国家风险管理(英文版) Country Risk Management

第十一章国家风险管理第一节国家风险的概念与类型一、国家风险的概念对于什么是国家风险，看法不一，有人认为是主权风险，有人等同于政治风险，还有人把借款国偿还债务的一切风险统称为国家风险，这些定义都不全面。

一般来说，所谓国家风险是指经济主体与非本国居民进行国际贸易和金融往来中，由于别国的经济、政治和社会等方面的变化而遭受损失的可能性。

在理解上要注意：1.国家风险包括主权风险，但并不等于主权风险。

2.政治风险是国家风险的重要内容，但不是唯一内容。

3.信用风险有一般信用风险和特殊信用风险之分，国家风险就是特殊的信用风险。

二、国家风险的类型1.按引发国家风险事故的性质分（1）经济风险。

就是指由于债务人国家的经济原因所引起的风险。

如：经济长期低增长、工人罢工、生产成本剧增、出口收入持续下降、国际收支恶化、外汇资金短缺等。

（2）政治风险。

就是指一国的国际关系发生重大变化而引起的风险。

如：对外战争、领土被占，或者国内动荡不安、恐怖事件不断发生、社会骚乱、地方争斗、政党分裂等。

（3）社会风险。

就是因为一国的社会矛盾所引起的风险。

如：发生内战、种族纠纷、宗教纷争以及社会分配不均所引起的结群格斗、社会阶层对立等。

2.按借款者的行为划分（1）间接风险。

这是指当一国意外遭受经济困难或者政局动荡时，银行在该国的贷款收益虽然不会马上受到损失，但此后也有间接损失。

这主要是收回时贬值；还有就是要改变贷款的国别分配而产生的成本。

（2）到期不还风险。

就是债务到期后得不到不还。

包括利息和本金两个方面。

（3）债务重新安排风险。

就是指跨国银行、有关国家政府或其它金融机构共同协商，就重债国有关债务的支付做出新的协议安排。

主要有：借新还旧；延期还本付息以及变更还本付息的条件等。

无论何种情况，在重新安排债务上都会受到损失。

（4）债务勾销风险。

就是指跨国银行迫于债务国的严峻形势对其债务购销而带来的风险损失。

第二节国家风险的评估一、国家风险的评估机构1.专门的国家风险评估机构世界上比较著名的国家风险评估机构有：商业环境风险信息机构（BERI）、《欧洲货币》杂志、《机构投资者》杂志、国际报告集团等。

