外文翻譯范文

廣東工業(yè)大學(xué)

華立學(xué)院

本科畢業(yè)設(shè)計（論文）

外文參考文獻(xiàn)譯文及原文

系 部 會計學(xué)部

專 業(yè) 會計學(xué)

年 級 2008級

班級名稱

學(xué) 號

學(xué)生姓名

指導(dǎo)教師

2012 年 5 月

目 錄

1 外文文獻(xiàn)譯文 .......................................................... 1

2 外文文獻(xiàn)原文 .......................................................... 9

2 內(nèi)部環(huán)境

【本章摘要】內(nèi)部環(huán)境包含組織的基調(diào)，它影響組織中人員的風(fēng)險意識，是企業(yè)風(fēng)險管理所有其他構(gòu)成要素的基礎(chǔ)，為其他要素提供約束和結(jié)構(gòu)。內(nèi)部環(huán)境因素包括主體的風(fēng)險管理理念、它的風(fēng)險容量、董事會的監(jiān)督、主體中人員的誠信、道德價值觀和勝任能力，以及管理當(dāng)局分配權(quán)力和職責(zé)、組織和開發(fā)其員工的方式。

內(nèi)部環(huán)境是企業(yè)風(fēng)險管理所有其他構(gòu)成要素的基礎(chǔ)，為其他要素提供約束和結(jié)構(gòu)。它影響著戰(zhàn)略和目標(biāo)如何制訂、經(jīng)營活動如何組織以及如何識別、評估風(fēng)險并采取行動。它還影響著控制活動、信息與溝通體系和監(jiān)控措施的設(shè)計與運(yùn)行。

內(nèi)部環(huán)境受到主體的歷史和文化的影響。它包含許多要素，包括主體的道德價值觀、員工的勝任能力和開發(fā)、管理當(dāng)局管理風(fēng)險的理念以及如何分配權(quán)力和職責(zé)。董事會是內(nèi)部環(huán)境的一個關(guān)鍵部分，它對其他的內(nèi)部環(huán)境要素有重大的影響。

盡管所有要素都很重要，但是對每個要素的強(qiáng)調(diào)程度會因主體而異。舉例來說，一家員工較少、專注化經(jīng)營的公司的首席執(zhí)行官可能就不會制訂正式的職責(zé)劃分和具體的經(jīng)營政策。但是，這家公司也會有為企業(yè)風(fēng)險管理提供合適基礎(chǔ)的內(nèi)部環(huán)境。

風(fēng)險管理理念

一個主體的風(fēng)險管理理念是一整套共同的信念和態(tài)度，它決定著該主體在做任何事情——從戰(zhàn)略制訂和執(zhí)行到日常的活動——時如何考慮風(fēng)險。風(fēng)險管理理念反映了主體的價值觀，影響它的文化和經(jīng)營風(fēng)格，并且決定如何應(yīng)用企業(yè)風(fēng)險管理的構(gòu)成要素，包括如何識別風(fēng)險，承擔(dān)哪些風(fēng)險，以及如何管理這些風(fēng)險。

成功地承擔(dān)了重大風(fēng)險的公司對企業(yè)風(fēng)險管理的看法，似乎不同于由于在危險的地區(qū)創(chuàng)業(yè)而面臨過嚴(yán)酷的經(jīng)濟(jì)或管制后果的公司。盡管有些主體會為了滿足外部利益相關(guān)者——例如母公司或監(jiān)管者的需要，而努力實(shí)現(xiàn)有效的企業(yè)風(fēng)險管理，但是更常見的是因?yàn)楣芾懋?dāng)局認(rèn)識到有效的風(fēng)險管理有助于主體創(chuàng)造和保持價值。

當(dāng)風(fēng)險管理理念被很好地確立和理解、并且為員工所信奉時，主體就能有效地識別和管理風(fēng)險。否則，企業(yè)風(fēng)險管理在各個業(yè)務(wù)單元、職能機(jī)構(gòu)或部門中的應(yīng)用就可能會出現(xiàn)不可接受的不平衡狀態(tài)。但是即使一個主體的理念被很好地確

立，在它的各個單元之間仍然會存在文化上的差別，從而導(dǎo)致風(fēng)險管理應(yīng)用方面的差異。一些單元的管理者可能準(zhǔn)備承擔(dān)更大的風(fēng)險，而其他的則更為保守。例如，一個有闖勁的銷售職能機(jī)構(gòu)可能會集中關(guān)注實(shí)現(xiàn)銷售，而沒有仔細(xì)注意對法規(guī)的遵循問題，而締約單元的人員主要集中關(guān)注確保符合所有的相關(guān)內(nèi)部和外部政策與法規(guī)。孤立地看，這些不同的次級文化都能對主體產(chǎn)生負(fù)面影響。但是通過很好的合作，這些單元能夠恰當(dāng)?shù)胤从持黧w的風(fēng)險管理理念。

