- 內(nèi)部控制外文文獻(xiàn)翻譯 推薦度:
- 相關(guān)推薦
外文翻譯范文
廣東工業(yè)大學(xué)
華立學(xué)院
本科畢業(yè)設(shè)計(jì)(論文)
外文參考文獻(xiàn)譯文及原文
系 部 會(huì)計(jì)學(xué)部
專 業(yè) 會(huì)計(jì)學(xué)
年 級(jí) 2008級(jí)
班級(jí)名稱
學(xué) 號(hào)
學(xué)生姓名
指導(dǎo)教師
2012 年 5 月
目 錄
1 外文文獻(xiàn)譯文 .......................................................... 1
2 外文文獻(xiàn)原文 .......................................................... 9
2 內(nèi)部環(huán)境
【本章摘要】?jī)?nèi)部環(huán)境包含組織的基調(diào),它影響組織中人員的風(fēng)險(xiǎn)意識(shí),是企業(yè)風(fēng)險(xiǎn)管理所有其他構(gòu)成要素的基礎(chǔ),為其他要素提供約束和結(jié)構(gòu)。內(nèi)部環(huán)境因素包括主體的風(fēng)險(xiǎn)管理理念、它的風(fēng)險(xiǎn)容量、董事會(huì)的監(jiān)督、主體中人員的誠(chéng)信、道德價(jià)值觀和勝任能力,以及管理當(dāng)局分配權(quán)力和職責(zé)、組織和開發(fā)其員工的方式。
內(nèi)部環(huán)境是企業(yè)風(fēng)險(xiǎn)管理所有其他構(gòu)成要素的基礎(chǔ),為其他要素提供約束和結(jié)構(gòu)。它影響著戰(zhàn)略和目標(biāo)如何制訂、經(jīng)營(yíng)活動(dòng)如何組織以及如何識(shí)別、評(píng)估風(fēng)險(xiǎn)并采取行動(dòng)。它還影響著控制活動(dòng)、信息與溝通體系和監(jiān)控措施的設(shè)計(jì)與運(yùn)行。
內(nèi)部環(huán)境受到主體的歷史和文化的影響。它包含許多要素,包括主體的道德價(jià)值觀、員工的勝任能力和開發(fā)、管理當(dāng)局管理風(fēng)險(xiǎn)的理念以及如何分配權(quán)力和職責(zé)。董事會(huì)是內(nèi)部環(huán)境的一個(gè)關(guān)鍵部分,它對(duì)其他的內(nèi)部環(huán)境要素有重大的影響。
盡管所有要素都很重要,但是對(duì)每個(gè)要素的強(qiáng)調(diào)程度會(huì)因主體而異。舉例來(lái)說(shuō),一家員工較少、專注化經(jīng)營(yíng)的公司的首席執(zhí)行官可能就不會(huì)制訂正式的職責(zé)劃分和具體的經(jīng)營(yíng)政策。但是,這家公司也會(huì)有為企業(yè)風(fēng)險(xiǎn)管理提供合適基礎(chǔ)的內(nèi)部環(huán)境。
風(fēng)險(xiǎn)管理理念
一個(gè)主體的風(fēng)險(xiǎn)管理理念是一整套共同的信念和態(tài)度,它決定著該主體在做任何事情——從戰(zhàn)略制訂和執(zhí)行到日常的活動(dòng)——時(shí)如何考慮風(fēng)險(xiǎn)。風(fēng)險(xiǎn)管理理念反映了主體的價(jià)值觀,影響它的文化和經(jīng)營(yíng)風(fēng)格,并且決定如何應(yīng)用企業(yè)風(fēng)險(xiǎn)管理的構(gòu)成要素,包括如何識(shí)別風(fēng)險(xiǎn),承擔(dān)哪些風(fēng)險(xiǎn),以及如何管理這些風(fēng)險(xiǎn)。
成功地承擔(dān)了重大風(fēng)險(xiǎn)的公司對(duì)企業(yè)風(fēng)險(xiǎn)管理的看法,似乎不同于由于在危險(xiǎn)的地區(qū)創(chuàng)業(yè)而面臨過嚴(yán)酷的經(jīng)濟(jì)或管制后果的公司。盡管有些主體會(huì)為了滿足外部利益相關(guān)者——例如母公司或監(jiān)管者的需要,而努力實(shí)現(xiàn)有效的企業(yè)風(fēng)險(xiǎn)管理,但是更常見的是因?yàn)楣芾懋?dāng)局認(rèn)識(shí)到有效的風(fēng)險(xiǎn)管理有助于主體創(chuàng)造和保持價(jià)值。
當(dāng)風(fēng)險(xiǎn)管理理念被很好地確立和理解、并且為員工所信奉時(shí),主體就能有效地識(shí)別和管理風(fēng)險(xiǎn)。否則,企業(yè)風(fēng)險(xiǎn)管理在各個(gè)業(yè)務(wù)單元、職能機(jī)構(gòu)或部門中的應(yīng)用就可能會(huì)出現(xiàn)不可接受的不平衡狀態(tài)。但是即使一個(gè)主體的理念被很好地確
立,在它的各個(gè)單元之間仍然會(huì)存在文化上的差別,從而導(dǎo)致風(fēng)險(xiǎn)管理應(yīng)用方面的差異。一些單元的管理者可能準(zhǔn)備承擔(dān)更大的風(fēng)險(xiǎn),而其他的則更為保守。例如,一個(gè)有闖勁的銷售職能機(jī)構(gòu)可能會(huì)集中關(guān)注實(shí)現(xiàn)銷售,而沒有仔細(xì)注意對(duì)法規(guī)的遵循問題,而締約單元的人員主要集中關(guān)注確保符合所有的相關(guān)內(nèi)部和外部政策與法規(guī)。孤立地看,這些不同的次級(jí)文化都能對(duì)主體產(chǎn)生負(fù)面影響。但是通過很好的合作,這些單元能夠恰當(dāng)?shù)胤从持黧w的風(fēng)險(xiǎn)管理理念。
企業(yè)的風(fēng)險(xiǎn)管理理念實(shí)質(zhì)上反映在管理當(dāng)局在經(jīng)營(yíng)該主體的過程中所做的每一件事情上。它可以從政策表述、口頭和書面的溝通以及決策中反映出來(lái)。無(wú)論管理當(dāng)局是強(qiáng)調(diào)書面的政策、行為準(zhǔn)則、業(yè)績(jī)指標(biāo)和例外報(bào)告,還是更為非正式地大量通過與關(guān)鍵的管理者面對(duì)面的接觸來(lái)進(jìn)行運(yùn)營(yíng),至關(guān)重要的是管理當(dāng)局不僅要通過口頭、而且還要通過日常的行動(dòng)來(lái)強(qiáng)化這種理念。
風(fēng)險(xiǎn)容量
風(fēng)險(xiǎn)容量是一個(gè)主體在追求價(jià)值的過程中所愿意承擔(dān)的廣泛意義上的風(fēng)險(xiǎn)的數(shù)量。它反映了企業(yè)的風(fēng)險(xiǎn)管理理念,進(jìn)而影響了主體的文化和經(jīng)營(yíng)風(fēng)格。
