外文翻译-如何监测内部控制

财务报告的内部控制【外文翻译】本科毕业论文(设计)外文翻译外文题目 Auditing Internal Control Over Financial Reporting外文出处《 Auditing Internal Control Over Financial Reporting》University of Hawai’i at Hilo 2004(12):100-107外文作者 James E. Hunton原文:Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 2 , AnAudit of Internal Control Over Financial Reporting Performed in Conjunction With an Audit of Financial Statements, (AS-2) addresses the work that is required to audit internal control over financial reporting and the relationship of that audit to the audit of the financial statements.Since the issuance of AS-2, auditors and other parties have raised questions on a variety of issues about the implications of AS-2. To answer those questions, on June 23, 2004, the Office of the Chief Auditor of the PCAOB issued guidance in the form of questions and answers on issues related to the implementation of AS-2. Refer to the September 30, 2004, and October 15, 2004, GAAS Update Service issues for coverage of the topics previously addressed by the PCAOB staff in its June release, which relate to the following areas: auditor independence;scope and extent of testing; evaluating deficiencies; multi-location issues; using work of others;and serviceorganizations. In response to additional implementation questions that continue to be raised, on October 6, 2004, the PCAOB staff updated its June release, Auditing Internal Control Over Financial Reporting, on frequently asked questions. The updated PCAOB release issued in October 2004 provides additional interpretive and implementation guidance on issues relating to scope and extent of testing, evaluating deficiencies, and service organizations.PCAOB staff questions and answers represent the staff’s opinions on issues related to the implementation of the standards of the PCAOB. They are intended to1provide guidance to auditors on implementing the PCAOB’s standards. However, they are neither rules of the PCAOB nor have they been approved by the PCAOB.Scope and Extent of TestingQ. Does the scope of internal control over financial reporting as it relates to compliance with laws and regulations under AS-2 encompass controls over a broader array of circumstances than those described in AU Section 317, Illegal Acts byClients?A. Yes. AU Section 317, Illegal Acts by Clients, provides that the auditorconsider the laws and regulations that have a direct and material effect on the determination of financial statement amounts. However,paragraph 15 of AS-2 does not use the phrase “direct and materialeffect on the determination of financial statement amounts.” Rather, paragraph 15 of AS-2 provides that operations andcompliance with laws and regulations directly related to the presentation of and required disclosures in financial statements are encompassed in internal control over financial reporting. This provision in AS-2 includes: (1) the “direct and material”effects described in AU Section 317, such as compliance with taxlaws that affect accruals and the amount recognized as expense in the accounting period; and (2)other circumstances that would be classified under AU Section 317 as having only indirect effects on the financial statementsIn the PCAOB staff’s view, internal control over financialreporting encompasses controls over the identification, measurement, and reporting of all material actual loss events that have occurred, including controls over the monitoring and risk assessment of areas in which such actual loss events are reasonably possible. The staff guidance illustrates this point by indicating that, for example, a waste disposal company’s internal control over financial reporting ordinarily would encompass controls for identifying and measuring environmental liabilities for existing and newly acquired landfills, even if there is no governmental investigation or enforcement proceeding underway.The PCAOB staff believes that its interpretation is consistent with the Securities and Exchange Commission (SEC) staff’s views regarding management’s2responsibilities for assessing internal control over financial reporting. According to the SEC staff, while it may be possible to connect the violation of any law, rule, or regulation to the financial statements by observing that if the violation is significant enough it will have a material effect on the registrant’s financial statements, the SEC staff does not believe that compliance with all laws fits within the definition. The SEC’s financial reporting requirements and the Internal Revenue Code are examples of regulations that are directly related to the preparation of the financial statements. Conversely, rules requiring disclosure as to the existence of a code of ethics or disclosure as to the existence of an audit committee financial expert are examples of rules promulgated under the Sarbanes-Oxley Act of 2002 (SOA) that are not directly related to the preparation of financial statementsEvaluating DeficienciesWhat is the effect on the auditor’s evaluation of management’s assessment of internal control and the au ditor’s report in circumstances under which management’s assessment and the auditor’s audit procedures do not include certain controls that should have beenencompassed because neither management nor the auditor has the ability to evaluate those controls?A. There may be circumstances in which there are restrictions on the scope of the auditor’s engagement to audit internal control over financial reporting. For example, both management and the auditor may be unable to obtain evidence of operating effectiveness of controls at a service organization used by the company