內(nèi)控的五要素Components of Internal Control

1、Components of Internal Control內(nèi)部控制的要素Internal control consists of five integrated components. 內(nèi)部控制包括五個(gè)相關(guān)關(guān)聯(lián)的要素。Control Environment 控制環(huán)境The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The board

2、 of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct. Management reinforces expectations at the various levels of the organization. The control environment comprises the integrity and ethical values of

3、the organization; the parameters enabling the board of directors to carry out its governance oversight responsibilities; the organizational structure and assignment of authority and responsibility; the process for attracting, developing, and retaining competent individuals; and the rigor around perf

4、ormance measures, incentives, and rewards to drive accountability for performance. The resulting control environment has a pervasive impact on the overall system of internal control. 控制環(huán)境是一套標(biāo)準(zhǔn)、流程和結(jié)構(gòu)，能夠?yàn)閮?nèi)部控制的實(shí)施提供根底。董事會(huì)和高級(jí)管理層為內(nèi)部控制的重要性包括期待的行為準(zhǔn)那么提供高層定調(diào)the tone at the top。組織各個(gè)層級(jí)的管理活動(dòng)強(qiáng)化了這種期望。控制環(huán)境包括了組織正直和道

5、德的價(jià)值觀；促進(jìn)董事會(huì)行使公司治理的監(jiān)控職責(zé)的機(jī)制；吸引、開發(fā)和保存人才的機(jī)制；嚴(yán)格的績(jī)效衡量、鼓勵(lì)和匯報(bào)機(jī)制以保證績(jī)效實(shí)現(xiàn)?？刂骗h(huán)境會(huì)對(duì)內(nèi)部控制的整體體系產(chǎn)生全面影響。Risk Assessment 風(fēng)險(xiǎn)評(píng)估Every entity faces a variety of risks from external and internal sources. Risk is defined as the possibility that an event will occur and adversely affect the achievement of objectives. Risk asse

6、ssment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. Risks to the achievement of these objectives from across the entity are considered relative to established risk tolerances. Thus, risk assessment forms the basis for determining how

7、risks will be managed. 每個(gè)組織都面臨著來自內(nèi)外部的各類風(fēng)險(xiǎn)。風(fēng)險(xiǎn)是潛在事件發(fā)生并對(duì)組織實(shí)現(xiàn)其目標(biāo)產(chǎn)生負(fù)面影響的可能性。風(fēng)險(xiǎn)評(píng)估包括了根據(jù)組織要實(shí)現(xiàn)的目標(biāo)，動(dòng)態(tài)和反復(fù)的識(shí)別和評(píng)估風(fēng)險(xiǎn)的過程。將全組織范圍的影響目標(biāo)實(shí)現(xiàn)的風(fēng)險(xiǎn)同已經(jīng)建立的風(fēng)險(xiǎn)容忍度一同考量后，風(fēng)險(xiǎn)評(píng)估就為決定風(fēng)險(xiǎn)如何進(jìn)行管理打下了根底。A precondition to risk assessment is the establishment of objectives, linked at different levels of the entity. Management specifies object

8、ives within categories relating to operations, reporting, and compliance with sufficient clarity to be able to identify and analyze risks to those objectives. Management also considers the suitability of the objectives for the entity. Risk assessment also requires management to consider the impact o

9、f possible changes in the external environment and within its own business model that may render internal control ineffective. 風(fēng)險(xiǎn)評(píng)估的先決條件是組織各個(gè)層級(jí)的目標(biāo)確實(shí)立。管理層要結(jié)合運(yùn)營(yíng)、報(bào)告和遵循的三大類目標(biāo)，明確相應(yīng)的具體目標(biāo)，以便識(shí)別和分析相關(guān)的風(fēng)險(xiǎn)。管理層也要考慮這些目標(biāo)對(duì)于組織的可持續(xù)性。風(fēng)險(xiǎn)評(píng)估還要求管理層考慮可能導(dǎo)致內(nèi)控失效的外部環(huán)境和內(nèi)部商業(yè)模式的可能變化。Control Activities 控制活動(dòng)Control activities are t

