CMA考试新考纲(官方)-part one 3 (2)

内部控制结构和管理理念 Internal Control Structure and Management Philosophy 控制环境
控制环境 – 管理层和董事会设定控制环境 董事会和审计委员会 – 负有最终责任，设定业务的整体目 标，确保股东的最佳利益，审计总监直接向COO和审计委 员会报告，独立董事，至少一位财务专家

信息和沟通 – 相关信息必须被识别、捕捉和交流，形式和 时间框架，成功地完成工作 监控 – 持续的管理行为，独立的评估或两者相结合，内部 审计师、审计委员会、披露委员会以及管理层


Information and communication – relevant information must be identified, captured and communicated, form and time frame, to do job successfully Monitoring – ongoing management activities, separate evaluation, internal auditors, audit committee, disclosure committee, as well as management
Control Environment

10
内部控制结构和管理理念 Internal Control Structure and Management Philosophy 控制环境

2002年萨班斯-奥克斯利法案关于审计师的责任 – 年度报 告中包含内部控制报告，风险为基础的方法，原则为基础 的方法，自上而下的风险评估方法，TDRA的四个步骤

Control Environment
Control environment – management and board set the environment Board of directors and audit of committee – bear final responsibility, sets broad purposes of operation, ensure in the best interest of shareholders, audit director reporting directly to the COO and the audit committee, audit committee consist of independent director, at least one should be financial expert

9
内部控制结构和管理理念 Internal Control Structure and Management Philosophy 控制环境

2002年萨班斯-奥克斯利法案关于管理层的责任 – CEO和 CFO证实财务报告，要求管理层设计和实施内部控制，确 保控制流程的执行
Management responsibility under Sarbanes-Oxley Act of 2002 – CEO and CFO verify financial reports, require management to design and implement internal control, ensure that control procedure are being followed
7

设计内部控制来处理风险 Design Controls to Address Risks 有效控制原则
控制原则 – 内部控制特征，保护公司资产，数据可靠 兼容性原则 – 与组织和人员因素保持一致 灵活性原则 – 允许交易量增长和组织结构变化 成本-利益原则 - 利益必须大于成本，有形与无形
控制活动 - 政策和流程，风险反应被有效执行，六个控制 活动 Control environment – management philosophy and appetite for risk



Risk assessment – determining probability and degree of importance, inherent or residual

Effective Control Principles
Control principle – internal control feature, protect a firm’s assets and ensure data is reliable Compatibility principle – in harmony with organizational and human factors of the business Flexibility principle – flexible enough to allow the volume of transaction to grow and changes to be made Cost-benefit principle - benefits must be greater than the system’s costs, both tangible or intangible 8
3
风险 风险种类

Risk
固有风险 – 当没有内部控制时，财务报表出现重大虚假陈 述的可能性，错误和舞弊，胜任力和正直 控制风险 – 公司的内控措施不能预防或发现超出接受范围 的虚假陈述，控制失效 失侦风险 – 审计证据没有能够发现超出可接受审险的虚假 陈述
Types of Risk
Inherent risk – susceptibility of financial statements to material misstatement when no internal control, error and fraud, competence and integrity Control risk – misstatement exceeding acceptable level not be prevented or detected by internal control, control failure Defection risk – fail to detect misstatement exceeding acceptable audit risk
第四章：内部控制
Section D: Internal Controls
1
第一节：风险评估、控制和风险管理
Topic 1: Risk Assessment, Controls, and Risk Management
2
风险

Risk
风险 – 暴露于某种情况的敞口，增加损失的可能性 风险 – P(t) ×P(f) ×（损失金额） 最小化风险 – 预防威胁发生，增加系统控制和保险 影响风险的因素 – 独立检查的频率，控制方法的足够程度、 沟通的足够程度，执行控制的一贯性，资产的访问限制或 物理控制 Risk – exposure to circumstance, increase likelihood of loss, Risk = P(t) × P(f) ×(Amount of Loss) Minimize risks – preventing threats from occurring, increasing system controls, insuring. Factors affecting risk – frequency of independent check, adequacy of controls methods, adequacy of communication, consistency of enforcement of control, limit access to or physical control of asset
Control activities – policies and procedures, risk response are effectively carried out, six control activities, page 323
6

设计内部控制来处理风险 Design Controls to Address Risks
5

Acceptable Audit Risk


AAR = IR × CR × DR, DR= ARR/(IR×CR)
设计内部控制来处理风险 Design Controls to Address Risks

控制环境 – 管理层理念和对风险的偏好

风险评估 – 确定风险发生的概率以及重要性程度，固有和 剩余

Control Procedures
一般控制和具体控制，每个一般控制都有至少一个相应的 具体控制 资产的保护 – 物理控制，处理事务的职能分离，访问控制 符合法律法规 – 法律、法规、政策、计划、流程 组织目标和目的的实现 – 效果 General control and specific control, each general control has at least one corresponding specific control Safeguarding of Assets – physical control, segregation of function in processing transaction, access control Compliance with applicable laws and regulations – law, regulation, policies, plans and procedures Accomplishment of organization goals and objectives effectiveness
Control Environment

Accounting System

AFra Baidu bibliotekcounting system – financial accounting system and operation information system, reliable and integrity 11
控制程序
会计系统

会计系统 – 财务会计系统和经营信息系统，可靠与完整
Auditor responsibility under SOX – annual report include a report on internal control, follow a risk-based approach, principle-based approach, top down risk assessment approach, four steps in TDRA, page 328

4
风险 可接受审计风险

Risk
可接受审计风险 – 审计失败的可能性，取决于三种风险类 型，代表审计师愿意接受的审计失败的风险 取决于以下三个因素 – 管理层正直，财务报表使用者数量， 被审单位的财务状况 Acceptable audit risk – probability of audit failure, a function of three types of risk, risk the auditor is willing to take that the audit will fail a function of three things – management integrity, number of financial statement users, the auditee’s financial condition
12
控制程序

Control Procedures