企業(yè)的風(fēng)險管理理念實(shí)質(zhì)上反映在管理當(dāng)局在經(jīng)營該主體的過程中所做的每一件事情上。它可以從政策表述、口頭和書面的溝通以及決策中反映出來。無論管理當(dāng)局是強(qiáng)調(diào)書面的政策、行為準(zhǔn)則、業(yè)績指標(biāo)和例外報告，還是更為非正式地大量通過與關(guān)鍵的管理者面對面的接觸來進(jìn)行運(yùn)營，至關(guān)重要的是管理當(dāng)局不僅要通過口頭、而且還要通過日常的行動來強(qiáng)化這種理念。

風(fēng)險容量

風(fēng)險容量是一個主體在追求價值的過程中所愿意承擔(dān)的廣泛意義上的風(fēng)險的數(shù)量。它反映了企業(yè)的風(fēng)險管理理念，進(jìn)而影響了主體的文化和經(jīng)營風(fēng)格。

風(fēng)險容量在戰(zhàn)略制訂的過程中加以考慮，來自一項(xiàng)戰(zhàn)略的期望報酬應(yīng)該與主體的風(fēng)險容量相協(xié)調(diào)。不同的戰(zhàn)略會使主體面臨不同程度的風(fēng)險，應(yīng)用于戰(zhàn)略制訂過程的企業(yè)風(fēng)險管理幫助管理當(dāng)局選擇一個與主體的風(fēng)險容量相一致的戰(zhàn)略。

主體運(yùn)用類似高、適中或低等類別，從質(zhì)的角度考慮風(fēng)險容量，或者運(yùn)用數(shù)量化的方法，來反映和平衡增長、報酬和風(fēng)險方面的目標(biāo)。

董事會

一個主體的董事會是內(nèi)部環(huán)境的關(guān)鍵部分，它對其要素有著重大影響。董事會對于管理當(dāng)局的獨(dú)立性、其成員的經(jīng)驗(yàn)和才干、對活動參與和審察的程度，以及其行為的適當(dāng)性都起著重要的作用。其他因素包括提出有關(guān)戰(zhàn)略、計劃和業(yè)績方面的疑難問題和與管理當(dāng)局進(jìn)行商討的程度，以及董事會或?qū)徲嬑瘑T會與內(nèi)部和外部審計師的交流。

一個積極的和高度參與型的董事會、托管委員會（board of trustees）或類似的機(jī)構(gòu)，應(yīng)該具有適當(dāng)程度的管理、技術(shù)和其他專長，以及履行監(jiān)督職責(zé)所需要

的思維方式。這對于一個有效的企業(yè)風(fēng)險管理環(huán)境至關(guān)重要。而且，由于董事會必須準(zhǔn)備去質(zhì)疑和仔細(xì)審查管理當(dāng)局的活動，提出不同的觀點(diǎn)，并針對不當(dāng)行為采取行動，因此董事會必須包含外部董事。

高層管理當(dāng)局的成員可能帶來他們對公司的深入了解，從而成為有效的董事會成員。但是必須有足夠數(shù)量的獨(dú)立外部董事，他們不但要提供合理的建議、咨詢和指導(dǎo)，而且還要對管理當(dāng)局形成必要的牽制和制衡。要想使內(nèi)部環(huán)境有效，董事會中的獨(dú)立外部董事必須至少占多數(shù)。

有效的董事會能確保管理當(dāng)局保持有效的風(fēng)險管理。盡管一家企業(yè)在過去可能沒有遭受損失、沒有暴露出明顯的重大風(fēng)險，董事會也不能天真地認(rèn)定帶有嚴(yán)重負(fù)面后果的事項(xiàng)“在這里不會發(fā)生”。應(yīng)該認(rèn)識到，盡管一家公司可能有合理的戰(zhàn)略、勝任的員工、合理的經(jīng)營流程和可靠的技術(shù)，但是它和所有的主體一樣，對于風(fēng)險而言都很脆弱，因此也需要有效運(yùn)行的風(fēng)險管理。

誠信與道德價值觀

主體的戰(zhàn)略和目標(biāo)以及它們得以推行的方式建立在偏好、價值判斷和管理風(fēng)格的基礎(chǔ)之上。管理當(dāng)局的誠信和對道德價值觀的要求影響這些轉(zhuǎn)化為行為準(zhǔn)則的偏好和判斷。因?yàn)橐粋�主體的良好聲譽(yù)是如此有價值，所以行為的準(zhǔn)則應(yīng)該不僅僅只是遵循法律。經(jīng)營良好的企業(yè)的管理者越來越接受這樣的觀點(diǎn)，那就是道德是值得的，道德行為就是良好的經(jīng)營。

管理當(dāng)局的誠信是一個主體活動的所有方面的道德行為的先決條件。企業(yè)風(fēng)險管理的有效性不可能脫離那些創(chuàng)造、管理和監(jiān)督主體活動的人的誠信和道德價值觀。誠信和道德價值觀是一個主體內(nèi)部環(huán)境的關(guān)鍵要素，它影響著企業(yè)風(fēng)險管理其他構(gòu)成要素的設(shè)計、管理和監(jiān)控。

