风险管理【外文翻译】

外文文献翻译译文 一 外文原文 原文 原文 Risk Management This chapter reviews and discusses the basic issues and principles of risk management including risk acceptability tolerability risk reduction and the ALARP principle cautionary and precautionary principles And presents a case study showing the importance of these issues and principles in a practical management context Before we take a closer look let us briefly address some basic features of risk management The purpose of risk management is to ensure that adequate measures are taken to protect people the environment and assets from possible harmful consequences of the activities being undertaken as well as to balance different concerns in particular risks and costs Risk management includes measures both to avoid the hazards and to reduce their potential harm Traditionally in industries such as nuclear oil and gas risk management was based on a prescriptive regulating regime in which detailed requirements were set with regard to the design and operation of the arrangements This regime has gradually been replaced by a more goal oriented regime putting emphasis on what to achieve rather than on the means of achieving it Risk management is an integral aspect of a goal oriented regime It is acknowledged that risk cannot be eliminated but must be managed There is nowadays an enormous drive and enthusiasm in various industries and in society as a whole to implement risk management in organizations There are high expectations that risk management is the proper framework through which to achieve high levels of performance Risk management involves achieving an appropriate balance between realizing opportunities for gain and minimizing losses It is an integral part of good management practice and an essential element of good corporate governance It is an iterative process consisting of steps that when undertaken in sequence can lead to a continuous improvement in decision making and facilitate a continuous improvement in performance To support decision making regarding design and operation risk analyses are carried out They include the identification of hazards and threats cause analyses consequence analyses and risk descriptions The results are then evaluated The totality of the analyses and the evaluations are referred to as risk assessments Risk assessment is followed by risk treatment which is a process involving the development and implementation of measures to modify the risk including measures designed to avoid reduce optimize transfer or retain the risk Risk transfer means sharing with another party the benefit or loss associated with a risk It is typically affected through insurance Risk management covers all coordinated activities in the direction and control of an organization with regard to risk In many enterprises the risk management tasks are divided into three main categories strategic risk financial risk and operational risk Strategic risk includes aspects and factors that are important for the enterprise s long term strategy and plans for example mergers and acquisitions technology competition political conditions legislation and regulations and labor market Financial risk includes the enterprise s financial situation and includes Market risk associated with the costs of goods and services foreign exchange rates and securities shares bonds etc Credit risk associated with a debtor s failure to meet its obligations in accordance with agreed terms Liquidity risk reflecting lack of access to cash the difficulty of selling an asset in a timely manner Operational risk is related to conditions affecting the normal operating situation Accidental events including failures and defects quality deviations natural disasters Intended acts sabotage disgruntled employees etc Loss of competence key personnel Legal circumstances associated for instance with defective contracts and liability insurance For an enterprise to become successful in its implementation of risk management top management needs to be involved and activities must be put into effect on