外文翻译范文
广东工业大学
华立学院
本科毕业设计(论文)
外文参考文献译文及原文
系 部 会计学部
专 业 会计学
年 级 2008级
班级名称
学 号
学生姓名
指导教师
2012 年 5 月
目 录
1 外文文献译文 .......................................................... 1
2 外文文献原文 .......................................................... 9
2 内部环境
【本章摘要】内部环境包含组织的基调,它影响组织中人员的风险意识,是企业风险管理所有其他构成要素的基础,为其他要素提供约束和结构。内部环境因素包括主体的风险管理理念、它的风险容量、董事会的监督、主体中人员的诚信、道德价值观和胜任能力,以及管理当局分配权力和职责、组织和开发其员工的方式。
内部环境是企业风险管理所有其他构成要素的基础,为其他要素提供约束和结构。它影响着战略和目标如何制订、经营活动如何组织以及如何识别、评估风险并采取行动。它还影响着控制活动、信息与沟通体系和监控措施的设计与运行。
内部环境受到主体的历史和文化的影响。它包含许多要素,包括主体的道德价值观、员工的胜任能力和开发、管理当局管理风险的理念以及如何分配权力和职责。董事会是内部环境的一个关键部分,它对其他的内部环境要素有重大的影响。
尽管所有要素都很重要,但是对每个要素的强调程度会因主体而异。举例来说,一家员工较少、专注化经营的公司的首席执行官可能就不会制订正式的职责划分和具体的经营政策。但是,这家公司也会有为企业风险管理提供合适基础的内部环境。
风险管理理念
一个主体的风险管理理念是一整套共同的信念和态度,它决定着该主体在做任何事情——从战略制订和执行到日常的活动——时如何考虑风险。风险管理理念反映了主体的价值观,影响它的文化和经营风格,并且决定如何应用企业风险管理的构成要素,包括如何识别风险,承担哪些风险,以及如何管理这些风险。
成功地承担了重大风险的公司对企业风险管理的看法,似乎不同于由于在危险的地区创业而面临过严酷的经济或管制后果的公司。尽管有些主体会为了满足外部利益相关者——例如母公司或监管者的需要,而努力实现有效的企业风险管理,但是更常见的是因为管理当局认识到有效的风险管理有助于主体创造和保持价值。
当风险管理理念被很好地确立和理解、并且为员工所信奉时,主体就能有效地识别和管理风险。否则,企业风险管理在各个业务单元、职能机构或部门中的应用就可能会出现不可接受的不平衡状态。但是即使一个主体的理念被很好地确
立,在它的各个单元之间仍然会存在文化上的差别,从而导致风险管理应用方面的差异。一些单元的管理者可能准备承担更大的风险,而其他的则更为保守。例如,一个有闯劲的销售职能机构可能会集中关注实现销售,而没有仔细注意对法规的遵循问题,而缔约单元的人员主要集中关注确保符合所有的相关内部和外部政策与法规。孤立地看,这些不同的次级文化都能对主体产生负面影响。但是通过很好的合作,这些单元能够恰当地反映主体的风险管理理念。
企业的风险管理理念实质上反映在管理当局在经营该主体的过程中所做的每一件事情上。它可以从政策表述、口头和书面的沟通以及决策中反映出来。无论管理当局是强调书面的政策、行为准则、业绩指标和例外报告,还是更为非正式地大量通过与关键的管理者面对面的接触来进行运营,至关重要的是管理当局不仅要通过口头、而且还要通过日常的行动来强化这种理念。
风险容量
风险容量是一个主体在追求价值的过程中所愿意承担的广泛意义上的风险的数量。它反映了企业的风险管理理念,进而影响了主体的文化和经营风格。
风险容量在战略制订的过程中加以考虑,来自一项战略的期望报酬应该与主体的风险容量相协调。不同的战略会使主体面临不同程度的风险,应用于战略制订过程的企业风险管理帮助管理当局选择一个与主体的风险容量相一致的战略。
主体运用类似高、适中或低等类别,从质的角度考虑风险容量,或者运用数量化的方法,来反映和平衡增长、报酬和风险方面的目标。
董事会
