-
ISOFDIS31000
风险管理最终发布版中文翻译稿
ISO/FDIS31000Risk management
—
Principles and
guidelines
Foreword
前言
ISO (the
International Organization for Standardization) is
a worldwide federation of national standards
bodies(ISO member bodies). The work of
prepari ng In ter national Stan dards is n ormally
carried out through ISO
technical
committees. Each member body interested in a
subject for which a technical committee has been
established has
the right to be
represented on that
committee
?
Inter national
orga nizatio ns, governmental and not-govemme
ntal, in
liais on with ISO, also take
part in the work. ISO collaborates closely with
the Inter national Electrotechnical
Commissi on (IEC) on all matters of
electrotechnical
standardiza
廿
on.
ISO (
国际标准化组织
)
是一个各国标准化机构
(ISO
成员机构
)
组成的世界性联合会。制
龙国际
标准的工作通常由
ISO
的技术委员会完成。各成员机构若对某技术委员会确怎的项目感
爱好,有权
派代表参加该委员会。与
ISO
保持联系的各国际组织
(
官方的或非官方的
)
也可参
加有关工作。
ISO
与国际电工委员会
(IEC)<
/p>
在电工技术标准化方而保持紧密合作的关系。
In ter national Stan dards are drafted
in accorda nee with the rules give n in the
ISO/IEC Directives, Part 2.
国际标准是依照
ISO/IEC
导则第
2
部分的规则起草的。
The main task of
technical committees is to prepare Interna t:ional
Sta ndards
?
Draft In
ternational Standards
adopted by the
technical committees are circulated to the member
bodies for voting
?
Publication as an In ter national
Stan
dard requires approval by at least 75% of the
member bodies casting a
vote
?
各技术委员会的要紧工作
是起草国际标准。各技术委员会通过的国际标准草案要提交务成
员
机构投票表决。须取得至少
75%
参加表决的成员机构同意,国际标准草案才能作为国际标准
证实公
布。
Attention is drawn to the possibility
that some of the elements of this document may be
the subject of pate nt
rights
?
ISO shall not be held resp
on sible for ide ratifying any or all such patent
rights
?
本标准中的某些内
容有可能涉及一些专利权咨询题,这一点应引起注意,
ISO
不
负责识不
任何
如此的专利权咨询题。
ISO 31000 was prepared by the ISO
Technical Management Board Working Group on risk
man ageme nt
?
ISO
31000
由
ISO
技术治理委员会风
险治理工作组编写。
Introduction
简介
Orga nizatio
ns of all types and sizes face in ter nal and
exter nal factors and in fluences that make it
uncertain whether and when they will
achieve their objectives
?
The effect this uncertainty has on an
organization's
objectives is
所有类型和规模的组织都面临内部和外部因素和阻碍,使得它不能确左是否及何时实现英
目
标。这种对一个组织目标阻碍的不确立性即是“风险”。
All activities of an
organization involve risk
?
Organizations manage risk by identifying it,
analysing it and
then evaluating
whether the risk should be modified by risk
treatment in order to satisfy their risk criteria.
一个组织的所有活动都涉及风险。组织通过识不、分析、评判风险以及处理风险,以满足
他
们的风险标准。
Throughout this process, they
communicate and con suit with stakeholders and
monitor and review the risk and the
controls that are modifying the risk in
order to ensure that no further risk treatment is
required. This Inter national
Stan dard
describes this systematic and logical process in
detail.
在那个过程中,他们与利益相关者沟通协商,监测和审查风险操纵,并
不断的修正风险,
以
确保风险处理不
再是必需的。本标准详细描述了这一系统的和符合逻辑的过程。
While all organizations manage risk to
some degree, this
Interna
廿
onal Standard
establishes a number of prin
ciples
that n eed to be satisfied to make risk man
agement effective
?
This In
ter national Standard recommends that
organizations develop, implement and
continuously improve a framework whose purpose is
to integrate the process for
managing
risk into the organization's overall governance,
strategy and planning,management
,
reporting processes,
policies,
values and culture
?
尽管所有的组织在某种程度上都在治理风险,本标准规定了一些原则,以使风险治理变得
有
效。本标准建议,组织制圧,实施和不断完善的框
架,其目的是将风险治理纳入到组织的治
理,战
略和规划,治理,报告程序,政策,价值观和文化等综合治理的整个过程。
Risk management can be applied to an
entire organization, at its many areas and levels,
at any time, as well as
to specific
functions, projects and activities.
风险治
理能够应用到整个组织,它的许多领域和层次,在任何时刻,以及具体职能,项目
和
活动。
Although the practice of risk
management has been developed over time and within
many sectors in order to meet
diverse
needs, the adopti on of con sistent processes
within a comprehensive framework can help to
ensure that risk is
managed
effectively, efficiently and coherently across an
orga niza
廿
on.