because a type 2 Statement on Auditing Standards (SAS) No. 70, Service Organizations, (SAS-70) report that is deemed to be necessary under the circumstances is not available. If neither management nor the auditor is able toperform tests of controls at the service organization (e.g., because management does not have a contractual right to do so), a scope limitation exists.An SEC staff interpretation states that, subject to limited exceptions, management cannot issue a report on internal control with a scope limitation. Under paragraph 20 of AS-2, in order for the auditor to satisfactorily complete an audit of internal control over financial reporting, management must fulfill several3responsibilities, including evaluating the effectiveness of the company’s internal control over financial reporting and supporting its evaluation with sufficient evidence. Therefore, if management is unable to assess certain controls over financial reporting that should have been included in its assessment, a control deficiency exists. If the transaction or events subject to controls that management is unable toassess are material to the company’s financial statements, the auditor ordinarily would determine that this control deficiency represents a material weakness. In addition, the auditor would need to determine whether management, under the circumstances, had failed to fulfill its responsibilities to evaluate the effectiveness of the company’s internal control over financial reporting and support its evaluation with sufficient evidence. If the auditor determines that management has not fulfilled its responsibilities, the auditor is required to disclaim an opinion. Also, to the extent that management has willfully decided not to fulfill its responsibilities, the auditor may have additional responsibilities under AU Section 317 and under Section 10A of the Securities Exchange Act of 1934.In making the determination of whether management has fulfilled its respons ibilities to evaluate the effectiveness of the company’s internal control over financial reporting, the PCAOB staff indicates that the auditor could evaluate factors, such as the following: • The date of the contract or other transaction documents that co uld have provided management with the ability to assess controls or otherwise to obtain evidence of the operating effectiveness of relevant controls;• The relative ease or difficulty with which management could renegotiate the contract or transaction documents and the extent to which management has attempted to do so; and• Whether management is able to assess the controls, or obtain evidence of operating effectiveness of relevant controls, in the absence of having access to the controls. The PCAOB staff provides the following examples of how to apply the aforementioned guidance:• Inability to obtain evidence of the operating effectiveness of controls at the4service organization.When the transactions or events subject to the internal controls at the service organization are material to the company’s financial statements, and management is unable to obtain evidence about their operating effectiveness, the auditor ordinarily would determine that a material weakness exists. However, for example,if the servicing contract with the service organization was executed in 2001 (i.e., well before the existence of the SOA) and management already has negotiated with the service organization to provide a suitable type 2 SAS-70 report next year, the auditor might determine that management had fulfilled its responsibilities under AS-2. Accordingly, the auditor might be able to complete the audit of internal control over financial reporting. On the other hand, the auditor ordinarily would determinethat management had not fulfilled its responsibilities under AS-2 in the following circumstances: (1) if management recently renewed its contract with the service organization but did not negotiate either an agreement about obtaining a suitable type 2 SAS-70 report or permission to test controls at the service organization; or (2) if the contract with theservice organization is long-dated and management has not attempted to negotiate to obtain the necessary evidence of operating effectiveness of controls. Accordingly, in these circumstances, the auditor would be required to disclaim an opinion and would need to evaluate his or her additional responsibilities under AU Section 317 and under Section 10A of the Securities Exchange Act of 1934.• Consolidation of variable interes t entities. The SEC allows management tolimit its assessment of internal control over financial reporting by excluding certain entities that are subject to consolidation under FASB Interpretation No. 46, Consolidation of Variable Interest Entities—an Interpretation of ARB No. 51(FIN-46). For example, management is permitted to exclude from the scope of its assessment the controls of an entity in existence prior to December 15, 2003, that is consolidated pursuant to FIN-46, for which the company does not have the right or authority to assess the controls and also lacks the ability to make that assessment. In such situations, according to AS-2, the auditor may limit the audit of internal control over financial reporting in the same manner and report without reference to the scope5limitation. On the other hand, if management is unable to assess the controls of an entity consolidated pursuant to FIN-46 that came into existence subsequent to December 15, 2003, the auditor would concludethat a control deficiency exists; accordingly, if the consolidated variable interest entity is material to the company’sfinancial