外文翻譯范文

廣東工業(yè)大學

華立學院

本科畢業(yè)設計（論文）

外文參考文獻譯文及原文

系 部 會計學部

專 業(yè) 會計學

年 級 2008級

班級名稱

學 號

學生姓名

指導教師

2012 年 5 月

目 錄

1 外文文獻譯文 .......................................................... 1

2 外文文獻原文 .......................................................... 9

2 內部環(huán)境

【本章摘要】內部環(huán)境包含組織的基調，它影響組織中人員的風險意識，是企業(yè)風險管理所有其他構成要素的基礎，為其他要素提供約束和結構。內部環(huán)境因素包括主體的風險管理理念、它的風險容量、董事會的監(jiān)督、主體中人員的誠信、道德價值觀和勝任能力，以及管理當局分配權力和職責、組織和開發(fā)其員工的方式。

內部環(huán)境是企業(yè)風險管理所有其他構成要素的基礎，為其他要素提供約束和結構。它影響著戰(zhàn)略和目標如何制訂、經營活動如何組織以及如何識別、評估風險并采取行動。它還影響著控制活動、信息與溝通體系和監(jiān)控措施的設計與運行。

內部環(huán)境受到主體的歷史和文化的影響。它包含許多要素，包括主體的道德價值觀、員工的勝任能力和開發(fā)、管理當局管理風險的理念以及如何分配權力和職責。董事會是內部環(huán)境的一個關鍵部分，它對其他的內部環(huán)境要素有重大的影響。

盡管所有要素都很重要，但是對每個要素的強調程度會因主體而異。舉例來說，一家員工較少、專注化經營的公司的首席執(zhí)行官可能就不會制訂正式的職責劃分和具體的經營政策。但是，這家公司也會有為企業(yè)風險管理提供合適基礎的內部環(huán)境。

風險管理理念

一個主體的風險管理理念是一整套共同的信念和態(tài)度，它決定著該主體在做任何事情——從戰(zhàn)略制訂和執(zhí)行到日常的活動——時如何考慮風險。風險管理理念反映了主體的價值觀，影響它的文化和經營風格，并且決定如何應用企業(yè)風險管理的構成要素，包括如何識別風險，承擔哪些風險，以及如何管理這些風險。

成功地承擔了重大風險的公司對企業(yè)風險管理的看法，似乎不同于由于在危險的地區(qū)創(chuàng)業(yè)而面臨過嚴酷的經濟或管制后果的公司。盡管有些主體會為了滿足外部利益相關者——例如母公司或監(jiān)管者的需要，而努力實現有效的企業(yè)風險管理，但是更常見的是因為管理當局認識到有效的風險管理有助于主體創(chuàng)造和保持價值。

當風險管理理念被很好地確立和理解、并且為員工所信奉時，主體就能有效地識別和管理風險。否則，企業(yè)風險管理在各個業(yè)務單元、職能機構或部門中的應用就可能會出現不可接受的不平衡狀態(tài)。但是即使一個主體的理念被很好地確

立，在它的各個單元之間仍然會存在文化上的差別，從而導致風險管理應用方面的差異。一些單元的管理者可能準備承擔更大的風險，而其他的則更為保守。例如，一個有闖勁的銷售職能機構可能會集中關注實現銷售，而沒有仔細注意對法規(guī)的遵循問題，而締約單元的人員主要集中關注確保符合所有的相關內部和外部政策與法規(guī)。孤立地看，這些不同的次級文化都能對主體產生負面影響。但是通過很好的合作，這些單元能夠恰當地反映主體的風險管理理念。

企業(yè)的風險管理理念實質上反映在管理當局在經營該主體的過程中所做的每一件事情上。它可以從政策表述、口頭和書面的溝通以及決策中反映出來。無論管理當局是強調書面的政策、行為準則、業(yè)績指標和例外報告，還是更為非正式地大量通過與關鍵的管理者面對面的接觸來進行運營，至關重要的是管理當局不僅要通過口頭、而且還要通過日常的行動來強化這種理念。

