coso《内部控制整合框架》执行纲要213版中英文对照.docx
《coso《内部控制整合框架》执行纲要213版中英文对照.docx》由会员分享,可在线阅读,更多相关《coso《内部控制整合框架》执行纲要213版中英文对照.docx(28页珍藏版)》请在冰点文库上搜索。
coso《内部控制整合框架》执行纲要213版中英文对照
Internal Control – Integrated Framework
内部控制整合框架
Executive Summary
执行纲要
Internal control helps entities achieve important objectives and sustain and
improve performance. COSO’s Internal Control—Integrated Framework
(Framework) enables organizations to effectively and efficiently develop
systems of internal control that adapt to changing business and operating
environments, mitigate risks to acceptable levels, and support sound decision
making and governance of the organization.
内部控制帮助组织达到重要的目标,维持和改进业绩。
科索委员
会的内部控制整合框架使得组织能够开发有效果且有效率的内部控
制体系,该体系且能够适应变化的商业和运营环境,将风险降低到可
接受的水平,并且促进规范决策和组织的治理。
Designing and implementing an effective system of internal control can be
challenging; operating that system effectively and efficiently every day can
be daunting. New and rapidly changing business models, greater use and
dependence on technology, increasing regulatory requirements and scrutiny,
globalization, and other challenges demand any system of internal control to
be agile in adapting to changes in business, operating and regulatory
第 1 页
environments.
设计并实施一套有效的内部控制体系是充满挑战的;每天保持制
度运行的效果和效率会让人可望而不可及。
崭新且不断更新的商业模
型,对技术的深入应用和依赖,日益繁多的监管要求和检查,全球化
和其他挑战要求每一个组织的内部控制体系都能够更加敏捷地适应
不断变化的商业、运营和监管的环境。
An effective system of internal control demands more than rigorous
adherence to policies and procedures:
it requires the use of judgment.
Management and boards of directors1 use judgment to determine how much
control is enough. Management and other personnel use judgment every day
to select, develop, and deploy controls across the entity. Management and
internal auditors, among other personnel, apply judgment as they monitor
and assess the effectiveness of the system of internal control.
一套有效的内部控制体系除了对制度和流程严格遵守外,还要求
判断力。
管理层和董事会通过其判断来决定多少控制是充分的。
管理
层和其他员工每天通过其判断,在组织内选取,推进和实施各类控制。
管理层和内部审计师,以及其他的员工,通过其判断来监控和测试内
部控制体系的有效性。
TheFrameworkassistsmanagement,boardsofdirectors,external
stakeholders, and others interacting with the entity in their respective duties
regarding internal control without being overly prescriptive. It does so by
1 The Framework uses the term “board of directors,” which encompasses the governing body, including board,
board of trustees, general partners, owner, or supervisory board.
本框架使用“董事会”一词,泛指治理层,包括:
董事会,理事会,一般合伙人,所有者和监事会等。
第 2 页
providing both understanding of what constitutes a system of internal control
and insight into when internal control is being applied effectively.
本框架在内部控制方面,对管理层,董事会,外部的利益相关者
和其他与组织产生互动关系的相关方有所帮助,且不会过分死板;而
这有赖于对内部控制体系构成要素的理解,有赖于对内部控制体系能
够有效实施的时机的洞见。
For management and boards of directors, the Framework provides:
对于管理层和董事会,本框架提供:
●A means to apply internal control to any type of entity, regardless of
industry or legal structure, at the levels of entity, operating unit, or function
一套工具,将内部控制推广到各类型的组织,无论行业或法律形
式,无论在组织层面,经营单元层面或职能层面;
●A principles-based approach that provides flexibility and allows for
judgmentindesigning,implementing,andconductinginternal
control—principles that can be applied at the entity, operating, and
functional levels
一种原则导向的方法,能够灵活设计,实施和推进内部控制,并
留有判断空间——这些原则可在组织层面、运营层面和职能层面
应用;
●Requirements for an effective system of internal control by considering
第 3 页
how components and principles are present and functioning and how
components operate together
一些要求,具体阐述有效的内部控制体系的要素和原则是如何存
在和发挥作用,如何在一起产生协调作用;
●A means to identify and analyze risks, and to develop and manage
appropriate responses to risks within acceptable levels and with a greater
focus on anti-fraud measures
一套工具,识别和分析风险,开发和管理合适的风险应对措施将
风险控制在可接受的水平,且更关注反舞弊措施;
●An opportunity to expand the application of internal control beyond
financial reporting to other forms of reporting, operations, and compliance
objectives
一个机会,将基于财务报告的内部控制扩大应用范围,满足各种
其他的报告、运营和遵循目标;
●An opportunity to eliminate ineffective, redundant, or inefficient
controls that provide minimal value in reducing risks to the achievement of
the entity’s objectives
一个机会,清理那些在降低风险方面价值不大的无效,冗余和低
效的控制。
For external stakeholders of an entity and others that interact with the
entity, application of this Framework provides:
第 4 页
对于外部利益相关者和组织的其他相关方,本框架的应用可使其:
●Greater confidence in the board of directors’ oversight of internal control
systems
对于董事会针对内部控制的监管更有信心;
●Greater confidence regarding the achievement of entity objectives
对于组织实现目标更有信心;
●Greater confidence in the organization’s ability to identify, analyze, and
respond to risk and changes in the business and operating environments
对组织识别,分析和应对来自商业与运营环境风险与变化的能力
更有信心;
●Greater understanding of the requirement of an effective system of
internal control
更了解有效的内部控制体系的具体要求;
●Greater understanding that through the use of judgment, management
may be able to eliminate ineffective, redundant, or inefficient controls
更了解管理层如何通过其判断清理那些无效,冗余和低效的控制。
Internal control is not a serial process but a dynamic and integrated
process. The Framework applies to all entities:
large, mid-size, small,
for-profit and not-for-profit, and government bodies. However, each
organization may choose to implement internal control differently. For
第 5 页
instance, a smaller entity’s system of internal control may be less formal and
less structured, yet still have effective internal control.