樹立道德價值觀通常很困難，因?yàn)樾枰�考慮多個方面的利益。管理當(dāng)局的價值觀必須平衡企業(yè)、員工、供應(yīng)商、客戶、競爭者和公眾的利益。平衡這些利益可能是復(fù)雜而令人沮喪的，因?yàn)槔�益通常是互相矛盾的。舉例來說，提供一種必需的產(chǎn)品（石油、木材或食品）可能會導(dǎo)致環(huán)境方面的關(guān)切。

道德行為和管理當(dāng)局的誠信是公司文化的副產(chǎn)品，公司文化包含道德和行為準(zhǔn)則以及它們的溝通和強(qiáng)化方式。正式的政策指明了董事會和管理當(dāng)局希望發(fā)生

的情況。公司文化決定著實(shí)際發(fā)生的情況，以及哪些規(guī)則被遵循、扭曲或忽視了。高層管理當(dāng)局——從CEO開始——在確定公司文化方面起著關(guān)鍵作用。作為主體中的居于支配地位的人員，CEO往往確定了道德基調(diào)。

特定的組織因素也會影響出現(xiàn)欺詐性和可疑的財務(wù)報告行為的可能性。這些因素可能還會影響道德行為。個人可能會因?yàn)橹黧w給了他們這么做的強(qiáng)烈動機(jī)或誘惑，而參與不誠實(shí)的、非法的或不道德的行為。過分地強(qiáng)調(diào)結(jié)果，尤其是短期結(jié)果，可能會造成一個不恰當(dāng)?shù)膬?nèi)部環(huán)境。僅僅關(guān)注短期結(jié)果即使在短期也可能有危害。專注于底線——不顧成本的銷售收入或利潤——通常會引發(fā)不希望看到的行動和反應(yīng)。例如，高壓銷售策略、談判的殘酷或者對回扣的暗示可能會引發(fā)具有即期（以及持久）影響的反應(yīng)。

參與欺詐性和可疑的財務(wù)報告行為以及其他形式的不道德行為的其他動機(jī)可能包括高度依賴于所報告的財務(wù)或非財務(wù)信息——尤其是短期結(jié)果——的報酬。

從消除或減少不恰當(dāng)?shù)膭訖C(jī)和誘惑到消除不良行為之間要走一段很長的路。就像所建議的那樣，它可以通過從事合理而又有利可圖的經(jīng)營活動來實(shí)現(xiàn)。例如，只要業(yè)績目標(biāo)切合實(shí)際，業(yè)績激勵——配以適當(dāng)?shù)目刂啤�—就能成為一個有用的管理技術(shù)。設(shè)定切合實(shí)際的目標(biāo)是一項(xiàng)正確的激勵措施，它能降低產(chǎn)生相反作用的壓力，以及欺詐性報告的動機(jī)。同樣地，一個控制良好的報告體系能夠起到防止錯報業(yè)績誘惑的作用。

可疑行為的另一個原因是忽視。道德價值觀不僅必須溝通，而且必須輔以關(guān)于是非對錯的明確指南。正式的公司行為守則對有效的道德項(xiàng)目十分重要，是它的基礎(chǔ)。守則致力于一系列的行為問題，例如誠信與道德、利益沖突、不合法或不恰當(dāng)?shù)闹Ц兑约胺锤偁幍模╝nticompetitive）協(xié)議等。向上溝通的渠道也很重要，它帶來相關(guān)信息并使員工感到舒服。

僅僅有書面的行為守則、員工接受和理解的文件和適當(dāng)?shù)臏贤ㄇ�道，還不能確保守則被遵守。對違反守則的員工所給予的處罰，鼓勵員工報告所懷疑的違反行為的機(jī)制，以及針對知情而不報告違反行為的員工的懲戒措施，對于遵守守則而言也很重要。但是如果不能通過高層管理當(dāng)局的行為和他們所作的表率提供更有效的保證的話，無論道德準(zhǔn)則是否包含在書面的守則之中，對道德準(zhǔn)則的遵守

都沒有什么區(qū)別。對于是非對錯——以及對于風(fēng)險與控制，員工可能會形成與高層管理當(dāng)局所表現(xiàn)出來的一樣的態(tài)度。管理當(dāng)局的行為所傳達(dá)的信息很快就會被包含到公司文化之中。而且，有關(guān)CEO在面臨一個艱難的經(jīng)營決策時從道德的角度講“做了正確的事情”的認(rèn)識，能夠在整個主體中傳達(dá)一個強(qiáng)有力的信息。 對勝任能力的要求

勝任能力反映實(shí)現(xiàn)規(guī)定的任務(wù)所需要的知識和技能。管理當(dāng)局通過在主體的戰(zhàn)略和目標(biāo)與它們的執(zhí)行和實(shí)現(xiàn)計劃之間進(jìn)行權(quán)衡，來決定這些任務(wù)應(yīng)該完成到什么程度。通常會存在能力與成本之間的權(quán)衡，比如說，沒有必要去雇用一個電氣工程師來更換燈泡。

管理當(dāng)局明確特定崗位的勝任能力水平，并把這些水平轉(zhuǎn)換成所需的知識和技能。而這些必要的知識和技能可能又取決于個人的智力、培訓(xùn)和經(jīng)驗(yàn)。在開發(fā)知識和技能水平的過程中所考慮的因素包括一個具體崗位所運(yùn)用判斷的性質(zhì)和程度。通常會在監(jiān)督的范圍和所需的勝任能力水平之間作出權(quán)衡。

