demanded企业风险管理中英文对照外文翻译文献

企业风险管理中英文对照外文翻译文献

企业风险管理中英文对照外文翻译文献

(

文档含英文原文和中文翻译

)

原文：

Risk Management

This

chapter

reviews

and

discusses

the

basic

issues

and

principles

of

risk

management,

including:

risk

acceptability

(tolerability);

risk

reduction

and

the

ALARP principle; cautionary and precautionary principles. And presents a case study

showing

the

importance

of

these

issues

and

principles

in

a

practical

management

context. Before we take a closer look, let us briefly address some basic features of risk

management.

The purpose of risk management is to ensure that adequate measures are taken to

protect

people,

the

environment,

and

assets

from

possible

harmful

consequences

of

the activities being undertaken, as well as to balance different concerns, in particular

risks and costs. Risk management includes measures both to avoid the hazards and to

企业风险管理中英文对照外文翻译文献

reduce their potential harm. Traditionally, in industries such as nuclear, oil, and gas,

risk

management

was

based

on

a

prescriptive

regulating

regime,

in

which

detailed

requirements

were set

with regard to

the design

and operation of the arrangements.

This

regime

has

gradually

been

replaced

by

a

more

goal-oriented

regime,

putting

emphasis on what to achieve rather than on the means of achieving it.

Risk

management

is

an

integral

aspect

of

a

goal- oriented

regime.

It

is

acknowledged

that

risk

cannot

be

eliminated

but

must

be

managed.

There

is

nowadays an enormous drive and enthusiasm in various industries and in society as a

whole

to

implement

risk

management

in

organizations.

There

are

high

expectations

that risk management is the proper framework through which to achieve high levels of

performance.

Risk

management

involves

achieving

an

appropriate

balance

between

realizing

opportunities

for

gain

and

minimizing

losses.

It

is

an

integral

part

of

good

management practice and an essential element of good corporate governance. It is an

iterative process consisting of steps that, when undertaken in sequence, can lead to a

continuous improvement in decision-making and facilitate a continuous improvement

in performance.

To

support

decision-making

regarding

design

and

operation,

risk

analyses

are

carried

out.

They

include

the

identification

of

hazards

and

threats,

cause

analyses,

consequence

analyses,

and

risk

descriptions.

The

results

are

then

evaluated.

The

totality of the analyses and the evaluations are referred to as risk assessments. Risk

assessment

is

followed

by

risk

treatment,

which

is

a

process

involving

the

development and implementation of measures to modify the risk, including measures

designed to avoid, reduce

(“optimize”), transfer, or retain the risk. Risk transfer means

sharing

with

another

party

the

benefit

or

loss

associated

with

a

risk.

It

is

typically

affected through insurance. Risk management covers all coordinated activities in the

direction and control of an organization with regard to risk.

In

many

enterprises,

the

risk

management

tasks

are

divided

into

three

main

categories:

strategic

risk,

financial

risk,

and

operational

risk.

Strategic

risk

includes

aspects and factors that are important for the e

nterprise’s long

-term strategy and plans,

企业风险管理中英文对照外文翻译文献

for example mergers and acquisitions,

technology, competition,

political

conditions,

legislation and regulations, and labor market. Financial risk includes the enterprise’s

financial situation, and includes: Market risk, associated with the costs of goods and

services,

foreign

exchange

rates

and

securities

(shares,

bonds,

etc.).

Credit

risk,

associated

with

a

debtor’s

failure

to

meet

its

obligations

in

accordance

with

agreed

terms. Liquidity risk, reflecting lack of access to cash; the difficulty of selling an asset

in

a

timely

manner.

Operational

risk

is

related

to

conditions

affecting

the

normal

operating

situation:

Accidental

events,

including

failures

and

defects,

quality

deviations, natural disasters. Intended acts; sabotage, disgruntled employees, etc. Loss

of

competence,

key

personnel.

Legal

circumstances,

associated

for

instance,

with

defective contracts and liability insurance.