ContentsCHAPTER 1: INTRODUCTION1.1 Purpose of this guideThis guide is intended to help organisations to put in place effective frameworks for taking informed decisions about risk. The guidance provides a route map for, bringing together recommended approaches, checklists and pointers to more detailed sources of advice on tools and techniques. It expands on the Guidelines for Managing Risk.The process of investment appraisal, in which assessments are made of costs, and risks, is outside the scope of this guide. However, many of the principles and techniques described here can be used when developing the. The approach described in this guide complements’s guidance on programme and management and is continually updated to reflect current thinking. This approach, branded by as (), is supported by training and qualifications.1.2 What is management of risk?In this guide risk is defined as uncertainty of outcome, whether positive or negative. The term ‘’ incorporates all the activities required to identify and control the exposure to risk which may have an impact on the achievement of an organisation’s business objectives.Every organisation manages its risk, but not always in a way that is visible, repeatable and consistently applied to support decision making. The task of is to ensure that the organisation makes cost effective use of a that has a series of well defined steps. The aim is to support better decision making through a good understanding of risks and their likely impact.There are two distinct phases: and. Risk analysis is concerned with gathering information about exposure to risk so that the organisation can make appropriate decisions and manage risk appropriately.involves having processes in place to monitor risks, access to reliable and up to date information about risks, the right balance of control in place to deal with those risks, and decision making processes supported by a framework of and evaluation.covers a wide range of topics, including business continuity management, security, / management and operational service management. These topics need to be placed in the context of an organisational framework for the. Some risk-related topics, such as security, are highly specialised and this guidance provides only an overview of such aspects.1.3 Why management of risk is importantA certain amount of risk taking is inevitable if your organisation is to achieve its objectives. Effective helps you to improve performance by contributing to:∙increased certainty and fewer surprises∙better service delivery∙more effective management of change∙more efficient use of resources∙better management at all levels through improved decision making∙reduced waste and fraud, and better value for money∙innovation∙management of contingent and maintenance activities.See for examples of the of more effective.1.4 Who is involved in risk managementIn practice, everyone in an organisation is involved in risk management to some extent and should be aware of their responsibilities in identifying and managing risk. However, there are some aspects for which responsibility must be assigned to individuals. Without clear responsibility (and the authority to support that responsibility) some risks will be missed or overlooked.In the public sector, there are two major roles with a clear responsibility to ensure risks are managed (there will be equivalents to these roles in private sector organisations). These roles are:∙an Accounting Officer (or equivalent senior manager), who is responsible for the organisation’s overall exposure to risk. Typically this person will be the Chief ExecutiveOfficer (CEO); the senior manager in the organisation. They may delegate some of theactions but cannot forgo the responsibility∙ a senior manager acting as a ‘owner’, who is responsible for risk relating to a specific or and for the realisation of associated business.Audience for this guidanceBusiness managers, process owners, strategic planners, and teams, business continuity planners and security teams are the primary audience for this guidance, together with their service providers.It will also be of interest to auditors, with their responsibility for ensuring effective.1.5 How to use this guideChapter 1 introduces the structure, process and culture of, explaining why organisations need to devise and implement effective strategies in order to maximise and minimise to the achievement of their business objectives. It identifies key personnel in the and the target audience for the guidance.outlines the key principles underpinning: establishing a framework, risk ownership, where risks occur, the decision making process, the importance of embedding the risk management culture, and allocating realistic budgets.describes the main activities of. It contains practical examples, pointers and checklists for identifying and responding to risk, and monitoring.–7 explain when and how should be applied throughout an organisation, at the strategic, , and operational levels.discusses the range of techniques available to support the process.The Annexes provide supporting detail:∙: Examples of of∙: Healthcheck: how well is your organisation managing risk?∙: Categorising risk∙: Setting a standard for evaluation of risk∙:, contractual and legal considerations∙:∙: Managing organisational safety and security∙: Information on further techniques to support∙: Lessons learned from others∙: Assessing the suitability of tools∙: Documentation outlines.1.6 The research for this guidancePrepared by OGC's Directorate, this guidance has been developed from extensive research into current thinking and practice in both the public and private sectors, drawing on published papers and interviews/studies with a number of leading organisations involved in major change and with specialist experts in the. It builds on the recent work of the National Audit Office (), HM Treasury and Cabinet Office, together with OGC's published guidance on best practice in; it also aims to address issues relating to.This guidance responds to lessons learned and the experiences of real-world practical issues, as reported by consultants in 's Strategic Assignments Consultancy Service and their clients. In addition, it incorporates feedback from contributors to workshops and other review channels. These contributions are acknowledged with thanks.CHAPTER 2: PRINCIPLES This chapter outlines the key principles underpinning the effective.2.1 Critical success factors for management of riskThe key elements that need to be in place if is to be effective, and innovation encouraged, include: ∙clearly identified senior management to support, own and lead on∙policies and the of effective management clearly communicated to all staff∙existence and adoption of a framework for that is transparent and repeatable∙existence of an organisational culture which supports well thought-through risk taking and innovation∙fully embedded in management processes and consistently applied∙closely linked to achievement of objectives∙risks associated with working with other organisations explicitly assessed and managed∙risks actively monitored and regularly reviewed on a constructive ‘no-blame’ basis.Joint working and partnerships often involve more complex types of risk that can adversely affect the delivery of business services. For example, if part of the service provided by one organisation is delayed or of poor quality, the success of the whole collaboration can be put at risk. You must make sure that your organisation knows about the approaches of your partners. Sharing information about risk management means that risks in collaborative can be identified and managed in a proactive way.Public sector concernsThe Modernising Government initiative seeks to encourage the public sector to adopt well managed risk taking where it is likely to lead to sustainable improvements in service delivery. More effective will improve the public sector’s ability to undertake the increasingly complex and c ross-cutting that are demanded by the Modernisation agenda. Public sector organisations need to have in place the skills, management structures and organisational structures to take advantage of potential to perform better and to reduce the possibility of failure.The key areas that have to be addressed are:∙the requirements of – including more focused and open ways of managing risk (see the section on below)∙the need for a ‘’ at senior level, for an activity (strategy, or). He or she is supported by at everyday working levels as appropriate for the activity and risk exposure∙the need for improved reporting and upward referral of major problems∙and the potential resolution approaches∙the need for shared understanding of at all levels in the organisation and with partners, combined with consistent treatment of risk∙managing in the wider context of of change and the business.The study of (Supporting Innovation: Managing Risk in Government Departments), the Cabinet Office’s report Successful : Modernising Government in Action, and HM Treasury’s Orange Book provide valuable messages that are incorporated in this guidance.Meeting the needs of corporate governanceCorporate governance is the ongoing activity of maintaining a sound system of internal control to safeguard shareholders’ investment and the company’s.The