組織結(jié)構(gòu)

一個主體的組織結(jié)構(gòu)提供了計劃、執(zhí)行、控制和監(jiān)督其活動的框架。相關(guān)的組織結(jié)構(gòu)包括確定權(quán)力與責(zé)任的關(guān)鍵界區(qū)，以及確立恰當(dāng)?shù)膱蟾嫱緩�。舉例來說，內(nèi)部審計職能機(jī)構(gòu)的結(jié)構(gòu)設(shè)計應(yīng)該致力于實(shí)現(xiàn)組織的目標(biāo)，并且允許不受限制地與高層管理當(dāng)局和董事會的審計委員會接觸，而且首席審計官應(yīng)當(dāng)向組織中能保證內(nèi)部審計活動實(shí)現(xiàn)其職責(zé)的層級報告工作。

主體建立適合其需要的組織結(jié)構(gòu)。有的是集權(quán)型的，有的是分權(quán)型的。有的有著直接報告關(guān)系，而其他的則更接近于矩陣型組織。一些主體按照行業(yè)或產(chǎn)品線、按照地理位置或者按照特定的配送或營銷網(wǎng)絡(luò)來進(jìn)行組織。而其他的主體，包括很多州和地方政府單位以及非營利機(jī)構(gòu)，則按照職能進(jìn)行組織。

一個主體的組織結(jié)構(gòu)的適當(dāng)性部分地取決于它的規(guī)模和所從事活動的性質(zhì)。有著正式的報告途徑和職責(zé)的高度結(jié)構(gòu)化的組織，可能適合于擁有很多經(jīng)營分部、包括外國業(yè)務(wù)的大型主體。然而，在一家小公司中，這種結(jié)構(gòu)可能會阻礙必要的信息流動。不管采取什么樣的結(jié)構(gòu)，主體的組織方式都應(yīng)該確保有效的企業(yè)

風(fēng)險管理，并采取行動以便實(shí)現(xiàn)其目標(biāo)。

權(quán)力和職責(zé)的分配

權(quán)力和職責(zé)的分配涉及到個人和團(tuán)隊被授權(quán)并鼓勵發(fā)揮主動性去指出問題和解決問題的程度，以及對他們的權(quán)力的限制。它包括確立報告關(guān)系和授權(quán)規(guī)程，以及描述恰當(dāng)經(jīng)營活動的政策，關(guān)鍵人員的知識和經(jīng)驗(yàn)，和為履行職責(zé)而賦予的資源。

一些主體將權(quán)力下放，以便使決策更接近于一線的人員。公司可以采取這種方式而變得更具市場驅(qū)動的特點(diǎn)，或者更關(guān)注質(zhì)量——或許是消除缺陷、縮短周轉(zhuǎn)時間或者提高客戶滿意度。通常通過將權(quán)力與受托責(zé)任（accountability）相結(jié)合來鼓勵個人在限定的范圍內(nèi)發(fā)揮主動性。權(quán)力的委派意味著將特定經(jīng)營決策的核心控制權(quán)交給較低的層級——給那些更靠近日常經(jīng)營業(yè)務(wù)的人員。這可能包括授權(quán)以折扣價格銷售產(chǎn)品，商談長期供貨合同、許可或?qū)＠�，或者參加�?lián)盟或合營企業(yè)。

一個關(guān)鍵的挑戰(zhàn)是僅僅針對實(shí)現(xiàn)目標(biāo)所需要的范圍來進(jìn)行授權(quán)。這意味著確保決策是基于合理的風(fēng)險識別和評估活動，包括在確定接受何種風(fēng)險以及如何對它們加以管理的過程中，估計風(fēng)險的大小和權(quán)衡潛在的損失與收益。

另一個挑戰(zhàn)是確保所有的人員都了解主體的目標(biāo)。每個人都知道他們的行為彼此之間有什么關(guān)聯(lián)和對實(shí)現(xiàn)目標(biāo)有什么作用，是至關(guān)重要的。

增加授權(quán)有時候有意伴隨著組織結(jié)構(gòu)的簡化或“扁平化”，或者是其結(jié)果。為激發(fā)創(chuàng)造性、發(fā)揮主動性和加快反應(yīng)速度而開展的有意識的組織變革，能夠提高競爭力和客戶滿意度。這種增加授權(quán)可能會帶來對更高的員工勝任能力水平以及更大的受托責(zé)任的隱含要求。它還要求管理當(dāng)局采用有效的程序?qū)�結(jié)果進(jìn)行監(jiān)控，從而使決策能夠根據(jù)需要被否決或接受。有了更好的、市場驅(qū)動的決策，授權(quán)能夠增加非期望或非預(yù)期決策的數(shù)量。例如，如果一個區(qū)域銷售經(jīng)理決定授權(quán)在零售價的基礎(chǔ)上折讓35%來進(jìn)行銷售，以證實(shí)目前45%的折扣能夠獲取市場份額，管理當(dāng)局可能需要了解情況才能否決或者接受讓這種決策進(jìn)行下去。

