文献出处：Bedard J C, Hoitash R, et al. The development of the enterprise risk management theory [J]. Contemporary Accounting Research, 2014, 30(4): 64-95.（声明：本译文归百度文库所有，完整译文请到百度文库。

）原文The development of the enterprise risk management theoryBedard J C, Hoitash RAbstractEnterprise risk management as an important field of risk management disciplines, in more than 50 years of development process of the implementation of dispersing from multiple areas of research to the integration of comprehensive risk management framework evolution, the theory of risk management and internal audit and control theory are two major theoretical sources of risk management theory has experienced from the traditional risk management, financial volatility to the development of the enterprise risk management, risk management and internal audit and control theory went through the internal accounting control and internal control integrated framework to the evolution of enterprise risk management, the development of the theory of the above two points to the direction of the enterprise risk management, finally realizes the integration development, enterprise risk management theory to become an important part of enterprise management is indispensable.Keywords: enterprise risk management, internal audit the internal control1 The first theory source, evolution of the theory of risk management"Risk management" as a kind of operation and management idea, has a long history: thousands of years ago in the west have "don't put all eggs in one basket" the proverb, the ancient Chinese famous "product valley hunger" allusions and "yicang ("system," boat was "organization have a prototype of the modern risk management thought, and points under escort ship transportation, yuen, is effective way to spread risk, transfer risk .In the modern sense of risk management thought appeared in the first half of the 20th century, such as fayol's safe production ideas, Marshall's "risk sharing management" point of view, etc.;But risk management as a discipline system development is started in the middle of the 20th century: in 1950, gallagher in the risk management: a new stage of cost control in the paper, puts forward the concept of risk management; Johnso (1952) mentioned the problems how to deal with risks and uncertainties in farm management, which involves early enterprise (farms) of risk management problem.The emergence of risk management as a discipline real Mehr and Hedges of the enterprise risk management (1963) and C.A.Williams and Richard m. Heins "risk management and insurance" (1964) published marked. Williams and Heins thinks, "risk management is based on the risk identification, measurement and control to the smallest cost risk caused by the loss to the lowest level of management methods", risk management is not just a technology, a method, a kind of management process, and is a new and scientific management.The development of the theory of risk management.1.1The first stage: the 70 s and 1950 sTheoretical tendency mainly is the pure risk prevention and management of enterprise (adverse risk);Take the main strategy of enterprise risk management is risk avoidance and risk transfer, insurance becomes the main risk management tools. Fire events of general motors and the United States steel industry the workers went on strike to enterprise's normal operation caused serious impact and losses, become an important opportunity to promote the development of enterprise risk management theory. This phase the first important area of risk management theory, is the risk management object definition and research. Since the 20th century, scholars have been the object of risk management divided into two major categories of pure risk and speculative risk, and the pure risks as the object of risk management and the target (Denenberg, 1966; Gahin, 1967).In fact, the risk can be divided into pure risk andspeculative risk is a kind of method based on the responsibility, is targeted at loss, is not aimed at risk, so it can be divided into pure risk and speculative risk, but not as good as it can be divided into pure loss and speculative loss, because it can reflect the true respect of the risk manager more loss problem.Is the second important areas, to the enterprise decision-making and of behavior, and insurance in response to the important role of enterprise risk and universality of the study. Greene (1955) orientation is insurance buyers of risk management. A paper published in 1955, the management review "to the risk of a kind of management method", think of insurance as the most important means of enterprise risk management should be attention by the enterprise management and the shareholders, think insurance is a business spending the most valuable part of all kinds of costs. Denenberg etc. (1966) also emphasizes the insurance at this stage the important role of risk management, points out the important responsibility of the risk manager is to determine the appropriate insurance policy for the enterprise and insurance products, that will be the risk manager's name changed to "insurance and risk managers". Snider (1956), McCahill, Jr. (1971) stressed that risk management in the enterprise organization structure not only has a certain status, report to top management work, and want to maintain good communication and coordination with the finance department.A third important area is, the risk management theory into the analysis framework of mainstream economics and