The generic approach described in this In
ter national Sta ndard provides the
principles and guidelines for managing any form of
risk in a systema
廿
c
,
transparent and credible manner and
within any scope and con text
?
尽管在过去这段时刻内的许多部门
,以满足不同的需要的风险治理的做法是成熟的,然而
通
过采纳一致性流程的综合框架有助于确保风险治理的有效性,同时有效和连贯整个组织。在<
/p>
本标准
规立的一样性的原则和方针,目
的在于在任何的环境和背景下,系统的、淸晰的、可靠
的方式治理
风险。
Each specific sector or application of
risk man ageme nt brings with it in dividual n
eeds, audie nces, percepti
ons and
criteria
?
Therefore, a key
feature of this International Standard is the in
elusion of ''establishing the
context
the objectives of the
organizati on, the envir onment in which it
pursues those objectives, its stakeholders and the
diversity of risk criteria
一
all of which
will help reveal and assess the nature and
complexity of its risks.
每一个具体部门或风险治理的应
用都产生了独自的需要,受众,观念和标准。因此,这一
国际
标准的要紧特点是将风险治理
'
、
环境建设〃列入其治理过程的开始活动。环境建设方而将捕
捉该组
织的目标,它所追求目标的环境,它的利益相关者和风险标准的
多样性,所有这些都将
关心揭示和
评估风险的性质和复杂性。
The relationship between the principles
for man aging risk, the framework in which it
occurs and the risk man ageme
nt
process described in this In ter natio nal
Standard are show n in Figure
1
?
本标准描述了风险治理的原则、
框架、风险治理的流程之间的关系,如图
1
所示。
When implemented and maintained
in accordance with this International Standard,
the management of risk enables an
organization to, for example:
当按照这一国际标准实施和爱护时,风险的治理者需使一个组织加强,例如:
-increase the likelihood of achieving
objectives;
增加实现目标的可能性
一
encourage
proactive
management;
鼓舞主动性治理;
一
be aware of the
need to identify and treat risk throughout the
organization;
在组织匚口,
意
i
只
到识
不和对待风险的需要;
-improve the identification of
opportunities and
threats;
提高的机会和威逼识不能力
-comply with relevant legal and
regulatory requireme nts and inter national norms;
符合有关
法律及监管要
求和国际规范
一
improve
financial reporting;
改进财
务扌艮告
-improve
governance;
改善治理
-improve stakeholder confidence and
trust;
提高利益相关者的信心和信任
-
establish a
reliable basis for decision making and
planning;
建立决策和规划提供可靠的根基
-improve
controls;
加强操纵
-
effectively
allocate and use resources for risk
treatment;
有效地分配和使用资源处理风险
-improve operational effectiveness and
efficiency;
提髙运营的成效和效率
一
en hance health
and safety performs nee, as well as envir onmen
tai
protection;
力
[
1
强健康和安
全业
绩,以及环境的爱护;
-improve loss prevention and incident
management;
改善防损和事件治理
一
minimize
losses;
减少缺失
-improve organizational learning;
and
提髙组织的学习能力
-improve organizational
resilience.
提高组织的应变能力
This In ter natio nal Stan dard is
intended to meet the needs of a wide range of
stakeholders, including:
本标准
是
为了满足宽敞利益相关者需要,包括:
a)
those
responsible for developing risk management policy
within their organization;
a)
开发者对其机构内的风险治理政策负责;
b)
those acco un
table for en suring that risk is effectively man
aged within the orga nizati on as a whole or
within a specific area, project or
activity;
b)
c)
c)
有人对组织作为一个整体、或者某一特左范畴、项目或者活动的风险治理的有效性负责;
those who need to evaluate
an organization effectiveness in managing risk;
and
有人需要对风险治理评估的有效性负责;和
d)
developers of
standards, guides, procedures and codes of
practice that, in whole or in part, set out how
risk is to be managed withi n the
specific con text of these docume nts.
d)
标准,指南,程序和守则的开发
者,应该对在特左的环境下风险治理整体的或部分的文
件得以实施负责;
The
curre nt man ageme nt prac
廿
ces and processes of many organizations
in elude components of risk
management,
and many organizations have already adopted a
formal risk management process for particular
types of risk
or
circumstances
?
In such
cases, an organization can decide to carry out a
critical review of its existing practices
and processes in the light of this
International Standard.
目前许多组织的治理实践和流程包
括风险治理的组成部分,同时许多组织对专门类型的风
险
或环境下差不多采纳了正式的风险治理流程。在这种情形下,组织能够在本标准下开展对英<
/p>
现有的
做法和程序严格审査。
In this International Standard, the
expressions
?