statements, the auditor ordinarily would conclude thatthis represents a material weakness in internal control over financial reporting. Also, the auditor needs to determine whether management has fulfilled its responsibilities as described in paragraph 20 of AS-2. If the auditor determines that management has not fulfilled its responsibilities, the auditor is required to disclaim an opinion. Also, to the extent that management has willfully decided not to fulfill its responsibilities, the auditor may have additional responsibilities under AU Section 317 and under Section 10A of the Securities Exchange Act of 1934.Service Organizations• By vir tue of the requirement in AS-2 for the auditor to perform at least one walkthrough for each major class of transactions, if a service organization’s services involve the processing of a major class of transactions, should the auditor perform walkthroughs at the service organization?• AS-2 requires the auditor to perform at least one walkthrough for each major class of transactions. In a walkthrough, the auditor traces all types of company transactions and events: (1) from origination; (2) through the comp any’s accounting, information, and financial reporting system; and (3) to their inclusion and disclosure in the company’s financial statements. Because of the importance of walkthroughs and thefact that they accomplish several objectives, AS-2 specifically requires the auditor to: • Perform walkthroughs in each annual audit of internal control over financial reporting;• Perform the walkthroughs directly himself or herself (i.e., the auditor is precludedfrom delegating the performance of walkthroughs to others, e.g., to management or tothe internal auditors); and• Perform at least one walkthrough for each major class of transactions. If theprocessing of a major class of transactions involves the services ofa service6organization, the PCAOB staff advises that auditors would not haveto perform walkthroughs at the service organization, as long as they were able to obtain sufficient evidence to achieve the objectives of the walkthrough by other means, for example through a service auditor’s repor t. In evaluating if the service auditor’s report provides evidence sufficient to achieve the objectives of a walkthrough, the PCAOB guidance indicates that auditors should follow the directions in paragraphs B21 to B24 of AS-2, which indicate:• The audit or may obtain evidence about whether controls that are relevant to management’s assessment and the auditor’s opinion are operating effectively by performing procedures, such as the following:—Performing tests of the user organization’s controls over the activities of the service organization (e.g., testing the user organization’s independent performance of selected items processed by the service organization or testing the user organization’s reconciliation of output reports with source documents).— Performing tests of controls at the service organization.—Obtaining a service auditor’s report on controls placed in operation and tests of operating effectiveness, or a report on the application of agreed-upon procedures that describes relevant tests of controls.• If a service auditor’s report on controls placed in operation and tests of operating effectiveness is available, management and theauditor may evaluate whether this report provides sufficient evidence to support the assessment and opinion, respectively.In evaluating whether such a service auditor’s report provides sufficient evidence, management and the auditor should consider the following factors: — The time period covered by the tests of controls and its relation to the date of management’s assessment;— The scope of the examination and applications covered, the controls tested,and the way in which tested controls relate to the company’s controls; and—The results of those tests of controls and the service auditor’s opinion on the operating effectiveness of the controls.• If the service auditor’s report on controls placed in operation and tests of operating7effectiveness contains a qualification that the stated control objectives might be achieved only if the company applies controls contemplated in the design of the system by the service organization, the auditor should evaluate whether the company is applying the necessary procedures. For example, completeness of processing payroll transactions might depend on the company’s validat ion that all payroll records sent to the service organization were processed by checking a control total. • In determining whether the service auditor’s report provides sufficient evidence tosupport management’s assessment and the auditor’s opinion, management and the auditor should make inquiries concerning the service auditor’s reputation, competence, and independence. The auditor should refer to AU Section 543,Part of AuditPerformed by Other Independent Auditors, for additional guidance. If the companyauditor concludes that information is not available to obtain sufficient evidence to achieve the objectives of the walkthrough, he or she may: (1) consider contacting the service organization, through the user organization, to obtain specific information or to request that a service auditor be engaged to perform the procedures that will providethe necessary information; or (2) visit the service organization and perform the necessary procedures.Source:James E. Hunton, Auditing Internal Control Over Financial Reporting :University of Hawai’i atHilo. December 2004(12):100-1078译文:财务报告的内部控制上市公司会计监督委员会(PCAOB)审计准则第2号，内部审计对财务报告与审计财务报表的控制，解决了所需要的内部控制审计财务报告工作和相关的财务报表的审计。