states that:‘a company’s objectives, its internal organisation and the environment which it operates in are continually evolving and as a result the risks it faces are continually changing. A sound system of control therefore depends on a thorough and regular evaluation of the nature and extent of the risks to which the company is exposed. Since profits [or business results] are in part the reward for successful risk taking in business, the purpose of internal control is to help manage and control risk rather than eliminate it.’frameworks must ensure that management is held accountable for a corporation’s performance and that owners are able to monitor and intervene in the operations of management.These principles apply equally to the public and private sectors. Whereas corporations focus mainly on shareholder returns and the preservation of shareholders’ value, the public sector’s role is to implement cost effectively in accordance with Government legislation and policies.The British Standards Institute () has produced a guidance note on Corporate Governance – PD 6668:2000– relating to the management of. It outlines a management framework for identifying the, determining the risks, implementation and maintaining control measures and finally reporting annually on the organisation’s commitment to this process.Policy on management of risk to support corporate governanceTo support, there needs to be a policy in place. This policy should:∙be appropriate for the size and nature of your organisation, its business and operating environment∙be clear about the roles (and, if possible, individuals) that are responsible for risk∙be clear about escalation criteria in relation to (i.e., when to refer decision making upwards)∙ensure that processes, and the culture/infrastructure, to identify and manage risk are put in place; these processes must be repeatable∙set up the mechanism for monitoring the success of the application of the policy (including reports to management, at least annually)∙ensure that internal control mechanisms are in place for independent assessment that the policy is implemented (and checked).2.2 What is at risk and why?There are many diverse factors that could place an organisation at risk. outlines the main reasons why there should be a robust process in place.Your organisation will have a set of key objectives. Risks should be identified against these objectives, ideally not more than 10-15 at high level. These high-level risks will then be considered and managed by senior management, increasing the organisation’s ability to meet its objectives. provides a ‘healthcheck’ to see if an organisation is adopting an effective framework for and risk management process.expands on possible categories of risk.Relating management of risk to safety, security and business continuityshould be carried out in the wider context of safety concerns, security and business continuity.∙Health and safety policy and practice is concerned with ensuring that the workplace is a safe environment.∙Security is concerned with protecting the organisation’s, including information, buildings and so on.∙Business continuity is concerned with ensuring that the organisation could continue to operate in the event of a disaster, such as loss of a service, flood or fire damage.Figure 1: Reasons for a processReducing risk in large scale projectsExperience has shown that and attempting a large scale, comprehensive business change are less likely to be successful than those taking a less ambitious, step-by-step approach. Although the latter increases management activity, with each of the elements needing to be controlled and coordinated, the advantages are that activities are:∙easier to manage∙simpler to implement within the business environment∙easier to accept formally as, typically, the specification is easier to document and thus simpler to verify that it has been met∙able to offer more options for contingency∙more likely to accommodate fast moving changes in technology, or in the political or financial environment∙able to offer more decision points, allowing greater control of the.2.3 Decisions about riskDecisions about risk need to be balanced so that the potential are worth more to the organisation than it costs to address the risk.For example, innovation is inherently risky but could achieve major in improving services. The ability of the organisation to limit its exposure to risk will also be of relevance.You should aim to make an accurate assessment of the risks in a given situation and analyse the potential. The risks and presented by each course of action should be defined in order to identify appropriate response.Scope of decisionsDecisions about risk will vary depending on whether the risk relates to long, medium or short-term goals.Strategic decisions are primarily concerned with long-term goals; these set the context for decisions at other levels of the organisation. The risks associated with strategic decisions may not become apparent until well into the future. Thus it is essential to review these decisions, and associated risks, on a regular basis.Medium-term goals are usually addressed through and to bring about business change. Decisions relating to medium-term goals are narrower in scope than strategic ones, particularly in terms of timeframe and financial responsibilities.At the operational level the emphasis is on short-term goals to ensure ongoing continuity of business services; however, decisions about risk at this level must also support the achievement of long- and medium-term goals. These organisational levels are discussed in more detail in Chapters, , and.There are also considerations about what can realistically be achieved in one change initiative. Delivery of each of the of a change initiative (whether a, or stage) must provide some direct benefit to the organisation as a result of its delivery. This could be by delivering:∙ a major to support/build towards the intended outcome – for example, providing a telephone helpline first as part of a new information service and then adding websiteservices to expand the facilities available to the public∙the to part of the end us er community and then ‘rolling out’ to the rest of that community –for example, introducing a new information service in the North-East and gradually making it available nationwide.This is a modular and/or incremental approach that is further discussed in Chapters and and in.When managing any it is essential to ensure major decisions are made appropriately. A will support some business change and so require something to be produced and then put into use.shows the main stages of the process and the decisions to be taken about breaking projects down into manageable ‘packages’. For major projects, there will be formal in addition to the normal decision points; these reviews establish whether the is ready to proceed to the next stage.Figure 2: Main stages of the process2.4 Where risks occurThe process should be most rigorously applied where critical decisions are being made.shows where risk can occur in an organisation. For convenience, these levels are described as: ∙strategic or corporate∙operational.In practice, the levels overlap; however, it is helpful to clarify the occurrence of risks at these levels to inform the kind of decisions you are likely to make.Figure 3: Organisational management hierarchyIt is important to note that a risk may materialise initially at one level but subsequently have a major impact at a different level. A recent example is a High Street bank facing technical faults at the operational level; ultimately customers’ confidence in the bank’s online service became a. This highlights the need for relevant information about risks to be shared throughout the organisation.shows examples of typical risks occurring at each organisational level.Table 1: related to organisational levelsLevel Examples of typical risks considered at this levelStrategic/corporate Commercial, financial, political, environmental, directional, cultural, acquisition and quality risks. There is a focus on business survival, continuity and growthfor the future.When, and exceed set criteria –e.g. not acceptable, outsideagreed limits, could affect strategic objectives, information needs to beescalated to this level so that appropriate decisions can be taken./acquisition, funding, organisational, , security, safety, quality and businesscontinuity risks.When and exceed set criteria –e.g. not acceptable, outsideagreed limits, could affect objectives, information needs to be escalated to thislevel so that appropriate decisions can be taken.Personal, technical, cost, schedule, resource, operational support, quality andprovider failure.Operational issues/risks should be considered at this level asthey affect the and how it needs to be run. Information on strategic and relatedrisks should be communicated to this level where they could affect objectives.Project managers should communicate information on risks to other projectsand operations as appropriate.Operations Personal, technical, cost, schedule, resource, operational support, quality, provider failure, environmental and infrastructure failure.All the higher levelshave input to this level; specific concerns include /, support for businessprocesses and customer relations.Additional factorsAdditional factors may increase the complexity of assessing overall exposure to risk. These include:∙interdependencies, or links between and/or related issues, where the impact of one or more risks could affect others, possibly creating a ‘domino’ effect. You should ensure that anyknown interdependencies are identified and assessed so that appropriate action can beplanned∙the relationship between business and risks to delivery, where achievement of is dependent on successful delivery of a. You should continually check whether changing plans affect the achievement of.2.5 A framework for managing riskA framework for sets the context in which risks will be identified, analysed, controlled, monitored and reviewed. It must be consistent with processes that are embedded in everyday management and operational practices. It addresses:∙how risks are identified∙how information about their probability and potential impact is obtained∙how risks are quantified∙how options to deal with them are identified∙how decisions on are made, such as further risk reduction∙how these decisions are implemented∙how actions are evaluated for their effectiveness∙how appropriate communication mechanisms are set up and supported∙how are engaged throughout the process.