風(fēng)險(xiǎn)容量在戰(zhàn)略制訂的過程中加以考慮,來(lái)自一項(xiàng)戰(zhàn)略的期望報(bào)酬應(yīng)該與主體的風(fēng)險(xiǎn)容量相協(xié)調(diào)。不同的戰(zhàn)略會(huì)使主體面臨不同程度的風(fēng)險(xiǎn),應(yīng)用于戰(zhàn)略制訂過程的企業(yè)風(fēng)險(xiǎn)管理幫助管理當(dāng)局選擇一個(gè)與主體的風(fēng)險(xiǎn)容量相一致的戰(zhàn)略。
主體運(yùn)用類似高、適中或低等類別,從質(zhì)的角度考慮風(fēng)險(xiǎn)容量,或者運(yùn)用數(shù)量化的方法,來(lái)反映和平衡增長(zhǎng)、報(bào)酬和風(fēng)險(xiǎn)方面的目標(biāo)。
董事會(huì)
一個(gè)主體的董事會(huì)是內(nèi)部環(huán)境的關(guān)鍵部分,它對(duì)其要素有著重大影響。董事會(huì)對(duì)于管理當(dāng)局的獨(dú)立性、其成員的經(jīng)驗(yàn)和才干、對(duì)活動(dòng)參與和審察的程度,以及其行為的適當(dāng)性都起著重要的作用。其他因素包括提出有關(guān)戰(zhàn)略、計(jì)劃和業(yè)績(jī)方面的疑難問題和與管理當(dāng)局進(jìn)行商討的程度,以及董事會(huì)或?qū)徲?jì)委員會(huì)與內(nèi)部和外部審計(jì)師的交流。
一個(gè)積極的和高度參與型的董事會(huì)、托管委員會(huì)(board of trustees)或類似的機(jī)構(gòu),應(yīng)該具有適當(dāng)程度的管理、技術(shù)和其他專長(zhǎng),以及履行監(jiān)督職責(zé)所需要
的思維方式。這對(duì)于一個(gè)有效的企業(yè)風(fēng)險(xiǎn)管理環(huán)境至關(guān)重要。而且,由于董事會(huì)必須準(zhǔn)備去質(zhì)疑和仔細(xì)審查管理當(dāng)局的活動(dòng),提出不同的觀點(diǎn),并針對(duì)不當(dāng)行為采取行動(dòng),因此董事會(huì)必須包含外部董事。
高層管理當(dāng)局的成員可能帶來(lái)他們對(duì)公司的深入了解,從而成為有效的董事會(huì)成員。但是必須有足夠數(shù)量的獨(dú)立外部董事,他們不但要提供合理的建議、咨詢和指導(dǎo),而且還要對(duì)管理當(dāng)局形成必要的牽制和制衡。要想使內(nèi)部環(huán)境有效,董事會(huì)中的獨(dú)立外部董事必須至少占多數(shù)。
有效的董事會(huì)能確保管理當(dāng)局保持有效的風(fēng)險(xiǎn)管理。盡管一家企業(yè)在過去可能沒有遭受損失、沒有暴露出明顯的重大風(fēng)險(xiǎn),董事會(huì)也不能天真地認(rèn)定帶有嚴(yán)重負(fù)面后果的事項(xiàng)“在這里不會(huì)發(fā)生”。應(yīng)該認(rèn)識(shí)到,盡管一家公司可能有合理的戰(zhàn)略、勝任的員工、合理的經(jīng)營(yíng)流程和可靠的技術(shù),但是它和所有的主體一樣,對(duì)于風(fēng)險(xiǎn)而言都很脆弱,因此也需要有效運(yùn)行的風(fēng)險(xiǎn)管理。
誠(chéng)信與道德價(jià)值觀
主體的戰(zhàn)略和目標(biāo)以及它們得以推行的方式建立在偏好、價(jià)值判斷和管理風(fēng)格的基礎(chǔ)之上。管理當(dāng)局的誠(chéng)信和對(duì)道德價(jià)值觀的要求影響這些轉(zhuǎn)化為行為準(zhǔn)則的偏好和判斷。因?yàn)橐粋(gè)主體的良好聲譽(yù)是如此有價(jià)值,所以行為的準(zhǔn)則應(yīng)該不僅僅只是遵循法律。經(jīng)營(yíng)良好的企業(yè)的管理者越來(lái)越接受這樣的觀點(diǎn),那就是道德是值得的,道德行為就是良好的經(jīng)營(yíng)。
管理當(dāng)局的誠(chéng)信是一個(gè)主體活動(dòng)的所有方面的道德行為的先決條件。企業(yè)風(fēng)險(xiǎn)管理的有效性不可能脫離那些創(chuàng)造、管理和監(jiān)督主體活動(dòng)的人的誠(chéng)信和道德價(jià)值觀。誠(chéng)信和道德價(jià)值觀是一個(gè)主體內(nèi)部環(huán)境的關(guān)鍵要素,它影響著企業(yè)風(fēng)險(xiǎn)管理其他構(gòu)成要素的設(shè)計(jì)、管理和監(jiān)控。
樹立道德價(jià)值觀通常很困難,因?yàn)樾枰紤]多個(gè)方面的利益。管理當(dāng)局的價(jià)值觀必須平衡企業(yè)、員工、供應(yīng)商、客戶、競(jìng)爭(zhēng)者和公眾的利益。平衡這些利益可能是復(fù)雜而令人沮喪的,因?yàn)槔嫱ǔJ腔ハ嗝艿。舉例來(lái)說(shuō),提供一種必需的產(chǎn)品(石油、木材或食品)可能會(huì)導(dǎo)致環(huán)境方面的關(guān)切。
道德行為和管理當(dāng)局的誠(chéng)信是公司文化的副產(chǎn)品,公司文化包含道德和行為準(zhǔn)則以及它們的溝通和強(qiáng)化方式。正式的政策指明了董事會(huì)和管理當(dāng)局希望發(fā)生
的情況。公司文化決定著實(shí)際發(fā)生的情況,以及哪些規(guī)則被遵循、扭曲或忽視了。高層管理當(dāng)局——從CEO開始——在確定公司文化方面起著關(guān)鍵作用。作為主體中的居于支配地位的人員,CEO往往確定了道德基調(diào)。
特定的組織因素也會(huì)影響出現(xiàn)欺詐性和可疑的財(cái)務(wù)報(bào)告行為的可能性。這些因素可能還會(huì)影響道德行為。個(gè)人可能會(huì)因?yàn)橹黧w給了他們這么做的強(qiáng)烈動(dòng)機(jī)或誘惑,而參與不誠(chéng)實(shí)的、非法的或不道德的行為。過分地強(qiáng)調(diào)結(jié)果,尤其是短期結(jié)果,可能會(huì)造成一個(gè)不恰當(dāng)?shù)膬?nèi)部環(huán)境。僅僅關(guān)注短期結(jié)果即使在短期也可能有危害。專注于底線——不顧成本的銷售收入或利潤(rùn)——通常會(huì)引發(fā)不希望看到的行動(dòng)和反應(yīng)。例如,高壓銷售策略、談判的殘酷或者對(duì)回扣的暗示可能會(huì)引發(fā)具有即期(以及持久)影響的反應(yīng)。
參與欺詐性和可疑的財(cái)務(wù)報(bào)告行為以及其他形式的不道德行為的其他動(dòng)機(jī)可能包括高度依賴于所報(bào)告的財(cái)務(wù)或非財(cái)務(wù)信息——尤其是短期結(jié)果——的報(bào)酬。