一个主体的董事会是内部环境的关键部分,它对其要素有着重大影响。董事会对于管理当局的独立性、其成员的经验和才干、对活动参与和审察的程度,以及其行为的适当性都起着重要的作用。其他因素包括提出有关战略、计划和业绩方面的疑难问题和与管理当局进行商讨的程度,以及董事会或审计委员会与内部和外部审计师的交流。
一个积极的和高度参与型的董事会、托管委员会(board of trustees)或类似的机构,应该具有适当程度的管理、技术和其他专长,以及履行监督职责所需要
的思维方式。这对于一个有效的企业风险管理环境至关重要。而且,由于董事会必须准备去质疑和仔细审查管理当局的活动,提出不同的观点,并针对不当行为采取行动,因此董事会必须包含外部董事。
高层管理当局的成员可能带来他们对公司的深入了解,从而成为有效的董事会成员。但是必须有足够数量的独立外部董事,他们不但要提供合理的建议、咨询和指导,而且还要对管理当局形成必要的牵制和制衡。要想使内部环境有效,董事会中的独立外部董事必须至少占多数。
有效的董事会能确保管理当局保持有效的风险管理。尽管一家企业在过去可能没有遭受损失、没有暴露出明显的重大风险,董事会也不能天真地认定带有严重负面后果的事项“在这里不会发生”。应该认识到,尽管一家公司可能有合理的战略、胜任的员工、合理的经营流程和可靠的技术,但是它和所有的主体一样,对于风险而言都很脆弱,因此也需要有效运行的风险管理。
诚信与道德价值观
主体的战略和目标以及它们得以推行的方式建立在偏好、价值判断和管理风格的基础之上。管理当局的诚信和对道德价值观的要求影响这些转化为行为准则的偏好和判断。因为一个主体的良好声誉是如此有价值,所以行为的准则应该不仅仅只是遵循法律。经营良好的企业的管理者越来越接受这样的观点,那就是道德是值得的,道德行为就是良好的经营。
管理当局的诚信是一个主体活动的所有方面的道德行为的先决条件。企业风险管理的有效性不可能脱离那些创造、管理和监督主体活动的人的诚信和道德价值观。诚信和道德价值观是一个主体内部环境的关键要素,它影响着企业风险管理其他构成要素的设计、管理和监控。
树立道德价值观通常很困难,因为需要考虑多个方面的利益。管理当局的价值观必须平衡企业、员工、供应商、客户、竞争者和公众的利益。平衡这些利益可能是复杂而令人沮丧的,因为利益通常是互相矛盾的。举例来说,提供一种必需的产品(石油、木材或食品)可能会导致环境方面的关切。
道德行为和管理当局的诚信是公司文化的副产品,公司文化包含道德和行为准则以及它们的沟通和强化方式。正式的政策指明了董事会和管理当局希望发生
的情况。公司文化决定着实际发生的情况,以及哪些规则被遵循、扭曲或忽视了。高层管理当局——从CEO开始——在确定公司文化方面起着关键作用。作为主体中的居于支配地位的人员,CEO往往确定了道德基调。
特定的组织因素也会影响出现欺诈性和可疑的财务报告行为的可能性。这些因素可能还会影响道德行为。个人可能会因为主体给了他们这么做的强烈动机或诱惑,而参与不诚实的、非法的或不道德的行为。过分地强调结果,尤其是短期结果,可能会造成一个不恰当的内部环境。仅仅关注短期结果即使在短期也可能有危害。专注于底线——不顾成本的销售收入或利润——通常会引发不希望看到的行动和反应。例如,高压销售策略、谈判的残酷或者对回扣的暗示可能会引发具有即期(以及持久)影响的反应。
参与欺诈性和可疑的财务报告行为以及其他形式的不道德行为的其他动机可能包括高度依赖于所报告的财务或非财务信息——尤其是短期结果——的报酬。
从消除或减少不恰当的动机和诱惑到消除不良行为之间要走一段很长的路。就像所建议的那样,它可以通过从事合理而又有利可图的经营活动来实现。例如,只要业绩目标切合实际,业绩激励——配以适当的控制——就能成为一个有用的管理技术。设定切合实际的目标是一项正确的激励措施,它能降低产生相反作用的压力,以及欺诈性报告的动机。同样地,一个控制良好的报告体系能够起到防止错报业绩诱惑的作用。
可疑行为的另一个原因是忽视。道德价值观不仅必须沟通,而且必须辅以关于是非对错的明确指南。正式的公司行为守则对有效的道德项目十分重要,是它的基础。守则致力于一系列的行为问题,例如诚信与道德、利益冲突、不合法或不恰当的支付以及反竞争的(anticompetitive)协议等。向上沟通的渠道也很重要,它带来相关信息并使员工感到舒服。