Internal management, establish a sound internal control system, enterprises and the needs for enterprises to face market risks and challenges. Only in accordance with the actual situation of their own, developed to meet the needs of internal management control system, and strictly follow the implementation can be sustained, steady and healthy development.内部管理，建立健全内部控制制度，企业和企业面临的市场风险和挑战的需要。

只有按照自己的实际情况，开发出满足内部管理控制系统的需求，并严格遵照执行能够持续，稳定和健康的发展。

The so-called internal control, the means by the enterprises board of directors, managers and other staff implementation, in order to ensure the reliability of financial reporting, operating efficiency and effectiveness of existing laws and regulations to follow, and so provide reasonable assurance that the purpose of the course. Internal controls related to enterprise production and management of the control environment, risk assessment, supervision and decision-making, information and transfer and self-examination, from a business perspective on the whole in all aspects of production. Their effective implementation will undoubtedly promote enterprise production and management to a new level, to promote the rationalization of business processes and standardization.所谓内部控制，董事会的企业董事会，经理和其他员工实施的，为保证财务报告的可靠性，现有的法律法规，经营的效率和效果跟踪，并提供合理的保证，本课程的教学目的。

附录A附录B如何监测内部控制内部控制是任何组织有效运行的关键,董事会、执行长和内部审计人员都为实现这个企业的目标而工作;该内部控制系统是使这些团体确保那些目标的达成的一种手段。

控制帮助一个企业有效率地运转。

此外,运用一种有效的风险系统,风险可被降低到最小。

同时,控制促进经营和与经营有关的信息的可靠性。

全美反舞弊性财务报告委员会发起组织(COSO；1992) 在它发布的具有开创性的文件《内部控制整合框架》中,将内部控制定义为：企业风险管理是一个过程，受企业董事会、管理层和其他员工的影响，包括内部控制及其在战略和整个公司的应用，旨在为实现经营的效率和效果、财务报告的可靠性以及法规的遵循提供合理保证。