風險容量

風險容量是一個主體在追求價值的過程中所愿意承擔的廣泛意義上的風險的數量。它反映了企業(yè)的風險管理理念，進而影響了主體的文化和經營風格。

風險容量在戰(zhàn)略制訂的過程中加以考慮，來自一項戰(zhàn)略的期望報酬應該與主體的風險容量相協(xié)調。不同的戰(zhàn)略會使主體面臨不同程度的風險，應用于戰(zhàn)略制訂過程的企業(yè)風險管理幫助管理當局選擇一個與主體的風險容量相一致的戰(zhàn)略。

主體運用類似高、適中或低等類別，從質的角度考慮風險容量，或者運用數量化的方法，來反映和平衡增長、報酬和風險方面的目標。

董事會

一個主體的董事會是內部環(huán)境的關鍵部分，它對其要素有著重大影響。董事會對于管理當局的獨立性、其成員的經驗和才干、對活動參與和審察的程度，以及其行為的適當性都起著重要的作用。其他因素包括提出有關戰(zhàn)略、計劃和業(yè)績方面的疑難問題和與管理當局進行商討的程度，以及董事會或審計委員會與內部和外部審計師的交流。

一個積極的和高度參與型的董事會、托管委員會（board of trustees）或類似的機構，應該具有適當程度的管理、技術和其他專長，以及履行監(jiān)督職責所需要

的思維方式。這對于一個有效的企業(yè)風險管理環(huán)境至關重要。而且，由于董事會必須準備去質疑和仔細審查管理當局的活動，提出不同的觀點，并針對不當行為采取行動，因此董事會必須包含外部董事。

高層管理當局的成員可能帶來他們對公司的深入了解，從而成為有效的董事會成員。但是必須有足夠數量的獨立外部董事，他們不但要提供合理的建議、咨詢和指導，而且還要對管理當局形成必要的牽制和制衡。要想使內部環(huán)境有效，董事會中的獨立外部董事必須至少占多數。

有效的董事會能確保管理當局保持有效的風險管理。盡管一家企業(yè)在過去可能沒有遭受損失、沒有暴露出明顯的重大風險，董事會也不能天真地認定帶有嚴重負面后果的事項“在這里不會發(fā)生”。應該認識到，盡管一家公司可能有合理的戰(zhàn)略、勝任的員工、合理的經營流程和可靠的技術，但是它和所有的主體一樣，對于風險而言都很脆弱，因此也需要有效運行的風險管理。

誠信與道德價值觀

主體的戰(zhàn)略和目標以及它們得以推行的方式建立在偏好、價值判斷和管理風格的基礎之上。管理當局的誠信和對道德價值觀的要求影響這些轉化為行為準則的偏好和判斷。因為一個主體的良好聲譽是如此有價值，所以行為的準則應該不僅僅只是遵循法律。經營良好的企業(yè)的管理者越來越接受這樣的觀點，那就是道德是值得的，道德行為就是良好的經營。

管理當局的誠信是一個主體活動的所有方面的道德行為的先決條件。企業(yè)風險管理的有效性不可能脫離那些創(chuàng)造、管理和監(jiān)督主體活動的人的誠信和道德價值觀。誠信和道德價值觀是一個主體內部環(huán)境的關鍵要素，它影響著企業(yè)風險管理其他構成要素的設計、管理和監(jiān)控。

樹立道德價值觀通常很困難，因為需要考慮多個方面的利益。管理當局的價值觀必須平衡企業(yè)、員工、供應商、客戶、競爭者和公眾的利益。平衡這些利益可能是復雜而令人沮喪的，因為利益通常是互相矛盾的。舉例來說，提供一種必需的產品（石油、木材或食品）可能會導致環(huán)境方面的關切。

道德行為和管理當局的誠信是公司文化的副產品，公司文化包含道德和行為準則以及它們的溝通和強化方式。正式的政策指明了董事會和管理當局希望發(fā)生

的情況。公司文化決定著實際發(fā)生的情況，以及哪些規(guī)則被遵循、扭曲或忽視了。高層管理當局——從CEO開始——在確定公司文化方面起著關鍵作用。作為主體中的居于支配地位的人員，CEO往往確定了道德基調。

特定的組織因素也會影響出現欺詐性和可疑的財務報告行為的可能性。這些因素可能還會影響道德行為。個人可能會因為主體給了他們這么做的強烈動機或誘惑，而參與不誠實的、非法的或不道德的行為。過分地強調結果，尤其是短期結果，可能會造成一個不恰當的內部環(huán)境。僅僅關注短期結果即使在短期也可能有危害。專注于底線——不顧成本的銷售收入或利潤——通常會引發(fā)不希望看到的行動和反應。例如，高壓銷售策略、談判的殘酷或者對回扣的暗示可能會引發(fā)具有即期（以及持久）影響的反應。