10、he actions established through policies and procedures that help ensure that managements directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology e

11、nvironment. They may be preventive or detective in nature and may encompass a range of manual and automated activities such as authorizations and approvals, verifications, reconciliations, and business performance reviews. Segregation of duties is typically built into the selection and development o

12、f control activities. Where segregation of duties is not practical, management selects and develops alternative control activities.控制活動(dòng)是通過制度和流程所確立的行動(dòng)，旨在確保管理層降低影響組織目標(biāo)實(shí)現(xiàn)的風(fēng)險(xiǎn)的方針得以實(shí)現(xiàn)。在組織的各個(gè)層級(jí)，業(yè)務(wù)的各個(gè)環(huán)節(jié)，信息技術(shù)的整個(gè)環(huán)境中都應(yīng)實(shí)施控制活動(dòng)。從性質(zhì)上，可以是預(yù)防性的，也可以是檢查性的；應(yīng)覆蓋手工和自動(dòng)控制；包括授權(quán)和批準(zhǔn)，復(fù)核，對(duì)賬和業(yè)務(wù)績(jī)效評(píng)估。不相容職責(zé)別離也是典型的應(yīng)選取和推進(jìn)的控制活動(dòng)。如果不相容職責(zé)別

13、離無法實(shí)施，管理層應(yīng)選擇和推進(jìn)替代性的控制活動(dòng)。Information and Communication 信息與溝通Information is necessary for the entity to carry out internal control responsibilities to support the achievement of its objectives. Management obtains or generates and uses relevant and quality information from both internal and external so

14、urces to support the functioning of other components of internal control. 信息對(duì)于組織而言，對(duì)推進(jìn)內(nèi)控、促進(jìn)其目標(biāo)實(shí)現(xiàn)是非常必要的。管理層從內(nèi)外部獲得或生成，并且使用相關(guān)的有質(zhì)量的信息來支持內(nèi)部控制其他要素的正常運(yùn)轉(zhuǎn)。Communication is the continual, iterative process of providing, sharing, and obtaining necessary information. Internal communication is the means by which

15、 information is disseminated throughout the organization, flowing up, down, and across the entity. It enables personnel to receive a clear message from senior management that control responsibilities must be taken seriously. External communication is twofold: it enables inbound communication of rele

16、vant external information, and it provides information to external parties in response to requirements and expectations. 溝通是一個(gè)持續(xù)和不斷重復(fù)的提供、分享和獲得必要的信息的過程，。內(nèi)部溝通是一個(gè)手段，使得信息能夠在整個(gè)組織向上、向下和橫向擴(kuò)散，能夠幫助職工接受來自高管層的清晰的信息控制的職責(zé)必須認(rèn)真實(shí)施。外部溝通包括兩個(gè)局部：將外部的相關(guān)信息傳入組織內(nèi)部，以及根據(jù)其要求和期望，提供信息給外部的相關(guān)方。Monitoring Activities 監(jiān)督活動(dòng)Ongoing ev

17、aluations, separate evaluations, or some combination of the two are used to ascertain whether each of the five components of internal control, including controls to effect the principles within each component, is present and functioning. Ongoing evaluations, built into business processes at differen

18、t levels of the entity, provide timely information. Separate evaluations, conducted periodically, will vary in scope and frequency depending on assessment of risks, effectiveness of ongoing evaluations, and other management considerations. Findings are evaluated against criteria established by regulators, recognized standard-setting bodies or management and the board of directors, and deficiencies are communicated to management and the board of directors as appropriate.持續(xù)的評(píng)價(jià)，獨(dú)立的評(píng)價(jià)，或者兩者的某種組合可以用來確認(rèn)內(nèi)部控制的五個(gè)要素以及每個(gè)要素下的原那么是否存在并發(fā)揮作用。嵌入整個(gè)業(yè)務(wù)體系的持續(xù)評(píng)價(jià)可以提供及時(shí)的信息；