INTERNATIONALSTANDARDISO/FDIS31000Riskmanagement—PrinciplesandguidelinesForeword前言ISO(theInternationalOrganizationforStandardization)isaworldwidefederationofnationalstandardsbodies(ISOmemberbodies).TheworkofpreparingInternationalStandardsisnormallycarriedoutthroughISOtechnicalcommittees.Eachmemberbodyinterestedinasubjectforwhichatechnicalcommitteehasbeenestablishedhastherighttoberepresentedonthatcommittee.Internationalorganizations,governmentalandnot-governmental,inliaisonwithISO,alsotakepartinthework.ISOcollaboratescloselywiththeInternationalElectrotechnicalCommission(IEC)onallmattersofelectrotechnicalstandardization.国际标准化组织(ISO)是各国标准化团体(ISO成员团体)组成的世界性的联合汇。制定国际标准工作通常由ISO的技术委员会完成。个成员团体若对某技术委员会确定的项目感兴趣,均由权参加该委员会的工作。与ISO保持联系的各国际组织(官方的或非官方的)也可参加有关工作。ISO与国际电工委员会(IEC)在电工技术标准化方面保持密切合作的关系。InternationalStandardsaredraftedinaccordancewiththerulesgivenintheISO/IECDirectives,Part2.国际标准是根据ISO/IEC导则第2部分的规则起草的。ThemaintaskoftechnicalcommitteesistoprepareInternationalStandards.DraftInternationalStandardsadoptedbythetechnicalcommitteesarecirculatedtothememberbodiesforvoting.PublicationasanInternationalStandardrequiresapprovalbyatleast75%ofthememberbodiescastingavote.由技术委员会通过的国际标准草案提交各成员团体投票表决,需取得了至少3/4参加表决的成员团体的同意,国际标准草案才能作为国际标准证实发布。Attentionisdrawntothepossibilitythatsomeoftheelementsofthisdocumentmaybethesubjectofpatentrights.ISOshallnotbeheldresponsibleforidentifyinganyorallsuchpatentrights.本标准中的某些内容有可能涉及一些专利权问题,这一点应引起注意,ISO不负责识别任何这样的专利权问题。ISO31000waspreparedbytheISOTechnicalManagementBoardWorkingGrouponriskmanagement.ISO31000由ISO技术管理委员会风险管理工作组编写。1Introduction简介Organizationsofalltypesandsizesfaceinternalandexternalfactorsandinfluencesthatmakeituncertainwhetherandwhentheywillachievetheirobjectives.Theeffectthisuncertaintyhasonanorganization'sobjectivesis“risk”.所有类型和规模的组织都面临内部和外部因素的影响,使得它不能确定是否及何时实现其目标。这种对一个组织的目标影响的不确定性既是“风险”。Allactivitiesofanorganizationinvolverisk.Organizationsmanageriskbyidentifyingit,analysingitandthenevaluatingwhethertheriskshouldbemodifiedbyrisktreatmentinordertosatisfytheirriskcriteria.一个组织的所有活动都涉及风险。组织通过识别、分析、评价风险以及处理风险,以满足他们的风险标准。Throughoutthisprocess,theycommunicateandconsultwithstakeholdersandmonitorandreviewtheriskandthecontrolsthataremodifyingtheriskinordertoensurethatnofurtherrisktreatmentisrequired.ThisInternationalStandarddescribesthissystematicandlogicalprocessindetail.在这个过程中,他们与利益相关者沟通协商,监测和审查风险控制,并不断的修正风险,以确保风险处理不再是必需的。本标准详细描述了这一系统的和符合逻辑的过程。Whileallorganizationsmanagerisktosomedegree,thisInternationalStandardestablishesanumberofprinciplesthatneedtobesatisfiedtomakeriskmanagementeffective.ThisInternationalStandardrecommendsthatorganizationsdevelop,implementandcontinuouslyimproveaframeworkwhosepurposeistointegratetheprocessformanagingriskintotheorganization'soverallgovernance,strategyandplanning,management,reportingprocesses,policies,valuesandculture.尽管所有的组织在某...