內(nèi)部環(huán)境極大地受到個人對他們將要承擔(dān)責(zé)任的認(rèn)識程度的影響。對于首席執(zhí)行官而言，也是如此，他在董事會的監(jiān)督下對主體內(nèi)部的所有活動負(fù)有終極責(zé)

任。

與有效的企業(yè)風(fēng)險管理密不可分的各個方面的職能與責(zé)任的其他相關(guān)原則，將在“職能與責(zé)任”那一章中展開講述。

人力資源準(zhǔn)則

包括雇用、定位、培訓(xùn)、評價、咨詢、晉升、付酬和采取補(bǔ)償措施在內(nèi)的人力資源業(yè)務(wù)向員工傳達(dá)著有關(guān)誠信、道德行為和勝任能力的期望水平方面的信息。例如，強(qiáng)調(diào)教育背景、前期工作經(jīng)驗(yàn)、過去的成就和有關(guān)誠信和道德行為的證據(jù)，以便雇用資質(zhì)最好的個人的準(zhǔn)則，表明了一個主體對勝任和可信任人員的承諾。當(dāng)招錄活動中包括正式的、深入的招聘面試和有關(guān)該主體的歷史、文化和經(jīng)營風(fēng)格方面的培訓(xùn)時，也是如此。

培訓(xùn)政策能夠通過對未來職能與責(zé)任的溝通，以及包含諸如培訓(xùn)學(xué)校和研習(xí)班、模擬案例研究和扮演角色練習(xí)等活動，來加強(qiáng)業(yè)績和行為的期望水平。根據(jù)定期業(yè)績評價所進(jìn)行的調(diào)換與晉升，反映了主體對于提升合格員工的承諾。包括分紅激勵在內(nèi)的競爭性的報酬計劃能夠起到鼓勵和強(qiáng)化突出業(yè)績的作用——盡管獎金制度應(yīng)該嚴(yán)密并且有效地控制，以避免對報告結(jié)果的不實(shí)呈報產(chǎn)生不當(dāng)?shù)恼T惑。懲戒行動所傳遞的信息則是對期望行為的偏離將不會得到寬宥。

隨著貫穿于主體之中的問題和風(fēng)險的變化和愈加復(fù)雜——部分原因在于急劇變革的技術(shù)和日益激烈的競爭，很有必要把員工武裝起來以應(yīng)對新的挑戰(zhàn)。教育和培訓(xùn)，不管是課堂講授、自學(xué)還是在職培訓(xùn)，都必須有助于個人跟上環(huán)境變革的步伐并能有效地應(yīng)對。雇用勝任的人員和提供一次性培訓(xùn)是不夠的。教育過程是持續(xù)的。

影響

一個主體內(nèi)部環(huán)境的重要性和它對企業(yè)風(fēng)險管理的其他構(gòu)成要素所能產(chǎn)生的正面或負(fù)面影響，怎么強(qiáng)調(diào)都不過分。一個無效的內(nèi)部環(huán)境的影響會很廣泛，可能會導(dǎo)致財務(wù)損失、損害公眾形象，或經(jīng)營失敗。

一般認(rèn)為某能源公司有著有效的企業(yè)風(fēng)險管理，因?yàn)樗�有�?qiáng)有力而受人尊敬的高層管理者、聲望卓著的董事會、富有創(chuàng)新意識的戰(zhàn)略、設(shè)計良好的信息系統(tǒng)

和控制活動、描述風(fēng)險和控制職能的廣泛的政策手冊，以及全面的調(diào)整和監(jiān)督途徑。但是，它的內(nèi)部環(huán)境卻有重大缺陷。管理當(dāng)局參與了十分可疑的經(jīng)營業(yè)務(wù)，而董事會卻視而不見。這家公司被發(fā)現(xiàn)曾經(jīng)誤報財務(wù)成果，損害了股東信心，遭遇了償債危機(jī)，毀滅了主體的價值。最終這家公司陷入了歷史上最大的破產(chǎn)案之一。

高層管理當(dāng)局對有效企業(yè)風(fēng)險管理的態(tài)度和關(guān)注必須明確而清晰，并滲透到組織之中。光說得正確是不夠的。那種“按我說的去做，而不是按我做的去做”的態(tài)度，只會帶來一個無效的環(huán)境。

2. INTERNAL ENVIRONMENT

Chapter Summary: The internal

environment encompasses the tone of an

organization, influencing the risk consciousness

of its people, and is the basis for all other

components of enterprise risk management,

providing discipline and structure. Internal

environment factors include an entity’s risk

management philosophy; its risk appetite;

oversight by the board of directors; the integrity,

ethical values, and competence of the entity’s people; and the way management assigns authority and responsibility, and organizes and develops its people.

The internal environment is the basis for all other components of enterprise risk management, providing discipline and structure. It influences how strategies and objectives are established, business activities are structured, and risks are identified, assessed, and acted upon. And it influences the design and functioning of control activities, information and communication systems, and monitoring activities.

