COS(新企业风险管理(ERMI框架(2017版)20原则ComponentsandPrinciples:要素和原则:BoardRiskOversight—Theboardofdirectorsprovidesoversightofthestrategyandcarriesoutgovernanceresponsibilitiestosupportmanagementinachievingstrategyandbusinessobjectives.董事会执行风险监督-董事会对战略进行监督,执行治理责任,支持管理实现战略和业务目标。OperatingStructures—Theorganizationestablishesoperatingstructuresinthepursuitofstrategyandbusinessobjectives.建立运营机构-组织在追求战略和业务目标方面建立运营机构。DesiredCulture—Theorganizationdefinesthedesiredbehaviorsthatcharacterizetheentity'sdesiredculture.定义崇尚的文化-组织定义期望的行为来描述所崇尚的文化。CommitmenttoCoreValues—Theorganizationdemonstratesacommitmenttotheentity'scorevalues.展示对核心价值的
承诺
党员整改承诺书工程质量保证服务承诺书供货时间与服务承诺方案食品安全承诺书我公司的设计优势和服务承诺
-组织表现出对核心价值观的承诺。,Develops,andRetainsCapableIndividuals—Theorganizationiscommittedtobuildinghumancapitalinalignmentwiththestrategyandbusinessobjectives.吸引,发展和保留有能力的个体-组织致力于建立符合战略和业务目标的人力资本。BusinessContext—Theorganizationconsiderspotentialeffectsofbusinesscontextonriskprofile.分析业务环境-组织考虑业务环境对风险状况的潜在影响。RiskAppetite—Theorganizationdefinesriskappetiteinthecontextofcreating,preserving,andrealizingvalue.定义风险偏好-组织在创造,维护和实现价值的背景下定义风险偏好。AlternativeStrategies—Theorganizationevaluatesalternativestrategiesandpotentialimpactonriskprofile.评估替代策略-组织评估替代策略,并对其潜在影响进行风险预测BusinessObjectives—Theorganizationconsidersriskwhileestablishingthebusinessobjectivesatvariouslevelsthatalignandsupportstrategy.制定业务目标-组织在确定协调和支持战略的各个层次的业务目标的同时,应考虑风险。Risk—Theorganizationidentifiesriskthatimpactstheperformanceofstrategyandbusinessobjectives.识别风险-组织应确定影响战略和业务目标绩效的风险。SeverityofRisk—Theorganizationassessestheseverityofrisk.评估风险的严重程度-组织评估风险的严重程度。Risks—Theorganizationprioritizesrisksasabasisforselectingresponsestorisks.风险排序-组织将风险优先排序,作为选择风险应对的基础。RiskResponses—Theorganizationidentifiesandselectsriskresponses.实施风险响应-组织识别并选择风险响应措施。PortfolioView—Theorganizationdevelopsandevaluatesaportfolioviewofrisk.建立风险组合观-组织开发和评估风险组合观。SubstantialChange—Theorganizationidentifiesandassesseschangesthatmaysubstantiallyaffectstrategyandbusinessobjectives.评估实质性变化-组织识别和评估可能严重影响战略和业务目标的变更。RiskandPerformance—Theorganizationreviewsentityperformanceandconsidersrisk.评估风险和绩效-组织评价绩效并考虑风险。ImprovementinEnterpriseRiskManagement—Theorganizationpursuesimprovementofenterpriseriskmanagement.企业风险管理持续改进-组织应追求企业风险管理的不断完善InformationSystems—Theorganizationleveragestheentityinformationandtechnologysystemstosupportenterpriseriskmanagement.利用信息系统-组织利用信息技术系统来支持企业风险管理。RiskInformation—Theorganizationusescommunicationchannelstosupportenterpriseriskmanagement.沟通风险信息-组织使用沟通渠道来支持企业风险管理。onRisk,Culture,andPerformance—Theorganizationreportsonrisk,culture,andperformanceatmultiplelevelsandacrosstheentity.风险、文化和绩效报告-组织在内部各个层次进行风险、文化和绩效的报告。