從消除或減少不恰當(dāng)?shù)膭?dòng)機(jī)和誘惑到消除不良行為之間要走一段很長(zhǎng)的路。就像所建議的那樣,它可以通過從事合理而又有利可圖的經(jīng)營(yíng)活動(dòng)來(lái)實(shí)現(xiàn)。例如,只要業(yè)績(jī)目標(biāo)切合實(shí)際,業(yè)績(jī)激勵(lì)——配以適當(dāng)?shù)目刂啤湍艹蔀橐粋(gè)有用的管理技術(shù)。設(shè)定切合實(shí)際的目標(biāo)是一項(xiàng)正確的激勵(lì)措施,它能降低產(chǎn)生相反作用的壓力,以及欺詐性報(bào)告的動(dòng)機(jī)。同樣地,一個(gè)控制良好的報(bào)告體系能夠起到防止錯(cuò)報(bào)業(yè)績(jī)誘惑的作用。
可疑行為的另一個(gè)原因是忽視。道德價(jià)值觀不僅必須溝通,而且必須輔以關(guān)于是非對(duì)錯(cuò)的明確指南。正式的公司行為守則對(duì)有效的道德項(xiàng)目十分重要,是它的基礎(chǔ)。守則致力于一系列的行為問題,例如誠(chéng)信與道德、利益沖突、不合法或不恰當(dāng)?shù)闹Ц兑约胺锤?jìng)爭(zhēng)的(anticompetitive)協(xié)議等。向上溝通的渠道也很重要,它帶來(lái)相關(guān)信息并使員工感到舒服。
僅僅有書面的行為守則、員工接受和理解的文件和適當(dāng)?shù)臏贤ㄇ,還不能確保守則被遵守。對(duì)違反守則的員工所給予的處罰,鼓勵(lì)員工報(bào)告所懷疑的違反行為的機(jī)制,以及針對(duì)知情而不報(bào)告違反行為的員工的懲戒措施,對(duì)于遵守守則而言也很重要。但是如果不能通過高層管理當(dāng)局的行為和他們所作的表率提供更有效的保證的話,無(wú)論道德準(zhǔn)則是否包含在書面的守則之中,對(duì)道德準(zhǔn)則的遵守
都沒有什么區(qū)別。對(duì)于是非對(duì)錯(cuò)——以及對(duì)于風(fēng)險(xiǎn)與控制,員工可能會(huì)形成與高層管理當(dāng)局所表現(xiàn)出來(lái)的一樣的態(tài)度。管理當(dāng)局的行為所傳達(dá)的信息很快就會(huì)被包含到公司文化之中。而且,有關(guān)CEO在面臨一個(gè)艱難的經(jīng)營(yíng)決策時(shí)從道德的角度講“做了正確的事情”的認(rèn)識(shí),能夠在整個(gè)主體中傳達(dá)一個(gè)強(qiáng)有力的信息。 對(duì)勝任能力的要求
勝任能力反映實(shí)現(xiàn)規(guī)定的任務(wù)所需要的知識(shí)和技能。管理當(dāng)局通過在主體的戰(zhàn)略和目標(biāo)與它們的執(zhí)行和實(shí)現(xiàn)計(jì)劃之間進(jìn)行權(quán)衡,來(lái)決定這些任務(wù)應(yīng)該完成到什么程度。通常會(huì)存在能力與成本之間的權(quán)衡,比如說(shuō),沒有必要去雇用一個(gè)電氣工程師來(lái)更換燈泡。
管理當(dāng)局明確特定崗位的勝任能力水平,并把這些水平轉(zhuǎn)換成所需的知識(shí)和技能。而這些必要的知識(shí)和技能可能又取決于個(gè)人的智力、培訓(xùn)和經(jīng)驗(yàn)。在開發(fā)知識(shí)和技能水平的過程中所考慮的因素包括一個(gè)具體崗位所運(yùn)用判斷的性質(zhì)和程度。通常會(huì)在監(jiān)督的范圍和所需的勝任能力水平之間作出權(quán)衡。
組織結(jié)構(gòu)
一個(gè)主體的組織結(jié)構(gòu)提供了計(jì)劃、執(zhí)行、控制和監(jiān)督其活動(dòng)的框架。相關(guān)的組織結(jié)構(gòu)包括確定權(quán)力與責(zé)任的關(guān)鍵界區(qū),以及確立恰當(dāng)?shù)膱?bào)告途徑。舉例來(lái)說(shuō),內(nèi)部審計(jì)職能機(jī)構(gòu)的結(jié)構(gòu)設(shè)計(jì)應(yīng)該致力于實(shí)現(xiàn)組織的目標(biāo),并且允許不受限制地與高層管理當(dāng)局和董事會(huì)的審計(jì)委員會(huì)接觸,而且首席審計(jì)官應(yīng)當(dāng)向組織中能保證內(nèi)部審計(jì)活動(dòng)實(shí)現(xiàn)其職責(zé)的層級(jí)報(bào)告工作。
主體建立適合其需要的組織結(jié)構(gòu)。有的是集權(quán)型的,有的是分權(quán)型的。有的有著直接報(bào)告關(guān)系,而其他的則更接近于矩陣型組織。一些主體按照行業(yè)或產(chǎn)品線、按照地理位置或者按照特定的配送或營(yíng)銷網(wǎng)絡(luò)來(lái)進(jìn)行組織。而其他的主體,包括很多州和地方政府單位以及非營(yíng)利機(jī)構(gòu),則按照職能進(jìn)行組織。
一個(gè)主體的組織結(jié)構(gòu)的適當(dāng)性部分地取決于它的規(guī)模和所從事活動(dòng)的性質(zhì)。有著正式的報(bào)告途徑和職責(zé)的高度結(jié)構(gòu)化的組織,可能適合于擁有很多經(jīng)營(yíng)分部、包括外國(guó)業(yè)務(wù)的大型主體。然而,在一家小公司中,這種結(jié)構(gòu)可能會(huì)阻礙必要的信息流動(dòng)。不管采取什么樣的結(jié)構(gòu),主體的組織方式都應(yīng)該確保有效的企業(yè)
風(fēng)險(xiǎn)管理,并采取行動(dòng)以便實(shí)現(xiàn)其目標(biāo)。
權(quán)力和職責(zé)的分配
權(quán)力和職責(zé)的分配涉及到個(gè)人和團(tuán)隊(duì)被授權(quán)并鼓勵(lì)發(fā)揮主動(dòng)性去指出問題和解決問題的程度,以及對(duì)他們的權(quán)力的限制。它包括確立報(bào)告關(guān)系和授權(quán)規(guī)程,以及描述恰當(dāng)經(jīng)營(yíng)活動(dòng)的政策,關(guān)鍵人員的知識(shí)和經(jīng)驗(yàn),和為履行職責(zé)而賦予的資源。
一些主體將權(quán)力下放,以便使決策更接近于一線的人員。公司可以采取這種方式而變得更具市場(chǎng)驅(qū)動(dòng)的特點(diǎn),或者更關(guān)注質(zhì)量——或許是消除缺陷、縮短周轉(zhuǎn)時(shí)間或者提高客戶滿意度。通常通過將權(quán)力與受托責(zé)任(accountability)相結(jié)合來(lái)鼓勵(lì)個(gè)人在限定的范圍內(nèi)發(fā)揮主動(dòng)性。權(quán)力的委派意味著將特定經(jīng)營(yíng)決策的核心控制權(quán)交給較低的層級(jí)——給那些更靠近日常經(jīng)營(yíng)業(yè)務(wù)的人員。這可能包括授權(quán)以折扣價(jià)格銷售產(chǎn)品,商談長(zhǎng)期供貨合同、許可或?qū)@,或者參加?lián)盟或合營(yíng)企業(yè)。