參與欺詐性和可疑的財務報告行為以及其他形式的不道德行為的其他動機可能包括高度依賴于所報告的財務或非財務信息——尤其是短期結果——的報酬。

從消除或減少不恰當的動機和誘惑到消除不良行為之間要走一段很長的路。就像所建議的那樣，它可以通過從事合理而又有利可圖的經營活動來實現。例如，只要業(yè)績目標切合實際，業(yè)績激勵——配以適當的控制——就能成為一個有用的管理技術。設定切合實際的目標是一項正確的激勵措施，它能降低產生相反作用的壓力，以及欺詐性報告的動機。同樣地，一個控制良好的報告體系能夠起到防止錯報業(yè)績誘惑的作用。

可疑行為的另一個原因是忽視。道德價值觀不僅必須溝通，而且必須輔以關于是非對錯的明確指南。正式的公司行為守則對有效的道德項目十分重要，是它的基礎。守則致力于一系列的行為問題，例如誠信與道德、利益沖突、不合法或不恰當的支付以及反競爭的（anticompetitive）協(xié)議等。向上溝通的渠道也很重要，它帶來相關信息并使員工感到舒服。

僅僅有書面的行為守則、員工接受和理解的文件和適當的溝通渠道，還不能確保守則被遵守。對違反守則的員工所給予的處罰，鼓勵員工報告所懷疑的違反行為的機制，以及針對知情而不報告違反行為的員工的懲戒措施，對于遵守守則而言也很重要。但是如果不能通過高層管理當局的行為和他們所作的表率提供更有效的保證的話，無論道德準則是否包含在書面的守則之中，對道德準則的遵守

都沒有什么區(qū)別。對于是非對錯——以及對于風險與控制，員工可能會形成與高層管理當局所表現出來的一樣的態(tài)度。管理當局的行為所傳達的信息很快就會被包含到公司文化之中。而且，有關CEO在面臨一個艱難的經營決策時從道德的角度講“做了正確的事情”的認識，能夠在整個主體中傳達一個強有力的信息。 對勝任能力的要求

勝任能力反映實現規(guī)定的任務所需要的知識和技能。管理當局通過在主體的戰(zhàn)略和目標與它們的執(zhí)行和實現計劃之間進行權衡，來決定這些任務應該完成到什么程度。通常會存在能力與成本之間的權衡，比如說，沒有必要去雇用一個電氣工程師來更換燈泡。

管理當局明確特定崗位的勝任能力水平，并把這些水平轉換成所需的知識和技能。而這些必要的知識和技能可能又取決于個人的智力、培訓和經驗。在開發(fā)知識和技能水平的過程中所考慮的因素包括一個具體崗位所運用判斷的性質和程度。通常會在監(jiān)督的范圍和所需的勝任能力水平之間作出權衡。

組織結構

一個主體的組織結構提供了計劃、執(zhí)行、控制和監(jiān)督其活動的框架。相關的組織結構包括確定權力與責任的關鍵界區(qū)，以及確立恰當的報告途徑。舉例來說，內部審計職能機構的結構設計應該致力于實現組織的目標，并且允許不受限制地與高層管理當局和董事會的審計委員會接觸，而且首席審計官應當向組織中能保證內部審計活動實現其職責的層級報告工作。

主體建立適合其需要的組織結構。有的是集權型的，有的是分權型的。有的有著直接報告關系，而其他的則更接近于矩陣型組織。一些主體按照行業(yè)或產品線、按照地理位置或者按照特定的配送或營銷網絡來進行組織。而其他的主體，包括很多州和地方政府單位以及非營利機構，則按照職能進行組織。

一個主體的組織結構的適當性部分地取決于它的規(guī)模和所從事活動的性質。有著正式的報告途徑和職責的高度結構化的組織，可能適合于擁有很多經營分部、包括外國業(yè)務的大型主體。然而，在一家小公司中，這種結構可能會阻礙必要的信息流動。不管采取什么樣的結構，主體的組織方式都應該確保有效的企業(yè)

