Internal controlWord文件下载.docx
《Internal controlWord文件下载.docx》由会员分享,可在线阅读,更多相关《Internal controlWord文件下载.docx(18页珍藏版)》请在冰点文库上搜索。
pliancewithapplicablelaws
andregulations
2.Objectiveofinternalcontrol:
Aninternalcontrolsystemconsistsofthevariousmethodsandmeasuresdesignedintoandimplementedwithinanorganizationalsystemtoachievefourmainobjectives.
Ø
Safeguardingassets
Checkingtheaccuracyandreliabilityofaccountingdata
Promotingoperationalefficiency
Encouragingadherencetoprescribedmanagerialpolicies
3.Backgroundinformationofinternalcontrol
Thekeylaws,professionalguidance,andreportsthatfocusoninternalcontrolsare:
ForeignCorruptPracticesAct1977
TreadwayCommissionReport1977
SASNo.551988
CommitteeofSponsoringOrganizations(COSO)Report1992
SASNo.781995
ControlObjectivesforBusinessandIT(COBIT)1995
InformationFederationforInformationProcessing2001
SADNo.942001
Sarbanes-OxleyAct,Section4042002
CommitteeofSponsoringOrganizations(COSO)Report2004
CobiT,Version4.020
4.7componentsofinternalcontrol(1-5from1992COSOreport,6-7from2004)
The1992COSOReportisimportantbecauseitestablishedacommondefinitionofinternalcontrolforassessingcontrolsystems,aswellasdeterminedhowtoimprovecontrols.
1)Controlenvironment
TheControlEnvironment:
establishesthetomeofacompanyandinfluencesthecontrolawarenessofthecompany’semployees.Itisthefoundationforalltheotherinternalcontrolcomponentsandprovidesdiscipline(训导)andstructure.Factorsincludedwithinthecontrolenvironmentare:
Integrity,ethicalvaluesandcompetenceofemployees
Managementphilosophyandoperatingstyle
Thewaymanagementassignsauthorityandresponsibilityaswellasorganizesanddevelopsitsemployees.
Theattentionanddirectionprovidedbythe
boardofdirectors
2)Riskassessment
Thepurposeofriskassessmentistoidentifyorganizationalrisks,analyzetheirpotentialintermsofcostsandlikelihoodofoccurrence,andinstallthosecontrolswhoseprojectedbenefitsoutweightheircosts.
recognitionthateveryorganizationfaces
riskstoitssuccess
recognitionthatthesourcesareinternalandexternal
identification,analysisandaction
toachievethecompany’sgoals
useofcost-benefitanalysis(todeterminewhetherthecosttoimplementaspecificcontrolprocedureisbeneficialenoughtospendthemoney)
3)controlactivities
arethepoliciesandproceduresthatensure
◦managementdirectivesarecarriedout,
◦protectionoftheassetsofthefirm
includeacombinationof
◦manualcontrols
◦automatedcontrols
e.g.approvals,authorizations,verifications,reconciliations,reviewsofoperatingperformance,andsegregationofduties.
4)Informationandcommunication
Communicationmeansorganizationsmusttellemployeestheirrolesandresponsibilitiespertainingtointernalcontrol.
Management’sresponsibilitytomakesuretheaccountingsystem,
collects
measures
processes
communicatestoindividualsinsideandoutsidethefirm
5)Monitoring
istheprocessthatassessesthequalityofinternalcontrolperformanceovertime
involvesevaluatingthedesignandoperationofcontrolsonatimelybasis,
Initiatingcorrectiveactionwhenspecificcontrolsarenotfunctioningproperly.
6)Objectivesetting
(因为老师说什么希望有图标什么的,所以把这个放上来了)
Enterprise’sobjectivesareviewedfromthesefourperspectives:
ERM(enterpriseriskmanagement)
•Strategic;
highlevelgoalsandmissionofthefirm
•Operations;
daytodayefficiency,performance,andprofitabilityofthefirm.
•Reporting;
internalandexternal
•Compliance;
withlawsandregulations
7)Eventidentificationandriskresponse.
Identifythreats
Analyzetherisks
Implementcost-effectivecountermeasures
Theobjectiveofriskassessmentistomanageandcontrolriskbyidentifyingthreats,analyzingtherisks,andimplementingcost-effectivecountermeasurestoavoid,mitigate,ortransfertheriskstoathirdparty(throughinsuranceprograms).