In general
terms,
while
在本国际
标准中,
''
风险治理〃和
''
治理风险〃同时使用。一样来讲,、
'
风险治
理〃是指治
理风
险的有效性架构
(
原则,框架和流程
)
,而、、治理风险〃是指运用该架构治理特定风险。
a)
Creates
value
b)
Integral part
of
Mandate
and
organizational processes
commitment (4.2)
c)
Part of
decision making
d)
Explicitly
addresses
uncertainty
Design of
framework
e)
Systematic
?
structured
and timely
for managing risk
(43)
f)
B
ased on the best
available information
g)
Tailored
Continual
Implementing
improvement
risk
h)
Takos human
and cultural
of the
management
factors into account
framework
(4.4)
(4.6)
i)
Transparent
and inclusive
j)
D
ynamic. iterative and
responsive to
change
Monitori ng
and review
k)
Facilitates
continual
of the
improvement and enhancement
frame wo rk
of
the organization
(45)
Principles for managing
Framework for managing
risk
risk
(Clause 3)
(Clause 4)
Figure 1
—
Relationships between the risk management
principles, framework and process
Establishing the context
(53)
Risk
assessment
(
54)
(z.s)
Uo=e=nsu8
—
J
Risk identification (5.4.2)
(
9
e
puE
q
MasaJ
u
Risk analysis (5.4.3)
卜一
pue
o
^
o
c
1
―
>| Risk evaluation (5.4.4)
L
—
Risk treatment (5.5)
Process for managing risk
(Clause 5)
。
Risk management
—
Principles and guidelines
风险治理?原则和指导方针
1
Scope
范畴
This International Standard provides
principles and generic guidelines on risk
management
?
本标准提供了风险治理的原则和一样准则。
This In ter national Stan dard can be
used by any public, private or community en
terprise, association, group or
individual. Therefore, this In
ternational Standard is not specific to any in
dustry or sector.
本标准可用于任何公共,私人或社区组织,协会
,团体或个体。因此,那个国际标准是不
针对
专门行业或部门。
NOTE For
convenien
ce,
all the
different users of this International Standard are
referred to by the general term
为方便起见,本国际标准提到的所有不同的用户通用术语为
组织
。
This In ter national Stan dard can be
applied throughout the life of an orga niza
廿
on, and to a
wide range of
activities, including
strategies and decisions, operations, processes,
functions
,
projects,
products, services and
assets
?
本标准可用于整个组织生活及各种活动,包括战略和决策,运营,流程,职能,范畴广泛
的项
目,产品,服务和资产。
This In ter national Stan dard can be
applied to any type of risk, whatever its n ature,
whether having positive
or negative
consequences
?
本标准
能够适用于任何类型的风险,不管英性质是否有积极或消极的后果。
Although this Inter national Standard
provides gen eric guideli nes, it is not inte nded
to promote uniformity of
risk
management across organizations. The design and
implementation of risk management plans and
frameworks will need
to take into
account the varying needs of a specific orga
nization, its particular objectives,c on text,
structure,
operations, processes, fun
ctions, projects, products, services, or assets
and specific practices
employed
?
尽管本国际标准
提供了风险治理的一样准则,但不是为了促进各组织风险治理的统一性。
设讣
和风险治理打算和框架的实施需要考虑到特立组织的不同需要,具体做法
受其特左的目标
,
环境,
结构,业务
,流程,功能,项目,产品,服务或资产等阻碍。
It is
intended that this Inter national Stan dard be
utilized to harmonize risk manageme nt processes
in existing
and future
standards
?
It provides a
common approach in support of standards dealing
with specific risks and/or
sectors, and
does not replace those
standards
?
本国际标准目
的是用来和谐风险治理与现有的和以后的标准之间的流程。它提供了一个支
持处
理特立风险和
/
或部
分风险的通用方法,而不是取代这些标准。
This In
ter national Standard is not inte nded for the
purpose of certificati on.
本标准不适合认证目的。
2
Terms and
definitions
术语和定义
For the purposes of this document, the
following terms and definitions apply.
下列术语和定义适用本文件。
2.1
risk
风险
effect of uncertainty on objectives
不确泄性对目标的阻碍
NOTE 1
An effect is a deviation from the expected
—
positive and/or negative.
注
1:
阻碍是与预期的偏差一一积极和
/
或消极
NOTE 2 Objectives can have different
aspects (such as financial, health and safety, and
environ mental goals) and
can apply at
differe nt levels (such as strategic, orga nizatio
n
?
wid
已
project,
product and process)
?
注
2
:
目标能够有不同方而
(
如财务,健康和安全,以及环境目标
)
,能够表达在不同的层
次
(
如
战略,组织范畴,项目,产品和流程
)
。
NOTE 3
Risk is often characterized by referenee to
potential
events
(2.19) and
consequences
(2.20), or a
combi
nation of these
?
