《ISO FDIS31000风险管理最终发布版中文翻译稿4400.docx》由会员分享,可在线阅读,更多相关《ISO FDIS31000风险管理最终发布版中文翻译稿4400.docx(63页珍藏版)》请在得力文库 - 分享文档赚钱的网站上搜索。
1、INTERNATIONAL STANDARD ISO/FFDIS3310000Riskk mannagemment Prrinciipless andd guiideliinesForewword前前言ISO (the Inteernattionaal Orrganiizatiion ffor SStanddardiizatiion) is aa worrldwiide ffederratioon off nattionaal sttandaards bodiies(IISO mmembeer boodiess). TThe wwork of pprepaaringg Intternaatio
2、nnal SStanddardss is normmallyy carrriedd outt thrroughh ISOO techhnicaal coommittteess. Eaach mmembeer boody iinterresteed inn a ssubjeect ffor wwhichh a ttechnnicall commmitttee hhas bbeen estaablisshed has the righht too be reprresennted on tthat commmitteee. IInterrnatiionall orgganizzatioons, g
3、oveernmeentall andd not-govvernmmentaal, iin liiaisoon wiith IISO, alsoo takke paart iin thhe woork. ISO colllaborratess clooselyy witth thhe Inteernattionaal Ellectrrotecchniccal CCommiissioon (IIEC) on aall mmatteers oof ellectrrotecchniccal sstanddardiizatiion.ISO(国国际标准化化组织)是一个各国标标准化机构构(ISO成员员机构)
4、组成成的世界性性联合会。制定国国际标准的的工作通常常由ISOO的技术委委员会完成成。各成员机构若对某某技术委员员会确定的的项目感兴兴趣,有权权派代表参参加该委员员会。与ISO保持持联系的各各国际组织织(官方的的或非官方方的)也可可参加有关关工作。IISO与国国际电工委委员会(IIEC)在在电工技术术标准化方方面保持密密切合作的的关系。Interrnatiionall Staandarrds aare ddraftted iin acccorddancee witth thhe ruules giveen inn thee ISOO/IECC Dirrectiives, Parrt 2.国际标准
5、是是根据ISSO/IEEC导则第第2部分的的规则起草草的。The mmain taskk of techhnicaal coommittteess is to pprepaare IInterrnatiionall Staandarrds. Drafft Innternnatioonal Stanndardds adoppted by tthe ttechnnicall commmitttees are circculatted tto thhe meemberr boddies for votiing. Publlicattion as aan Inteernattionaal Sttand
6、aard rrequiires apprrovall by at lleastt 75% of the membber bbodiees caastinng a votee.各技术委员员会的主要要工作是起起草国际标标准。各技技术委员会会通过的国国际标准草草案要提交各成成员机构投票表表决。须取得至至少75参加表决决的成员机机构同意,国国际标准草草案才能作作为国际标标准证实发发布。Attenntionn is drawwn too thee posssibiilityy thaat soome oof thhe ellemennts oof thhis ddocumment may be tthe
7、 ssubjeect oof paatentt righhts. ISO shalll noot bee helld reesponnsiblle foor iddentiifyinng anny orr alll succh paatentt rigghts.本标准中的的某些内容容有可能涉涉及一些专专利权问题题,这一点点应引起注注意,ISSO不负责责识别任何何这样的专专利权问题题。ISO 3310000 wass preepareed byy thee ISOO Tecchniccal MManaggemennt Booard Workking Grouup onn rissk maanag
8、eementt.ISO 3310000由ISO技技术管理委委员会风险险管理工作作组编写。Introoducttion简简介Organnizattionss of all typees annd siizes facee intternaal annd exxternnal ffactoors aand iinfluuencees thhat mmake it uuncerrtainn whetther and whenn theey wiill aachieeve ttheirr objjectiives. Thee efffect thiss unccertaaintyy hass on a
9、n oorgannizattions objeectivves iis “rrisk”.所有类型和和规模的组组织都面临内部部和外部因因素和影响,使使得它不能能确定是否否及何时实实现其目标标。这种对对一个组织织目标影响响的不确定定性即是“风险”。All aactivvitiees off an orgaanizaationn invvolvee rissk. OOrgannizattionss mannage riskk by idenntifyying it, anallysinng itt andd theen evalluatiing wwhethher tthe rrisk shouul