内部控制不是一个按部就班的过程而是一个动态和整合的过程。
本框架可以适用于各类型的组织:
大型,中型或小型;盈利,非盈利
或政府机构。
然而,每个组织都可以有权选择,实施不同的内部控制。
例如,一个小型组织的内控体系可以不那么正式和结构清晰,但仍保
持有效。
The remainder of this Executive Summary provides an overview of
internal control, including a definition, categories of objective, description
of the requisite components and associated principles, and requirement of an
effective system of internal control. It also includes a discussion of
limitations—the reasons why no system of internal control can be perfect.
Finally, it offers considerations on how various parties may use the
Framework.
以下,本文将对内部控制提供总览,包括定义,各类别的目标,
必要要素和相关原则的描述,以及对一个有效内部控制体系的要求。
本文也将讨论内部控制的局限性——为什么没有一个内部控制体系
是完美的。
第 6 页
Defining Internal Control
定义内部控制
Internal control is defined as follows:
内部控制定义如下:
Internal control is a process, effected by an entity’s board of
directors, management, and other personnel, designed to
provide reasonable assurance regarding the achievement of
objectives relating to operations, reporting, and compliance.
内部控制是一套流程,受组织的董事会,管理层和其他员工所影响,
被设计并用来为组织提供合理保证,使其实现运营,报告和遵循目标。
This definition reflects certain fundamental concepts. Internal control is:
以上定义体现了一些基础概念。
内部控制是:
Geared to the achievement of objectives in one or more
categories—operations, reporting, and compliance
使组织实现多个种类的目标,如运营,报告和遵循;
A process consisting of ongoing tasks and activities—a means to an end,
not an end in itself
一个持续不断的过程,包括各种任务和活动——一个达到目的的
手段,而非目的本身;
第 7 页
Effected by people—not merely about policy and procedure manuals,
systems, and forms, but about people and the actions they take at every level
of an organization to affect internal control
受人的影响——不仅仅是制度和流程手册,体系和表单,而是组
织各个层级的人和他们所采取的行动;
Able to provide reasonable assurance—but not absolute assurance, to an
entity’s senior management and board of directors
可以向组织的高级管理层和董事会提供合理保证——而非绝对保
证;
Adaptable to the entity structure—flexible in application for the entire
entity or for a particular subsidiary, division, operating unit, or business
process
可以适应组织的结构——可灵活应用于整个组织或一个分支机构,
业务部,运营单元或业务流程。
This definition is intentionally broad. It captures important concepts that are
fundamental to how organizations design, implement, and conduct internal
control, providing a basis for application across organizations that operate in
different entity structures, industries, and geographic regions.
这个定义被设定的包含广泛,包括了关于组织如何设计,实施和
推进内部控制的一些重要的基础概念,为不同的组织架构,行业和地
理区域的组织提供了操作支持。
第 8 页
Objectives
目标
The Framework provides for three categories of objectives, which allow
organizations to focus on differing aspects of internal control:
本框架提供了三个类型的目标,使得组织可以关注于内部控制的不同
方面:
Operations Objectives—These pertain to effectiveness and efficiency of the
entity’s operations, including operational and financial performance goals,
and safeguarding assets against loss.
运营目标——组织运营的效果和效率,包括运营和财务绩效目标,资
产安全不受损失。
Reporting Objectives—These pertain to internal and external financial and
non-financial reporting and may encompass reliability, timeliness, transpar-
ency, or other terms as set forth by regulators, recognized standard setters,
or the entity’s policies.
报告目标——内、外部的财务和非财务报告的可靠性、及时性、透明
度,以及其他监管者、公认的标准制定机构和组织政策所要求的方面。
Compliance Objectives—These pertain to adherence to laws and regulations
to which the entity is subject.
遵循目标——遵守对组织适用的法律法规。
第 9 页
Components of Internal Control
内部控制的要素
Internal control consists of five integrated components.
内部控制包括五个相关关联的要素。
Control Environment
控制环境
The control environment is the set of standards, processes, and structures
that provide the basis for carrying out internal control across the organization.
The board of directors and senior management establish the tone at the top
regarding the importance of internal control including expected standards of
conduct. Management reinforces expectations at the various levels of the
organization. The control environment comprises the integrity and ethical
values of the organization; the parameters enabling the board of directors to
carry out its governance oversight responsibilities; the organizational struc-
ture and assignment of authority and responsibility; the process for attracting,
developing, and retaining competent individuals; and the rigor around
performance measures, incentives, and rewards to drive accountability for
performance. The resulting control environment has a pervasive impact on
the overall system of internal control.
控制环境是一套标准、流程和结构,能够为内部控制的实施提供基础。
董事会和高级管理层为内部控制的重要性(包括期待的行为准则)提
第 10 页
供高层定调(the tone at the top)。
组织各个层级的管理活动强化了
这种期望。
控制环境包括了组织正直和道德的价值观;促进董事会行
使公司治理的监控职责的机制;吸引、开发和保留人才的机制;严格
的绩效衡量、激励和汇报机制以保证绩效实现。
控制环境会对内部控
制的整体体系产生全面影响。
Risk Asses
升级会员 