For an enterprise to become successful in its implementation of risk management,

top management needs to be involved, and activities must be put into effect on many

levels. Some important

points to ensure success are: the establishment of a strategy

for risk management, i.e., the principles of how the enterprise defines and implements

risk

management.

Should

one

simply

follow

the

regulatory

requirements

(minimal

requirements), or should one be the “best in the class”? The establishment of a risk

management

process

for

the

enterprise,

i.e.

formal

processes

and

routines

that

the

enterprise is

to

follow.

The establishment of management structures, with

roles and

responsibilities,

such

that

the

risk

analysis

process

becomes

integrated

into

the

organization.

The

implementation

of

analyses

and

support

systems,

such

as

risk

analysis tools, recording systems for occurrences of various types of events, etc. The

communication, training, and development of a risk management culture, so that the

competence, understanding, and motivation level within the organization is enhanced.

Given

the

above

fundamentals

of

risk

management,

the

next

step

is

to

develop

principles and a methodology that can be used in practical decision-making. This is

not, however, straightforward. There are a number of challenges and here we address

some

of

these:

establishing

an

informative

risk

picture

for

the

various

decision

alternatives,

using

this

risk

picture

in

a

decision- making

context.

Establishing

an

informative risk picture means identifying appropriate risk indices and assessments of

企业风险管理中英文对照外文翻译文献

uncertainties. Using the risk picture in a decision making context means the definition

and

application

of

risk

acceptance

criteria,

cost

benefit

analyses

and

the

ALARP

principle,

which

states

that

risk

should

be

reduced

to

a

level

which

is

as

low

as

is

reasonably practicable.

It is common to define and describe risks in terms of probabilities and expected

values.

This

has,

however,

been

challenged,

since

the

probabilities

and

expected

values

can

camouflage

uncertainties;

the

assigned

probabilities

are

conditional

on

a

number

of

assumptions

and

suppositions,

and

they

depend

on

the

background

knowledge.

Uncertainties

are

often

hidden

in

this

background

knowledge,

and

restricting

attention

to

the

assigned

probabilities

can

camouflage

factors

that

could

produce

surprising

outcomes.

By

jumping

directly

into

probabilities,

important

uncertainty

aspects

are

easily

truncated,

and

potential

surprises

may

be

left

unconsidered.

Let us, as an example, consider the risks, seen through the eyes of a risk analyst

in the 1970s, associated with future health problems for divers working on offshore

petroleum projects. The analyst assigns a value to the probability that a diver would

experience health problems (properly defined) during the coming 30 years due to the

diving activities. Let us assume that a value of 1 % was assigned, a number based on

the knowledge available at that time. There are no strong indications that the divers

will

experience

health

problems,

but

we

know

today

that

these

probabilities

led

to

poor

predictions.

Many

divers

have

experienced

severe

health

problems

(Avon

and

Vine,

2007).

By

restricting

risk

to

the

probability

assignments

alone,

important

aspects of uncertainty and risk are hidden. There is a lack of understanding about the

underlying

phenomena,

but

the

probability

assignments

alone

are

not

able

to

fully

describe this status.

Several

risk

perspectives

and

definitions

have

been

proposed

in

line

with

this

realization.

For

example,

Avon

(2007a,

2008a)

defines

risk

as

the

two-dimensional

combination

of

events/consequences

and

associated

uncertainties

(will

the

events

occur, what the consequences will be). A closely related perspective is suggested by

Avon and Renan (2008a), who define risk associated with an activity as

uncertainty

企业风险管理中英文对照外文翻译文献

about

and

severity

of

the

consequences

of

the

activity,

where

severity

refers

to

intensity,

size,

extension,

scope

and

other

potential

measures

of

magnitude

with

respect to something that humans value (lives, the environment, money, etc.). Losses

and gains, expressed for example in monetary terms or as the number of fatalities, are

ways

of

defining

the

severity

of

the

consequences.

See

also

Avon

and

Christensen

(2005).

