内部控制英文文献翻译及参考文献 第6页
homework for the student, they have a duty to make sure the student does so. Finally, teachers and tutors, while they can be of invaluable assistance to both students and their parents or guardians, cannot replace either. In the end, homework remains the primary responsibility of the student and the ultimate responsibility of the parents or guardians.
This analogy holds true for internal control if the students, parents or guardians, teachers, and tutors of the previous example are replaced by management, the governing board, the independent auditor, and the internal auditor. Management is primarily responsible for internal control, because internal control, as explained earlier, is, by its very nature, fundamentally a management concern (i.e., the tools and techniques used by managers to achieve management objectives). Board members, in turn, cannot wash their hands of responsibility for internal control on the grounds that management is primarily responsible, because it is the job of a governing board to ensure that management meets all of its responsibilities. Thus, the governing board is ultimately responsible for internal control. The independent auditor of the financial statements, like a teacher, validates management's success (in preparing reliable financial statements) and is avai able to provide assistance, as needed. Still, even the best teacher cannot make up for a disengaged student or uninvolved parents or guardians. Finally, the role of internal auditors, like that of tutors, is to help those whom they serve to succeed. Nonetheless, an inter- nal auditor can only assist management, not replace it, with regard to internal control.
It is one thing, of course, to insist that the governing board is ultimately responsible for internal control. The real issue remains: "How can a governing board effectively fulfill its responsibility in this regard?" The most practical solution is to establish an audit committee, which ideally can serve the focal point for the board's internal control-related efforts, ensuring that the whole matter of internal control is regularly brought before the board for its attention and dealt with appropriately.2 Similarly, an internal audit function can be invaluable in helping managers, especially those managers with a programmatic rather than a financial background, who may be less familiar with internal control.3
3 Ensuring that the internal control adequacy
Once management and the governing board have assumed their respective responsibility for internal control, how can they know that they have truly fulfilled their obligations? How much control is enough?
Before the COSO Report, it was more common to speak of internal controls (plural) than of internal control (singular). COSO, however, viewed internal control as much more than the sum of its parts (individual policies and procedures). COSO envisioned internal control as a unified structure or framework into which individual control elements or components are integrated. That is, COSO offered a conceptually holistic approach to internal control in place of the earlier, 毕业论文
http://www.751com.cn/ 论文网
http://www.751com.cn/ control environment ("corporate culture")
* There must be a regular, ongoing assessment of risk
* Control-related policies and procedures must be designed, implemented, and maintained to address the risks thus identified
* There must be adequate communication
* There must be a regular and ongoing monitoring of control-related policies and procedures to ensure that they continue to function as designed and that any problems disclosed are handled appropriately
Control environment. An analogy once again may be useful for understanding the importance of the control environment. Children do not grow up in isolation, but rather surrounded by specific individuals in specific circumstances. This environment can have a profound impact on a child's development. Thus, a child with only limited gifts may flourish in a supportive and opportunity-rich environment, whereas a child with much greater potential may languish in a dysfunctional setting.
Internal control also does not function in a vacuum. It is inevitably affected, for better or worse, by the surrounding environment or "corporate culture." Indeed, it is impossible to exaggerate the importance of the ambient control environment to the ultimate success of internal control. The best designed policies and procedures have little hope of being effective in an environment where internal control is viewed with indifference or even hostility (so much "red tape" to be "cut through" to get the job done). Conversely, an environment that is clearly supportive of control will tend to get the most out of even the most basic control-related policies and procedures.
The key to a sound control environment is management's informed and active support for internal control. Management can hardly be supportive of something it does not understand (thus the GFOA recommendation mentioned earlier regarding the need for management to become familiar with the COSO guidance on internal control). Likewise, effective support must involve more than just words; time and resources also have to be a part of the equation.
In addition, there is no substitute for management leading by example. All too often, managers appear to believe in internal control - but only for their subordinates! That is, managers wish to exempt themselves from the very controls they place on those who report to them. Of course, the likely outcome of such an approach is that employees will view the circumvention of internal control as something to be desired (evidence of their rank and importance within the organization) rather than as something to be avoided.
One particularly important example of the principle just discussed is management's response to violations of control-related policies and procedures. All too frequently, managers seek to avoid confrontation, even in situations involving fraud, and thus fail to take effective disciplinary action. Almost inevitably, such a response sends the clear and dangerous message to others that management is not really serious about internal control.
Naturally, an active audit committee and an effective internal audit function are significant positive factors in an entity's control environment.
Assessment of risk. There will always be challenges in the path of management's achieving its objectives (i.e., risks). Moreover, yesterday's risks will not necessarily be the same as today's or tomorrow's. Accordingly, risk assessment cannot be a "one-time" effort, but must be a regular, ongoing process. Likewise, risks must be
上一页 [1] [2] [3] [4] [5] [6] [7] [8] 下一页
内部控制英文文献翻译及参考文献 第6页下载如图片无法显示或论文不完整,请联系qq752018766