Components of Internal Control
内部控制的要素
Internal control consists of five integrated components.
内部控制包括五个相关关联的要素。
Control Environment
控制环境
The control environment is the t of standards, process, and structures that provide the basis for carrying out internal control across the organization. The board of directors and nior management establish the tone at the top regarding the importance of internal control including expected standards of conduct. Management reinforces expectations at the various levels of the organization. The control environment compris the integrity and ethical values of the organization; the parameters enabling the board of directors to carry o
ut its governance oversight responsibilities; the organizational structure and assignment of authority and responsibility; the process for attracting, developing, and retaining competent individuals; and the rigor around performance measures, incentives, and rewards to drive accountability for performance. The resulting control environment has a pervasive impact on the overall system of internal control.
控制环境是一套标准、流程和结构,能够为内部控制的实施提供基础。董事会和高级管理层为内部控制的重要性(包括期待的行为准则)提供高层定调(the tone at the top)。组织各个层级的管理活动强化了这种期望。控制环境包括了组织正直和道德的价值观;促进董事会行使公司治理的监控职责的机制;吸引、开发和保留人才的机制;严格的绩效衡量、激励和汇报机制以保证绩效实现。控制环境会对内部控制的整体体系产生全面影响。
Risk Asssment
风险评估
Every entity faces a variety of risks from external and internal sources. Risk is defined as
the possibility that an event will occur and adverly affect the achievement of objectives. Risk asssment involves a dynamic and iterative process for identifying and asssing risks tlike的第三人称单数
o the achievement of objectives. Risks to the achievement of the objectives from across the entity are considered relative to established risk tolerances. Thus, risk asssment forms the basis for determining how risks will be managed.
每个组织都面临着来自内外部的各类风险。风险是潜在事件发生并对组织实现其目标产生负面影响的可能性。风险评估包括了根据组织要实现的目标,动态和反复的识别和评估风险的过程。将全组织范围的影响目标实现的风险同已经建立的风险容忍度一同考量后,风险评估就为决定风险如何进行管理打下了基础。
A precondition to risk asssment is the establishment of objectives, linked at different levels of the entity. Management specifies objectives within categories relating to operations, reporting, and compliance with sufficient clarity to be able to identify and analyze risks to tho objectives. Management also considers the suitability of the objectives for the 沉思录读后感
entity. Risk asssment also requires management to consider the imp
act of possible changes in the external environment and within its own business model that may render internal control ineffective.
风险评估的先决条件是组织各个层级的目标的确立。管理层要结合运营、报告和遵循的三大类目标,明确相应的具体目标,以便识别和分析相关的风险。管理层也要考虑这些目标对于组织的可持续性。风险评估还要求管理层考虑可能导致内控失效的外部环境和内部商业模式的可能变化。
Control Activities
控制活动
Control activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of the entity, at various stages within business process, and over the technology environment. They may be preventive or detective in nature and may encompass a range of manual and automated
activities such as authorizations and approvals, verifications, reconciliations, and business performance reviews. Segregation of duties is typically built into the lection and development of control activities. Where gregation of duties is not practical, management lects and develops alternative control activities.
控制活动是通过制度和流程所确立的行动,旨在确保管理层降低影响组织目标实现的风险的方针得以实现。在组织的各个层级,业宝宝流黄鼻涕
务的各个环节,信息技术的整个环境中都应实施控制活动。从性质上,可以是预防性的,也可以是检查性的;应覆盖手工和自动控制;包括授权和批准,复核,对账和业务绩效评估。不相容职责分离也是典型的应选取和推进的控制活动。如果不相容职责分离无法实施,管理层应选择和推进替代性的控制活动。
Information and Communication
信息与沟通
Information is necessary for the entity to carry out internal control responsibilities to support the achievement o杭州电子科技大学录取分数线
f its objectives. Management obtains or generates and us rel
evant and quality information from 整理磁盘碎片
both internal and external sources to support the functioning of other components of internal control.
信息对于组织而言,对推进内控、促进其目标实现是非常必要的。管理层从内外部获得或生成,并且使用相关的有质量的信息来支持内部控制其他要素的正常运转。
Communication is the continual, iterative process of providing, sharing, and obtaining necessary information. Internal communication is the means by which information is disminated throughout the organization, flowing up, down, and across the entity. It enables personnel to receive a clear message from nior management that control responsibilities must be taken riously. External communication is twofold: it enables inbound communication of relevant external information, 零冠词的用法口诀
and it provides information to external parties in respon to requirements and expectations.
沟通是一个持续和不断重复的提供、分享和获得必要的信息的过程,。内部沟通是一个手段,使得信息能够在整个组织向上、向下和横向扩散,能够帮助员工接受来自高管层的清晰的信息——控制的职责必须认真实施。外部沟通包括两个部分:将外部的相关信息传入
组织内部,以及根据其要求和期望,提供信息给外部的相关方。
Monitoring Activities
监督活动
Ongoing evaluations, parate evaluations, or some combination of the two are ud to ascertain whether each of the five components of internal control, including controls to effect the principles within each component, is prent and functioning. Ongoing evaluations, built into business process at different levels of the entity, provide timely information. Separate evaluations, conducted periodically, will vary in scope and frequency depending on asssment of risks, effectiveness of ongoing evaluations, and other management considerations. Findings are evaluated against criteria established by regulators, recognized standard-tting bodies or management and the board of directors, and deficiencies are communicated to management and the board of directors as appropriate.