In the case of large uncertainties, risk assessments can support decision-making,

but

other

principles,

measures,

and

instruments

are

also

required,

such

as

the

cautionary/precautionary principles as well as robustness and resilience strategies. An

informative decision basis is needed, but it should be far more nuanced than can be

obtained by a probabilistic analysis alone. This has been stressed by many researchers,

e.g.

Apostolicism

(1990)

and

Apostolicism

and

Lemon

(2005):

qualitative

risk

analysis

(QRA)

results

are

never

the

sole

basis

for

decision-making.

Safety-

and

security-related decision-making is

risk-informed, not risk-based. This

conclusion is

not,

however,

justified

merely

by

referring

to

the

need

for

addressing

uncertainties

beyond probabilities and expected values. The main

issue here is

the

fact that risks

need to be balanced with other concerns.

When various solutions and measures are to be compared and a decision is to be

made, the analysis and assessments that have been conducted provide a basis for such

a decision. In many cases, established design principles and standards provide clear

guidance.

Compliance

with

such

principles

and

standards

must

be

among

the

first

reference

points

when

assessing

risks.

It

is

common

thinking

that

risk

management

processes, and especially ALARP processes, require formal guidelines or criteria (e.g.,

risk

acceptance

criteria

and

cost-effectiveness

indices)

to

simplify

the

decision-making.

Care

must;

however,

be

shown

when

using

this

type

of

formal

decision-making

criteria,

as

they

easily

result

in

a

mechanization

of

the

decision- making

process.

Such

mechanization

is

unfortunate

because:

Decision-making

criteria

based

on

risk- related

numbers

alone

(probabilities

and

expected values) do not capture all the aspects of risk, costs, and benefits, no method

has a precision that justifies a mechanical decision based on whether the result is over

企业风险管理中英文对照外文翻译文献

or

below

a

numerical

criterion.

It

is

a

managerial

responsibility

to

make

decisions

under

uncertainty,

and

management

should

be

aware

of

the

relevant

risks

and

uncertainties.

Apostolicism and Lemon (2005) adopt a pragmatic approach to risk analysis and

risk management, acknowledging the difficulties of determining

the probabilities of

an attack. Ideally, they would like to implement a risk-informed procedure, based on

expected

values.

However,

since

such

an

approach

would

require

the

use

of

probabilities that

have not

b

een “rigorously derived”

, they see themselves forced to

resort to a more pragmatic approach.

This is one possible approach when facing problems of large uncertainties. The

risk analyses simply do not provide a sufficiently solid basis for the decision-making

process. We argue along the same lines. There is a need for a management review and

judgment process. It is necessary to see beyond the computed risk picture in the form

of the probabilities and expected values. Traditional quantitative risk analyses fail in

this

respect.

We

acknowledge

the

need

for

analyzing

risk,

but

question

the

value

added

by

performing

traditional

quantitative

risk

analyses

in

the

case

of

large

uncertainties. The arbitrariness in the numbers produced can be significant, due to the

uncertainties

in

the

estimates

or

as

a

result

of

the

uncertainty

assessments

being

strongly dependent on the analysts.

It

should

be

acknowledged

that

risk

cannot

be

accurately

expressed

using

probabilities and expected values. A quantitative risk analysis is in many cases better

replaced

by

a

more

qualitative

approach,

as

shown

in

the

examples

above;

an

approach which may be referred to as a semi-quantitative approach. Quantifying risk

using risk indices such as the expected number of fatalities gives an impression that

risk can be expressed in a very precise way. However, in most cases, the arbitrariness

is

large.

In

a

semi- quantitative

approach

this

is

acknowledged

by

providing

a

more

nuanced risk

picture, which includes factors that can cause “surprises” r

elative to the

probabilities

and

the

expected

values.

Quantification

often

requires

strong

simplifications and assumptions and, as a result, important factors could be ignored or

given too little (or too much) weight. In a qualitative or semi- quantitative analysis, a