The internal environment is influenced by an entity’s history and culture. It comprises many elements, including the entity’s ethical values, competence and development of personnel, management’s philosophy for managing risk, and how it assigns authority and responsibility. A board of directors is a critical part of the internal environment and significantly influences other internal environment elements.

Although all elements are important, the extent to which each is addressed will vary with the entity. For example, the chief executive of a company with a small workforce and centralized operations might not establish formal lines of responsibility and detailed operating policies. Nevertheless, the company could have an internal

environment that provides an appropriate foundation for enterprise risk management.

Risk Management Philosophy

An entity’s risk management philosophy is the set of shared beliefs and attitudes characterizing how the entity considers risk in everything it does, from strategy development and implementation to its day-to-day activities. Its risk management philosophy reflects the entity’s values, influencing its culture and operating style, and affects how enterprise risk management components are applied, including how risks are identified, the kinds of risks accepted, and how they are managed.

A company that has been successful accepting significant risks is likely to have a different outlook on enterprise risk management than one that has faced harsh economic or regulatory consequences as a result of venturing into dangerous territory. While some entities may work to achieve effective enterprise risk management to satisfy requirements of an external stakeholder, such as a parent company or regulator, more often it is because management recognizes that effective risk management helps the entity create and preserve value.

When the risk management philosophy is well developed, understood, and embraced by its personnel, the entity is positioned to effectively recognize and manage risk. Otherwise, there can be unacceptably uneven application of enterprise risk management across business units, functions, or departments. But even when an entity’s philosophy is well developed, there nonetheless may be cultural differences among its units, resulting in variation in enterprise risk management application. Managers of some units may be prepared to take more risk, while others are more conservative. For example, an aggressive selling function may focus its attention on making a sale, without careful attention to regulatory compliance matters, while the contracting unit’s personnel focus significant attention on ensuring compliance with all relevant internal and external policies and regulations. Separately, these different subcultures could adversely affect the entity. But by working well together the units can appropriately reflect the entity’s risk management philosophy.

The enterprise’s risk management philosophy is reflected in virtually everything management does in running the entity. It is captured in policy statements, oral and

written communications, and decision making. Whether management emphasizes written policies, standards of behavior, performance indicators, and exception reports, or operates more informally largely through face-to-face contact with key managers, of critical importance is that management reinforces the philosophy not only with words but also with everyday actions.

Risk Appetite

Risk appetite is the amount of risk, on a broad level, an entity is willing to accept in pursuit of value. It reflects the enterprise’s risk management philosophy, and in turn influences the entity’s culture and operating style.

Risk appetite is considered in strategy setting, where the desired return from a strategy should be aligned with the entity’s risk appetite. Different strategies will expose the entity to different levels of risk, and enterprise risk management, applied in strategy setting, helps management select a strategy consistent with the entity’s risk appetite.

Entities consider risk appetite qualitatively, with such categories as high, moderate, or low, or take a quantitative approach, reflecting and balancing goals for growth and return with risk.

Board of Directors

An entity’s board of directors is a critical part of the internal environment and significantly influences its elements. The board’s independence from management, experience and stature of its members, extent of its involvement and scrutiny of activities, and appropriateness of its actions all play a role. Other factors include the degree to which difficult questions are raised and pursued with management regarding strategy, plans, and performance, and interaction the board or audit committee has with internal and external auditors.

An active and involved board of directors, board of trustees, or comparable body should possess an appropriate degree of management, technical, and other expertise,

coupled with the mind-set necessary to perform its oversight responsibilities. This is critical to an effective enterprise risk management environment. And, because the board must be prepared to question and scrutinize management’s activities, present alternative views, and act in the face of wrongdoing, the board must include outside directors.

Members of top management may be effective board members, bringing their deep knowledge of the company. But there must be a sufficient number of independent outside directors not only to provide sound advice, counsel, and direction, but also to serve as a necessary check and balance on management. For the internal environment to be effective, the board must have at least a majority of independent outside directors.

Effective boards of directors ensure that management maintains effective risk management. Although an enterprise historically might have not suffered losses and have no obvious significant risk exposure, the board does not succumb to the mythical notion that events with seriously adverse consequences “couldn’t happen here.” It recognizes that while a company may have a sound strategy, competent employees, sound business processes, and reliable technology, it, like every entity, is vulnerable to risk, and an effectively functioning risk management process is needed.

Integrity and Ethical Values

An entity’s strategy and objectives and the way they are implemented are based on preferences, value judgments, and management styles. Management’s integrity and commitment to ethical values influence these preferences and judgments, which are translated into standards of behavior. Because an entity’s good reputation is so valuable, the standards of behavior must go beyond mere compliance with law. Managers of well-run enterprises increasingly have accepted the view that ethics pays and ethical behavior is good business.

Management integrity is a prerequisite for ethical behavior in all aspects of an entity’s activities. The effectiveness of enterprise risk management cannot rise above

the integrity and ethical values of the people who create, administer, and monitor entity activities. Integrity and ethical values are essential elements of an entity’s internal environment, affecting the design, administration, and monitoring of other enterprise risk management components.

