2017版COSO新企业风险管理框架20原则

1、COSO新企业风险管理（ERM）框架（2017版）20原则Components and Principles：要素和原则：1. Exercises Board Risk Oversight一The board of directors provides oversight of the strategy and carries out governance responsibilities to support management in achieving strategy and business objectives1董事会执行风险监督-莆事会对战略进行监督，执行治理责任，支持管 理实现

2、战略和业务目标。2. Establishes Operating Structures一The organization establishes operating structures in the pursuit of strategy and business objectives2. 建立运营机构-组织在追求战略和业务口标方面建立运营机构。3. Defines Desired CultureThe organization defines the desired behaviors that characterize the entity * s desired culture3. 定

3、义崇尚的文化-组织定义期望的行为来描述所崇尚的文化。4. Demonstrates Commitment to Core ValuesThe organization demonstrates a commitment to the entityf s core values4. 展示对核心价值的承诺-组织表现出对核心价值观的承诺。5. Attracts, Develops, and Retains Capable Individuals一The organization is committed to building human capital in alignment with the

4、strategy and business objectives5. 吸引，发展和保留有能力的个体-组织致力于建立符合战略和业务目标 的人力资本。6. Analyzes Business Context一The organization considers potential effects of business context on risk profile6. 分析业务环境-组织考虑业务环境对风险状况的潜在影响。7. Defines Risk AppetiteThe organization defines risk appetite in the context of creating

5、, preserving, and realizing value7定义风险偏好-组织在创造，维护和实现价值的背景下定义风险偏好。8. Evaluates Alternative StrategiesThe organization evaluates alternative strategies and potential impact on risk profile8. 评估替代策略-组织评估替代策略，并对其潜在影响进行风险预测。9. Formulates Business Objectives一The organization considers risk while establish

6、ing the business objectives at various levels that align and support strategy.9. 制定业务LI标-组织在确定协调和支持战略的各个层次的业务LI标的同 时，应考虑风险。10.Identifies Risk一The organization identifies risk that impacts the performance of strategy and business objectives10. 识别风险-组织应确定影响战略和业务LI标绩效的风险。11. Assesses Severity of RiskTh

7、e organization assesses the severity of risk11. 评估风险的严重程度-组织评估风险的严重程度。12. Prioritizes RisksThe organization prioritizes risks as a basis for selecting responses to risks12. 风险排序-组织将风险优先排疗;，作为选择风险应对的基础。13 Implements Risk Responses一The organization identifies and selects risk responses13. 实施风险响应-组织识别并

8、选择风险响应措施。14. Develops Portfolio View一The organization develops and evaluates a portfolio view of risk14. 建立风险组合观-组织开发和评估风险组合观。15. Assesses Substantial Change一The organization identifies and assesses changes that may substantially affect strategy and business objectives15. 评估实质性变化-组织识别和评估可能严重影响战略和业务口

9、标的变 更。16 Reviews Risk and Performance一The organization reviews entity performance and considers risk16评估风险和绩效-组织评价绩效并考虑风险。17. Pursues Improvement in Enterprise Risk Management一The organization pursues improvement of enterprise risk management17. 企业风险管理持续改进-组织应追求企业风险管理的不断完善。18. Leverages Information

10、SystemsThe organization leverages the entityf s information and technology systems to support enterprise risk management18. 利用信息系统-组织利用信息技术系统来支持企业风险管理。19. Communicates Risk Information一The organization uses communication channels to support enterprise risk management19. 沟通风险信息-组织使用沟通渠道来支持企业风险管理。20. Reports on Risk, Cult