management.On the one hand, by the wind management theory combined with the traditional enterprise theory, the risk management of the decision-making process and the integration of enterprise's overall ing the capital asset pricing model, the decision rule of enterprise in the optimal retention ratio, cumulative franchise policy selection and choice of reserves, etc., makes the risk management theory into the financial market;And the use of marginal analysis tool to determine the optimal strategy of risk management, then further forming marks in risk management theory, and become an important area of finance (Cummins, 1976)., on the other hand, William g. Scott complex type combined with risk management organization system, through to the enterprise basicsystem and branch offices neat, will be the overall goal and the risk of the enterprise manager daily target organic unification, then to the appraisal of the branch to contribution to the enterprise overall risk identification and measurement, and consider the relationship between them and the relationship between the dynamic characteristics, so as to provide theoretical sources for the development of risk management (Close,1974).1.2The second stage, the late 1970 s to the end of the 20th centuryRisk management object is mainly the business and financial results of volatility, risk management tools on the basis of insurance also achieved great development, new derivatives and alternative risk transfer (ART) play an important role.In the 1970 s, the collapse of the bretton woods system of exchange rate volatility significantly increased, oil price rising sharply, the production cost of enterprise is difficult to control;After entering the 80 s, high inflation and interest rate volatility and number of money and credit crisis makes the enterprise the management face greater uncertainty.Tool of a large number of applications in convenient enterprise risk management at the same time, also because of its characteristics of leveraged to amplify the damage due to improper use strategy of so the use of derivatives and the management strategy becomes very important.Therefore, the enterprise risk management and derivatives trading, hedge strategy should pay close attention to the competitor (Froot etc., 1994).And (2001) study found that such as Cummins, although the measurement of the risk and the liquidity as well as the decision-making has a positive connection of the underwriter, but for those who use derivatives to hedge risk, the risk index was has negative relationship with the width and depth of the hedge.1.3The third stage, since the 21st centuryAfter entering the 21st century, with the speeding up of the global economic integration, companies, increasing the risk for the influence of various risks and potential consequences will magnify, together with the complexity of the financial derivatives trading and frequency are increased rapidly, to the continuous operation ofthe enterprise put forward the serious challenge, the enterprise must break through the traditional pattern of risk management, from a more comprehensive, integrated view of risk analysis and management, as a result, the comprehensive risk management stage of the development of risk management.The emergence of comprehensive risk management and application of risk management for the enterprise provides new methods and tools, its application field is very broad, from enterprises, non-profit organizations to the government are gradually introduced the analysis framework.2 Second theory sourceInternal audit and the development of control theory in the process of the evolution of enterprise risk management theory, theory of the second source is the evolution and development of internal audit and control theory.From the literature in internal audit and control of the internal accounting control, internal control integrated framework, enterprise risk management process of the overall framework, including the COSO has played a leading role, in particular, it issued two symbolic file "enterprise internal control, the overall framework" and "enterprise risk management - integrated framework".The separation of corporate ownership and control is the ultimate cause of internal audit and the emergence of a control theory, and the expansion of enterprise scale and the structure of the branch in shortage problem caused by the lack of management and control is to encourage enterprises to strengthen internal audit and control of direct motivation.2.1Internal accounting controlInternal accounting control is the first stage in the development of internal control theory.Grady (1957) pointed out that the internal accounting control is a comprehensive coordination of the organization plan and business process system, used to prevent unexpected or wrong operation to bring the asset losses, examination management decision used in accuracy and objectivity of accounting data, promote operational efficiency and encourage compliance with established policies, etc.In practice, accounting and audit personnel played a dominant role in the internal accounting control, audit became the earliest forms of internal control, therefore, the internal control is in deepening and audit activities based on the theory of audit.But with the increase of the enterprise management activity, pure audit already cannot satisfy the needs of the enterprises, the internal control arises at the historic moment, the audit has become a part of the