“当今世界唯一确定的就是不确定性”已渐成共识,内外部环境日趋复杂,

影响公司经营目标实现的不确定因素日益增多,对企业提高风险管理能力提出了

新的挑战。国务院国资委于2006年发布了《中央企业全面风险管理指引》,它促

使企业建立动态的自我运行、自我完善、自我提升的全面风险管理平台,对规避

企业重大风险损失,提升企业依法经营、科学管理水平有重要意义。

本论文以COSO内部控制框架和国资委《中央企业全面风险管理指引》框

架为理论依据,结合国内政策法规,.在理论上对风险管理的相关理论,不同的体

系框架以及国有企业全面风险管理的定义、特征等进行分析;实践上,从X集团

公司风险管理、内部控制体系的建设和运行情况分析入手,运用国外风险管理体

系建设先进理念,参照国内部份央企风险管理体系建设实践,进而将理论与实践

紧密结合。X集团公司经过几年的管理提升,已打下了较好的内部控制基础。与

内控体系中的控制环境、信息与沟通和监督等相同要素不做重复研究和建设。X

集团公司的全面风险管理体系框架重点研究风险管理的流程及各环节的具体实

施和工具模版的应用。按照“目标、风险、控制”相一致的原则,先梳理业务

流程,理清重要流程的关键节点,同时开展中高层领导的访谈调研工作,了解公

司所面临的风险,尤其是重大和重要风险;其次对公司管理制度及访谈纪要进行

整理,开展风险识别,分析风险在X集团公司的表现和形成的原因,形成风险事

件库;在此基础上设置评价指标,对公司面临的各类风险进行评估,并整理形成

风险排序表;针对风险评价的结果对不同层级的风险采取不同的控制和应对措

施;最后对风险控制的有效性进行测试和监督,形成一套闭环风险管理体系框架。

通过本论文的研究,明晰了全面风险管理体系框架建设的要素和范围,形

成有色金属企业全面风险管理体系框架建设步骤和方法体系,建立涵盖X集团公

司生产、经营和管理各方面较为完善的、运行有效的全面风险管理体系框架,满

足公司的战略、经营、报告和合规性目标,并通过有效实施,达到“规范管理、

防范风险”的目的,为X集团公司又好又快发展“保驾护航”。

【关键词】全面风险管理体系框架研究

I

昆明理工大学MBA学位论文

Abstract

What is absolutely certain about today's world is uncertainty is a point of

view that is shared by more and more people as both internal and external

environment is getting complicated and uncertain factors that will exercise crucial

influences on the achievement of a company's business objectives are increasing in

number. In this context, companies are all facing a new challenge of how to improve

its capability of risk management. SASAC issued in 2006 Guidelines on Overall Risk

Management for State-Owned Enterprises under Supervision and Administration of

Central Government,which urges an enterprise to establish a dynamic overall risk

management platform that is capable of self-operating, self-complementing and

self-improving, and which, in the meantime, is also of great importance and

significance in that it can help an enterprise to avoid major risks,achieve laws- and

standards-compliant operation and improve its level of management.

This dissertation takes as its theoretical base COSO Internal Control

Framework and SASAC's Guidelines on Overall Risk Management for State-Owned

Enterprises under Supervision and Administration of Central Government,takes into

account the national policies and regulations, and makes theoretical analysis of the

risk management theories, different risk management systems and frameworks as well

as the definition and characteristics of the overall risk management in state-owned

enterprises. Practically, it begins with an analysis of the risk management as well as

the establishment and operation of the internal control system within X Corporation

by adopting the advanced approaches prevailing in foreign countries to the building

and establishment of a risk management system, with reference to the practical

experience of domestic state-owned enterprises in building a risk management system,

in order to have a close connection between theory and practice. After years1 effort to

improve the management, X Corporation has already had a sound internal control. So

no study or building is made on the control environment, information, communication

and supervision within and for an internal control system because it would be a repeat

otherwise. In case of the overall risk management system framework in X Corporation,

the focus of the study is on the risk management process, the implementation at and of