(See for more information about the and supporting processes.)2.6 Risk ownershipFor the organisation, ownership of the framework lies with the Accounting Officer (or equivalent senior manager at Board level). Individual senior managers own the or and are responsible for the management of the overall risk of that activity. However, these roles do not own all the individual risks. Risk ownership must be clearly defined, documented and agreed with the individual owners at all levels, so that they understand their various roles, responsibilities and ultimate accountability with regard to the. The owner of a risk may not be the person tasked with the assessment or management of the risk, but he or she is responsible for ensuring the process is applied – there may be separate owners to actually deal with the risks.It is important to identify who owns:∙the setting policy and the organisation’s willin gness to take risk∙the process at the different levels – that is, strategic, , , operational levels∙different elements of the process, such as identifying, through to producing and reporting on decisions∙implementation of the actual measures taken in response to the risks∙interdependent risks that cross organisational boundaries, whether they are business processes, operational services or.For example, for a senior manager with responsibility for a, ownership of risk could be defined as follows:Senior managers responsible for projects must assure themselves that a number of types of risk are being tracked and dealt with as effectively as possible. The mechanisms in place for monitoring and reporting risk will vary according to the size and complexity of the or, ranging from the use of a simple to the appointment of a risk manager reporting directly to the senior manager. Clearly, the degree of delegation adopted by the senior manager will vary, but he or she must be sure that the critical issues are being addressed; for example, through chairing the board or by developing strong mechanisms for reporting problems.Checklist: ownership of risk and the process∙Have owners been allocated for all the various parts of the complete process?∙Are the various roles and responsibilities associated with ownership well defined?∙Do the individuals who have been allocated ownership actually have the authority and capability to fulfil their responsibilities? For example, suppliers may be tasked with riskownership.∙Have the various roles and responsibilities been communicated and understood?∙Are the nominated owners appropriate and aware of their nomination?∙Is ownership reassessed on a periodic basis, or in the event of a change in the situation;and if necessary, can it be quickly and effectively reallocated?∙Do all risks, and where appropriate their mitigation actions, have clearly identified owners?Are these owners appropriate?2.7 Embedding the risk management cultureIdentifying appropriate policies, standards and practices is the first stage of creating a risk management culture. Once these are in place they need to be totally embedded in individuals through the enactment of their roles and associated responsibilities.Awareness of and responsibility for risk issues must be linked explicitly to key objectives, in order to build a sustainable culture. There should be delegated responsibility for risks at every level of objectives in the organisation. This is the major support to embedding risk management into the organisation and its culture, with seen as an intrinsic part of the way an organisation works. As the people in an organisation change, it is essential to ensure a continuing understanding of roles and responsibilities related to managing risk.The ri sk environment is constantly changing too. Your organisation’s priorities and the relative importance of risks will shift and change. Assumptions about risk have to be regularly revisited and reconsidered, perhaps by annual review of the risks associated with each of the key organisational objectives.Establishing appropriate competencies and behavioursAn important aspect of setting up a risk culture is to ensure it is relevant to the organisation. is a major facet of effective.Those responsible for need to have knowledge and understanding of:∙strategic planning∙legal requirements∙agreements and contracts∙communication techniques and information management∙staff matters, including how staff can be motivated and involved∙education and continual professional development∙continuous improvement and/or analytical techniques∙how the organisation is monitored and evaluated∙resource management, including equal opportunities and delegation.Although managers tend to work in specific areas of the organisation, either based on technical specialism or business function, they all need to identify and manage risk. To do this they need to be able to:∙ensure that the situation is properly scoped∙identify and assess the risk∙create valid options for reducing risk to an acceptable level∙collect appropriate and meaningful information to assess risk and the options, and then to monitor the risk∙use sound reasoning when making a trade-off between the costs and of managing a risk ∙make a clear commitment to a particular course of action.For planning, the major areas to consider are:∙deciding on the likelihood of a specific event occurring∙prioritising areas to address/actions to instigate. This requires understanding the implications of the options available∙assigning ownership of risks and actions, containment or contingent, to be deployed in a timely manner∙ensuring that continuity plans can cope with the current and potential future situation, not with how things were in the recent past.Visible information on riskInformation on risk and its management needs to reach the people who have to take action or make decisions. This information will flow downwards and upwards between the organisational levels. There will also be sideways flows across each level, between or. The vertical flows are the most important as they reflect levels of responsibility for decision making.For example, a decision may be made at the strategic level that affects the progress of current. Conversely, the collective risks relating to the progress of current may have a strategic impact.These examples illustrate why risks should be identified and handled at each level before they are passed up or down to the next level. Good communication mechanisms are essential to avoid the following problems:∙inadequate communication from lower levels, where people have ‘hands on’ knowledge, to the level where decisions are made, leads to unrealistic expectations from seniormanagement∙inadequate communication from the top down can mean that are no longer supporting the business direction.CommunicationsTo address these problems you will need to ensure that appropriate communication mechanisms exist and are adopted. Your organisation should:∙ensure there is sufficient communication to key, whether internal or external, to support their needs∙ensure that people are aware, informed and understand their part in managing risk∙consider whether there is a need to improve internal communications∙consider training needs and how these can be met adequately∙ensure people have the right information at the right time to fulfil their responsibilities (and how to recognise if this does not happen).See for more information on and.Ensuring that your controls are adequateThere must be adequate control mechanisms to meet the needs of. These will be described in the and implemented through the framework. Specific controls will be introduced across the organisation to cope with certain circumstances, such as through the use of and management.Once an appropriate set of controls is adopted, an independent audit will check that they are in place, adequate and in use.2.8 BudgetsThe process must be embedded in the organisation, rather than being tacked on as an afterthought. The cost of carrying out the process will depend upon the technical, political and organisational。