注
3
:
风险通常被描述为潜在事件
(2.19)
和后果
(2.20),
或它们的组合。
NOTE 4 Risk is often
expressed in terms of a combinatio n of the con
sequences of an eve nt
(ineluding
changes in circumstances) and the associated
likelihood
(2.21) of
occurrenee.
注
4
:
风险往往表达了对事件后果
(
包括环境的变
化
)
和相关的可能性概率
(2.21)
。
NOTE 5 Un
certainty is the state, eve n partial, of deficie
ncy of informatio n related to, understanding or
knowledge of an event, its consequenee,
or likelihood
?
[ISO Guide 73:201& definition 1.1]
2.2risk management^
险治理
coordinated
activities to direct and control an organization
with regard to risk (2.1)
一个组织对风险的指挥和操纵的一系列和谐活动
[ISO Guide 73:201& definition 2.1]
2.3risk management
framework
风险治理框架
set of components that provide the
foundations and organizational arrangements for
designing,
implementing,
monitoring
(2.30)
z
reviewing
and continually improving
risk
management
(2.2) throughout the
organization
组织对风险治理的设计、实施、监控、检査和连续改进等进
行的一系列基础的组织安排
NOTE 1 The fou
nda
廿
ons in
elude the policy, objectives, mandate and
commitment to man age
risk
(
2.1).
基础
包括治理风险的政策、目标、任务和承诺
NOTE 2 The orga nizatio nal
arra ngeme nts include plans, relati on ships,
accountabilities, resources, processes
and activities.
组织安排包括打算、关系、职
责、资源、流程和活动
NOTE 3 The risk
management framework is embedded within the
organization's overall strategic and operational
policies and practices.
风险治理框
架被植入到组织的整个战略和运营的
战略和实践中
[ISO Guide
73:2018, definition 2.1.1]
2.4ri$$k management
policy
风险治理政策
statement of the overall intentions and
direction of an organization related to
risk management
(2.2)
一个组织
对风险治理的意图和指导方向的陈述
[ISO Guide 73:201& definition 2.1.2]
2.5risk attitude
风险态度
organization's approach to assess and
eventually pursue, retain, take or turn away from
risk (2.1)
组织评估、追求、保留、采取或躲开风险的处理手段
[ISO Guide 73:201& definition 3.7.1.1]
2
?
6risk
appetite
风险偏好
amount and type of risk (2.1) that an
organization is prepared to pursue, retain or take
一个组织追求、保留或采取风险的数量和类型
[ISO Guide 73:2018, definition 3.7.1.2]
2.7risk aversion
风险规避
attitude to
turn away from risk (2
?
i)
躲开风险的态度
[ISO Guide
73:201& definition 3.7.1.4]
2.8risk
management plan
风险治理打算
scheme within the
risk
management framework
(2.3) specifying
the approach, the management components and
resources
to be applied to the
management of risk (2.1)
为风险治理框架方案指泄方法、治理措施、资源以用于治理风险
NOTE 1 Management comp onents typically
in elude procedures, practices, assig nment of
responsibilities, sequence
and timing
of activities.
治理措施一样包括程序、做法、职责分配、序列
和及时的行动
NOTE 2 The risk management plan can be
applied to a particular product, process and
project, and part or whole of
the organ
ization.
风险治理打算适用于特左的产品、流程和项目、部分或整个
组织
[ISO
Guide 73:201& definition 2.1.3]
2.9risk
owner
风险所有者
pers
on or entity with the accountability and authority
to man age the risk (2.1)
对风险治理持有权力和责任的个人或实体
[ISO Guide 73:201& definition 3.5.1.4]
2.10risk management
process
风险治理流程
systematic application of management
policies, procedures and practices to the
activities of commu nicati ng, con
suiting, establishing the con text, and
identifying, an alyzing, evaluati ng, treati ng,
monitoring
(2.30) and
reviewing
risk
(2.1)
系统的应用治理政策,
程
序和沟通协商,
在建立的风险治理环境下,
识不,
分析,
评判,
处理,
监测和审査风险
[ISO Guide 73:201& definition 3.1]
2.11
establishing
the contexts
境建设
defining the exter nal and in ter nal
parameters to be taken into acco unt when man
aging risk, and setting the
scope and
risk criteria
(2.24) for the
risk management policy
(2.4)
界左风险治理应该考虑的外部和内部参数,并设巻风险治理政策的范畴和风险的标准
[ISO Guide 73:2018,
definition 3.3.1]
2.12
oxtomal
context
外部环境
external environment in which the
organization seeks to achieve its objectives
NOTE External context can
include:
外部环境包括
一
the cultural,
social, political, legal, regulatory, financial,
technological, economic, natural and
competitive
environment
z
whether
international, national, regional or local;
文
ft
、科
:
会、政》台、
1
去律、
<
/p>
监
管、财政金融、技术、经济、自然和竞争环境,不管是国际,国
家,区域或地点
一
key drivers and trends having impact on
the objectives of the organization; and
阻碍
i
亥组织的
要紧驱
动和趋势
一
relationships
with, and perceptions and values of, external
stakeholders
(2.15).