10、d bbe moodifiied bby riisk ttreattmentt in ordeer too sattisfyy theeir rrisk critteriaa.一个组织的的所有活动动都涉及风险险。组织通通过识别、分分析、评价价风险以及及处理风险险,以满足足他们的风风险标准。Throuughouut thhis pproceess, theyy commmuniicatee andd connsultt witth sttakehholdeers aand mmonittor aand rrevieew thhe riisk and the conttrolss thaat ar
11、re moodifyying the riskk in ordeer too enssure thatt no furtther riskk treeatmeent iis reequirred. Thiss Inteernattionaal Sttandaard ddescrribess thiis syystemmaticc andd loggicall proocesss in detaail.在这个过程程中,他们们与利益相相关者沟通通协商,监监测和审查查风险控制制,并不断断的修正风险,以以确保风险险处理不再再是必需的的。本标准准详细描述述了这一系系统的和符符合逻辑的的过程。Whilee
12、 alll orgganizzatioons mmanagge riisk tto soome ddegreee, tthis Inteernattionaal Sttandaard eestabblishhes aa nummber of prinnciplles tthat needd to be ssatissfiedd to makee rissk maanageementt efffectiive. Thiss Intternaationnal SStanddard recoommennds tthat orgaanizaationns deeveloop, iimpleementt
13、 andd conntinuuouslly immprovve a frammeworrk whhose purppose is to iinteggratee thee proocesss forr mannaginng riisk iinto the orgaanizaationns ooveraall ggoverrnancce, sstrattegy and plannningg,mannagemment, repportiing pproceessess, pooliciies, valuues aand ccultuure.尽管所有的的组织在某某种程度上上都在管理理风险,本本标准规
14、定定了一些原原则,以使风险管管理变得有效。本标准建议议,组织制制定,实施施和不断完完善的框架架,其目的的是将风险险管理纳入入到组织的的治理,战略略和规划,管管理,报告告程序,政政策,价值值观和文化化等综合管理理的整个过过程。Risk manaagemeent ccan bbe appplieed too an entiire oorgannizattion, at its manyy areeas aand llevells, aat anny tiime, as wwell as tto sppeciffic ffuncttionss, prrojeccts aand aactivvitie
15、es.风险管理可可以应用到到整个组织织,它的许许多领域和和层次,在在任何时间间,以及具具体职能,项项目和活动动。Althoough the praccticee of riskk mannagemment has beenn devvelopped oover timee andd witthin manyy secctorss in ordeer too meett divversee neeeds, the adopptionn of conssisteent pproceessess witthin a coompreehenssive frammeworrk caan heelp tt
16、o ensuure tthat riskk is manaaged effeectivvely, effficieentlyy andd cohherenntly acrooss aan orrganiizatiion. The geneeric apprroachh desscribbed iin thhis IInterrnatiionall Staandarrd prroviddes tthe pprincciplees annd guuidelliness forr mannaginng anny formm of riskk in a syystemmaticc, trransppa
17、rennt annd crredibble mmanneer annd wiithinn anyy scoope aand cconteext.尽管在过去去这段时间间内的许多多部门,以满足不不同的需要要的风险管理理的做法是是成熟的,但是通过过采用一致致性流程的的综合框架架有助于确确保风险管管理的有效效性,并且且有效和连连贯整个组组织。在本本标准规定定的一般性性的原则和和方针,目目的在于在在任何的环环境和背景景下,系统统的、清晰晰的、可靠靠的方式管管理风险。Each speccificc secctor or aappliicatiion oof riisk mmanaggemennt brri
18、ngss witth itt inddividdual needds, aaudieencess, peercepptionns and critteriaa. Thhereffore, a kkey ffeatuure oof thhis IInterrnatiionall Staandarrd iss thee incclusiion oof “eestabblishhing the conttext” as an activity at the start of this generic risk management process. Establishing the context
19、will capture the objectives of the organization, the environment in which it pursues those objectives, its stakeholders and the diversity of risk criteria all of which will help reveal and assess the nature and complexity of its risks.每一个具体体部门或风风险管理的的应用都产产生了独自自的需要,受众众,观念和和标准。因因此,这一一国际标准准的主要特特点是将风风险管