什么是风险管理（ Risk Management ）？
风险管理（ Risk Management ）的定义为，当企业面临市场开放、法规解禁、产品创新，均使变化波动程度提高，连带增加经营的风险性。

良好的风险管理有助于降低决策错误之几率、避免损失之可能、相对提高企业本身之附加价值。

风险的种类包括：
一、市场风险：市价波动对于企业营运或投资可能产生亏损之风险，如利率、汇率、股价等变动对相关部位损益的影响。

二、信用风险：交易对手无力偿付货款、或恶意倒闭致求偿无门的风险。

三、流动性风险：影响企业资金调度能力之风险，如负债管理、资产变现性、紧急流动应变能力。

四、作业风险：作业制度不良与操作疏失对企业造成之风险，如流程设计不良或矛盾、作业执行发生疏漏、內部控制未落实。

五、法律风险：契约之完备与有效与否对企业可能产生之风险，如承作业务之适法性、外文契约及外国法令之认知。

六、会计风险：会计处理与税务对企业盈亏可能产生之风险，如帐务处理之妥适性、合法性、税务咨询及处理是否完备。

七、资讯风险：资讯系统之安控、运作、备援失当导致企业之风险，如系统障碍、当机、资料消灭，安全防护或电脑病毒预防与处理
等。

八、策略风险：于竞争环境中，企业选择市场利基或核心产品失当的风险。

风险管理原则：
一、强调事前管理。

二、数量化佐证以衡量风险程度。

三、预设最坏的情境。

四、模拟评估。

五、弹性化调整。

对于风险管理政策，应明文订定营业策略或方针、业务计划、內控与稽核制度，建立风险部位限额呈报董事会核定，评估执行绩效并适时检讨修正.。

风险管理程序英文版1.0 PurposeThe purpose of this procedure is to provide for a system and instructions, and to assign responsibilities for identifying and evaluating risks.2.0 ScopeThis procedure applies to risks related to the QMS.3.0 Procedure3.1 The need for risk identification is determined on the basis of information and trendsregarding the performance and effectiveness of the QMS. In particular:●Regulatory requirements●Product safety requirements and considerations●Product and service nonconformities●Process problems and nonconformities●Supplier quality performance records●Reject and scrap rates●Field service records●On time delivery performance●Production equipment maintenance records●Customer feedback and complaints●Quality management system audit records●Data loss/corruption incidents, network outages, etc.3.2 Risks are identified and evaluated when quality performance data indicates that there are trends of decreasing quality capability and/or effectiveness of the qualitymanagement system. For example: increasing incidence of product nonconformity; excessive equipment problems; or increasing number of audit findings against the same quality system process or department.3.3 Initiating risk management projects3.3.1 Risks are identified, evaluated and addressed in DaMei Risk Management module; within a framework of a Risk Management Project.3.3.2 Risk management projects may be proposed by any organizational unit and any employee in the company. Requests for initiating a risk management project are submitted to Management representative or General manager, as appropriate. Only Management representative and General manager have the authority to initiate, or approve the initiation of risk management projects. This is to prioritize and direct resources where risk control is most urgent.4.0 Risk management project4.1 Risk management projects are initiated in DaMei Risk Management module using electronic form EF-380-1 Risk Project.4.2 When initiating a new project, select in form EF-380-1 the risk assessment method that will be used for the project:1) Hazard Evaluation: This is a method for evaluating hazards and related harms, rather than estimating the actual risks. The method is based on evaluating hazardous situations and associated harms (risk cases), and existing controls that reduce the likelihood of the hazardous situation occurring and/or reduce the severity of the harm. The evaluation results in a decisionwhether additional controls need to be implemented to further reduce risk. Although no a full fledged risk analysis, it is an excellent method for demonstrating 'risk based thinking' without going into formal and complex risk analysis studies. This method should not be used when evaluating risks related to the safety of medical devices.2) Risk Matrix Analysis: This is a structured, formal method for assessing risks using a riskmatrix. The risk matrix for the project is defined using a template provided in formEF-380-01 (click the Risk Matrix tab in the form). This method is often referred to in technical literature as a Preliminary Hazard Analysis (PHA). It is a top-down approach, using a list of known hazards as input for the risk analysis. The risk matrix method is the most flexible and versatile, as it can be applied to any product, process or system, and does not require detailed knowledge about the system to be analyzed. Where appropriate, the risk matrix Analysis method should be used when evaluating risks related to the safety of medical devices.Other Method: Select this item when some other risk assessment method will be used, for example: Failure Mode Effects Analysis (FMEA), Failure Mode, Effects and Criticality Analysis (FMECA), Fault Tree Analysis (FTA), Hazard Analysis and Critical Control Points (HACCP), etc.4.3 Risk management projects are periodically reviewed to ensure that they remain relevant and up to date. Review dates are scheduled, and the review are documented in form EF-380-1 in the 'Reviews' block.5.0 Hazards5.1 Hazards are conditions, circumstances, practices or other'things' that can be a source of harm or loss. Hazards do not cause harms; they just make harms possible. Hazards are usually constant, i.e., they are always there, unless the hazard is completely removed.5.2 For each risk management project identify all relevant hazards and enter them into DaMei Risk Management module (select the project and enter hazards into the 'Hazards' grid).。