Establishing ethical values often is difficult because of the need to consider the concerns of several parties. Management values must balance the concerns of the enterprise, employees, suppliers, customers, competitors, and the public. Balancing these concerns can be complex and frustrating because interests are often at odds. For example, providing an essential product (petroleum, lumber, or food) may cause environmental concerns.

Ethical behavior and management integrity are by-products of the corporate culture, which encompasses ethical and behavioral standards and how they are communicated and reinforced. Official policies specify what the board and management want to happen. Corporate culture determines what actually happens, and which rules are obeyed, bent, or ignored. Top management – starting with the CEO – plays a key role in determining the corporate culture. As the dominant personality in an entity, the CEO often sets the ethical tone.

Certain organizational factors also can influence the likelihood of fraudulent and questionable financial reporting practices. Those same factors are likely to influence ethical behavior as well. Individuals may engage in dishonest, illegal, or unethical acts simply because the entity gives them strong incentives or temptations to do so. Undue emphasis on results, particularly in the short term, can foster an inappropriate internal environment. Focusing solely on short- term results can hurt even in the short term. Concentration on the bottom line – sales or profit at any cost – often evokes unsought actions and reactions. High-pressure sales tactics, ruthlessness in negotiations, or implicit offers of kickbacks, for instance, may evoke reactions that can have immediate (as well as lasting) effects.

Other incentives for engaging in fraudulent or questionable reporting practices and, by extension, other forms of unethical behavior may include rewards highly dependent on reported financial and non-financial information, particularly for

short-term results.

Removing or reducing inappropriate incentives and temptations goes a long way toward eliminating undesirable behavior. As suggested, this can be achieved by following sound and profitable business practices. For example, performance incentives – accompanied by appropriate controls – can be a useful management technique as long as the performance targets are realistic. Setting realistic targets is a sound motivational practice, reducing counterproductive stress as well as the incentive for fraudulent reporting. Similarly, a well- controlled reporting system can serve as a safeguard against temptation to misstate performance.

Another cause of questionable practices is ignorance. Ethical values must be not only communicated but also accompanied by explicit guidance regarding what is right and wrong.

Formal codes of corporate conduct are important to and the foundation of an effective ethics program. Codes address a variety of behavioral issues, such as integrity and ethics, conflicts of interest, illegal or otherwise improper payments, and anticompetitive arrangements. Upward communications channels where employees feel comfortable bringing relevant information also are important.

Existence of a written code of conduct, documentation that employees received and understand it, and an appropriate communications channel by themselves do not ensure the code is being followed. Also important to compliance are resulting penalties to employees who violate the code, mechanisms that encourage employee reporting of suspected violations, and disciplinary actions against employees who knowingly fail to report violations. But compliance with ethical standards, whether or not embodied in a written code, is equally if not more effectively ensured by top management’s actions and the examples they set. Employees are likely to develop the same attitudes about right and wrong – and about risks and controls – as those shown by top management. Messages sent by management’s actions quickly become embodied in the corporate culture. And, knowledge that the CEO has “done the right thing” ethically when faced with a tough business decision, sends a powerful message throughout the entity.

Commitment to Competence

Competence reflects the knowledge and skills needed to perform assigned tasks. Management decides how well these tasks need to be accomplished, weighing the entity’s strategy and objectives against plans for their implementation and achievement. A trade-off often exists between competence and cost – it is not necessary, for instance, to hire an electrical engineer to change a light bulb.

Management specifies the competency levels for particular jobs and translates those levels into requisite knowledge and skills. The necessary knowledge and skills in turn may depend on individuals’ intelligence, training, and experience. Factors considered in developing knowledge and skill levels include the nature and degree of judgment to be applied to a specific job. Often a trade-off can be made between the extent of supervision and the requisite competence level of the individual.

Organizational Structure

An entity’s organizational structure provides the framework to plan, execute, control, and monitor its activities. A relevant organizational structure includes defining key areas of authority and responsibility and establishing appropriate lines of reporting. For example, an internal audit function should be structured in a manner that achieves organizational objectivity and permits unrestricted access to top management and the audit committee of the board, and the chief audit executive should report to a level within the organization that allows the internal audit activity to fulfill its responsibilities.

An entity develops an organizational structure suited to its needs. Some are centralized, others decentralized. Some have direct reporting relationships, while others are more of a matrix organization. Some entities are organized by industry or product line, by geographical location or by a particular distribution or marketing network. Other entities, including many state and local governmental units and not-for-profit institutions, are organized by function.

The appropriateness of an entity’s organizational structure depends, in part, on its

size and the nature of its activities. A highly structured organization with formal reporting lines and responsibilities may be appropriate for a large entity that has numerous operating divisions, including foreign operations. However, such a structure could impede the necessary flow of information in a small company. Whatever the structure, an entity should be organized to enable effective enterprise risk management and to carry out its activities so as to achieve its objectives.

Assignment of Authority and Responsibility

Assignment of authority and responsibility involves the degree to which individuals and teams are authorized and encouraged to use initiative to address issues and solve problems, as well as limits to their authority. It includes establishing reporting relationships and authorization protocols, as well as policies that describe appropriate business practices, knowledge and experience of key personnel, and resources provided for carrying out duties.