一個(gè)關(guān)鍵的挑戰(zhàn)是僅僅針對(duì)實(shí)現(xiàn)目標(biāo)所需要的范圍來(lái)進(jìn)行授權(quán)。這意味著確保決策是基于合理的風(fēng)險(xiǎn)識(shí)別和評(píng)估活動(dòng),包括在確定接受何種風(fēng)險(xiǎn)以及如何對(duì)它們加以管理的過程中,估計(jì)風(fēng)險(xiǎn)的大小和權(quán)衡潛在的損失與收益。
另一個(gè)挑戰(zhàn)是確保所有的人員都了解主體的目標(biāo)。每個(gè)人都知道他們的行為彼此之間有什么關(guān)聯(lián)和對(duì)實(shí)現(xiàn)目標(biāo)有什么作用,是至關(guān)重要的。
增加授權(quán)有時(shí)候有意伴隨著組織結(jié)構(gòu)的簡(jiǎn)化或“扁平化”,或者是其結(jié)果。為激發(fā)創(chuàng)造性、發(fā)揮主動(dòng)性和加快反應(yīng)速度而開展的有意識(shí)的組織變革,能夠提高競(jìng)爭(zhēng)力和客戶滿意度。這種增加授權(quán)可能會(huì)帶來(lái)對(duì)更高的員工勝任能力水平以及更大的受托責(zé)任的隱含要求。它還要求管理當(dāng)局采用有效的程序?qū)Y(jié)果進(jìn)行監(jiān)控,從而使決策能夠根據(jù)需要被否決或接受。有了更好的、市場(chǎng)驅(qū)動(dòng)的決策,授權(quán)能夠增加非期望或非預(yù)期決策的數(shù)量。例如,如果一個(gè)區(qū)域銷售經(jīng)理決定授權(quán)在零售價(jià)的基礎(chǔ)上折讓35%來(lái)進(jìn)行銷售,以證實(shí)目前45%的折扣能夠獲取市場(chǎng)份額,管理當(dāng)局可能需要了解情況才能否決或者接受讓這種決策進(jìn)行下去。
內(nèi)部環(huán)境極大地受到個(gè)人對(duì)他們將要承擔(dān)責(zé)任的認(rèn)識(shí)程度的影響。對(duì)于首席執(zhí)行官而言,也是如此,他在董事會(huì)的監(jiān)督下對(duì)主體內(nèi)部的所有活動(dòng)負(fù)有終極責(zé)
任。
與有效的企業(yè)風(fēng)險(xiǎn)管理密不可分的各個(gè)方面的職能與責(zé)任的其他相關(guān)原則,將在“職能與責(zé)任”那一章中展開講述。
人力資源準(zhǔn)則
包括雇用、定位、培訓(xùn)、評(píng)價(jià)、咨詢、晉升、付酬和采取補(bǔ)償措施在內(nèi)的人力資源業(yè)務(wù)向員工傳達(dá)著有關(guān)誠(chéng)信、道德行為和勝任能力的期望水平方面的信息。例如,強(qiáng)調(diào)教育背景、前期工作經(jīng)驗(yàn)、過去的成就和有關(guān)誠(chéng)信和道德行為的證據(jù),以便雇用資質(zhì)最好的個(gè)人的準(zhǔn)則,表明了一個(gè)主體對(duì)勝任和可信任人員的承諾。當(dāng)招錄活動(dòng)中包括正式的、深入的招聘面試和有關(guān)該主體的歷史、文化和經(jīng)營(yíng)風(fēng)格方面的培訓(xùn)時(shí),也是如此。
培訓(xùn)政策能夠通過對(duì)未來(lái)職能與責(zé)任的溝通,以及包含諸如培訓(xùn)學(xué)校和研習(xí)班、模擬案例研究和扮演角色練習(xí)等活動(dòng),來(lái)加強(qiáng)業(yè)績(jī)和行為的期望水平。根據(jù)定期業(yè)績(jī)?cè)u(píng)價(jià)所進(jìn)行的調(diào)換與晉升,反映了主體對(duì)于提升合格員工的承諾。包括分紅激勵(lì)在內(nèi)的競(jìng)爭(zhēng)性的報(bào)酬計(jì)劃能夠起到鼓勵(lì)和強(qiáng)化突出業(yè)績(jī)的作用——盡管獎(jiǎng)金制度應(yīng)該嚴(yán)密并且有效地控制,以避免對(duì)報(bào)告結(jié)果的不實(shí)呈報(bào)產(chǎn)生不當(dāng)?shù)恼T惑。懲戒行動(dòng)所傳遞的信息則是對(duì)期望行為的偏離將不會(huì)得到寬宥。
隨著貫穿于主體之中的問題和風(fēng)險(xiǎn)的變化和愈加復(fù)雜——部分原因在于急劇變革的技術(shù)和日益激烈的競(jìng)爭(zhēng),很有必要把員工武裝起來(lái)以應(yīng)對(duì)新的挑戰(zhàn)。教育和培訓(xùn),不管是課堂講授、自學(xué)還是在職培訓(xùn),都必須有助于個(gè)人跟上環(huán)境變革的步伐并能有效地應(yīng)對(duì)。雇用勝任的人員和提供一次性培訓(xùn)是不夠的。教育過程是持續(xù)的。
影響
一個(gè)主體內(nèi)部環(huán)境的重要性和它對(duì)企業(yè)風(fēng)險(xiǎn)管理的其他構(gòu)成要素所能產(chǎn)生的正面或負(fù)面影響,怎么強(qiáng)調(diào)都不過分。一個(gè)無(wú)效的內(nèi)部環(huán)境的影響會(huì)很廣泛,可能會(huì)導(dǎo)致財(cái)務(wù)損失、損害公眾形象,或經(jīng)營(yíng)失敗。
一般認(rèn)為某能源公司有著有效的企業(yè)風(fēng)險(xiǎn)管理,因?yàn)樗袕?qiáng)有力而受人尊敬的高層管理者、聲望卓著的董事會(huì)、富有創(chuàng)新意識(shí)的戰(zhàn)略、設(shè)計(jì)良好的信息系統(tǒng)
和控制活動(dòng)、描述風(fēng)險(xiǎn)和控制職能的廣泛的政策手冊(cè),以及全面的調(diào)整和監(jiān)督途徑。但是,它的內(nèi)部環(huán)境卻有重大缺陷。管理當(dāng)局參與了十分可疑的經(jīng)營(yíng)業(yè)務(wù),而董事會(huì)卻視而不見。這家公司被發(fā)現(xiàn)曾經(jīng)誤報(bào)財(cái)務(wù)成果,損害了股東信心,遭遇了償債危機(jī),毀滅了主體的價(jià)值。最終這家公司陷入了歷史上最大的破產(chǎn)案之一。
高層管理當(dāng)局對(duì)有效企業(yè)風(fēng)險(xiǎn)管理的態(tài)度和關(guān)注必須明確而清晰,并滲透到組織之中。光說(shuō)得正確是不夠的。那種“按我說(shuō)的去做,而不是按我做的去做”的態(tài)度,只會(huì)帶來(lái)一個(gè)無(wú)效的環(huán)境。
2. INTERNAL ENVIRONMENT
Chapter Summary: The internal
environment encompasses the tone of an
organization, influencing the risk consciousness