風險管理，并采取行動以便實現其目標。

權力和職責的分配

權力和職責的分配涉及到個人和團隊被授權并鼓勵發(fā)揮主動性去指出問題和解決問題的程度，以及對他們的權力的限制。它包括確立報告關系和授權規(guī)程，以及描述恰當經營活動的政策，關鍵人員的知識和經驗，和為履行職責而賦予的資源。

一些主體將權力下放，以便使決策更接近于一線的人員。公司可以采取這種方式而變得更具市場驅動的特點，或者更關注質量——或許是消除缺陷、縮短周轉時間或者提高客戶滿意度。通常通過將權力與受托責任（accountability）相結合來鼓勵個人在限定的范圍內發(fā)揮主動性。權力的委派意味著將特定經營決策的核心控制權交給較低的層級——給那些更靠近日常經營業(yè)務的人員。這可能包括授權以折扣價格銷售產品，商談長期供貨合同、許可或專利，或者參加聯盟或合營企業(yè)。

一個關鍵的挑戰(zhàn)是僅僅針對實現目標所需要的范圍來進行授權。這意味著確保決策是基于合理的風險識別和評估活動，包括在確定接受何種風險以及如何對它們加以管理的過程中，估計風險的大小和權衡潛在的損失與收益。

另一個挑戰(zhàn)是確保所有的人員都了解主體的目標。每個人都知道他們的行為彼此之間有什么關聯和對實現目標有什么作用，是至關重要的。

增加授權有時候有意伴隨著組織結構的簡化或“扁平化”，或者是其結果。為激發(fā)創(chuàng)造性、發(fā)揮主動性和加快反應速度而開展的有意識的組織變革，能夠提高競爭力和客戶滿意度。這種增加授權可能會帶來對更高的員工勝任能力水平以及更大的受托責任的隱含要求。它還要求管理當局采用有效的程序對結果進行監(jiān)控，從而使決策能夠根據需要被否決或接受。有了更好的、市場驅動的決策，授權能夠增加非期望或非預期決策的數量。例如，如果一個區(qū)域銷售經理決定授權在零售價的基礎上折讓35%來進行銷售，以證實目前45%的折扣能夠獲取市場份額，管理當局可能需要了解情況才能否決或者接受讓這種決策進行下去。

內部環(huán)境極大地受到個人對他們將要承擔責任的認識程度的影響。對于首席執(zhí)行官而言，也是如此，他在董事會的監(jiān)督下對主體內部的所有活動負有終極責

任。

與有效的企業(yè)風險管理密不可分的各個方面的職能與責任的其他相關原則，將在“職能與責任”那一章中展開講述。

人力資源準則

包括雇用、定位、培訓、評價、咨詢、晉升、付酬和采取補償措施在內的人力資源業(yè)務向員工傳達著有關誠信、道德行為和勝任能力的期望水平方面的信息。例如，強調教育背景、前期工作經驗、過去的成就和有關誠信和道德行為的證據，以便雇用資質最好的個人的準則，表明了一個主體對勝任和可信任人員的承諾。當招錄活動中包括正式的、深入的招聘面試和有關該主體的歷史、文化和經營風格方面的培訓時，也是如此。

培訓政策能夠通過對未來職能與責任的溝通，以及包含諸如培訓學校和研習班、模擬案例研究和扮演角色練習等活動，來加強業(yè)績和行為的期望水平。根據定期業(yè)績評價所進行的調換與晉升，反映了主體對于提升合格員工的承諾。包括分紅激勵在內的競爭性的報酬計劃能夠起到鼓勵和強化突出業(yè)績的作用——盡管獎金制度應該嚴密并且有效地控制，以避免對報告結果的不實呈報產生不當的誘惑。懲戒行動所傳遞的信息則是對期望行為的偏離將不會得到寬宥。

隨著貫穿于主體之中的問題和風險的變化和愈加復雜——部分原因在于急劇變革的技術和日益激烈的競爭，很有必要把員工武裝起來以應對新的挑戰(zhàn)。教育和培訓，不管是課堂講授、自學還是在職培訓，都必須有助于個人跟上環(huán)境變革的步伐并能有效地應對。雇用勝任的人員和提供一次性培訓是不夠的。教育過程是持續(xù)的。