仅仅有书面的行为守则、员工接受和理解的文件和适当的沟通渠道,还不能确保守则被遵守。对违反守则的员工所给予的处罚,鼓励员工报告所怀疑的违反行为的机制,以及针对知情而不报告违反行为的员工的惩戒措施,对于遵守守则而言也很重要。但是如果不能通过高层管理当局的行为和他们所作的表率提供更有效的保证的话,无论道德准则是否包含在书面的守则之中,对道德准则的遵守
都没有什么区别。对于是非对错——以及对于风险与控制,员工可能会形成与高层管理当局所表现出来的一样的态度。管理当局的行为所传达的信息很快就会被包含到公司文化之中。而且,有关CEO在面临一个艰难的经营决策时从道德的.角度讲“做了正确的事情”的认识,能够在整个主体中传达一个强有力的信息。 对胜任能力的要求
胜任能力反映实现规定的任务所需要的知识和技能。管理当局通过在主体的战略和目标与它们的执行和实现计划之间进行权衡,来决定这些任务应该完成到什么程度。通常会存在能力与成本之间的权衡,比如说,没有必要去雇用一个电气工程师来更换灯泡。
管理当局明确特定岗位的胜任能力水平,并把这些水平转换成所需的知识和技能。而这些必要的知识和技能可能又取决于个人的智力、培训和经验。在开发知识和技能水平的过程中所考虑的因素包括一个具体岗位所运用判断的性质和程度。通常会在监督的范围和所需的胜任能力水平之间作出权衡。
组织结构
一个主体的组织结构提供了计划、执行、控制和监督其活动的框架。相关的组织结构包括确定权力与责任的关键界区,以及确立恰当的报告途径。举例来说,内部审计职能机构的结构设计应该致力于实现组织的目标,并且允许不受限制地与高层管理当局和董事会的审计委员会接触,而且首席审计官应当向组织中能保证内部审计活动实现其职责的层级报告工作。
主体建立适合其需要的组织结构。有的是集权型的,有的是分权型的。有的有着直接报告关系,而其他的则更接近于矩阵型组织。一些主体按照行业或产品线、按照地理位置或者按照特定的配送或营销网络来进行组织。而其他的主体,包括很多州和地方政府单位以及非营利机构,则按照职能进行组织。
一个主体的组织结构的适当性部分地取决于它的规模和所从事活动的性质。有着正式的报告途径和职责的高度结构化的组织,可能适合于拥有很多经营分部、包括外国业务的大型主体。然而,在一家小公司中,这种结构可能会阻碍必要的信息流动。不管采取什么样的结构,主体的组织方式都应该确保有效的企业
风险管理,并采取行动以便实现其目标。
权力和职责的分配
权力和职责的分配涉及到个人和团队被授权并鼓励发挥主动性去指出问题和解决问题的程度,以及对他们的权力的限制。它包括确立报告关系和授权规程,以及描述恰当经营活动的政策,关键人员的知识和经验,和为履行职责而赋予的资源。
一些主体将权力下放,以便使决策更接近于一线的人员。公司可以采取这种方式而变得更具市场驱动的特点,或者更关注质量——或许是消除缺陷、缩短周转时间或者提高客户满意度。通常通过将权力与受托责任(accountability)相结合来鼓励个人在限定的范围内发挥主动性。权力的委派意味着将特定经营决策的核心控制权交给较低的层级——给那些更靠近日常经营业务的人员。这可能包括授权以折扣价格销售产品,商谈长期供货合同、许可或专利,或者参加联盟或合营企业。
一个关键的挑战是仅仅针对实现目标所需要的范围来进行授权。这意味着确保决策是基于合理的风险识别和评估活动,包括在确定接受何种风险以及如何对它们加以管理的过程中,估计风险的大小和权衡潜在的损失与收益。
另一个挑战是确保所有的人员都了解主体的目标。每个人都知道他们的行为彼此之间有什么关联和对实现目标有什么作用,是至关重要的。
增加授权有时候有意伴随着组织结构的简化或“扁平化”,或者是其结果。为激发创造性、发挥主动性和加快反应速度而开展的有意识的组织变革,能够提高竞争力和客户满意度。这种增加授权可能会带来对更高的员工胜任能力水平以及更大的受托责任的隐含要求。它还要求管理当局采用有效的程序对结果进行监控,从而使决策能够根据需要被否决或接受。有了更好的、市场驱动的决策,授权能够增加非期望或非预期决策的数量。例如,如果一个区域销售经理决定授权在零售价的基础上折让35%来进行销售,以证实目前45%的折扣能够获取市场份额,管理当局可能需要了解情况才能否决或者接受让这种决策进行下去。