of its people, and is the basis for all other
components of enterprise risk management,
providing discipline and structure. Internal
environment factors include an entity’s risk
management philosophy; its risk appetite;
oversight by the board of directors; the integrity,
ethical values, and competence of the entity’s people; and the way management assigns authority and responsibility, and organizes and develops its people.
The internal environment is the basis for all other components of enterprise risk management, providing discipline and structure. It influences how strategies and objectives are established, business activities are structured, and risks are identified, assessed, and acted upon. And it influences the design and functioning of control activities, information and communication systems, and monitoring activities.
The internal environment is influenced by an entity’s history and culture. It comprises many elements, including the entity’s ethical values, competence and development of personnel, management’s philosophy for managing risk, and how it assigns authority and responsibility. A board of directors is a critical part of the internal environment and significantly influences other internal environment elements.
Although all elements are important, the extent to which each is addressed will vary with the entity. For example, the chief executive of a company with a small workforce and centralized operations might not establish formal lines of responsibility and detailed operating policies. Nevertheless, the company could have an internal
environment that provides an appropriate foundation for enterprise risk management.
Risk Management Philosophy
An entity’s risk management philosophy is the set of shared beliefs and attitudes characterizing how the entity considers risk in everything it does, from strategy development and implementation to its day-to-day activities. Its risk management philosophy reflects the entity’s values, influencing its culture and operating style, and affects how enterprise risk management components are applied, including how risks are identified, the kinds of risks accepted, and how they are managed.
A company that has been successful accepting significant risks is likely to have a different outlook on enterprise risk management than one that has faced harsh economic or regulatory consequences as a result of venturing into dangerous territory. While some entities may work to achieve effective enterprise risk management to satisfy requirements of an external stakeholder, such as a parent company or regulator, more often it is because management recognizes that effective risk management helps the entity create and preserve value.