影響

一個主體內部環(huán)境的重要性和它對企業(yè)風險管理的其他構成要素所能產生的正面或負面影響，怎么強調都不過分。一個無效的內部環(huán)境的影響會很廣泛，可能會導致財務損失、損害公眾形象，或經營失敗。

一般認為某能源公司有著有效的企業(yè)風險管理，因為它有強有力而受人尊敬的高層管理者、聲望卓著的董事會、富有創(chuàng)新意識的戰(zhàn)略、設計良好的信息系統(tǒng)

和控制活動、描述風險和控制職能的廣泛的政策手冊，以及全面的調整和監(jiān)督途徑。但是，它的內部環(huán)境卻有重大缺陷。管理當局參與了十分可疑的經營業(yè)務，而董事會卻視而不見。這家公司被發(fā)現曾經誤報財務成果，損害了股東信心，遭遇了償債危機，毀滅了主體的價值。最終這家公司陷入了歷史上最大的破產案之一。

高層管理當局對有效企業(yè)風險管理的態(tài)度和關注必須明確而清晰，并滲透到組織之中。光說得正確是不夠的。那種“按我說的去做，而不是按我做的去做”的態(tài)度，只會帶來一個無效的環(huán)境。

2. INTERNAL ENVIRONMENT

Chapter Summary: The internal

environment encompasses the tone of an

organization, influencing the risk consciousness

of its people, and is the basis for all other

components of enterprise risk management,

providing discipline and structure. Internal

environment factors include an entity’s risk

management philosophy; its risk appetite;

oversight by the board of directors; the integrity,

ethical values, and competence of the entity’s people; and the way management assigns authority and responsibility, and organizes and develops its people.

The internal environment is the basis for all other components of enterprise risk management, providing discipline and structure. It influences how strategies and objectives are established, business activities are structured, and risks are identified, assessed, and acted upon. And it influences the design and functioning of control activities, information and communication systems, and monitoring activities.

The internal environment is influenced by an entity’s history and culture. It comprises many elements, including the entity’s ethical values, competence and development of personnel, management’s philosophy for managing risk, and how it assigns authority and responsibility. A board of directors is a critical part of the internal environment and significantly influences other internal environment elements.

Although all elements are important, the extent to which each is addressed will vary with the entity. For example, the chief executive of a company with a small workforce and centralized operations might not establish formal lines of responsibility and detailed operating policies. Nevertheless, the company could have an internal

environment that provides an appropriate foundation for enterprise risk management.

Risk Management Philosophy

An entity’s risk management philosophy is the set of shared beliefs and attitudes characterizing how the entity considers risk in everything it does, from strategy development and implementation to its day-to-day activities. Its risk management philosophy reflects the entity’s values, influencing its culture and operating style, and affects how enterprise risk management components are applied, including how risks are identified, the kinds of risks accepted, and how they are managed.

A company that has been successful accepting significant risks is likely to have a different outlook on enterprise risk management than one that has faced harsh economic or regulatory consequences as a result of venturing into dangerous territory. While some entities may work to achieve effective enterprise risk management to satisfy requirements of an external stakeholder, such as a parent company or regulator, more often it is because management recognizes that effective risk management helps the entity create and preserve value.

When the risk management philosophy is well developed, understood, and embraced by its personnel, the entity is positioned to effectively recognize and manage risk. Otherwise, there can be unacceptably uneven application of enterprise risk management across business units, functions, or departments. But even when an entity’s philosophy is well developed, there nonetheless may be cultural differences among its units, resulting in variation in enterprise risk management application. Managers of some units may be prepared to take more risk, while others are more conservative. For example, an aggressive selling function may focus its attention on making a sale, without careful attention to regulatory compliance matters, while the contracting unit’s personnel focus significant attention on ensuring compliance with all relevant internal and external policies and regulations. Separately, these different subcultures could adversely affect the entity. But by working well together the units can appropriately reflect the entity’s risk management philosophy.

The enterprise’s risk management philosophy is reflected in virtually everything management does in running the entity. It is captured in policy statements, oral and

written communications, and decision making. Whether management emphasizes written policies, standards of behavior, performance indicators, and exception reports, or operates more informally largely through face-to-face contact with key managers, of critical importance is that management reinforces the philosophy not only with words but also with everyday actions.