内部环境极大地受到个人对他们将要承担责任的认识程度的影响。对于首席执行官而言,也是如此,他在董事会的监督下对主体内部的所有活动负有终极责
任。
与有效的企业风险管理密不可分的各个方面的职能与责任的其他相关原则,将在“职能与责任”那一章中展开讲述。
人力资源准则
包括雇用、定位、培训、评价、咨询、晋升、付酬和采取补偿措施在内的人力资源业务向员工传达着有关诚信、道德行为和胜任能力的期望水平方面的信息。例如,强调教育背景、前期工作经验、过去的成就和有关诚信和道德行为的证据,以便雇用资质最好的个人的准则,表明了一个主体对胜任和可信任人员的承诺。当招录活动中包括正式的、深入的招聘面试和有关该主体的历史、文化和经营风格方面的培训时,也是如此。
培训政策能够通过对未来职能与责任的沟通,以及包含诸如培训学校和研习班、模拟案例研究和扮演角色练习等活动,来加强业绩和行为的期望水平。根据定期业绩评价所进行的调换与晋升,反映了主体对于提升合格员工的承诺。包括分红激励在内的竞争性的报酬计划能够起到鼓励和强化突出业绩的作用——尽管奖金制度应该严密并且有效地控制,以避免对报告结果的不实呈报产生不当的诱惑。惩戒行动所传递的信息则是对期望行为的偏离将不会得到宽宥。
随着贯穿于主体之中的问题和风险的变化和愈加复杂——部分原因在于急剧变革的技术和日益激烈的竞争,很有必要把员工武装起来以应对新的挑战。教育和培训,不管是课堂讲授、自学还是在职培训,都必须有助于个人跟上环境变革的步伐并能有效地应对。雇用胜任的人员和提供一次性培训是不够的。教育过程是持续的。
影响
一个主体内部环境的重要性和它对企业风险管理的其他构成要素所能产生的正面或负面影响,怎么强调都不过分。一个无效的内部环境的影响会很广泛,可能会导致财务损失、损害公众形象,或经营失败。
一般认为某能源公司有着有效的企业风险管理,因为它有强有力而受人尊敬的高层管理者、声望卓著的董事会、富有创新意识的战略、设计良好的信息系统
和控制活动、描述风险和控制职能的广泛的政策手册,以及全面的调整和监督途径。但是,它的内部环境却有重大缺陷。管理当局参与了十分可疑的经营业务,而董事会却视而不见。这家公司被发现曾经误报财务成果,损害了股东信心,遭遇了偿债危机,毁灭了主体的价值。最终这家公司陷入了历史上最大的破产案之一。
高层管理当局对有效企业风险管理的态度和关注必须明确而清晰,并渗透到组织之中。光说得正确是不够的。那种“按我说的去做,而不是按我做的去做”的态度,只会带来一个无效的环境。
2. INTERNAL ENVIRONMENT
Chapter Summary: The internal
environment encompasses the tone of an
organization, influencing the risk consciousness
of its people, and is the basis for all other
components of enterprise risk management,
providing discipline and structure. Internal
environment factors include an entity’s risk
management philosophy; its risk appetite;
oversight by the board of directors; the integrity,
ethical values, and competence of the entity’s people; and the way management assigns authority and responsibility, and organizes and develops its people.