When the risk management philosophy is well developed, understood, and embraced by its personnel, the entity is positioned to effectively recognize and manage risk. Otherwise, there can be unacceptably uneven application of enterprise risk management across business units, functions, or departments. But even when an entity’s philosophy is well developed, there nonetheless may be cultural differences among its units, resulting in variation in enterprise risk management application. Managers of some units may be prepared to take more risk, while others are more conservative. For example, an aggressive selling function may focus its attention on making a sale, without careful attention to regulatory compliance matters, while the contracting unit’s personnel focus significant attention on ensuring compliance with all relevant internal and external policies and regulations. Separately, these different subcultures could adversely affect the entity. But by working well together the units can appropriately reflect the entity’s risk management philosophy.
The enterprise’s risk management philosophy is reflected in virtually everything management does in running the entity. It is captured in policy statements, oral and
written communications, and decision making. Whether management emphasizes written policies, standards of behavior, performance indicators, and exception reports, or operates more informally largely through face-to-face contact with key managers, of critical importance is that management reinforces the philosophy not only with words but also with everyday actions.
Risk Appetite
Risk appetite is the amount of risk, on a broad level, an entity is willing to accept in pursuit of value. It reflects the enterprise’s risk management philosophy, and in turn influences the entity’s culture and operating style.
Risk appetite is considered in strategy setting, where the desired return from a strategy should be aligned with the entity’s risk appetite. Different strategies will expose the entity to different levels of risk, and enterprise risk management, applied in strategy setting, helps management select a strategy consistent with the entity’s risk appetite.
Entities consider risk appetite qualitatively, with such categories as high, moderate, or low, or take a quantitative approach, reflecting and balancing goals for growth and return with risk.
Board of Directors
An entity’s board of directors is a critical part of the internal environment and significantly influences its elements. The board’s independence from management, experience and stature of its members, extent of its involvement and scrutiny of activities, and appropriateness of its actions all play a role. Other factors include the degree to which difficult questions are raised and pursued with management regarding strategy, plans, and performance, and interaction the board or audit committee has with internal and external auditors.
An active and involved board of directors, board of trustees, or comparable body should possess an appropriate degree of management, technical, and other expertise,
coupled with the mind-set necessary to perform its oversight responsibilities. This is critical to an effective enterprise risk management environment. And, because the board must be prepared to question and scrutinize management’s activities, present alternative views, and act in the face of wrongdoing, the board must include outside directors.