many levels Some important points to ensure success are the establishment of a strategy for risk management i e the principles of how the enterprise defines and implements risk management Should one simply follow the regulatory requirements minimal requirements or should one be the best in the class The establishment of a risk management process for the enterprise i e formal processes and routines that the enterprise is to follow The establishment of management structures with roles and responsibilities such that the risk analysis process becomes integrated into the organization The implementation of analyses and support systems such as risk analysis tools recording systems for occurrences of various types of events etc The communication training and development of a risk management culture so that the competence understanding and motivation level within the organization is enhanced Given the above fundamentals of risk management the next step is to develop principles and a methodology that can be used in practical decision making This is not however straightforward There are a number of challenges and here we address some of these establishing an informative risk picture for the various decision alternatives using this risk picture in a decision making context Establishing an informative risk picture means identifying appropriate risk indices and assessments of uncertainties Using the risk picture in a decision making context means the definition and application of risk acceptance criteria cost benefit analyses and the ALARP principle which states that risk should be reduced to a level which is as low as is reasonably practicable It is common to define and describe risks in terms of probabilities and expected values This has however been challenged since the probabilities and expected values can camouflage uncertainties the assigned probabilities are conditional on a number of assumptions and suppositions and they depend on the background knowledge Uncertainties are often hidden in this background knowledge and restricting attention to the assigned probabilities can camouflage factors that could produce surprising outcomes By jumping directly into probabilities important uncertainty aspects are easily truncated and potential surprises may be left unconsidered Let us as an example consider the risks seen through the eyes of a risk analyst in the 1970s associated with future health problems for divers working on offshore petroleum projects The analyst assigns a value to the probability that a diver would experience health problems properly defined during the coming 30 years due to the diving activities Let us assume that a value of 1 was assigned a number based on the knowledge available at that time There are no strong indications that the divers will experience health problems but we know today that these probabilities led to poor predictions Many divers have experienced severe health problems Avon and Vine 2007 By restricting risk to the probability assignments alone important aspects of uncertainty and risk are hidden There is a lack of understanding about the underlying phenomena but the probability assignments alone are not able to fully describe this status Several risk perspectives and definitions have been proposed in line with this realization For example Avon 2007a 2008a defines risk as the two dimensional combination of events consequences and associated uncertainties will the events occur what the consequences will be A closely related perspective is suggested by Avon and Renan 2008a who define risk associated with an activity as uncertainty about and severity of the consequences of the activity where severity refers to intensity size extension scope and other potential measures of magnitude with respect to something that humans value lives the environment money etc Losses and gains expressed for example in monetary terms or as the number of fatalities are ways of defining the severity of the consequences See also Avon and Christensen 2005 In the case of large uncertainties risk