Risk Appetite

Risk appetite is the amount of risk, on a broad level, an entity is willing to accept in pursuit of value. It reflects the enterprise’s risk management philosophy, and in turn influences the entity’s culture and operating style.

Risk appetite is considered in strategy setting, where the desired return from a strategy should be aligned with the entity’s risk appetite. Different strategies will expose the entity to different levels of risk, and enterprise risk management, applied in strategy setting, helps management select a strategy consistent with the entity’s risk appetite.

Entities consider risk appetite qualitatively, with such categories as high, moderate, or low, or take a quantitative approach, reflecting and balancing goals for growth and return with risk.

Board of Directors

An entity’s board of directors is a critical part of the internal environment and significantly influences its elements. The board’s independence from management, experience and stature of its members, extent of its involvement and scrutiny of activities, and appropriateness of its actions all play a role. Other factors include the degree to which difficult questions are raised and pursued with management regarding strategy, plans, and performance, and interaction the board or audit committee has with internal and external auditors.

An active and involved board of directors, board of trustees, or comparable body should possess an appropriate degree of management, technical, and other expertise,

coupled with the mind-set necessary to perform its oversight responsibilities. This is critical to an effective enterprise risk management environment. And, because the board must be prepared to question and scrutinize management’s activities, present alternative views, and act in the face of wrongdoing, the board must include outside directors.

Members of top management may be effective board members, bringing their deep knowledge of the company. But there must be a sufficient number of independent outside directors not only to provide sound advice, counsel, and direction, but also to serve as a necessary check and balance on management. For the internal environment to be effective, the board must have at least a majority of independent outside directors.

Effective boards of directors ensure that management maintains effective risk management. Although an enterprise historically might have not suffered losses and have no obvious significant risk exposure, the board does not succumb to the mythical notion that events with seriously adverse consequences “couldn’t happen here.” It recognizes that while a company may have a sound strategy, competent employees, sound business processes, and reliable technology, it, like every entity, is vulnerable to risk, and an effectively functioning risk management process is needed.

Integrity and Ethical Values

An entity’s strategy and objectives and the way they are implemented are based on preferences, value judgments, and management styles. Management’s integrity and commitment to ethical values influence these preferences and judgments, which are translated into standards of behavior. Because an entity’s good reputation is so valuable, the standards of behavior must go beyond mere compliance with law. Managers of well-run enterprises increasingly have accepted the view that ethics pays and ethical behavior is good business.

Management integrity is a prerequisite for ethical behavior in all aspects of an entity’s activities. The effectiveness of enterprise risk management cannot rise above

the integrity and ethical values of the people who create, administer, and monitor entity activities. Integrity and ethical values are essential elements of an entity’s internal environment, affecting the design, administration, and monitoring of other enterprise risk management components.

Establishing ethical values often is difficult because of the need to consider the concerns of several parties. Management values must balance the concerns of the enterprise, employees, suppliers, customers, competitors, and the public. Balancing these concerns can be complex and frustrating because interests are often at odds. For example, providing an essential product (petroleum, lumber, or food) may cause environmental concerns.

Ethical behavior and management integrity are by-products of the corporate culture, which encompasses ethical and behavioral standards and how they are communicated and reinforced. Official policies specify what the board and management want to happen. Corporate culture determines what actually happens, and which rules are obeyed, bent, or ignored. Top management – starting with the CEO – plays a key role in determining the corporate culture. As the dominant personality in an entity, the CEO often sets the ethical tone.

Certain organizational factors also can influence the likelihood of fraudulent and questionable financial reporting practices. Those same factors are likely to influence ethical behavior as well. Individuals may engage in dishonest, illegal, or unethical acts simply because the entity gives them strong incentives or temptations to do so. Undue emphasis on results, particularly in the short term, can foster an inappropriate internal environment. Focusing solely on short- term results can hurt even in the short term. Concentration on the bottom line – sales or profit at any cost – often evokes unsought actions and reactions. High-pressure sales tactics, ruthlessness in negotiations, or implicit offers of kickbacks, for instance, may evoke reactions that can have immediate (as well as lasting) effects.

Other incentives for engaging in fraudulent or questionable reporting practices and, by extension, other forms of unethical behavior may include rewards highly dependent on reported financial and non-financial information, particularly for

short-term results.