20、理“环境建设设”列入其管理过程程的开始活活动。环境境建设方面面将捕获该该组织的目目标,它所所追求目标标的环境,它它的利益相相关者和风风险标准的的多样性,所有这些些都将帮助助揭示和评评估风险的性质质和复杂性性。The rrelattionsship betwween the prinnciplles ffor mmanagging riskk, thhe frramewwork in wwhichh it occuurs aand tthe rrisk manaagemeent pproceess ddescrribedd in thiss Intternaationnal SStanddard
21、 are showwn inn Figgure 1.本标准描述述了风险管管理的原则则、框架、风风险管理的的流程之间间的关系,如如图1所示示。When impllemennted and mainntainned iin acccorddancee witth thhis IInterrnatiionall Staandarrd, tthe mmanaggemennt off rissk enabbles an oorgannizattion to, for exammple:当按照这一一国际标准准实施和维维护时,风风险的管理者需使一个个组织加强强,例如: inccreasse thhe lii
22、keliihoodd of achiievinng obbjecttivess; 增加加实现目标标的可能性性 enccouraage pproacctivee mannagemment; 鼓励主动性性管理; be awarre off thee neeed too ideentiffy annd trreat riskk thrroughhout the orgaanizaationn; 在组织中中,意识到到识别和对待风险的需要要; impprovee thee ideentifficattion of oopporrtuniitiess andd thrreatss; 提高高的机会和和威胁识
23、别别能力 commply withh rellevannt leegal and reguulatoory rrequiiremeents and inteernattionaal noorms; 符合有有关法律及及监管要求求和国际规规范 impprovee finnanciial rreporrtingg; 改进进财务报告告 impprovee govvernaance; 改善治理理 impprovee staakehoolderr connfideence and trusst; 提高利益相相关者的信信心和信任任 esttabliish aa relliablle baasis for d
24、eciisionn makking and plannningg; 建立立决策和规规划提供可可靠的根基基 impprovee conntrolls;加强强控制 efffectiivelyy alllocatte annd usse reesourrces for riskk treeatmeent; 有效地分分配和使用用资源处理理风险 impprovee opeeratiionall efffectiiveneess aand eefficcienccy;提高高运营的效效果和效率率 enhhancee heaalth and safeety pperfoormannce, as wwell a
25、s eenvirronmeentall prootecttion; 加强健健康和安全全业绩,以及及环境的保保护; impprovee losss prrevenntionn andd inccidennt maanageementt; 改善善防损和事事件管理 minnimizze loossess; 减少少损失 impprovee orgganizzatioonal learrningg; annd提高组组织的学习习能力 impprovee orgganizzatioonal resiiliennce. 提高组织织的应变能能力This Inteernattionaal Sttandaard i
26、is inntendded tto meeet tthe nneedss of a wiide rrangee of stakkehollderss, inncludding: 本标准准是为了满满足广大利利益相关者者需要,包包括:a) thhose respponsiible for deveelopiing rrisk manaagemeent ppoliccy wiithinn theeir oorgannizattion;a)开发者者对其机构内内的风险管管理政策负负责;b) thhose accoountaable for ensuuringg thaat riisk iis efffe
27、cttivelly maanageed wiithinn thee orgganizzatioon ass a wwholee or withhin aa speecifiic arrea, projject or aactivvity;b)有人对对组织作为为一个整体体、或者某某一特定范范围、项目目或者活动动的风险管管理的有效效性负责;c) thhose who needd to evalluatee an orgaanizaationn efffectiiveneess iin maanagiing rrisk; anddc)有人需需要对风险管理理评估的有有效性负责责;和d) deevelo
28、operss of stanndardds, gguidees, pproceedurees annd coodes of ppracttice thatt, inn whoole oor inn parrt, sset oout hhow riskk is to bbe maanageed wiithinn thee speecifiic coontexxt off theese ddocummentss.d)标准,指指南,程序序和守则的的开发者,应该对在在特定的环环境下风险险管理整体体的或部分分的文件得得以实施负负责;The ccurreent mmanaggemennt prractii
29、ces and proccessees off manny orrganiizatiions incllude compponennts oof riisk manaagemeent, and manyy orgganizzatioons hhave alreeady adoppted a foormall rissk maanageementt proocesss forr parrticuular typees off rissk orr cirrcumsstancces. In ssuch casees, aan orrganiizatiion ccan ddecidde too car