assessments can support decision making but other principles measures and instruments are also required such as the cautionary precautionary principles as well as robustness and resilience strategies An informative decision basis is needed but it should be far more nuanced than can be obtained by a probabilistic analysis alone This has been stressed by many researchers e g Apostolicism 1990 and Apostolicism and Lemon 2005 qualitative risk analysis QRA results are never the sole basis for decision making Safety and security related decision making is risk informed not risk based This conclusion is not however justified merely by referring to the need for addressing uncertainties beyond probabilities and expected values The main issue here is the fact that risks need to be balanced with other concerns When various solutions and measures are to be compared and a decision is to be made the analysis and assessments that have been conducted provide a basis for such a decision In many cases established design principles and standards provide clear guidance Compliance with such principles and standards must be among the first reference points when assessing risks It is common thinking that risk management processes and especially ALARP processes require formal guidelines or criteria e g risk acceptance criteria and cost effectiveness indices to simplify the decision making Care must however be shown when using this type of formal decision making criteria as they easily result in a mechanization of the decision making process Such mechanization is unfortunate because Decision making criteria based on risk related numbers alone probabilities and expected values do not capture all the aspects of risk costs and benefits no method has a precision that justifies a mechanical decision based on whether the result is over or below a numerical criterion It is a managerial responsibility to make decisions under uncertainty and management should be aware of the relevant risks and uncertainties Apostolicism and Lemon 2005 adopt a pragmatic approach to risk analysis and risk management acknowledging the difficulties of determining the probabilities of an attack Ideally they would like to implement a risk informed procedure based on expected values However since such an approach would require the use of probabilities that have not been rigorously derived they see themselves forced to resort to a more pragmatic approach This is one possible approach when facing problems of large uncertainties The risk analyses simply do not provide a sufficiently solid basis for the decision making process We argue along the same lines There is a need for a management review and judgment process It is necessary to see beyond the computed risk picture in the form of the probabilities and expected values Traditional quantitative risk analyses fail in this respect We acknowledge the need for analyzing risk but question the value added by performing traditional quantitative risk analyses in the case of large uncertainties The arbitrariness in the numbers produced can be significant due to the uncertainties in the estimates or as a result of the uncertainty assessments being strongly dependent on the analysts It should be acknowledged that risk cannot be accurately expressed using probabilities and expected values A quantitative risk analysis is in many cases better replaced by a more qualitative approach as shown in the examples above an approach which may be referred to as a semi quantitative approach Quantifying risk using risk indices such as the expected number of fatalities gives an impression that risk can be expressed in a very precise way However in most cases the arbitrariness is large In a semi quantitative approach this is acknowledged by providing a more nuanced risk picture which includes factors that can cause surprises relative to the probabilities and the expected values Quantification often requires strong simplifications and assumptions and as a result important factors could be ignored or given too little or too much weight