1、 1 外文翻译 原文 INTERNAL CONTROL INTEGRATED FRAMEWORK Material Source:Addendum to Reporting to External Parties May 1994 Author:Committee of Sponsoring Organizations of the Treadway Commission Senior executives have long sought ways to better control the enterprises they run. Internal controls are put in
2、 place to keep the company on course toward profitability goals and achievement of its mission, and to minimize surprises along the way. They enable management to deal with rapidly changing economic and competitive environments, shifting customer demands and priorities, and restructuring for future
3、growth. Internal controls promote efficiency, reduce risk of asset loss, and help ensure the reliability of financial statements and compliance with laws and regulations. Because internal control serves many important purposes, there are increasing calls for better internal control systems and repor
4、t cards on them. Internal control is looked upon more and more as a solution to a variety of potential problems. What Internal Control Is Internal control means different things to different people. This causes confusion among businesspeople, legislators, regulators and others. Resulting miscommunic
5、ation and different expectations cause problems within an enterprise. Problems are compounded when the term, if not clearly defined, is written into law, regulation or rule. This report deals with the needs and expectations of management and others. It defines and describes internal control to: (1)E
6、stablish a common definition serving the needs of different parties. (2)Provide a standard against which business and other entities large or small, in the public or private sector, for profit or not can assess their control systems and determine how to improve them. Internal control is broadly defi
7、ned as a process, effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: 2 (1)Effectiveness and efficiency of operations. (2)Reliability of financial reporting. (3)Compli
8、ance with applicable laws and regulations. The first category addresses an entitys basic business objectives, including performance and profitability goals and safeguarding of resources. The second relates to the preparation of reliable published financial statements, including interim and condensed
9、 financial statements and selected financial data derived from such statements, such as earnings releases, reported publicly. The third deals with complying with those laws and regulations to which the entity is subject. These distinct but overlapping categories address different needs and allow a d
10、irected focus to meet the separate needs. Internal control systems operate at different levels of effectiveness. Internal control can be judged effective in each of the three categories, respectively, if the board of directors and management have reasonable assurance that: (1)They understand the ext
11、ent to which the entitys operations objectives are being achieved. (2)Published financial statements are being prepared reliably. (3)Applicable laws and regulations are being complied with. While internal control is a process, its effectiveness is a state or condition of the process at one or more p
12、oints in time. Internal control consists of five interrelated components. These are derived from the way management runs a business, and are integrated with the management process. The components are: (1)Control Environment The control environment sets the tone of an organization, influencing the co
13、ntrol consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the entitys people; managements philosophy and operating style; the way manage
14、ment assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the board of directors. (2)Risk Assessment Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment i
15、s establishment of objectives, linked at different levels and internally consistent. Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed. 3 Because economic, industry, regulatory and op
16、erating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change. (3)Control Activities Control activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actio
17、ns are taken to address risks to achievement of the entitys objectives. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performan
18、ce, security of assets and segregation of duties. (4)Information and Communication Pertinent information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. Information systems produce reports, containing operational, financia