Removing or reducing inappropriate incentives and temptations goes a long way toward eliminating undesirable behavior. As suggested, this can be achieved by following sound and profitable business practices. For example, performance incentives – accompanied by appropriate controls – can be a useful management technique as long as the performance targets are realistic. Setting realistic targets is a sound motivational practice, reducing counterproductive stress as well as the incentive for fraudulent reporting. Similarly, a well- controlled reporting system can serve as a safeguard against temptation to misstate performance.

Another cause of questionable practices is ignorance. Ethical values must be not only communicated but also accompanied by explicit guidance regarding what is right and wrong.

Formal codes of corporate conduct are important to and the foundation of an effective ethics program. Codes address a variety of behavioral issues, such as integrity and ethics, conflicts of interest, illegal or otherwise improper payments, and anticompetitive arrangements. Upward communications channels where employees feel comfortable bringing relevant information also are important.

Existence of a written code of conduct, documentation that employees received and understand it, and an appropriate communications channel by themselves do not ensure the code is being followed. Also important to compliance are resulting penalties to employees who violate the code, mechanisms that encourage employee reporting of suspected violations, and disciplinary actions against employees who knowingly fail to report violations. But compliance with ethical standards, whether or not embodied in a written code, is equally if not more effectively ensured by top management’s actions and the examples they set. Employees are likely to develop the same attitudes about right and wrong – and about risks and controls – as those shown by top management. Messages sent by management’s actions quickly become embodied in the corporate culture. And, knowledge that the CEO has “done the right thing” ethically when faced with a tough business decision, sends a powerful message throughout the entity.

Commitment to Competence

Competence reflects the knowledge and skills needed to perform assigned tasks. Management decides how well these tasks need to be accomplished, weighing the entity’s strategy and objectives against plans for their implementation and achievement. A trade-off often exists between competence and cost – it is not necessary, for instance, to hire an electrical engineer to change a light bulb.

Management specifies the competency levels for particular jobs and translates those levels into requisite knowledge and skills. The necessary knowledge and skills in turn may depend on individuals’ intelligence, training, and experience. Factors considered in developing knowledge and skill levels include the nature and degree of judgment to be applied to a specific job. Often a trade-off can be made between the extent of supervision and the requisite competence level of the individual.

Organizational Structure

An entity’s organizational structure provides the framework to plan, execute, control, and monitor its activities. A relevant organizational structure includes defining key areas of authority and responsibility and establishing appropriate lines of reporting. For example, an internal audit function should be structured in a manner that achieves organizational objectivity and permits unrestricted access to top management and the audit committee of the board, and the chief audit executive should report to a level within the organization that allows the internal audit activity to fulfill its responsibilities.

An entity develops an organizational structure suited to its needs. Some are centralized, others decentralized. Some have direct reporting relationships, while others are more of a matrix organization. Some entities are organized by industry or product line, by geographical location or by a particular distribution or marketing network. Other entities, including many state and local governmental units and not-for-profit institutions, are organized by function.

The appropriateness of an entity’s organizational structure depends, in part, on its

size and the nature of its activities. A highly structured organization with formal reporting lines and responsibilities may be appropriate for a large entity that has numerous operating divisions, including foreign operations. However, such a structure could impede the necessary flow of information in a small company. Whatever the structure, an entity should be organized to enable effective enterprise risk management and to carry out its activities so as to achieve its objectives.

Assignment of Authority and Responsibility

Assignment of authority and responsibility involves the degree to which individuals and teams are authorized and encouraged to use initiative to address issues and solve problems, as well as limits to their authority. It includes establishing reporting relationships and authorization protocols, as well as policies that describe appropriate business practices, knowledge and experience of key personnel, and resources provided for carrying out duties.

Some entities have pushed authority downward to bring decision making closer to front-line personnel. A company may take this tack to become more market-driven or quality-focused – perhaps to eliminate defects, reduce cycle time, or increase customer satisfaction. Alignment of authority and accountability often is designed to encourage individual initiatives, within limits. Delegation of authority means surrendering central control of certain business decisions to lower echelons – to the individuals who are closest to everyday business transactions. This may involve empowerment to sell products at discount prices; negotiate long-term supply contracts, licenses, or patents; or enter alliances or joint ventures.