1.全球化的商务活动国际商务:(international business)跨国企业:(multinational enterprise)对外直接投资:(foreign direct investment)全球商务:(global business)新兴经济体:(emerging economies)新兴市场:(emerging markets)国内生产总值:(gross domestic product)购买力评价法:(purchasing power parity)三大经济体:(triad)金字塔底层: (base of the pyramid)反向创新: (reverse innovation)外派经理: (expatriate manager)跨国补贴: (international premium)外商劣势: (liability of foreignness)全球化: (globalization)风险管理: (risk management)情景规划:(scenario planning)半全球化: (semiglobalization)非政府组织: (nongovernment qrganization) 2.理解政治、法律和经济制度:(institutions)制度转型: (institutional transitions)制度基础观:(institution-based view)制度框架:(institutional framework)正式的制度:(formal institutions)规章支柱:(regulatory pillar)非正式制度:(informal institutions)规范支柱:(normative pillar)认知支柱:(cognitive pillar)交易成本:(transaction costs)机会主义:(opportunism)有限理性:(bounded rationality)政治体制:(political system)民主制:(democracy)集权制:(totalitarianism)政治风险:(political risk)法律体系:(legal system)大陆法:(civil law)普通法:(common law)神权法:(theocratic law)智力资产:(intellectual property)知识产权:(intellectual property rights)国有企业:(state-owned enterprise)道德风险:(moral hazard)专利:(patent)版权:(copyright)商标:(trademark)盗版:(priracy)经济体制:(economic system)市场经济体制:(market economy)计划经济体制:(command economy)混合经济体制:(mixed economy)主权财富基金:(sovereign wealth fund)3.重视文化、道德和规范民族中心主义:(ethnocentrism)社会结构:(social structure)社会分层:(social stratification)社会流动性:(social mobility)低语境文化:(low-context culture)权利距离:(power distance)个人主义:(individualism)集体主义:(collectivism)文明:(civilization)族群:(cluster)男性特征:(masculinity)女性特征:(femininity)不确定性规避:(uncertainty avoidance)长期导向:(long-term orientation)道德:(ethics)行为准则:(code of conduct)道德相对主义:(ethical relativism)道德帝国主义:(ethical imperialism)腐败:(corruption)文化智慧:(cultural intelligence)《反海外腐败法》:(Foreign Corrupt Practices Act) 4.在全球利用能力资源基础观:(resource-based view)SWOT分析:(SWOT analysis)资源:(resources)能力:(capability)价值链:(value chain)基准分析法:(benchmarking)商品化:(commoditization)外包:(outsourcing)离岸经营:(offshoring)近岸经营:(onshoring)圈养资源:(captive sourcing)因果模糊:(causal ambiguity)辅助资产:(complementary assets)社会复杂性:(social complementary)VRIO框架:(VRIO framework)有形的资源与能力:(tangible resources and capabilities)无形的资源与能力:(intangible resources and capabilities)原始设备制造商:(original equipment manufacturer)原始设计制造商:(original design manufacturer)原始品牌制造商:(original brand manufacturer)5.国际贸易贸易逆差:(trade deficit)贸易顺差:(trade surplus)贸易平衡:(balance of trade)古典贸易理论:(classical trade theories)现代贸易理论:(modern trade theories)重商贸易理论:(theory of mercantilism)保护主义:(protectionism)自由贸易:(free trade)绝对优势理论:(theory of absolute advantage)比较优势:(comparative advantage)绝对优势:(absolute advantage)机会成本:(opportunity cost)要素禀赋:(factor endowments)要素禀赋理论:(factor endowments theory)先动者优势:(first-mover advantage)钻石理论:(diamond theory)资源可流动性:(resource mobility)关税壁垒:(tariff barrier)进口关税:(import tariff)净损失成本:(dead-weight costs)非关税壁垒:(nontariff barrier)补贴:(subsidies)进口配额:(import quota)自愿出口限制:(voluntary export restraint)当地含量要求:(local content requirement)行政管理政策:(administrative policy)反倾销税:(antidumping duty)幼稚产业观点:(infant industry argument)贸易禁令:(trade embargo)国家产业竞争优势理论:(theory of national competitive advantage of industries)战略性贸易理论:(strategic trade theory)产品生命周期理论:(product life cycle theory)战略性贸易政策:(strategic trade policy)6.对外直接投资对外证券投资:(foreign portfolio investment)管理控制权:(management control rights)欧力优势:(OLI advantages)所有权:(ownership)区位:(location)内部化:(internalization)扩散风险:(dissemination risks)积聚效应:(agglomeration)知识溢出:(knowledge spillover)市场失败:(market failure)激进观点:(radical view on FDI)市场的不完善:(market imperfection)自由市场观点:(free market view on FDI)实用民族主义:(pragmatic nationalism)技术溢出:(technology spillover)示范效用:(demonstration effect)议价能力:(bargaining power)沉没成本:(sunk cost)议价能力衰减:(obsolescing bargain)感染和模仿效应:(contagion or imitation effect)水平对外直接投资:(horizontal FDI)垂直对外直接投资:(vertical FDI)上游垂直对外直接投资:(upstream vertical FDI)下游垂直对外直接投资:(downstream vertical FDI)对外直接投资流量:(FDI flow)对外直接投资存量:(FDI stock)7.外汇交易外汇汇率:(foreign exchange rate)升值:(appreciation)贬值:(depreciation)国际收支平衡:(balance of payments)浮动汇率制:(floating exchange rate policy)自由浮动:(clean float)有管理的浮动:(dirty float)目标汇率:(target exchange rates)爬行带:(crawling bands)固定汇率制:(fixed exchange rate policy)盯住:(peg)顺风车效应:(bandwagon effect)资本外逃:(capital flight)金本位制:(gold standard)兑换中介:(common denominator)配额:(quota)外汇市场:(foreign exchange market)即期交易:(spot transaction)远期交易:(foreign transaction)货币套期保值:(currency hedging)远期贴水:(forward discount)远期升水:(forward premium)货币互换:(currency swap)最低报价:(offer rate)买入价:(bid rate)价差:(spread)外汇风险:(currency risk)战略性对冲:(strategic headging)货币局制度:(currency board)布雷顿森林体系:(Bretton Woods System)国际货币基金组织:(International Monetary Fund)8.