30、rry oout aa criiticaal reevieww of its exisstingg praacticces aand pproceessess in the lighht off thiis Innternnatioonal Stanndardd.目前许多组组织的管理理实践和流流程包括风风险管理的的组成部分分,并且许许多组织对对特殊类型型的风险或或环境下已已经采用了了正式的风风险管理流流程。在这这种情况下下,组织可可以在本标准下开展对其现有的的做法和程程序严格审审查。In thhis IInterrnatiionall Staandarrd, tthe eexpreessioo
31、ns “rrisk manaagemeent” and “mannaginng riisk” are bothh useed. IIn geneeral termms, “rrisk manaagemeent” refeers tto thhe arrchittectuure (prinnciplles, frammeworrk annd prrocesss) ffor mmanagging riskks efffecttivelly, wwhilee “maanagiing rrisk” refeers tto appplyiing tthat archhiteccturee to part
32、ticullar rriskss.在本国际标标准中,“风风险管理”和和“管理风风险”同时时使用。一一般来说,“风风险管理”是是指管理风风险的有效效性架构(原原则,框架架和流程),而而“管理风风险”是指指运用该架架构管理特特定风险。Figurre 1 Reelatiionshhips betwween the riskk mannagemment prinnciplles, frammeworrk annd prrocesssRisk manaagemeent Priincipples and guiddelinnes风险险管理-原原则和指导导方针1 Scoope范围围This Inteerna
33、ttionaal Sttandaard pproviides prinnciplles aand ggenerric gguideelinees onn rissk maanageementt.本标准提供供了风险管管理的原则和一一般准则。This Inteernattionaal Sttandaard ccan bbe ussed bby anny puublicc, prrivatte orr commmuniity eenterrprisse, aassocciatiion, grouup orr indiividuual. Therreforre, tthis Inteernattion
34、aal Sttandaard iis noot sppeciffic tto anny inndusttry oor seectorr.本标准可用用于任何公公共,私人人或社区组组织,协会会,团体或或个体。因此,这这个国际标标准是不针针对特殊行业或或部门。NOTE For convvenieence, alll thee difffereent uuserss of thiss Intternaationnal SStanddard are refeerredd to by tthe ggenerral tterm “orgganizzatioon”.为方便起见见,本国际标准准提到的所有不同同的
35、用户通通用术语为为“组织”。This Inteernattionaal Sttandaard ccan bbe appplieed thhrougghoutt thee liffe off an orgaanizaationn, annd too a wwide rangge off actiivitiies, inclludinng sttrateegiess andd deccisioons, operratioons, proccessees, ffuncttionss, prrojeccts, prodductss, seervicces and asseets.本标准可用用于整个组组
36、织生活及及各种活动动,包括战战略和决策策,运营,流程程,职能,范范围广泛的的项目,产产品,服务务和资产。This Inteernattionaal Sttandaard ccan bbe appplieed too anyy typpe off rissk, wwhateever its natuure, whetther haviing pposittive or negaativee connsequuencees.本标准可以以适用于任任何类型的的风险,无无论其性质质是否有积积极或消极极的后果。Althoough thiss Intternaationnal SStanddard prov
37、videss gennericc guiideliines, it is nnot iintennded to ppromoote uunifoormitty off rissk manaagemeent aacrosss orrganiizatiions. Thee dessign and impllemenntatiion oof riisk mmanaggemennt pllans and frammeworrks wwill needd to takee intto acccounnt thhe vaaryinng neeeds of aa speecifiic orrganiizat
38、iion, its partticullar oobjecctivees,coontexxt, sstruccturee, opperattionss, prrocessses, funnctioons, projjectss, prroduccts, servvicess, orr asssets and speccificc praccticees emmployyed.尽管本国际际标准提供供了风险管管理的一般般准则,但但不是为了了促进各组组织风险管管理的统一一性。设计和和风险管理理计划和框框架的实施施需要考虑虑到特定组组织的不同同需要,具具体做法受受其特定的的目标,环环境,结构构,业务,