夕卜部利益相
关者之
间的关系和价值观
[ISO Guide 73:2018, definition 3.3.1.1]
2.13intemal context
内部环境
internal
environment in which the organization seeks to
achieve its objectives
NOTE Internal
context can include:
内部环境包括
一
governance,
organizational structure, roles and accountabiliti
es;
治理、组织结构、角色和责
任
一
policies, objectives, and the
strategies that are in place to achieve
them;
政策、目标、实现目
标的战
略
一
the
capabilities, understood in terms of resources and
knowledge (e.g. capital, time, people, processes,
systems and technologies);
能力
、资源和知识
(
如资本、时刻、人、流程、系统和技术
)
-
perceptions and values of internal
stakeholders;
内部利益相关者的价值观
一
information
systems, information flows and decision-making
processes (both formal and informal);
信息
系
统、信息流和
(
正式的和非正式的<
/p>
)
决策流程
-
relationships
with, and perceptions and values of, internal
stakeholders;
内部利益相关者价值
观之间的
关系
一
the
organization's culture;
组织文化
-
standards,
guidelines and models adopted by the organization;
and
标准、指引和组织采纳的
模式
-form and
extent of contractual
relationships.
合同关系的形成和范畴
[ISO Guide 73:201& definition 33.1.2]
2.14communication and
consultation
沟通和协商
continual and iterative processes that
an organization con ducts to provide, share or
obtain information and to
engage in
dialogue with stakeholders (2.15) and others
regarding the management of risk (2.1)
一个组织提供,共享或猎取信息,与利益相关者和苴他风险治理者连续和反复对话的流程
NOTE 1 The information can relate to
the existenee, nature, form,
likelihood
(2.21), severity, evaluation,
acceptability,treatment or other
aspects of the management of
risk.
信息涉及存在、性
质、形
式、可能性、严
峻程度、评判、可同意性、处理或者其他与治理风险相关的方而
NOTE 2 Consultation is a two-
way process of informed communication between an
organization and its stakeholders
or
others on an issue prior to maki ng a decisi on or
determini ng a direction on a particular
issue
?
Consultation is:
协商是一个组织与它的利益相关者或英他利益相关者双向沟通的过程,目的在于就以咨询
题提
早做出决策或就某一咨询题决定方向。协
商是:
一
a process which impacts on a decision
through in fluence rather than power; and
通过阻碍而
非权力阻碍
决策的过程
一
an input to
decision making, not joint decision
making.
加入决策而非共同决策
[ISO Guide 73:201& definition 3.2.1]
2.15stakeholder^iJ
益相关者
person or
organization that can affect, be affected by, or
perceive themselves to be affected by a decision
or
activity
能够阻碍、被阻碍或者觉得自己会被决
策或者活动阻碍的个人或组织
NOTE A
decision maker can be a
stakeholder.
决策者能够是利益相关者
[ISO Guide 73:201& definition 3.2.1.1]
2.16risk
assessment^
险评估
overall process of
risk
identification
(2.17),
risk
analysis
(2.23) and
risk
evaluation
(2.26)
风险识
不,风
险分析和风险评判的整个过程
[ISO Guide 73:201& definition 3.4.1]
2.17risk identification
风险识不
process of
finding, recognizing and describing risks
(2.1)
发觉、识不、描述风险的过程
NOTE 1 Risk identification involves the
identification of
risk sources
(2.18),
events
(2.19), their causes and
their potential
consequences
(2.20)
?风险识不包括风险源的识不、风险事件的识不、
风
险缘故及潜在后果
的识不
NOTE 2 Risk identification can involve
historical data, theoretical analysis, informed
and expert opinions, and
stakeholders
(2.15) needs.
风险识不涉及历史数据
.
技术分析、知情人、专家和利
益相关者的意见
[ISO
Guide 73:201& definition 3.5.1]
2.18risk source
风险源
element which
alone or in combination has the intrinsic
potential to give rise to risk (2.1)
单独或联合具有内在的潜在引起危险的因素
NOTE A risk source can be tangible or
intangible.
一个风险源能够是有形的或者无形的
[ISO Guide 73:201& definition 3.5.1.1]
2.19event
事件
occurrence or change of a particular
set of circumstances Vf
J
环境的产生或者变化
NOTE 1
An event can be one or more occurrences, and can
have several causes.