In a qualitative or semi quantitative analysis a more comprehensive risk picture can be established taking into account underlying factors influencing risk In contrast to the prevailing use of quantitative risk analyses the precision level of the risk description is in line with the accuracy of the risk analysis tools In addition risk quantification is very resource demanding One needs to ask whether the resources are used in the best way We conclude that in many cases more is gained by opening up the way to a broader more qualitative approach which allows for considerations beyond the probabilities and expected values The traditional quantitative risk assessments as seen for example in the nuclear and the oil Uncertainty assessments Description of the background knowledge including models and data used The uncertainty assessments should not be restricted to standard probabilistic analysis as this analysis could hide important uncertainty factors The search for quantitative explicit approaches for expressing the uncertainties even beyond the subjective probabilities may seem to be a possible way forward However such an approach is not recommended Trying to be precise and to accurately express what is extremely uncertain does not make sense Instead we recommend a more open qualitative approach to reveal such uncertainties Some might consider this to be less attractive from a methodological and scientific point of view Perhaps it is but it would be more suited for solving the problem at hand which is about the analysis and management of risk and uncertainties Source Terje Aven 2010 Risk Management Risk in Technological Systems Oct p175 198 二 翻译文章 译文 译文 风险管理风险管理 本章回顾和讨论风险管理的基本问题和原则 包括 风险可接受性 耐受 性 风险削减和安全风险管理原则 警示和预防原则 并提出了一个研究案例 说明在实际管理环境中这些问题和原则的重要性 这需要我们的深入研究 在 此之前 让我们简单谈谈风险管理的一些基本特征 风险管理的目的是 在现时事件产生有害后果时 及时采取适当的措施以 确保人类 环境和资产的安全 以及平衡人们的不同关注取向 特别是风险和 成本 风险管理包括两种措施 控制危险源和减少潜在的危害 传统上 诸如 核能 石油和天然气产业 风险管理主要是依靠规范监管制度来管理的 这项 制度对设计和操作的安排提出了系统性的要求 但是渐渐的 这一制度已被一 项更加标准化的制度所取代 此制度是强调要取得的成果而不是如何实现这些 成果的手段 风险管理是标准化制度的一个组成部分 风险不能消除 只能加以控制改 善 这是被人们所公认的 现在有一项具有巨大驱动力和感召力的措施正应运 而生 它将不同产业和社会作为一个整体来实施组织风险管理 风险管理是一 项适当的措施 人们对于用它来实现高产值有很大的期望 风险管理包括可认识到的实现增益的机会和损失的最小化 并且在它们之 间实现适当的平衡 这是一个组织构成良好有效的管理实践的基本要素 这是 一个由递进步骤组成的反复的过程 按顺序进行时 能不断提高决策正确性并 且促进产值的不断增长 为了支持决策方面的设计和操作 需要进行风险分析 它们包括危害物和 威胁识别 成因分析 结果分析和风险描述鉴定 然后评估结果 所有的分析 和评估将被作为风险评估 其次是风险评估的处理办法 这是一个过程 涉及 开发和实施措施来缓和风险 措施包括避免 减少 优化 转移或保留风 险 风险转移意味着与另一方共同享有利益或承担由于损失造成的风险 它最 典型的是受保险的影响 风险管理涵盖了所有协调活动的方向目标和风险组织 在许多企业中 风险管理的任务分为三大类 战略风险 财务风险和经营 风险 战略风险包括对于企业的长期战略和计划起重要作用的方面和因素 例 如兼并和收购 技术 竞争 政治环境 法律和法规 以及劳工市场 财务风 险包括影响企业财务状况的因素 包括 市场风险 商品和服务 外汇汇率和 证券的相关成本 股票 债权等 信用风险 与债务人没有按照其约定的有关 条款履行义务 流动性风险 反映现金缺乏时 及时出售资产的困难 操作风 险是有关条件影响正常工作的情况 意外的事件 包括故障和缺陷 质量差 自然灾害 预期行为 破坏 心怀不满的雇员等 丧失竞争力 关键人员 与 法律环境下相关的 例如有缺陷合同及责任保险 一个企业要成功实施风险管理 需要高层管理人员参与 活动必须落实在 许多层面上 确保成功的要点是一个风险管理战略的确立 例如企业如何定义 和实施风险管理的原则 难道仅仅只需遵照监管要求 最低要求 或追求 成 为最好的 企业风险管理过程的建立 包括企业贯彻的正式流程和常规 建 立管理结构 包括角色和责任分配 这样 风险分析过程和组织融为一体 分 析和支持系统的实施 如风险工具分析 执行 记录系统各种类型的事件的发 生等 沟通 培训和发展风险管理文化 这样 组织的能力 理解和动机水平 得到增强 实施了上述风险管理的基础原则后 下一步是制定可用于实际决策 中的原则和方法 然而 这并不是那么简单 还有一系列的挑战 在这里我们 列举其中一些 为不同的风险选择建立一个丰富的风险信息平台 将其运用到 风险决策环境中 这意味着正确认识不确定因素的风险指数和风险评估 在风 险决策方面则意味着接受风险的定义和准则 成本效益分析和安全风险管理原 则 风险应该降低到实际合理的最低水平 定义和描述关于风险的概率和预期性价值是常见的现象 然而 这受到了 挑战 因为概率和预期值的不确定性是隐蔽的 概率的分配都是有条件的基于 数量的简单假设和推测 他们依据的是背景知识 不确定性往往是隐藏在这个 背景知识后面 注意限制性是由于给定的概率而产生的 这些因素的隐蔽性可 能产生令人惊讶的结果 直接考虑到了重要的不确定性因素容易被阻隔的可能 性 而潜在的惊喜可能会是你不曾考虑到的 让我们举一个例子 通过 20 世纪 70 年代风险分析师分析海上石油项目工 作的有关潜水员未来健康的问题来考虑风险 该分析师对潜水员在未来 30 年中 将经历的由于潜水活动而产生的健康问题 正确的定义 分配一个价值概率 让我们假设 1 的价值被分配 以当时的知识为基础是合适的 没有强烈的迹象 表明潜水员会遇到健康问题 但在今天我们知道这些概率导致了较少的预测 许多潜水员们已出现了严重的健康问题 Avon 和 Vine 2007 通过限制单独 作业风险的概率 不确定性和风险的重要方面被隐藏了 由于对深层次的现象 缺乏了解 单独作业的概率不能充分描述这种状态 一些危险的观点和定义已被提出并且已被证实符合这个现实 例如 Avon 2007a 2008a 把风险定义为事件 后果和相关不确定性的二维组合 将 发生的事件 后果将是什么 Avon 和 Renan 2008a 建议从一个密切相关的 角度将风险定义为有关不确定性活动及其产生的严重后果 其严重性是指强度 大小 扩展 范围和其他潜在的关于人类价值 生活 环境 金钱等 的大小 措施 损失和收益 例如以货币形式或死亡人数表述的 是界定后果的严重程 度的方法 另见 Avon 和 Christensen 2005 在具有较大不确定性的情况下 风险评估可以支持决策 但其他原则 措 施和手段也需要 如警示 预防原则 以及鲁棒性和弹性战略 决策依据的信 息是必要的 但应比单独通过概率分析所得到的更加细微化 这一点被许多研 究者所强调 如 Apostolicism 1990 和