5.Controlprocedures
PreventiveControls
◦topreventsomepotentialproblemfrom
occurringwhenanactivityisperformed
DetectiveControls–
◦alertuswhenpreventivecontrolshavefailed
Correctivecontrols
◦toremedyproblemsdiscoveredthrough
detectivecontrols
Preventiveanddetectivecontrolprocedures
Shouldnotbetreatedasmutuallyexclusive.
areinterrelated
6.controlactivitieswithinaninternalcontrolsystem
1)agoodAuditTrail
2)soundpersonnelpoliciesandcompetentemployees
3)separationofduties
4)physicalprotectionofassets
5)internalreviewsofcontrolsbyinternalauditsubsystem
6)TimelyPerformanceReports
Reflectthepoliciesandproceduresthathelpensurethatmanagementdirectivesarecarriedout.
1)Anaudittrailenablesauditorsandaccountants
tofollowthetransactiondata
◦fromtheinitialsourcedocuments
◦tothefinaldispositioninafinancialreportandvice-versa
todetect,intheprocessingdata
◦errorsand
◦irregularities
2)Examplesofsoundpersonnelpoliciesare:
Specifichiringprocedures
Trainingprograms
Goodsupervision
Fairandequitableguidelinesfor
employees’salaryincreases
Rotationofcertainkeyemployeesindifferentjobs
Enforcedvacations–helpthemtobreakfromastressfulperiodofintenseeffortonparticularprojectsorworkthathasshortdeadlines.
Insurancecoverageonthoseemployeeswhohandleliquidassets
Regularperformancereviews
3)Separationofduties
Segregatingactivitiesandresponsibilitiesofemployees,theseparationofdutiesstructuresworkassignmentssothatoneemployee’sworkactivitiesserveasacheckonthoseofanotheremployee.
allowsdifferentpeopletoperformvarioustasksofaspecifictransaction
Themainfunctionsthatshouldbekeptseparateare
custodyofassets
recordingtransactions-preparingreconciliations,performancereports
authorizingtransactions–decisiontoapprovetransactions
4)physicalprotectionofassets
Protectionofassetsis
keepingacompany’sassetsinasafephysicallocation
minimizingtheriskofdamagetotheassetsor
avoidingtheftbyemployees
oroutsiders
Examplesofaccountingcontrolprocedure
Avouchersystemprotectsagainstunauthorizedcashdisbursements.
Apettycashfundisusedforsmallexpenditureswherewritingacheckwouldbeinefficient.
cashreceiptsdepositedintacteachday
5)internalreviewofcontrols
reporttohigh-levelmanagementortotheboardofdirectorsinordertoremainindependentandobjectiveasaseparatesubsystem
performperiodicreviewsoneachdepartmenttoevaluatetheirefficiencyandeffectiveness
makerecommendationsofwayscostofcontrolprocedurescanbereduced
6)timelyperformancereports
Performancereports
provideinformationtomanagementon
◦efficiencyoftheinternalcontrolsand
◦effectivenessoftheinternalcontrolthesereports
shouldprovidetimelyfeedbacktomanagementonthe
successoftheinternalcontrolsor
failureoftheinternalcontrols
Computercontrolsfororganizationsandaccountinginformationsystems
TheProcessofDevelopingaSystemofInternalControls
¡
Identifytheorganization'
sobjectives,processes,andrisksanddetermineriskmateriality.
Identifytheinternalcontrolsystemincludingrules,processes,andprocedurestocontrolmaterialrisks.
Develop,test,andimplementtheinternalcontrolsystem.
Monitorandrefinethesystem.
ComputerControlProcedures
Computercontrolsarefrequentlyclassifiedintotwocategories:
Generalcontrolsensurethatacompany’scontrolenvironmentisstableandwellmanagedinordertostrengthentheeffectivenessofapplicationcontrols.
Applicationcontrolsaredesignedtoprevent,detect,andcorrecterrorsandirregularitiesintransactionsastheyflowthroughtheinput,processing,andoutputstagesofdataprocessing.
GeneralControls
Developingasecurityplan
Projectdevelopmentcontrols
Physicalaccesscontrols
Logicalaccesscontrols
Datastoragecontrols
Datatransmissioncontrols
Documentationstandards
Minimisingsystemdowntime