一个事件可能
<
/p>
是一个或多个情
况组成,同时会有多种缘故
NOTE 2 An event can consist of
something not
happening.
一个事件可能有一些可不能发生
NOTE 3 An event can sometimes be
referred to as an
—
个事件有时被
称为“偶然事
件”或“事故”
NOTE 4 An event without consequences
can also be referred to as a
call
—个可不能产生后果的事件能够被称为“近乎为零”、“偶然事件”、
“ne
ar hit
[ISO Guide 73:201&
definition 3.5.1.2]
2.20consequence
后果
outcome of an
event (2.19) affecting
objectives
事件对目标的阻碍结果
NOTE 1 An event can lead to a range of
consequences.
一个事件可能产生一些列的后果
NOTE 2 A consequenee can be certain or
uncertain and can have positive or negative
effects on objectives.
后果可
能对目
标是确定或非确定的、积极或消极的
NOTE 3
Consequences can be expressed qualitatively or
quantitatively.
后果可能是质量上的,
也可能是数
量上的
NOTE 4 Initial consequences can
escalate through knock-on
effects.
初步的后果可能升级,产生
连锁效应
[ISO Guide
73:2018, definition 3.6.1.3]
2.21
likelihood
可能性
chance of something
happening
某事发生的机会
NOTE 1 In risk management terminology,
the word
happening’whether defined,
measured or determined objectively or
subjectively, qualitatively or quantitatively, and
described using general terms or
mathematically (such as a probability or a
frequency over a given time period).
在风
险治理术语中,
可能性”是指情况发生的机会,不论是界左,衡
量或客观或主观的确
定,泄性或定量、一样的或精确的描述<
/p>
(
如在一泄时期内情况发生的几率和频率
)
NOTE 2 The En glish term
equivale nt of the term
?
However, in English,
interpreted as a mathematical
term
?
Therefore, in risk
management terminology,
that it should
have the same broad interpretation as the term
?
英文
可能性”在有些语言中没有直截了当对应,而同义词
概率”经常被使用。然而,在英
语
< br>中,“概率〃通常被狭义讲明为数学术语。因此,在风险治理术语中,〃可能性〃,被富有同非
< p>
英
语国家的
概率”同样的广义讲明。
[ISO Guide
73:2018, definition 3.6.1.1]
2.22risk
profile
风险描述
description of any set of
risks
(2.1)
每一种风险的描述
NOTE The set of risks can con tain
those that relate to the whole orga niza
廿
on, part of the
organization, or
as otherwise defined.<
/p>
该风险是指那些可与整个组织、组织的部分或者其他特泄部
分向关联的风险
[ISO
Guide 73:201& definition 3.8.2.5J
2.23ri$$k analysis
风险分析
process to
comprehend the nature of
risk
(2.1) and to determine the
level of risk
(2.25)
充分明白得风险的性质和确定风险等级的过程
NOTE 1 Risk analysis provides the basis
for
risk evaluation
(2.26)
and decisions about
risk treatment
(2.27).
风
险分析是风险评判和风险处理
决策的基础
NOTE 2 Risk analysis
includes risk
estimation.
风险分析包括风险判定
[ISO Guide 73:201& definition 3.6.1]
2.24risk criteria
风险标准
terms of
reference against which the significance of a risk
(2.1) is evaluated
对风险评判具有重要意义的条款
NOTE 1 Risk criteria are based on
organizational objectives, and
external
(2.12) and
internal context
(2.13).M
险
标准建立以组织目
标、外部及内部环境为基础
NOTE 2 Risk
criteria can be derived from standards, laws,
policies and other
requirements
?
风险标准能够从标准、法律、政策和其他要求中产生
[ISO Guide 73:201& definition 3.3.13]
2.25level of
risk
风险等级
magnitude of a
risk
(2.1), expressed in terms of the
combination of
consequences
(2.20) and their
likelihood
(2.21)
风险的重要度,所风险组合所产生的后果和其可能
性
[ISO Guide 73:2018,
definition 3.6.1.8]
2.26 risk
evaluation
风险评判
process of comparing the results of
risk analysis
(2.23) with
risk criteria
(2.24) to
determine whether the risk
(2.1) and/or
its magnitude is acceptable or tolerable
对比风险分析和风险标准的过程,以决迩风险及其级数是否能够同意和容忍
NOTE Risk evaluation assists in the
decision about
risk treatment
(2.27).
风险评判关心风险处
理决策
[ISO Guide
73:201& definition 3.7.1]
2.27risk
treatment
风险处理
process to modify
risk
(2.1)
修正风险的流程
NOTE 1 Risk treatment can
involve:
风险处理包括:
一
avoiding the
risk by deciding not to start or continue with the
activity that gives rise to the risk;
通
过
躲开或停止能够产生风险的活动幸免风险
-taking or increasing risk in order to
pursue an opportunity;
为
了追求机遇采取或增加风险
-
removing the
risk source
(2.18);
排除风险源
-
changing the
likelihood
(2
?
