层次，并针对既定类别的风险容量对风险进行量化。 这个系统使该银行能够把先前分隔的数据凑到一起，从而采用整体的和有目的性看法来更加 有效地应对风险。 • Providing integrated responses to multiple risks – Business processes carry many inherent risks, and enterprise risk management enables integrated solutions for managing the risks. For instance, a wholesale distributor faces risks of over and undersupply positions, tenuous supply sources, and unnecessarily high purchase prices. Management identified and assessed risk in the context of the pany’s strategy, objectives, and alternative responses, and developed a farreaching inventory control system. The system integrates with suppliers, sharing sales and inventory information and enabling strategic partnering, and avoiding stockouts and unneeded carrying costs, with longerterm sourcing contracts and enhanced pricing. Suppliers take responsibility for replenishing stock, generating further cost reductions. ● 提供对多重风险的整体应对 —— 经营过程带来许多固有的风险，而企业风险管理能够为管理这些风险提供整体解决方案。 例如，一个批发本着商面临着供货过量和不足、薄弱的供货来源以及不必要的高采购价格等方面的风险。 管理当局以公司战略、目标和备选的应对为背景识别和评估风险，开发了一套广泛拓展的存货控制系统。 这个系统与供货商相整合，共享销售和库存信息，帮助选择战略伙伴，并通过更长期间的进货合同和 改进的定价方式，避免缺货和不必要的运送成本。 由供应商负责补足库存，从而进一步降低了成本。 • Seizing opportunities – By considering a full range of potential events, rather than just risks, management identifies events representing opportunities. For example, a food pany considered potential events likely to affect its sustainable revenue growth objective. In evaluating the events, management determined that the pany’s primary consumers are increasingly health conscious and changing their dietary preferences, indi。