全球与区域一体化多边贸易体制:(multilateral trading system)非歧视性:(non-discrimination)自由贸易区:(free trade area)关税同盟:(customs union)共同市场:(common market)经济联盟:(economic union)货币联盟:(monetary union)政治联盟:(political union)区域经济一体化:(regional economic integration)全球经济一体化:(global economic integration) 9.进入外国市场区位优势:(location-specific advantages)文化距离:(cultural distance)制度差异:(institutional distance)先动者优势:(first-mover advantages)后动者优势:(late-mover advantages)进入规模:(scale of entry)进入模式:(mode of entry)非股权模式:(non-equity mode)股权模式:(equity mode)交钥匙工程:(turn key project)研发合同:(R&D contract)联合营销:(co-marketing)合资企业:(joint venture)全资子公司:(wholly owned subsidiary)绿地运营:(greenfield operation)10.创业型企业中小型企业:(small and medium-sized)创业:(entrepreneurship)创业者:(entrepreneurs)国际创业:(international entrepreneurship)风险投资者:(venture capitalist)小额信贷:(microfinance)天生国际企业:(born global)直接出口:(direct export)信用证:(letter of credit)许可证:(licensing)特许经营:(franchising)间接出口:(indirect export)出口中介:(export intermediary)连续创业者:(serial entrepreneur)阶段模型:(stage model)11.联盟与收购战略联盟:(strategic alliances)契约性联盟:(contractual alliances)基于股权联盟:(equity-based alliances)战略性投资:(stragic investment)交叉持股:(cross-shareholding)收购:(acquisition)合并:(merger)尽职调查:(due diligence)实物期权:(real option)学习竞赛:(learning race)关系能力:(relational capability)收购溢价:(acquisition premium)战略匹配:(strategic fit)组织匹配:(organizational fit)干中学:(learning by doing)过度自信:(hubris)管理动机:(managerial motives) 12.管理动态竞争动态竞争:(competitive dynamics)竞争者分析:(competitor analysis)合谋:(collusion)隐性合谋:(tacit collusion)显性合谋:(explicit collusion)反托拉斯法:(anti-trust law)囚徒困境:(prisoners’ dilemma)博弈论:(game theory)集中度:(concentration ratio)价格领袖:(price leader)惩罚能力:(capacity to punish)市场共通性:(market commonality)多市场竞争:(multimarket competition)相互容忍:(mutual for bearance)跨市场报复:(cross-market retaliation)竞争政策:(competition policy)串通定价:(collusive prise setting)掠夺性定价:(predatory pricing)倾销:(dumping)反倾销法:(antidumping law)资源相似性:(resource similarity)攻击:(attack)反击:(counterattack)蓝海战略:(blue ocean strategy)防御者:(defender)扩展者:(extender)躲避者:(dodger)竞争者:(contender)13.战略与结构地区调适:(local responsiveness)母国复制战略:(home replication strategy)当地化战略:(localization strategy)卓越中心:(centres of excellence)全球托管:(world wide mandate)跨国战略:(transnational division strategy)国际部结构:(international division)地理区域结构:(geographic area structure)全球矩阵结构:(global matrix)组织文化:(organizational culture)知识管理:(knowledge management)显性知识:(explicit knowledge)隐性知识:(tacit knowledge)开放式创新:(open innovation)全球虚拟团队:(global virtual team)吸收能力:(absorptive capacity)社会资本:(social capital)子公司主导:(subsidiary initiative)全球客户结构:(global account structure)整合-响应模型:(integration-responsiveness framework)全球标准化战略:(global standar dization strategy)国家或区域经理:(country manager)全球产品部结构:(global product division structure)微观-宏观联系:(mocro-macro link)基于解决方案的结构:(solutions-based structure)14.公司治理融资:(financing)公司治理:(corporate governance)股权:(equity)股东:(shareholder)债务:(debt)债券:(bond)债券持有人:(bond-holder)违约:(default)资本成本:(cost of capital)跨境上市:(cross-listing)集中的所有权及控制权:(concentrated ownership and control)所有权分散:(diffused ownership)所有权和控制权相分离:(separation of ownership and control)首席执行官:(chief executive officer)高管团队:(top management team)代理关系:(agency relationship)委托人:(principal)代理人:(agent)代理理论:(agency theory)委托-代理冲突:(principal-agent conflicts)代理成本:(agency costs)信息不对称:(information asymmetries)委托-委托冲突:(principal-principal conflicts)剥削:(expropriation)挖墙脚:(tunneling)关联交易:(related transaction)内部董事:(inside director)外部董事:(outside director)CEO兼任:(CEOduality)基于话语的机制:(voice-based mechanisms)基于退出的机制:(exit-based mechanisms)私募股权:(private equity)杠杆收购:(leveraged buyout)股东型资本主义:(shareholder capitalism)管理人力资本:(managerial human capital)管家理论:(steward ship theory)15.公司社会责任公司社会责任:(corporate social responsibility)利益相关者:(stakeholder)三重底线:(triple bottom line)反应性战略:(reactive strategy)防御性战略:(defensive strategy)适应性战略:(accommodative strategy)行为准则:(codes of conduct)前瞻性战略:(proactive strategy)全球可持续发展:(global sustainability)首要利益相关者群体:(primary stakeholder groups)次要利益相关者群体:(secondary stakeholder groups)。