21);
改变可能性
-
changing the
consequences
(2.20);
改变后果
一
shari ng the
risk with another party or parties (in cludi ng
con tracts and risk fin ancing); and
与英
他
团体
风险共担
(
包括合同、风险融资
)
-
retaining the
risk by informed
choice.
通过知情坚持风险
NOTE 2 Risk treatments that deal with
negative consequences are
some
廿
mes referred to as
;
?
对消极后果的风险处理能够归为“
风险缓和”、“风险排除”、“风险预防”和“风险减
小”
NOTE 3 Risk
treatment can create new risks or modify existing
risks.
风险处理可能产生新的风险或修正已存在的风险
[ISO Guide 73:201& definition 3.8.1]
2.28control
操纵
measure that is modifying risk (2
?
1)
修正风险的措施
NOTE 1 Con trols in elude any process,
policy, device, practice, or other actions which
modify risk.
操纵包括任何流程、政策、策略、时刻或苴他修正风险的行动
NOTE 2 Controls may not always exert
the intended or assumed modifying effect.
操纵可能不总是符合产生预期或假左的修正成效
[ISO Guide 73:201& definition 3.8.1.1]
2.29residual
risk
剩余风险
risk
(2.1) remaining after
risk
treatment
(2.27)
通过风险处理后仍旧存在的
风险
NOTE 1 Residual risk can
contain unidentified
risk
?剩余的风险包括未识不的风险
NOTE 2 Residual risk can also be known
as
?剩余风险也能够成为风险残留
[ISO Guide 73:201& definition 3.8.1.6]
2.30monitoring
监控
continual checking, supervising,
critically observing or determining the status in
order to identify change from
the
performance level required or expected
不断检査,监督,审慎地观看或明确现状,以确保识不与要求的或预期的绩效的变化情形
NOTE Monitoring can be applied to a
risk management framework
(2.3),
risk management
process (2.10), risk(2.1)
or control (2
.28).lEi
控适用于风险治理框架、风险治理流程、风险和操纵
< br>
[ISO Guide 73:201& definition
3.8.2.1]
2.31 review^
査
activity
undertaken to determine the suitability, adequacy
and effectiveness of the subject matter to achieve
established objectives
釆取适当、足
够、有效的活动以保证已设目标的达成
NOTE
Review can be applied to a
risk
management framework
(2.3),
risk management process
(2.10), risk (2.1) or
control
(2.28).
检査
适用于风险治理框架、风险治理流程、风险和操纵
[ISO
Guide 73:201& definition 3.8.2.2J
3
Principles
原则
For risk
management to be effective, an organization should
at all levels comply with the principles
below
?
为了确保风险治理富有
成效,组织的各个层而应该遵循以下原则。
a)
Risk
management creates and protects
valu?
?风险治理制造并爱护价值
Risk management contributes to the
demonstrable achievement of
objec
廿
ves and improvement of
performs nee in,
for example, human
health and safety, security, legal and regulatory
complia ng public acceptanee, environmental
protection, product quality, project
management, efficiency in operations’governance
and reputation.
风险治理有助于目标达成和
绩效的明显改善,例如,人类健康和安全,保安,法律和法规
遵从
性,公众同意性,环保,产品质量,项目治理,运营效率,治理和声誉。
b)
Risk
management is an integral part of all
organizational
processes
?风险治理是
整个组织流程的组成部分
Risk
management is not a standactivity that is separate
from the main activities and processes of the
organization. Risk management is part
of the responsibilities of management and an
integral part of all organizational
processes, including strategic planning
and all project and change management
processes
?
风险治理不是
一个从组织的要紧活动和流程中分开的孤立活动。风险治理是治理的一部分,
是
组织流程如战略规划、所有项目
.
变更治理流程的组成部分,包括。
c)
Risk
management is part of decision
making.
风险治理是决策的一部分
Risk man agement helps decision makers
make in formed choices, prioritize acti ons and
distinguish among alter
native courses
of acti on.
风险治理能够关心决策者作出明智的选择,优先行动和区分备
选行动方针。
d)
Risk management explicitly addresses
uncertainty.
明确风险治理涉及的不确定
性
Risk management
explicitly takes account of uncertainty, the
nature of that uncertainty, and how it can be
addressed
?
风险治理明确的考虑到不确述性及这种不确立性的性质,以及如何加以解决。
e)
Risk
management is systematic, structured and
timely.
风险治理是系统的,有组织
和及时的
A
systematic, timely and structured approach to risk
management contributes to efficiency and to
consistent,
comparable and reliable
results.