The internal environment is the basis for all other components of enterprise risk management, providing discipline and structure. It influences how strategies and objectives are established, business activities are structured, and risks are identified, assessed, and acted upon. And it influences the design and functioning of control activities, information and communication systems, and monitoring activities.
The internal environment is influenced by an entity’s history and culture. It comprises many elements, including the entity’s ethical values, competence and development of personnel, management’s philosophy for managing risk, and how it assigns authority and responsibility. A board of directors is a critical part of the internal environment and significantly influences other internal environment elements.
Although all elements are important, the extent to which each is addressed will vary with the entity. For example, the chief executive of a company with a small workforce and centralized operations might not establish formal lines of responsibility and detailed operating policies. Nevertheless, the company could have an internal
environment that provides an appropriate foundation for enterprise risk management.
Risk Management Philosophy
An entity’s risk management philosophy is the set of shared beliefs and attitudes characterizing how the entity considers risk in everything it does, from strategy development and implementation to its day-to-day activities. Its risk management philosophy reflects the entity’s values, influencing its culture and operating style, and affects how enterprise risk management components are applied, including how risks are identified, the kinds of risks accepted, and how they are managed.
A company that has been successful accepting significant risks is likely to have a different outlook on enterprise risk management than one that has faced harsh economic or regulatory consequences as a result of venturing into dangerous territory. While some entities may work to achieve effective enterprise risk management to satisfy requirements of an external stakeholder, such as a parent company or regulator, more often it is because management recognizes that effective risk management helps the entity create and preserve value.
When the risk management philosophy is well developed, understood, and embraced by its personnel, the entity is positioned to effectively recognize and manage risk. Otherwise, there can be unacceptably uneven application of enterprise risk management across business units, functions, or departments. But even when an entity’s philosophy is well developed, there nonetheless may be cultural differences among its units, resulting in variation in enterprise risk management application. Managers of some units may be prepared to take more risk, while others are more conservative. For example, an aggressive selling function may focus its attention on making a sale, without careful attention to regulatory compliance matters, while the contracting unit’s personnel focus significant attention on ensuring compliance with all relevant internal and external policies and regulations. Separately, these different subcultures could adversely affect the entity. But by working well together the units can appropriately reflect the entity’s risk management philosophy.
The enterprise’s risk management philosophy is reflected in virtually everything management does in running the entity. It is captured in policy statements, oral and
written communications, and decision making. Whether management emphasizes written policies, standards of behavior, performance indicators, and exception reports, or operates more informally largely through face-to-face contact with key managers, of critical importance is that management reinforces the philosophy not only with words but also with everyday actions.
Risk Appetite
Risk appetite is the amount of risk, on a broad level, an entity is willing to accept in pursuit of value. It reflects the enterprise’s risk management philosophy, and in turn influences the entity’s culture and operating style.
Risk appetite is considered in strategy setting, where the desired return from a strategy should be aligned with the entity’s risk appetite. Different strategies will expose the entity to different levels of risk, and enterprise risk management, applied in strategy setting, helps management select a strategy consistent with the entity’s risk appetite.
Entities consider risk appetite qualitatively, with such categories as high, moderate, or low, or take a quantitative approach, reflecting and balancing goals for growth and return with risk.