internal control (Haun, 1955).The internal audit activity is one of the important conditions, implement control and management of enterprises is a key component part of the internal control, is the eye of the "supervision" top management.For the internal control evaluation, the audit is the most important tools and stakeholders;At the same time, the audit data for the evaluation of internal control provides conditions, through a review of the audit data, can be a preliminary judgment of enterprise internal control system and in need of improvement, which provide ideas for the perfection of the internal control (Garbade, 1944; Mautz etc., 1966; Smith, 1972).2.2 The internal control framework as a wholeIn 1992, the COSO issued "enterprise internal control, the overall framework, system construction of the enterprise internal control system for the first time. The COSO framework of internal control, is more based on the perspective of independent accountants and auditors, puts forward the concept of enterprise internal control, think the overall internal control framework is mainly composed of control environment, risk assessment, control activities, information and communication, supervision, the five elements, thus the concept of internal control to completely break through the limitation of the audit, the category of management control comprehensive development to the enterprise.COCO, Canada in 1995, the report put forward higher request to the external auditor for the enterprise internal control to join the external factors. International institute of internal auditors in 1996 published "concept and responsibility:" report, think that should be pay more attention to the contribution and role of internal audit in the organization. The risk management of card of German report, ham pell, as well ascomprehensive criteria guide turn bull report is the most famous and arguably Britain three milestones in the internal control research, especially in 1992, DE Burleigh report on internal control, the relationship between the quality of financial reporting and corporate governance as the prerequisite, attaches great importance to the significance of independent audit committee on the internal control.2.3 The enterprise risk management framework as a wholeIn 2004, the COSO committee report in 2004, on the basis of combining the requirements of the sarbanes - oakes act, formally issued "enterprise risk management - integrated framework". The analysis framework will be within the scope of the internal control in enterprise risk management, formed a broader meaning of the internal risk management framework. Therefore, the development of the theory of internal audit and control the final point to the enterprise comprehensive risk management. Reviews the development of internal audit and control, it can be seen that the theory of evolution has experienced the process of "plane, three-dimensional, three-dimensional" : in the stage of internal accounting control, control environment, control activities, and accounting system in the plane of the three elements constitute a control system;In the overall framework of internal control, the control environment, risk assessment, control activities, information and communication, monitoring, five elements, evolved into a three-dimensional control system;In the overall enterprise risk management framework stage, the internal environment, goal setting, item identification, risk assessment, risk response, control activities, information and communication, monitoring, eight elements, makes the enterprise risk management, a solid control system3The development of the enterprise risk management theoryAfter entering the 21st century, the academic study of enterprise risk management, mainly focus on the following: the connotation of enterprise risk management and the target, achieve the goal of enterprise risk managementmechanism, the implementation of enterprise risk management motivation as well as the factors of the enterprise risk management.3.1 the connotation of enterprise risk managementKent d. Miller (1992) the source of the uncertainty problem of enterprise internationalization operation and performance are analyzed, and puts forward the thinking of integrated risk management, for the first time in academia the concept of integrated risk management is studied in detail. Later, scholars gradually with the definition of enterprise risk management refers to those using the method of comprehensive, integrated processing enterprise faces the risk of problems. Skipper (1994), Lisa Meulbroek (2002), enterprise risk management involves not only the profit loss without possibility, also focus on the possibility of benefits and risks. The COSO committee (2004) published an authoritative definition of enterprise risk management.3.2 Enterprise risk management goalsFor the goal of enterprise risk management, the academia mainly has a single teleology and multiple teleology two factions. The single core view of skopos theory is that the goal of enterprise risk management is to maximize the value of the shareholders of a company. Neal Enriquez (2001) pointed out that the main purpose of the enterprise risk management is in order to save a lot of trivial claims costs, facilitate enterprise of risk control, raise the value of the company. Multiple teleology of argument is that the purpose of the enterprise risk management is to achieve multiple goals in the development of enterprises. James Lam (2003), detailing the purpose of overall corporate risk management, including lower earnings volatility, to maximize the value of the shareholders of a company, and to promote professional and financial security, etc.; The COSO committee (2004) proposed the strategic target and business objectives, reporting, and compliance goals four goals.3.3The mechanism of the enterprise risk management, improve enterprise valueThe mechanism of enterprise risk management, improve enterprise value is mainly done through three ways: (1) the optimization of enterprise capital allocation. Enterprise risk management framework of capital structure management, can improve the return on equity and improve the corporate governance structure, which affects the value of the enterprise (Peter Tufano, 1996).