Some entities have pushed authority downward to bring decision making closer to front-line personnel. A company may take this tack to become more market-driven or quality-focused – perhaps to eliminate defects, reduce cycle time, or increase customer satisfaction. Alignment of authority and accountability often is designed to encourage individual initiatives, within limits. Delegation of authority means surrendering central control of certain business decisions to lower echelons – to the individuals who are closest to everyday business transactions. This may involve empowerment to sell products at discount prices; negotiate long-term supply contracts, licenses, or patents; or enter alliances or joint ventures.

A critical challenge is to delegate only to the extent required to achieve objectives. This means ensuring that decision making is based on sound practices for risk identification and assessment, including sizing risks and weighing potential losses versus gains in determining which risks to accept and how they are to be managed.

Another challenge is ensuring that all personnel understand the entity’s objectives. It is essential that individuals know how their actions are related to one

another and contribute to achievement of the objectives.

Increased delegation sometimes is intentionally accompanied by or the result of streamlining or “flattening” the organizational structure. Purposeful structural change to encourage creativity, taking initiative, and faster response times can enhance competitiveness and cu外文翻譯范文stomer satisfaction. This increased delegation may carry an implicit requirement for a higher level of employee competence, as well as greater accountability. It also requires effective procedures for management to monitor results so that decisions can be overruled or accepted as necessary. Along with better, market-driven decisions, delegation may increase the number of undesirable or unanticipated decisions. For example, if a district sales manager decides that authorization to sell at 35% off list price justifies a temporary 45% discount to gain market share, management may need to know so that it can overrule or accept such decisions going forward.

The internal environment is greatly influenced by the extent to which individuals recognize that they will be held accountable. This holds true all the way to the chief executive, who, with board oversight, has ultimate responsibility for all activities within an entity.

Additional principles related to roles and responsibilities by parties integral to effective enterprise risk management are set forth in the Roles and Responsibilities chapter.

Human Resource Standards

Human resource practices pertaining to hiring, orientation, training, evaluating, counseling, promoting, compensating, and taking remedial actions send messages to employees regarding expected levels of integrity, ethical behavior, and competence. For example, standards for hiring the most qualified individuals, with emphasis on educational background, prior work experience, past accomplishments, and evidence of integrity and ethical behavior, demonstrate an entity’s commitment to competent and trustworthy people. The same is true when recruiting practices include formal,

in-depth employment interviews and training in the entity’s history, culture, and operating style.

Training policies can reinforce expected levels of performance and behavior by communicating prospective roles and responsibilities and by including such practices as training schools and seminars, simulated case studies, and role-playing exercises. Transfers and promotions driven by periodic performance appraisals demonstrate the entity’s commitment to advancement of qualified employees. Competitive compensation programs that include bonus incentives serve to motivate and reinforce outstanding performance – although reward systems should be structured, and controls in place, to avoid undue temptation to misrepresent reported results. Disciplinary actions send a message that violations of expected behavior will not be tolerated.

It is essential that employees be equipped to tackle new challenges as issues and risks throughout the entity change and become more complex – driven in part by rapidly changing technologies and increasing competition. Education and training, whether classroom instruction, self-study, or on-the-job training, must help personnel keep pace and deal effectively with the evolving environment. Hiring competent people and providing one-time training are not enough. The education process is ongoing.

Implications

It is difficult to overstate the importance of an entity’s internal environment and the impact – positive or negative – it can have on other enterprise risk management components. The impact of an ineffective internal environment can be far-reaching, possibly resulting in financial loss, a tarnished public image, or a business failure.

An energy company generally was thought to have effective enterprise risk management since it had high-powered and respected senior managers, a prestigious board of directors, an innovative strategy, well-designed information systems and control activities, extensive policy manuals prescribing risk and control functions, and

comprehensive reconciling and supervisory routines. Its internal environment, however, was significantly flawed.

Management participated in highly questionable business practices, and the board turned a “blind-eye.” The company was found to have misreported financial results and suffered a loss of shareholder confidence, a liquidity crisis, and destruction of entity value. Ultimately the company went into one of the largest bankruptcies in history.

The attitude and concern of top management for effective enterprise risk management must be definitive and clear, and permeate the organization. It is not sufficient to say the right words. An attitude of “do as I say, not as I do” will only bring about an ineffective environment.

19

20

21

22

23

24

25

26

27

28

【外文翻譯】相關(guān)文章：

內(nèi)部控制外文文獻(xiàn)翻譯04-30

中外文化差異及翻譯04-29

英漢商標(biāo)詞翻譯-中外文化差異的鏡子04-29

兩大權(quán)威外文翻譯資格考試證書面對面05-04

關(guān)于外文字母詞和原裝外文縮略語問題04-30

外文系怎么辦?04-26

外文信息資源開發(fā)與服務(wù)04-29

畢業(yè)論文外文文獻(xiàn)格式要求05-15

涉外文秘英語實(shí)訓(xùn)教學(xué)初探04-26

論網(wǎng)絡(luò)環(huán)境下外文期刊的開發(fā)與利用04-28