Members of top management may be effective board members, bringing their deep knowledge of the company. But there must be a sufficient number of independent outside directors not only to provide sound advice, counsel, and direction, but also to serve as a necessary check and balance on management. For the internal environment to be effective, the board must have at least a majority of independent outside directors.
Effective boards of directors ensure that management maintains effective risk management. Although an enterprise historically might have not suffered losses and have no obvious significant risk exposure, the board does not succumb to the mythical notion that events with seriously adverse consequences “couldn’t happen here.” It recognizes that while a company may have a sound strategy, competent employees, sound business processes, and reliable technology, it, like every entity, is vulnerable to risk, and an effectively functioning risk management process is needed.
Integrity and Ethical Values
An entity’s strategy and objectives and the way they are implemented are based on preferences, value judgments, and management styles. Management’s integrity and commitment to ethical values influence these preferences and judgments, which are translated into standards of behavior. Because an entity’s good reputation is so valuable, the standards of behavior must go beyond mere compliance with law. Managers of well-run enterprises increasingly have accepted the view that ethics pays and ethical behavior is good business.
Management integrity is a prerequisite for ethical behavior in all aspects of an entity’s activities. The effectiveness of enterprise risk management cannot rise above
the integrity and ethical values of the people who create, administer, and monitor entity activities. Integrity and ethical values are essential elements of an entity’s internal environment, affecting the design, administration, and monitoring of other enterprise risk management components.
Establishing ethical values often is difficult because of the need to consider the concerns of several parties. Management values must balance the concerns of the enterprise, employees, suppliers, customers, competitors, and the public. Balancing these concerns can be complex and frustrating because interests are often at odds. For example, providing an essential product (petroleum, lumber, or food) may cause environmental concerns.
Ethical behavior and management integrity are by-products of the corporate culture, which encompasses ethical and behavioral standards and how they are communicated and reinforced. Official policies specify what the board and management want to happen. Corporate culture determines what actually happens, and which rules are obeyed, bent, or ignored. Top management – starting with the CEO – plays a key role in determining the corporate culture. As the dominant personality in an entity, the CEO often sets the ethical tone.
Certain organizational factors also can influence the likelihood of fraudulent and questionable financial reporting practices. Those same factors are likely to influence ethical behavior as well. Individuals may engage in dishonest, illegal, or unethical acts simply because the entity gives them strong incentives or temptations to do so. Undue emphasis on results, particularly in the short term, can foster an inappropriate internal environment. Focusing solely on short- term results can hurt even in the short term. Concentration on the bottom line – sales or profit at any cost – often evokes unsought actions and reactions. High-pressure sales tactics, ruthlessness in negotiations, or implicit offers of kickbacks, for instance, may evoke reactions that can have immediate (as well as lasting) effects.
Other incentives for engaging in fraudulent or questionable reporting practices and, by extension, other forms of unethical behavior may include rewards highly dependent on reported financial and non-financial information, particularly for
short-term results.
Removing or reducing inappropriate incentives and temptations goes a long way toward eliminating undesirable behavior. As suggested, this can be achieved by following sound and profitable business practices. For example, performance incentives – accompanied by appropriate controls – can be a useful management technique as long as the performance targets are realistic. Setting realistic targets is a sound motivational practice, reducing counterproductive stress as well as the incentive for fraudulent reporting. Similarly, a well- controlled reporting system can serve as a safeguard against temptation to misstate performance.
Another cause of questionable practices is ignorance. Ethical values must be not only communicated but also accompanied by explicit guidance regarding what is right and wrong.
Formal codes of corporate conduct are important to and the foundation of an effective ethics program. Codes address a variety of behavioral issues, such as integrity and ethics, conflicts of interest, illegal or otherwise improper payments, and anticompetitive arrangements. Upward communications channels where employees feel comfortable bringing relevant information also are important.
Existence of a written code of conduct, documentation that employees received and understand it, and an appropriate communications channel by themselves do not ensure the code is being followed. Also important to compliance are resulting penalties to employees who violate the code, mechanisms that encourage employee reporting of suspected violations, and disciplinary actions against employees who knowingly fail to report violations. But compliance with ethical standards, whether or not embodied in a written code, is equally if not more effectively ensured by top management’s actions and the examples they set. Employees are likely to develop the same attitudes about right and wrong – and about risks and controls – as those shown by top management. Messages sent by management’s actions quickly become embodied in the corporate culture. And, knowledge that the CEO has “done the right thing” ethically when faced with a tough business decision, sends a powerful message throughout the entity.
Commitment to Competence
Competence reflects the knowledge and skills needed to perform assigned tasks. Management decides how well these tasks need to be accomplished, weighing the entity’s strategy and objectives against plans for their implementation and achievement. A trade-off often exists between competence and cost – it is not necessary, for instance, to hire an electrical engineer to change a light bulb.
Management specifies the competency levels for particular jobs and translates those levels into requisite knowledge and skills. The necessary knowledge and skills in turn may depend on individuals’ intelligence, training, and experience. Factors considered in developing knowledge and skill levels include the nature and degree of judgment to be applied to a specific job. Often a trade-off can be made between the extent of supervision and the requisite competence level of the individual.
Organizational Structure
An entity’s organizational structure provides the framework to plan, execute, control, and monitor its activities. A relevant organizational structure includes defining key areas of authority and responsibility and establishing appropriate lines of reporting. For example, an internal audit function should be structured in a manner that achieves organizational objectivity and permits unrestricted access to top management and the audit committee of the board, and the chief audit executive should report to a level within the organization that allows the internal audit activity to fulfill its responsibilities.