A critical challenge is to delegate only to the extent required to achieve objectives. This means ensuring that decision making is based on sound practices for risk identification and assessment, including sizing risks and weighing potential losses versus gains in determining which risks to accept and how they are to be managed.

Another challenge is ensuring that all personnel understand the entity’s objectives. It is essential that individuals know how their actions are related to one

another and contribute to achievement of the objectives.

Increased delegation sometimes is intentionally accompanied by or the result of streamlining or “flattening” the organizational structure. Purposeful structural change to encourage creativity, taking initiative, and faster response times can enhance competitiveness and cu外文翻譯范文stomer satisfaction. This increased delegation may carry an implicit requirement for a higher level of employee competence, as well as greater accountability. It also requires effective procedures for management to monitor results so that decisions can be overruled or accepted as necessary. Along with better, market-driven decisions, delegation may increase the number of undesirable or unanticipated decisions. For example, if a district sales manager decides that authorization to sell at 35% off list price justifies a temporary 45% discount to gain market share, management may need to know so that it can overrule or accept such decisions going forward.

The internal environment is greatly influenced by the extent to which individuals recognize that they will be held accountable. This holds true all the way to the chief executive, who, with board oversight, has ultimate responsibility for all activities within an entity.

Additional principles related to roles and responsibilities by parties integral to effective enterprise risk management are set forth in the Roles and Responsibilities chapter.

Human Resource Standards

Human resource practices pertaining to hiring, orientation, training, evaluating, counseling, promoting, compensating, and taking remedial actions send messages to employees regarding expected levels of integrity, ethical behavior, and competence. For example, standards for hiring the most qualified individuals, with emphasis on educational background, prior work experience, past accomplishments, and evidence of integrity and ethical behavior, demonstrate an entity’s commitment to competent and trustworthy people. The same is true when recruiting practices include formal,

in-depth employment interviews and training in the entity’s history, culture, and operating style.

Training policies can reinforce expected levels of performance and behavior by communicating prospective roles and responsibilities and by including such practices as training schools and seminars, simulated case studies, and role-playing exercises. Transfers and promotions driven by periodic performance appraisals demonstrate the entity’s commitment to advancement of qualified employees. Competitive compensation programs that include bonus incentives serve to motivate and reinforce outstanding performance – although reward systems should be structured, and controls in place, to avoid undue temptation to misrepresent reported results. Disciplinary actions send a message that violations of expected behavior will not be tolerated.

It is essential that employees be equipped to tackle new challenges as issues and risks throughout the entity change and become more complex – driven in part by rapidly changing technologies and increasing competition. Education and training, whether classroom instruction, self-study, or on-the-job training, must help personnel keep pace and deal effectively with the evolving environment. Hiring competent people and providing one-time training are not enough. The education process is ongoing.

Implications

It is difficult to overstate the importance of an entity’s internal environment and the impact – positive or negative – it can have on other enterprise risk management components. The impact of an ineffective internal environment can be far-reaching, possibly resulting in financial loss, a tarnished public image, or a business failure.

An energy company generally was thought to have effective enterprise risk management since it had high-powered and respected senior managers, a prestigious board of directors, an innovative strategy, well-designed information systems and control activities, extensive policy manuals prescribing risk and control functions, and

comprehensive reconciling and supervisory routines. Its internal environment, however, was significantly flawed.

Management participated in highly questionable business practices, and the board turned a “blind-eye.” The company was found to have misreported financial results and suffered a loss of shareholder confidence, a liquidity crisis, and destruction of entity value. Ultimately the company went into one of the largest bankruptcies in history.

The attitude and concern of top management for effective enterprise risk management must be definitive and clear, and permeate the organization. It is not sufficient to say the right words. An attitude of “do as I say, not as I do” will only bring about an ineffective environment.

19

20

21

22

23

24

25

26

27

28

【外文翻譯】相關文章：

內部控制外文文獻翻譯04-30

中外文化差異及翻譯04-29

英漢商標詞翻譯-中外文化差異的鏡子04-29

兩大權威外文翻譯資格考試證書面對面05-04

關于外文字母詞和原裝外文縮略語問題04-30

外文系怎么辦?04-26

外文信息資源開發(fā)與服務04-29

畢業(yè)論文外文文獻格式要求05-15

涉外文秘英語實訓教學初探04-26

論網絡環(huán)境下外文期刊的開發(fā)與利用04-28