(2) improve enterprise strategic decision level. Enterprise risk management will be integrated into the overall strategy of the enterprise risk management, covering the entire process and the development of the enterprise business, can make enterprises seize the opportunity and enhance competition ability, thus improve the performance of the company. Enterprise risk management can reduce the cost of enterprise was in financial trouble, reduce the probability of bankruptcy, reduce the influence of traditional liabilities to the company value (NeilDoherty, 2005).(3) to strengthen the management of incentive, in turn, improve the level of performance. If it can be through effective risk management measures to control the fluctuation of stock price, makes the sensitivity of management compensation to company performance is positive, so that it can solve the agency problem in corporate governance, so as to make the management efficiency and to enhance the value of the company (Aggarwal, 1999).3.4 The enterprise risk management: an empirical study of relationship between the value of the companyEnterprise risk management on earth has much impact on the promotion of enterprise value, simple qualitative analysis is difficult to get the exact conclusion. To do this through a variety of academic empirical method to research: (1) the overall level of study from the enterprise, the enterprise risk management of the company, its universality of the increase of the value of the company has a large (Cyree etc., 2004; Hoyt, etc., 2008);(2) from the specific business level, using tobin Q as substitution variables of enterprise value, found that use derivatives to hedge risk, the enterprise value of a positive growth trend (Allayannis etc., 2001; Bartram, etc., 2004; Nain, 2004; Kim, 2004);Karen berger (2007), ABB company as an example to analyze the risk communication to establish credibility and maintain the significance of the valueof the company.4Summary and outlookCan clearly see through the above analysis, the theory of risk management and internal audit and control theory of the cross and integrated, makes the enterprise risk management in a more integrated and comprehensive perspective and method to deal with the risks of enterprise developing, to ensure the healthy and sustainable development of the enterprise. But in 2007 the outbreak of the subprime crisis, to the enterprise risk management to improve and perfect puts forward a new proposition: how to implement effective risk management to respondA new challenge? Have the following questions need to be further studied and discussed:4.1. The COSO - application problems of enterprise risk management framework.At present the framework is the core of enterprise risk management standards, but more from the perspective of process management is the framework to deal with the risk of enterprise, to real-time risk management is not enough attention, especially not fully consider the enterprise's solvency problems, in fact, enterprise bankruptcy is often insufficient solvency direct consequences. Therefore, the enterprise is the lack of risk management: in the analysis of enterprise risk management framework, how to pay attention to the solvency of enterprises and set up effective feasible evaluation index.4.2. The use of financial derivatives and structured finance instruments.Subprime mortgage crisis, the AIG, citigroup and other large financial institutions are far as companies used as risk reserve capital will not be able to meet the needs of the huge amount of structured products trading, high leverage multiples bring unexpected losses. Therefore, how to correctly treat and deal with problem of structured finance instruments, is the enterprise risk management cannot be ignored.4.3. The problem of corporate social responsibility and reputation.As from the simple to the requirement of enterprise profit extends to social responsibility and reputation, brand, and other fields, enterprise risk management must also be followed by development and extension, to include external stakeholders requirements in enterprise risk management framework, in a more broad perspective to the comprehensive risk management. Therefore, how an enterprise bear the social responsibility through sustainable risk management, realize the harmony of economic interests and social interests, is the future of enterprise risk management an important problem to be reckoned with.译文企业风险管理理论的发展贝达德；霍塔什摘要企业风险管理作为风险管理学科的一个重要领域，在50 多年的发展过程中实现了从多个领域的分散研究向全面风险管理一体化框架的演进，其中风险管理理论和内部审计与控制理论是两大理论来源，风险管理理论经历了从传统风险管理、财务波动性风险管理向企业风险管理的发展，而内部审计与控制理论也经历了内部会计控制、内部控制整体框架向企业风险管理的演进，上述两大理论的发展都指向了企业风险管理的方向，企业风险管理理论最终实现了集成发展，成为企业管理不可或缺的重要组成部分。