39、流流程,功能能,项目,产产品,服务务或资产等等影响。It iss inttendeed thhat tthis Inteernattionaal Sttandaard bbe uttilizzed tto haarmonnize riskk mannagemment proccessees inn exiistinng and futuure sstanddardss. Itt proovidees a commmon aapprooach in ssuppoort oof sttandaards dealling withh speecifiic riisks and/or ssectoor
40、s, and doess nott repplacee thoose sstanddardss.本国际标准准目的是用用来协调风风险管理与与现有的和未来的的标准之间间的流程。它它提供了一一个支持处处理特定风风险和/或或部分风险险的通用方方法,而不不是取代这这些标准。This Inteernattionaal Sttandaard iis noot inntendded ffor tthe ppurpoose oof ceertifficattion.本标准不适适合认证目的。 2 Terrms aand ddefinnitioons术语语和定义For tthe ppurpooses of tthi
41、s docuumentt, thhe foollowwing termms annd deefiniitionns appply.下列术语和和定义适用用本文件。2.1riisk 风风险effecct off unccertaaintyy on objeectivves不确定性对对目标的影影响NOTE 1 Ann efffect is aa devviatiion ffrom the expeectedd pposittive and/or nnegattive.注1:影响响是与预期期的偏差积极和和/或消极极NOTE 2 Obbjecttivess cann havve diifferrent
42、aspeects (succh ass finnanciial, heallth aand ssafetty, aand eenvirronmeentall goaals) and can applly att difffereent llevells (ssuch as sstrattegicc, orrganiizatiion-wwide, proojectt, prroducct annd prrocesss).注2:目标标可以有不不同方面(如如财务,健健康和安全全,以及环环境目标),可可以体现在在不同的层层次(如战战略,组织织范围,项项目,产品品和流程)。NOTE 3 Riisk ii
43、s offten charracteerizeed byy refferennce tto pootenttial evennts (2.199) annd coonseqquencces (2.200), oor a combbinattion of tthesee.注3:风险险通常被描描述为潜在在事件(22.19)和和后果(22.20),或或它们的组组合。NOTE 4 Riisk iis offten exprresseed inn terrms oof a combbinattion of tthe cconseequennces of aan evvent (inccludiing c
44、changges iin circcumsttancees) aand tthe aassocciateed liikeliihoodd (2.21) of ooccurrrencce.注4:风险险往往表达达了对事件件后果(包括括环境的变变化)和相相关的可能能性概率(2.21)。NOTE 5 Unncerttaintty iss thee staate, evenn parrtiall, off defficieency of iinforrmatiion rrelatted tto, uunderrstanndingg or knowwledgge off an evennt, iits c
45、conseequennce, or llikellihoood.ISO Guidde 733:20009, ddefinnitioon 1.12.2riisk mmanaggemennt风险管管理coorddinatted aactivvitiees too dirrect and conttrol an oorgannizattion withh reggard to rrisk (2.11)一个组织对对风险的指指挥和控制制的一系列列协调活动动ISO Guidde 733:20009, ddefinnitioon 2.12.3riisk mmanaggemennt frramewwork风风
46、险管理框框架set oof coomponnentss thaat prrovidde thhe fooundaationns annd orrganiizatiionall arrrangeementts foor deesignning, impplemeentinng,moonitooringg (2.30), revviewiing aand ccontiinuallly iimproovingg rissk maanageementt (2.2) tthrouughouut thhe orrganiizatiion 组织对风险险管理的设设计、实施施、监控、检检查和持续续改进等进进行的
47、一系系列基础的的组织安排排NOTE 1 Thhe fooundaationns inncludde thhe poolicyy, obbjecttivess, maandatte annd coommittmentt to manaage rrisk (2.11).基础础包括管理理风险的政政策、目标标、任务和和承诺NOTE 2 Thhe orrganiizatiionall arrrangeementts inncludde pllans, rellatioonshiips, accoountaabiliitiess, reesourrces, proocessses aand actiivitiies.组组织安排包包括计划、关关系、职责责、资源、流流程和活动动NOTE 3 Thhe riisk mmanaggemennt frramewwork is eembeddded withhin tthe oorgannizattions ovveralll sttrateegic and operratioonal poliiciess andd praacticces.风风险管理框框架被植入入到组织的的整个战略略和运营的的战略和实实
黑公网安备:91230400333293403D