.COSO新企業風險管理（ERM）框架（2017版）20原則Components and Principles：要素和原則:1.Exercises Board Risk OversightThe board of directors provides oversight of the strategy and carries out governance responsibilities to support management in achieving strategy and business objectives.1.董事會執行風險監督 - 董事會對戰略進行監督，執行治理責任，支持管理實現戰略和業務目標。2.Establishes Operating StructuresThe organization establishes operating structures in the pursuit of strategy and business objectives.2.建立運營機構 - 組織在追求戰略和業務目標方面建立運營機構。3.Defines Desired CultureThe organization defines the desired behaviors that characterize the entitys desired culture.3.定義崇尚的文化- 組織定義期望的行為來描述所崇尚的文化。4.Demonstrates Commitment to Core ValuesThe organization demonstrates a commitment to the entitys core values.4.展示對核心價值的承諾 - 組織表現出對核心價值觀的承諾。5.Attracts, Develops, and Retains Capable IndividualsThe organization is committed to building human capital in alignment with the strategy and business objectives.5.吸引，發展和保留有能力的個體 - 組織致力于建立符合戰略和業務目標的人力資本。6.Analyzes Business ContextThe organization considers potential effects of business context on risk profile.6.分析業務環境 - 組織考慮業務環境對風險狀況的潛在影響。7.Defines Risk AppetiteThe organization defines risk appetite in the context of creating, preserving, and realizing value.7.定義風險偏好 - 組織在創造，維護和實現價值的背景下定義風險偏好。8.Evaluates Alternative StrategiesThe organization evaluates alternative strategies and potential impact on risk profile.8.評估替代策略 - 組織評估替代策略，并對其潛在影響進行風險預測。9.Formulates Business ObjectivesThe organization considers risk while establishing the business objectives at various levels that align and support strategy.9.制定業務目標 - 組織在確定協調和支持戰略的各個層次的業務目標的同時，應考慮風險。10.Identifies RiskThe organization identifies risk that impacts the performance of strategy and business objectives.10.識別風險 - 組織應確定影響戰略和業務目標績效的風險。11.Assesses Severity of RiskThe organization assesses the severity of risk.11.評估風險的嚴重程度 - 組織評估風險的嚴重程度。12.Prioritizes RisksThe organization prioritizes risks as a basis for selecting responses to risks.12.風險排序 - 組織將風險優先排序，作為選擇風險應對的基礎。13.Implements Risk ResponsesThe organization identifies and selects risk responses.13.實施風險響應 - 組織識別并選擇風險響應措施。14.Develops Portfolio ViewThe organization develops and evaluates a portfolio view of risk.14.建立風險組合觀- 組織開發和評估風險組合觀。15.Assesses Substantial ChangeThe organization identifies and assesses changes that may substantially affect strategy and business objectives.15.評估實質性變化- 組織識別和評估可能嚴重影響戰略和業務目標的變更。16.Reviews Risk and PerformanceThe organization reviews entity performance and considers risk.16.評估風險和績效- 組織評價績效并考慮風險。17.Pursues Improvement in Enterprise Risk ManagementThe organization pursues improvement of enterprise risk management.17.企業風險管理持續改進 - 組織應追求企業風險管理的不斷完善。18.Leverages Information SystemsThe organization leverages the entitys information and technology systems to support enterprise risk management.18.利用信息系統 - 組織利用信息技術系統來支持企業風險管理。19.Communicates Risk InformationThe organization uses communication channels to support enterprise risk management.19.溝通風險信息 - 組織使用溝通渠道來支持企業風險管理。20.Reports on Risk, Culture