Board of Directors
An entity’s board of directors is a critical part of the internal environment and significantly influences its elements. The board’s independence from management, experience and stature of its members, extent of its involvement and scrutiny of activities, and appropriateness of its actions all play a role. Other factors include the degree to which difficult questions are raised and pursued with management regarding strategy, plans, and performance, and interaction the board or audit committee has with internal and external auditors.
An active and involved board of directors, board of trustees, or comparable body should possess an appropriate degree of management, technical, and other expertise,
coupled with the mind-set necessary to perform its oversight responsibilities. This is critical to an effective enterprise risk management environment. And, because the board must be prepared to question and scrutinize management’s activities, present alternative views, and act in the face of wrongdoing, the board must include outside directors.
Members of top management may be effective board members, bringing their deep knowledge of the company. But there must be a sufficient number of independent outside directors not only to provide sound advice, counsel, and direction, but also to serve as a necessary check and balance on management. For the internal environment to be effective, the board must have at least a majority of independent outside directors.
Effective boards of directors ensure that management maintains effective risk management. Although an enterprise historically might have not suffered losses and have no obvious significant risk exposure, the board does not succumb to the mythical notion that events with seriously adverse consequences “couldn’t happen here.” It recognizes that while a company may have a sound strategy, competent employees, sound business processes, and reliable technology, it, like every entity, is vulnerable to risk, and an effectively functioning risk management process is needed.
Integrity and Ethical Values
An entity’s strategy and objectives and the way they are implemented are based on preferences, value judgments, and management styles. Management’s integrity and commitment to ethical values influence these preferences and judgments, which are translated into standards of behavior. Because an entity’s good reputation is so valuable, the standards of behavior must go beyond mere compliance with law. Managers of well-run enterprises increasingly have accepted the view that ethics pays and ethical behavior is good business.
Management integrity is a prerequisite for ethical behavior in all aspects of an entity’s activities. The effectiveness of enterprise risk management cannot rise above
the integrity and ethical values of the people who create, administer, and monitor entity activities. Integrity and ethical values are essential elements of an entity’s internal environment, affecting the design, administration, and monitoring of other enterprise risk management components.
Establishing ethical values often is difficult because of the need to consider the concerns of several parties. Management values must balance the concerns of the enterprise, employees, suppliers, customers, competitors, and the public. Balancing these concerns can be complex and frustrating because interests are often at odds. For example, providing an essential product (petroleum, lumber, or food) may cause environmental concerns.
Ethical behavior and management integrity are by-products of the corporate culture, which encompasses ethical and behavioral standards and how they are communicated and reinforced. Official policies specify what the board and management want to happen. Corporate culture determines what actually happens, and which rules are obeyed, bent, or ignored. Top management – starting with the CEO – plays a key role in determining the corporate culture. As the dominant personality in an entity, the CEO often sets the ethical tone.
Certain organizational factors also can influence the likelihood of fraudulent and questionable financial reporting practices. Those same factors are likely to influence ethical behavior as well. Individuals may engage in dishonest, illegal, or unethical acts simply because the entity gives them strong incentives or temptations to do so. Undue emphasis on results, particularly in the short term, can foster an inappropriate internal environment. Focusing solely on short- term results can hurt even in the short term. Concentration on the bottom line – sales or profit at any cost – often evokes unsought actions and reactions. High-pressure sales tactics, ruthlessness in negotiations, or implicit offers of kickbacks, for instance, may evoke reactions that can have immediate (as well as lasting) effects.
Other incentives for engaging in fraudulent or questionable reporting practices and, by extension, other forms of unethical behavior may include rewards highly dependent on reported financial and non-financial information, particularly for
short-term results.
Removing or reducing inappropriate incentives and temptations goes a long way toward eliminating undesirable behavior. As suggested, this can be achieved by following sound and profitable business practices. For example, performance incentives – accompanied by appropriate controls – can be a useful management technique as long as the performance targets are realistic. Setting realistic targets is a sound motivational practice, reducing counterproductive stress as well as the incentive for fraudulent reporting. Similarly, a well- controlled reporting system can serve as a safeguard against temptation to misstate performance.
