2017版COSO新企业风险管理(ERM)框架20原则

1、.COSO新企业风险管理（ERM）框架（2017版）20原则Components and Principles：要素和原则:1.Exercises Board Risk OversightThe board of directors provides oversight of the strategy and carries out governance responsibilities to support management in achieving strategy and business objectives.1.董事会执行风险监督 - 董事会对战略进行监督，执行治理责任，支持管理

2、实现战略和业务目标。2.Establishes Operating StructuresThe organization establishes operating structures in the pursuit of strategy and business objectives.2.建立运营机构 - 组织在追求战略和业务目标方面建立运营机构。3.Defines Desired CultureThe organization defines the desired behaviors that characterize the entitys desired culture.3.定义崇

3、尚的文化- 组织定义期望的行为来描述所崇尚的文化。4.Demonstrates Commitment to Core ValuesThe organization demonstrates a commitment to the entitys core values.4.展示对核心价值的承诺 - 组织表现出对核心价值观的承诺。5.Attracts, Develops, and Retains Capable IndividualsThe organization is committed to building human capital in alignment with the stra

4、tegy and business objectives.5.吸引，发展和保留有能力的个体 - 组织致力于建立符合战略和业务目标的人力资本。6.Analyzes Business ContextThe organization considers potential effects of business context on risk profile.6.分析业务环境 - 组织考虑业务环境对风险状况的潜在影响。7.Defines Risk AppetiteThe organization defines risk appetite in the context of creating, pr

5、eserving, and realizing value.7.定义风险偏好 - 组织在创造，维护和实现价值的背景下定义风险偏好。8.Evaluates Alternative StrategiesThe organization evaluates alternative strategies and potential impact on risk profile.8.评估替代策略 - 组织评估替代策略，并对其潜在影响进行风险预测。9.Formulates Business ObjectivesThe organization considers risk while establishi

6、ng the business objectives at various levels that align and support strategy.9.制定业务目标 - 组织在确定协调和支持战略的各个层次的业务目标的同时，应考虑风险。10.Identifies RiskThe organization identifies risk that impacts the performance of strategy and business objectives.10.识别风险 - 组织应确定影响战略和业务目标绩效的风险。11.Assesses Severity of RiskThe or

7、ganization assesses the severity of risk.11.评估风险的严重程度 - 组织评估风险的严重程度。12.Prioritizes RisksThe organization prioritizes risks as a basis for selecting responses to risks.12.风险排序 - 组织将风险优先排序，作为选择风险应对的基础。13.Implements Risk ResponsesThe organization identifies and selects risk responses.13.实施风险响应 - 组织识别并选

8、择风险响应措施。14.Develops Portfolio ViewThe organization develops and evaluates a portfolio view of risk.14.建立风险组合观- 组织开发和评估风险组合观。15.Assesses Substantial ChangeThe organization identifies and assesses changes that may substantially affect strategy and business objectives.15.评估实质性变化- 组织识别和评估可能严重影响战略和业务目标的变

9、更。16.Reviews Risk and PerformanceThe organization reviews entity performance and considers risk.16.评估风险和绩效- 组织评价绩效并考虑风险。17.Pursues Improvement in Enterprise Risk ManagementThe organization pursues improvement of enterprise risk management.17.企业风险管理持续改进 - 组织应追求企业风险管理的不断完善。18.Leverages Information Sys

10、temsThe organization leverages the entitys information and technology systems to support enterprise risk management.18.利用信息系统 - 组织利用信息技术系统来支持企业风险管理。19.Communicates Risk InformationThe organization uses communication channels to support enterprise risk management.19.沟通风险信息 - 组织使用沟通渠道来支持企业风险管理。20.Reports on Risk, Culture