19、l and compliance-related information, that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary to informed business decision-making and external reporting. Effective commu
20、nication also must occur in a broader sense, flowing down, across and up the organization. All personnel must receive a clear message from top management that control responsibilities must be taken seriously. They must understand their own role in the internal control system, as well as how individu
21、al activities relate to the work of others. They must have a means of communicating significant information upstream. There also needs to be effective communication with external parties, such as customers, suppliers, regulators and shareholders. (5)Monitoring Internal control systems need to be mon
22、itoreda process that assesses the quality of the systems performance over time. This is accomplished through ongoing monitoring activities, separate evaluations or a combination of the two. Ongoing monitoring occurs in the course of operations. It includes regular management and supervisory activiti
23、es, and other actions personnel take in performing their duties. The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures. Internal control deficiencies should be reported upstream, with serious matters rep
24、orted to top management and the board. There is synergy and linkage among these components, forming an integrated system that reacts dynamically to changing conditions. 4 There is a direct relationship between the three categories of objectives, which are what an entity strives to achieve, and compo
25、nents, which represent what is needed to achieve the objectives. All components are relevant to each objectives category. When looking at any one category the effectiveness and efficiency of operations, for instance all five components must be present and functioning effectively to conclude that int
26、ernal control over operations is effective. What Internal Control Can Do Internal control can help an entity achieve its performance and profitability targets, and prevent loss of resources. It can help ensure reliable financial reporting. And it can help ensure that the enterprise complies with law
27、s and regulations, avoiding damage to its reputation and other consequences. In sum, it can help an entity get to where it wants to go, and avoid pitfalls and surprises along the way. What Internal Control Cannot Do Unfortunately, some people have greater, and unrealistic, expectations. They look fo
28、r absolutes, believing that: (1)Internal control can ensure an entitys success that is, it will ensure achievement of basic business objectives or will, at the least, ensure survival. Even effective internal control can only help an entity achieve these objectives. It can provide management informat
29、ion about the entitys progress, or lack of it, toward their achievement. But internal control cannot change an inherently poor manager into a good one. And, shifts in government policy or programs, competitors actions or economic conditions can be beyond managements control. Internal control cannot
30、ensure success, or even survival. (2)Internal control can ensure the reliability of financial reporting and compliance with laws and regulations. This belief is also unwarranted. An internal control system, no matter how well conceived and operated, can provide only reasonable not absolute assurance
31、 to management and the board regarding achievement of an entitys objectives. The likelihood of achievement is affected by limitations inherent in all internal control systems. These include the realities that judgments in decision-making can be faulty, and that breakdowns can occur because of simple
32、 error or mistake. Additionally, controls can be circumvented by the collusion of two or more people, and management has the ability to override the system. Another limiting factor is that the design of an internal control system must reflect the fact that there are resource constraints, and the ben
33、efits of controls must be considered relative to their costs. 5 Thus, while internal control can help an entity achieve its objectives, it is not a panacea. What to Do Actions that might be taken as a result of this report depend on the position and role of the parties involved: (1)Senior Management
34、 Most senior executives who contributed to this study believe they are basically in control of their organizations. Many said, however, that there are areas of their company a division, a department or a control component that cuts across activities where controls are in early stages of development