英语论文参考:风险管理风险管理是对一个组织即将到来的威胁和危险的.识别过程。

在一个组织中，风险可以通过多种方式进入，它可以来自项目失败、金融市场、组织中的事故，如洪水、地震、龙卷风、断电、公共卫生和安全以及法律风险等。

很难说，一个组织可以解决所有即将到来的风险的组织如地震，我们可以假定地震破坏的业务，但我们不能说多少，但也有一些替代即将到来的威胁像断电我们可以用发电机维持经营。

Introduction 简介Risk management is a identification process of upcoming threats and danger to an organisation. In an organisation risk can enter through many ways, it can come from project failure, financial market, an accident in organisation such as flood, earthquake, cyclone, power failure, public health and safety and legal risk etc. Risk can be low to medium, or medium to high. It is difficult to say that an organisation can solve all the upcoming risks to the organisation like earthquake, we can just assume that earthquake can damage the business, but we cannot say how much, but there are some alternatives of upcoming threats like in power failure we can use generator to keep running the business.1) Purpose of risk management within an enterprise- The purpose of risk management in an organisation to identify problems before they enter and create problems in the organisation, so that risk management handling process may be planed.It is a continuous looking ahead process so it is an important part of a business. Early detection of risk is important because it is easier, not much expensive, and changes can made easily in the planned process. It is easy to maintain a strategy and solve therisks when they are in early stage. A successful manager can monitor risks before they create problems in a business. The lack of information can is dangerous in a business so the staff of the organisation should be well training so that they can assume the risk when it is in early stage and report to the management as soon as possible.2) Benefits of risk management within an enterprise- An effective risk management program can help the organisations to manage their risks and maximise success opportunities .There are too many benefits of risk management to an organisation, like less time consuming, less costly, less labour. The managers of an organisation should train the staff that they can discuss the risks with the management when it is in early stage. Communication is a beneficial way for an organisation it helps to understand the most important risk areas. Staff can provide information in written or discuss with the management. So it can be early identification for the management and an alert to the management about the upcoming threats. The potential risk management benefits are ; supporting business planning, use of resources in effective ways, continuous improvement in the business, fewer dangers and threats, increase of new opportunities, increasing communication between staff and management, helps and focus internal audit programme etc.3) A Reviewing of activities and internal environment- By reviewing the internal environment of a organisation we can assume that how we can identify the risks and found risk in the organisation is acceptable or unacceptable, if it is unacceptable then how can we manage that risk to avoid an upcoming danger or threat. It can be found by an audit committee or by a group. Risk can affect the internal environment of the organisation .Itdepends on the organisations staff that how well they are trained by the management, it depends on the skills of the staff that how they will handle it or will they handle it themselves or will report to management of the organisation.The staff and management should perform their duties with responsibilities and complete their assignments on the given time frame by the management. There should be a continuous monitoring of activities in the organisation and the management should do something for the development of the staff and give them a proper and continuous training so they can be perfect in performing their duties.B. Setting objectives- All the organisations face the risks from internal and external environments. Objectives should be exist before the management can identify risks affecting the achievements of the organisation. An agency should develop related objectives. There are three broad categories of objectives ”operations, reporting, and compliance. In operations the company should do all the operations and work very effectively and in a progressive way, there should not be the minor faults in the formulations of the products and services of the company. If there are any risks around the operation the management should make a report and find the solutions of the involved risks. If they will avoid the so there will not be compliance risks for the company, and the company can achieve their target successfully.There are some questions that what risks should a company not accept for example quality compromises and environmental and rules and regulations set by the government. They must not accept the legal risks. All the product and services should be a standard quality. Always worst outcomes should be assessed forthe development of the company.C. Event identification- An event is a incident arising from external and internal sources that can affect implementation of strategy. There are some external and internal factors through which we can identify events. Economic changes can affect the company financially. Ups and down in the currency of the country can affect the import and export of the company. Natural environments can also affect the company. Environmental damage can cause by failure in the rules and regulations set by law. Loss of funds through frauds can be a serious problem for the company. Failure to measurement of product can be another deficit for the company. Project delay can affect the company, s reputation. Failure of contractors and partners can be another bad situation for the company. Technical faults can also be costly for the company, It can be time consuming and affect the company, s target and reputation.D. Risk assessment with particular reference to the impact and likelihood of risk- In an organisation it is possible that an event can occur and affect the achievements of the objectives. It can decrease the value of the goods and services, so that risk should analysed because of their impacts. Management should consider the future events, expected or unexpected. They should always finding that what is worst that can happen or damage the reputation of the organisation. Considering the risk appetite the amount of risk is acceptable or not, most likely the government entities risk is low than the private organisations. Tolerance level is high in the private organisations. Risk assessment can use quantitative and qualitative methods. If the management already miss to give notification to the controller and it can be failure to recover the funds. Lack of notification can result in investigation.E. Risk response- Management determines that how can be respond to the risk, reviewing and impact, evaluating costs and benefits and selecting options within the entity, s risk tolerance. Management should keep trying to avoid the risk if there are other alternatives in front of company. By doing that the risk management we can find out what is good for the company. If the risk occurs the specific actions should taken by the management to reduce the risk level. Reducing risk by sharing the impact of the risk can be beneficial for the organisation. If the organisation will accept the risk without doing anything then the results can be dangers.It is easy to analyse the cost side in spite of benefit side. Management should first find the risks in each division or in each business unit. A view of risk can be depicted in several ways focusing on major risks and event categories across divisions. If the risk is in the program unit can be tolerated but it depends of the level of the risk.F. Control activities- there is a major role of effectiveness and efficiency in control activities. Control activities should be tested to ensure that there is not material weakness or difficulties. Management also should ensure that control activities are carried out in a timely manner. Internal auditor can also support management by providing assurance on the effectiveness and efficiency of control activities. In an organisation they must provide the receipt to customers, cash should be handle with care, information system and data processing system should be strong enough, financial reporting, accounts receivable , and investments should handle with care. Misuse of company, s assets, corruption and fraudulent reports should be should be probe properly.The management should focus on the core areas like information system, contracts, purchasing, grants and other programs, services provided to the community, revenue collection, salaries of employees, and property. Risk with large and moderate impacts should be addressed with control activities.G. information communication- Information is major source to identify risks, and respond them in a appropriate way even is external or internal. Information should available for widespread use, all the transactions should recorded and tracked in actual timing, management should have immediate access to operating and financial information more effectively. If the risk is in tolerance than that, s all right otherwise an action should take immediately. Data reliability in information system should assessed carefully, poor assessment or bad management decisions can affect the targets. Communication is another way to be safe from risks, managers and staff needs to discuss the matters with each other, and tries to find the solutions for the problems. If necessary they should take actions immediately.H. Monitoring- In an organisation ongoing monitoring activities should be continuous process. Ongoing monitoring activities will occur through management activities. Division head, Line manager, controller, senior management, internal auditor, and external auditor can evaluate the monitoring process. A variety of evaluation techniques are available like checklist, questionnaire, flowchart techniques, performance steps etc. Reporting to the management about the risks is a good way to keep an eye in the organisation it will be far seeing process which can keep safe the organisation from unwanted danger and threats.Conclusion: Savoury aroma coffee shopee should identify threats coming in the way of achieving objectives and start creating hazards. They should do proper assessment and need to find solution. This solution should be bigger than problem. They have to be very competent and efficient.。