有系统的,及时的和结构性的风险治理方法有助于提髙效率和连贯一
致的,可衡疑的和可
靠的
结果。
f)
Risk
management is based on the best available
information.
风险治理是基于适
当
的有效信息
The inputs to the process of managing
risk are based on information sources such as
historical data
;
experienee,
stakeholder feedback, observation,
forecasts and expert
judgement
?
However, decision
makers should inform themselves
of, and
should take into account, any
limita
廿
ons of the data or
modelling used or the possibility of divergence
among experts
?
风险治理流程的输入基于信息资源,如历史数据,体会,利益相关者的反馈,观看,推测
和专
家判立。然而,决策者应该了解并应
考虑到,数据或模型的局限性以及专家之家分歧的可
能性。
g)
Risk management is
tailored.
风险治理是定制的
Risk man agement is alig ned with the
organization's external and in ter nal context and
risk profile.
风险治理与该组织的外部和内部环境及风险状况是相匹配的。
h)
Risk
management takes human and cultural factors into
account
?风险治理考虑
到人
类和文化因素
Risk management recognizes the
capabilities, perceptions and intentions of
external and internal people that can
facilitate or hinder achievement of the
organization's objectives
?
<
/p>
风险治理意识到能够促进或阻碍组织目标的实现的内部和外部人的能力,观念和意图。
i)
Risk
management is transparent and
inclusive.
风险治理是透亮的和包容的
Appropriate and timely involvement of
stakeholders and, in particular, decision makers
at all levels of the
organization, en
sures that risk man agement remai ns re leva nt
and up-to-date
?
Involvement
also allows stakeholders
to be properly
represented and to have their views taken into
account in determining risk
criteria
?
及时的、适当的
吸取利益相关者,专门是组织各层而的决策者参与风险治理,确保风险治
理
是相关的和跟得上形式的。参与过程承诺利益相关者提出异议,并将其意见
考虑到风险标准
的决建
过程之中。
j)
Risk
management is dynamic, iterative and responsive to
change
?风险治理是动
态
的,迭代的和适应环境变迁
As exter nal and in ter nal eve nts
occur, con text and kno wledge change, mon itoring
and review take place,new
risks emerge,
some chang
已
and
others disappear. Therefore, risk management
continually senses and responds to
change.
由于外部和内部情况的发生时,环境和知识在
改变,监测和审査过程中,新的风险显现,
一
些风险在改变,而另一些风险消逝了。因此,风险治理需要连续的意识和不断响应以应对变
化。
k)
Risk
management facilitates continual improvement of
the organization.
风险治
理有
利于组织的连续改进
Organizations should develop and
implement strategies to improve their risk
management maturity alongside all
other
aspects of their organization.
Annex A
provides further advice for organizations wishing
to manage risk more effectively.
组织应制订和
实施战略,以改善组织各个方而的风险治理的成熟。附件
A
提供
了组织期望更
有
效的治理风险的进一步意见。
4
Framework
框架
4.1
General
概述
The success of risk
management will depend on the effectiveness of the
management framework providing the
foundations and arrangements that will
embed it throughout the organization at all
levels
?
风险治理的成功取决
于治理框架的有效性,那个框架提供基础和安排并使其條入到组织的
各个
层级。
The framework assists in man aging
risks effectively through the application of the
risk management process (see
Clause 5)
at varying levels and within specific contexts of
the organization. The framework ensures that
information
about risk derived from
these processes is adequately reported and used as
a basis for decision making and
accountability at all relevant
organizational levels.
This clause
describes the necessary comp on ents of the
framework for man aging risk and the way in which
they
interrelate in an iterative
manner, as shown in Figure
2
?
该框架通过风险治理流程
(
见第
5
款
)
在不同层级在组织特泄环境的实施,确保治理风险的
< br>
有效
性。该框架确保在流程中派生岀来的风险信息得以
适当的报告,并将其用来做出决策和使
组织相关
层级保持职责相关。
本条款描述了框架中风险治理的各组成部分,及其相互联系,如图
2<
/p>
所示。
Mandate and
commitment (4.2)
Continual
improvement of the framework (46)
Implement!ng risk management (4.4)
Implementing the framework for managing
risk (4.4.1)
Implementing
the risk mznagement process
(442)
Monitoring and review of the framework
(4.5)
Figure 2
—
Relationship between the
components of the framework for managing
risk
风险治理框架中各组成部分的关系
This framework is not intended to
prescribe a management system, but rather to
assist the organization to
integrate
risk management into its overall management
system
?
Therefore,
organizations should adapt the components of
the framework to their specific needs.
-
-
-
-
-
-
-
-
-
上一篇:雅思大作文各主题常用短语大全
下一篇:【51Talk-常用英语口语】谈论工作