2017版COSO新企业风险管理(ERM)框架20原则

COSO新企业风险管理（ERM）框架（2017版）20原则ComponentsandPrinciples：要素和原则:1.ExercisesBoardRiskOversight—Theboardofdirectorsprovidesoversightofthestrategyandcarriesoutgovernanceresponsibilitiestosupportmanagementinachievingstrategyandbusinessobjectives.1.董事会执行风险监督-董事会对战略进行监督，执行治理责任，支持管理实现战略和业务目标。2.EstablishesOperatingStructures—Theorganizationestablishesoperatingstructuresinthepursuitofstrategyandbusinessobjectives.2.建立运营机构-组织在追求战略和业务目标方面建立运营机构。3.DefinesDesiredCulture—Theorganizationdefinesthedesiredbehaviorsthatcharacterizetheentity’sdesiredculture.3.定义崇尚的文化-组织定义期望的行为来描述所崇尚的文化。4.DemonstratesCommitmenttoCoreValues—Theorganizationdemonstratesacommitmenttotheentity’scorevalues.4.展示对核心价值的承诺-组织表现出对核心价值观的承诺。5.Attracts,Develops,andRetainsCapableIndividuals—Theorganizationiscommittedtobuildinghumancapitalinalignmentwiththestrategyandbusinessobjectives.5.吸引，发展和保留有能力的个体-组织致力于建立符合战略和业务目标的人力资本。6.AnalyzesBusinessContext—Theorganizationconsiderspotentialeffectsofbusinesscontextonriskprofile.6.分析业务环境-组织考虑业务环境对风险状况的潜在影响。7.DefinesRiskAppetite—Theorganizationdefinesriskappetiteinthecontextofcreating,preserving,andrealizingvalue.7.定义风险偏好-组织在创造，维护和实现价值的背景下定义风险偏好。8.EvaluatesAlternativeStrategies—Theorganizationevaluatesalternativestrategiesandpotentialimpactonriskprofile.8.评估替代策略-组织评估替代策略，并对其潜在影响进行风险预测。9.FormulatesBusinessObjectives—Theorganizationconsidersriskwhileestablishingthebusinessobjectivesatvariouslevelsthatalignandsupportstrategy.9.制定业务目标-组织在确定协调和支持战略的各个层次的业务目标的同时，应考虑风险。10.IdentifiesRisk—Theorganizationidentifiesriskthatimpactstheperformanceofstrategyandbusinessobjectives.10.识别风险-组织应确定影响战略和业务目标绩效的风险。11.AssessesSeverityofRisk—Theorganizationassessestheseverityofrisk.11.评估风险的严重程度-组织评估风险的严重程度。12.PrioritizesRisks—Theorganizationprioritizesrisksasabasisforselectingresponsestorisks.12.风险排序-组织将风险优先排序，作为选择风险应对的基础。13.ImplementsRiskResponses—Theorganizationidentifiesandselectsriskresponses.13.实施风险响应-组织识别并选择风险响应措施。14.DevelopsPortfolioView—Theorganizationdevelopsandevaluatesaportfolioviewofrisk.14.建立风险组合观-组织开发和评估风险组合观。15.AssessesSubstantialChange—Theorganizationidentifiesandassesseschangesthatmaysubstantiallyaffectstrategyandbusinessobjectives.15.评估实质性变化-组织识别和评估可能严重影响战略和业务目标的变更。16.ReviewsRiskandPerformance—Theorganizationreviewsentityperformanceandconsidersrisk.16.评估风险和绩效-组织评价绩效并考虑风险。17.PursuesImprovementinEnterpriseRiskManagement—Theorganizationpursuesimprovementofenterpriseriskmanagement.17.企业风险管理持续改进-组织应追求企业风险管理的不断完善。18.LeveragesInformationSystems—Theorganizationleveragestheentity’sinformationandtechnologysystemstosupportenterpriseriskmanagement.18.利用信息系统-组织利用信息技术系统来支持企业风险管理。19.CommunicatesRiskInformation—Theorganizationusescommunicationchannelstosupportenterpriseriskmanagement.19.沟通风险信息-组织使用沟通渠道来支持企业风险管理。20.ReportsonRisk,Culture,andPerformance—Theorganizationreportsonrisk,culture,andperformanceatmultiplelevelsandacrosstheentity.20.风险、文化和绩效报告-组织在内部各个层次进行风险、文化和绩效的报告。