Another cause of questionable practices is ignorance. Ethical values must be not only communicated but also accompanied by explicit guidance regarding what is right and wrong.
Formal codes of corporate conduct are important to and the foundation of an effective ethics program. Codes address a variety of behavioral issues, such as integrity and ethics, conflicts of interest, illegal or otherwise improper payments, and anticompetitive arrangements. Upward communications channels where employees feel comfortable bringing relevant information also are important.
Existence of a written code of conduct, documentation that employees received and understand it, and an appropriate communications channel by themselves do not ensure the code is being followed. Also important to compliance are resulting penalties to employees who violate the code, mechanisms that encourage employee reporting of suspected violations, and disciplinary actions against employees who knowingly fail to report violations. But compliance with ethical standards, whether or not embodied in a written code, is equally if not more effectively ensured by top management’s actions and the examples they set. Employees are likely to develop the same attitudes about right and wrong – and about risks and controls – as those shown by top management. Messages sent by management’s actions quickly become embodied in the corporate culture. And, knowledge that the CEO has “done the right thing” ethically when faced with a tough business decision, sends a powerful message throughout the entity.
Commitment to Competence
Competence reflects the knowledge and skills needed to perform assigned tasks. Management decides how well these tasks need to be accomplished, weighing the entity’s strategy and objectives against plans for their implementation and achievement. A trade-off often exists between competence and cost – it is not necessary, for instance, to hire an electrical engineer to change a light bulb.
Management specifies the competency levels for particular jobs and translates those levels into requisite knowledge and skills. The necessary knowledge and skills in turn may depend on individuals’ intelligence, training, and experience. Factors considered in developing knowledge and skill levels include the nature and degree of judgment to be applied to a specific job. Often a trade-off can be made between the extent of supervision and the requisite competence level of the individual.
Organizational Structure
An entity’s organizational structure provides the framework to plan, execute, control, and monitor its activities. A relevant organizational structure includes defining key areas of authority and responsibility and establishing appropriate lines of reporting. For example, an internal audit function should be structured in a manner that achieves organizational objectivity and permits unrestricted access to top management and the audit committee of the board, and the chief audit executive should report to a level within the organization that allows the internal audit activity to fulfill its responsibilities.
An entity develops an organizational structure suited to its needs. Some are centralized, others decentralized. Some have direct reporting relationships, while others are more of a matrix organization. Some entities are organized by industry or product line, by geographical location or by a particular distribution or marketing network. Other entities, including many state and local governmental units and not-for-profit institutions, are organized by function.
The appropriateness of an entity’s organizational structure depends, in part, on its
size and the nature of its activities. A highly structured organization with formal reporting lines and responsibilities may be appropriate for a large entity that has numerous operating divisions, including foreign operations. However, such a structure could impede the necessary flow of information in a small company. Whatever the structure, an entity should be organized to enable effective enterprise risk management and to carry out its activities so as to achieve its objectives.
Assignment of Authority and Responsibility
Assignment of authority and responsibility involves the degree to which individuals and teams are authorized and encouraged to use initiative to address issues and solve problems, as well as limits to their authority. It includes establishing reporting relationships and authorization protocols, as well as policies that describe appropriate business practices, knowledge and experience of key personnel, and resources provided for carrying out duties.
Some entities have pushed authority downward to bring decision making closer to front-line personnel. A company may take this tack to become more market-driven or quality-focused – perhaps to eliminate defects, reduce cycle time, or increase customer satisfaction. Alignment of authority and accountability often is designed to encourage individual initiatives, within limits. Delegation of authority means surrendering central control of certain business decisions to lower echelons – to the individuals who are closest to everyday business transactions. This may involve empowerment to sell products at discount prices; negotiate long-term supply contracts, licenses, or patents; or enter alliances or joint ventures.