35、or otherwise need to be strengthened. They do not like surprises. This study suggests that the chief executive initiate a self-assessment of the control system. Using this framework, a CEO, together with key operating and financial executives, can focus attention where needed. (2)Board Members Membe
36、rs of the board of directors should discuss with senior management the state of the entitys internal control system and provide oversight as needed. They should seek input from the internal and external auditors. (3)Other Personnel Managers and other personnel should consider how their control respo
37、nsibilities are being conducted in light of this framework, and discuss with more senior personnel ideas for strengthening control. Internal auditors should consider the breadth of their focus on the internal control system, and may wish to compare their evaluation materials to the evaluation tools.
38、 (4)Legislators and Regulators Government officials who write or enforce laws recognize that there can be misconceptions and different expectations about virtually any issue. Expectations for internal control vary widely in two respects. First, they differ regarding what control systems can accompli
39、sh. As noted, some observers believe internal control systems will, or should, prevent economic loss, or at least prevent companies from going out of business. Second, even when there is agreement about what internal control systems can and cant do, and about the validity of the reasonable assurance
40、 concept, there can be disparate views of what that concept means and how it will be applied. (5)Professional Organizations Rule-making and other professional organizations providing guidance on financial management, auditing and related topics should consider their standards and guidance in light o
41、f this framework. To the extent diversity in concept and terminology is eliminated, all parties will benefit. (6)Educators This framework should be the subject of academic research 6 and analysis, to see where future enhancements can be made. With the presumption that this report becomes accepted as
42、 a common ground for understanding, its concepts and terms should find their way into university curricula. We believe this report offers a number of benefits. With this foundation for mutual understanding, all parties will be able to speak a common language and communicate more effectively. Busines
43、s executives will be positioned to assess control systems against a standard, and strengthen the systems and move their enterprises toward established goals. Future research can be leveraged off an established base. Legislators and regulators will be able to gain an increased understanding of intern
44、al control, its benefits and limitations. With all parties utilizing a common internal control framework, these benefits will be realized. 译文 内部控制 整体构架 资料来源 : 美国全美反舞弊性财务报告委员会著 199 4 年第二版 作者 : C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t i o n s 委员会 高层管理人员一直在探求更好的企业经营控制之道 。 内部控制 致力于促使企
45、业向着赢利和完成自身使命的目标运行 , 并使这一过程中的意外最小化 。 内部控制使管理层能够应对瞬息万变的经济和竞争环境 , 客户不断变换的需求和偏好 , 并进行重组以利于公司的未来发展 。 内部控制有利于提高企业经营效率 ,降低资产损失风险 , 有助于保证财务报表的可靠性 、 企业经营活动的合法合规性 。 鉴于内部控制具有上述的重要性 , 因此对提高内控系统及其报告质量的需求日益增加 。 内部控制日益被视为诸多潜在问题的解决方案 。 什么是内部控制 内部控制对不同的人有不同的含义 。 这一概念在商业界人士 、 法律界人士 、监管当局和其他 人士之间容易引起混淆 。 由此造成的误解和期望值的差
46、异往往给企业带来问题 。 一旦内部控制这一名词未经清楚定义就写入法律 、 规章或规则 , 问题便复杂化了 。 本文是针对管理层的需要和期望而写的 。 本文对内部控制的定义服务于以下目的 : 7 ( 1) 确立一个满足各方需要通用的定义 。 ( 2) 提供一个标准 无论规模大小 、 公用和私人性质 、 赢利和非赢利 ,使各类企业都能以此对其内部控制制度进行评估和改进 。 内部控制广义上可定义为一个受企业董事会 、 经理层和其他人员影响的 ,为达到下列目标提供合理的保证的程序 : ( 1) 经营的效果和效率 ( 2) 财务报告的可靠性 ( 3) 法律法规的遵循性 第一类目标指企业的基本经营目标 ,
47、 包括业绩 、 赢利指标和资源保护 。 第二类目标指编制可靠的公开财务报表 , 包括中期和简略财务报表 , 以及从这些财务报表中摘出的数据(如利润分配数据) 。 第三类目标指企业经营必须符合相关的法律法规 。 以上三类目标既相互独立又相互联系 , 分别代表不同的需求 ,需要对它们作专门研究 。 内部控制制度依据其运行的有效性程度而有所不同 。 因此 , 这三类目标又可据此进行划分 , 如果董事会和经理层能够合理的保证 : ( 1) 他们清楚地知道企业经营目标实现的程度 ( 2) 公开财务报表的编制是可靠的 ( 3) 企业适用的法律得到遵守 虽然内部控制是一个过程 , 它的效果却表现为在某一时点
48、上这一过程的状态 。 内部控制包括五个相互联系的要素 。 它们源自管理层的经营方式 , 并与管理过程紧密相连 。 内部控制的五项要素为 : ( 1) 控制环境 控制环境决定了企业的基调 , 直接影响企业员工的控制意识 。 控制环境提供了内部控制的基本规则和构架 , 是其他四要素的基础 。 控制环境包括员工的诚信度 、 职业道德和才能 ; 管理哲学和经营风格 ; 权责分配方法 、 人事政策 ; 董事会的经营重点和目标等 。 ( 2) 风险评估 每个企业都面临诸多来自内部和外部的有待评估的风险 。 风险评估的前提是使经营目标在不同层次上相互衔接 , 保持一致 。 风险评估指识别 、 分析相关风险以
49、实现既定目标 , 从而形成风险管理的基础 。 由于经济 、 产业 、 法规和经营环境的不断变化 , 需要确立一套机制来识别和应对由这些变化带来的风险 。 ( 3) 控制活动 控制活动指那些有助于管理层决策顺利实施的政策和程序 。 控制行为有助于确保实施必要的措施以管理风险 , 实现经营目标 。 控制行为体现在整个企业的不同层次和不同部门中 。 它们包括诸如批准 、 授权 、 查证 、核对 、 复核经营业绩 、 资产保护和职责 分工等活动 。 8 ( 4) 信息和沟通 公允的信息必须被确认 、 捕获并以一定形式及时传递 ,以便员工履行职责 。 信息系统产出涵盖经营 、 财务和遵循性信息的报告 , 以助于经营和控制企业 。 信息系统不仅处理内部产生的信息 , 还包括与企业经营决策和对外报告相关的外部事件 、 行为和