An entity develops an organizational structure suited to its needs. Some are centralized, others decentralized. Some have direct reporting relationships, while others are more of a matrix organization. Some entities are organized by industry or product line, by geographical location or by a particular distribution or marketing network. Other entities, including many state and local governmental units and not-for-profit institutions, are organized by function.
The appropriateness of an entity’s organizational structure depends, in part, on its
size and the nature of its activities. A highly structured organization with formal reporting lines and responsibilities may be appropriate for a large entity that has numerous operating divisions, including foreign operations. However, such a structure could impede the necessary flow of information in a small company. Whatever the structure, an entity should be organized to enable effective enterprise risk management and to carry out its activities so as to achieve its objectives.
Assignment of Authority and Responsibility
Assignment of authority and responsibility involves the degree to which individuals and teams are authorized and encouraged to use initiative to address issues and solve problems, as well as limits to their authority. It includes establishing reporting relationships and authorization protocols, as well as policies that describe appropriate business practices, knowledge and experience of key personnel, and resources provided for carrying out duties.
Some entities have pushed authority downward to bring decision making closer to front-line personnel. A company may take this tack to become more market-driven or quality-focused – perhaps to eliminate defects, reduce cycle time, or increase customer satisfaction. Alignment of authority and accountability often is designed to encourage individual initiatives, within limits. Delegation of authority means surrendering central control of certain business decisions to lower echelons – to the individuals who are closest to everyday business transactions. This may involve empowerment to sell products at discount prices; negotiate long-term supply contracts, licenses, or patents; or enter alliances or joint ventures.
A critical challenge is to delegate only to the extent required to achieve objectives. This means ensuring that decision making is based on sound practices for risk identification and assessment, including sizing risks and weighing potential losses versus gains in determining which risks to accept and how they are to be managed.
Another challenge is ensuring that all personnel understand the entity’s objectives. It is essential that individuals know how their actions are related to one
another and contribute to achievement of the objectives.
Increased delegation sometimes is intentionally accompanied by or the result of streamlining or “flattening” the organizational structure. Purposeful structural change to encourage creativity, taking initiative, and faster response times can enhance competitiveness and cu外文翻譯范文stomer satisfaction. This increased delegation may carry an implicit requirement for a higher level of employee competence, as well as greater accountability. It also requires effective procedures for management to monitor results so that decisions can be overruled or accepted as necessary. Along with better, market-driven decisions, delegation may increase the number of undesirable or unanticipated decisions. For example, if a district sales manager decides that authorization to sell at 35% off list price justifies a temporary 45% discount to gain market share, management may need to know so that it can overrule or accept such decisions going forward.
The internal environment is greatly influenced by the extent to which individuals recognize that they will be held accountable. This holds true all the way to the chief executive, who, with board oversight, has ultimate responsibility for all activities within an entity.
Additional principles related to roles and responsibilities by parties integral to effective enterprise risk management are set forth in the Roles and Responsibilities chapter.
Human Resource Standards
Human resource practices pertaining to hiring, orientation, training, evaluating, counseling, promoting, compensating, and taking remedial actions send messages to employees regarding expected levels of integrity, ethical behavior, and competence. For example, standards for hiring the most qualified individuals, with emphasis on educational background, prior work experience, past accomplishments, and evidence of integrity and ethical behavior, demonstrate an entity’s commitment to competent and trustworthy people. The same is true when recruiting practices include formal,
in-depth employment interviews and training in the entity’s history, culture, and operating style.
Training policies can reinforce expected levels of performance and behavior by communicating prospective roles and responsibilities and by including such practices as training schools and seminars, simulated case studies, and role-playing exercises. Transfers and promotions driven by periodic performance appraisals demonstrate the entity’s commitment to advancement of qualified employees. Competitive compensation programs that include bonus incentives serve to motivate and reinforce outstanding performance – although reward systems should be structured, and controls in place, to avoid undue temptation to misrepresent reported results. Disciplinary actions send a message that violations of expected behavior will not be tolerated.
It is essential that employees be equipped to tackle new challenges as issues and risks throughout the entity change and become more complex – driven in part by rapidly changing technologies and increasing competition. Education and training, whether classroom instruction, self-study, or on-the-job training, must help personnel keep pace and deal effectively with the evolving environment. Hiring competent people and providing one-time training are not enough. The education process is ongoing.
Implications
It is difficult to overstate the importance of an entity’s internal environment and the impact – positive or negative – it can have on other enterprise risk management components. The impact of an ineffective internal environment can be far-reaching, possibly resulting in financial loss, a tarnished public image, or a business failure.
An energy company generally was thought to have effective enterprise risk management since it had high-powered and respected senior managers, a prestigious board of directors, an innovative strategy, well-designed information systems and control activities, extensive policy manuals prescribing risk and control functions, and
comprehensive reconciling and supervisory routines. Its internal environment, however, was significantly flawed.
Management participated in highly questionable business practices, and the board turned a “blind-eye.” The company was found to have misreported financial results and suffered a loss of shareholder confidence, a liquidity crisis, and destruction of entity value. Ultimately the company went into one of the largest bankruptcies in history.
The attitude and concern of top management for effective enterprise risk management must be definitive and clear, and permeate the organization. It is not sufficient to say the right words. An attitude of “do as I say, not as I do” will only bring about an ineffective environment.
19
20
21
22
23
24
25
26
27
28
【外文翻譯】相關(guān)文章:
中外文化差異及翻譯04-29
兩大權(quán)威外文翻譯資格考試證書面對(duì)面05-04
關(guān)于外文字母詞和原裝外文縮略語(yǔ)問題04-30
外文系怎么辦?04-26
外文信息資源開發(fā)與服務(wù)04-29