A critical challenge is to delegate only to the extent required to achieve objectives. This means ensuring that decision making is based on sound practices for risk identification and assessment, including sizing risks and weighing potential losses versus gains in determining which risks to accept and how they are to be managed.
Another challenge is ensuring that all personnel understand the entity’s objectives. It is essential that individuals know how their actions are related to one
another and contribute to achievement of the objectives.
Increased delegation sometimes is intentionally accompanied by or the result of streamlining or “flattening” the organizational structure. Purposeful structural change to encourage creativity, taking initiative, and faster response times can enhance competitiveness and cu外文翻译范文stomer satisfaction. This increased delegation may carry an implicit requirement for a higher level of employee competence, as well as greater accountability. It also requires effective procedures for management to monitor results so that decisions can be overruled or accepted as necessary. Along with better, market-driven decisions, delegation may increase the number of undesirable or unanticipated decisions. For example, if a district sales manager decides that authorization to sell at 35% off list price justifies a temporary 45% discount to gain market share, management may need to know so that it can overrule or accept such decisions going forward.
The internal environment is greatly influenced by the extent to which individuals recognize that they will be held accountable. This holds true all the way to the chief executive, who, with board oversight, has ultimate responsibility for all activities within an entity.
Additional principles related to roles and responsibilities by parties integral to effective enterprise risk management are set forth in the Roles and Responsibilities chapter.
Human Resource Standards
Human resource practices pertaining to hiring, orientation, training, evaluating, counseling, promoting, compensating, and taking remedial actions send messages to employees regarding expected levels of integrity, ethical behavior, and competence. For example, standards for hiring the most qualified individuals, with emphasis on educational background, prior work experience, past accomplishments, and evidence of integrity and ethical behavior, demonstrate an entity’s commitment to competent and trustworthy people. The same is true when recruiting practices include formal,
in-depth employment interviews and training in the entity’s history, culture, and operating style.
Training policies can reinforce expected levels of performance and behavior by communicating prospective roles and responsibilities and by including such practices as training schools and seminars, simulated case studies, and role-playing exercises. Transfers and promotions driven by periodic performance appraisals demonstrate the entity’s commitment to advancement of qualified employees. Competitive compensation programs that include bonus incentives serve to motivate and reinforce outstanding performance – although reward systems should be structured, and controls in place, to avoid undue temptation to misrepresent reported results. Disciplinary actions send a message that violations of expected behavior will not be tolerated.
It is essential that employees be equipped to tackle new challenges as issues and risks throughout the entity change and become more complex – driven in part by rapidly changing technologies and increasing competition. Education and training, whether classroom instruction, self-study, or on-the-job training, must help personnel keep pace and deal effectively with the evolving environment. Hiring competent people and providing one-time training are not enough. The education process is ongoing.
Implications
It is difficult to overstate the importance of an entity’s internal environment and the impact – positive or negative – it can have on other enterprise risk management components. The impact of an ineffective internal environment can be far-reaching, possibly resulting in financial loss, a tarnished public image, or a business failure.
An energy company generally was thought to have effective enterprise risk management since it had high-powered and respected senior managers, a prestigious board of directors, an innovative strategy, well-designed information systems and control activities, extensive policy manuals prescribing risk and control functions, and
comprehensive reconciling and supervisory routines. Its internal environment, however, was significantly flawed.
Management participated in highly questionable business practices, and the board turned a “blind-eye.” The company was found to have misreported financial results and suffered a loss of shareholder confidence, a liquidity crisis, and destruction of entity value. Ultimately the company went into one of the largest bankruptcies in history.
The attitude and concern of top management for effective enterprise risk management must be definitive and clear, and permeate the organization. It is not sufficient to say the right words. An attitude of “do as I say, not as I do” will only bring about an ineffective environment.
19
20
21
22
23
24
25
26
27
28
【外文翻译】相关文章:
内部控制外文文献翻译07-31
外文翻译机械手07-26
模具毕业设计外文翻译06-25
中外文化差异及翻译07-14
林纾:不通外文的翻译家07-26
外文翻译职业求职简历范文 -管理资料01-01