该委员会还指出,一个的内部控制的系统包括五个要素。

它们是：控制环境、风险评估、信息和沟通、控制活动、监控。

COSO的定义及五个要素已被证明确实对不同的团体,如董事会和首席执行官起到作用。

这些群体对内部控制系统的监管以及系统设计与运行有责任。

而且,内部审计人员已经发现COSO的指导是有用的。

这群人员可能会被董事会或管理层要求去测试控制。

COSO最近发布的一份讨论文件，指出五个要素监控,其中的五个要素的确定在1992 frame work COSO原本。

中国发展简报的题为《内部控制-整合框架：内部控制体系监督指南》(COSO，2007)。

在文件中,COSO 强调监控的重要性，以及这些信息常常被没有充分利用。

因为董事会、执行长,和内部审计人员都在一个公司的内部控制中扮演着重要角色，内部控制的各要素,包括监测,都对所有的团体有着非常重要的意义。

同时,外审计人员对监测有兴趣。

《萨班斯-奥克斯利法案》（2002）为外部审计师创建了一个新的监督体制。

所有的五个要素,包括监测,必须加以考虑。

另外,内部控制审计必须结合对财务报告的检查。

在一体化审计之前，在首席执行官的领导下，也许也在内部审计活动的支持下的管理，评估了内控制体系的有效性。

A Clear Look at Internal Controls: Theory and ConceptsHammed Arad (Philae)Department of accounting, Islamic Azad University, Hamadan, IranBarak Jamshedy-NavidFaculty Member of Islamic Azad University, Kerman-shah, IranAbstract: internal control is an accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error. Internal Control is a major part of managing an organization. It comprises the plans, methods, and procedures used to meet missions, goals, and objectives and, in doing so, support performance-based management. Internal Control which is equal with management control helps managers achieve desired results through effective stewardship of resources. Internal controls should reduce the risks associated with undetected errors or irregularities, but designing and establishing effective internal controls is not a simple task and cannot be accomplished through a short set of quick fixes. In this paper the concepts of internal controls and different aspects of internal controls are discussed. Keywords: Internal Control, management controls, Control Environment, Control Activities, Monitoring1. IntroductionThe necessity of control in new variable business environment is not latent for any person and management as a response factor for stockholders and another should implement a great control over his/her organization. Control is the activity of managing or exerting control over something. he emergence and development of systematic thoughts in recent decade required a new attention to business resource and control over this wealth. One of the hot topic a bout controls over business resource is analyzing the cost-benefit of each control.Internal Controls serve as the first line of defense in safeguarding assets and preventing and detecting errors and fraud. We can say Internal control is a whole system of controls financial and otherwise, established by the management for the smooth running of business; it includes internal cheek, internal audit and other forms of controls.COSO describe Internal Control as follow. Internal controls are the methods employed to help ensure the achievement of an objective. In accounting and organizational theory, Internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks). At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations. At the specific transaction level, internal control refers to the actions taken to achieve a specific objective (e.g., how to ensure the organization's payments to third parties are for valid services rendered.) Internal controlprocedures reduce process variation, leading to more predictable outcomes. Internal controls within business entities are called also business controls. They are tools used by manager's everyday.* Writing procedures to encourage compliance, locking your office to discourage theft, and reviewing your monthly statement of account to verify transactions are common internal controls employed to achieve specific objectives.All managers use internal controls to help assure that their units operate according to plan, and the methods they use--policies, procedures, organizational design, and physical barriers-constitute. Internal control is a combination of the following：1. Financial controls, and2. Other controlsAccording to the institute of chartered accountants of India internal control is the plan of organization and all the methods and procedures adopted by the management of an entity to assist in achieving management objective of ensuring as far as possible the orderly and efficient conduct of its business including adherence to management policies, the safe guarding of assets prevention and detection of frauds and error the accuracy and completeness of the accounting records and timely preparation of reliable financial information, the system of internal control extends beyond those matters which relate to the function of accounting system. In other words internal control system of controls lay down by the management for the smooth running of the business for the accomplishment of its objects. These controls can be divided in two parts i.e. financial control and other controls.Financial controls:- Controls for recording accounting transactions properly.- Controls for proper safe guarding company assets like cash stock bank debtor etc- Early detection and prevention of errors and frauds.- Properly and timely preparation of financial records I e balance sheet and profit and loss account.- To maximize profit and minimize cost.Other controls: Other controls include the following:Quality controls.Control over raw materials.Control over finished products.Marketing control, etc6. Parties responsible for and affected by internal controlWhile all of an organization's people are an integral part of internal control, certain parties merit special mention. These include management, the board of directors (including the audit commit tee), internal auditors, and external auditors.The primary responsibility for the development and maintenance of internal control rests with an organization's management. With increased significance placed on the control environment, the focus of internal control has changed from policies and procedures to an overriding philosophy and operating style within the organization. Emphasis on these intangible aspects highlights the importance of top management's involvement in the internal control system. If internal control is not a priority for management, then it will not be one for people within the organization either.As an indication of management's responsibility, top management at a publicly owned organization will include in the organization's annual financial report to the shareholders a statement indicating that management has established a system of internal control that management believes is effective. The statement may also provide specific details about the organization's internal control system.Internal control must be evaluated in order to provide management with some assurance regarding its effectiveness. Internal control evaluation involves everything management does to control the organization in the effort to achieve its objectives. Internal control would be judged as effective if its components are present and function effectively for operations, financial reporting, and compliance. he boards of directors and its audit committee have responsibility for making sure the internal control system within the organization is adequate. This responsibility includes determining the extent to which internal controls are evaluated. Two parties involved in the evaluation of internal control are the organization's internal auditors and their external auditors.Internal auditors' responsibilities typically include ensuring the adequacy of the system of internal control, the reliability of data, and the efficient use of the organization's resources. Internal auditors identify control problems and develop solutions for improving and strengthening internal controls. Internal auditors are concerned with the entire range of an organization's internal controls, including operational, financial, and compliance controls.Internal control will also be evaluated by the external auditors. External auditors assess the effectiveness of internal control within an organization to plan the financial statement audit. In contrast to internal auditors, external auditors focus primarily on controls that affect financial reporting. External auditors have a responsibility to report internal control weaknesses (as well as reportable conditions about internal control) to the audit committee of the board of directors.8. Limitations of an Entity's Internal ControlInternal control, no matter how well designed and operated, can provide only reasonable assurance of achieving an entity's control objectives. The likelihood of achievement is affected by limitations inherent to internal control. These include the realities that human judgment in decision-making can be faulty and that breakdowns in internal control can occur because of human failures such as simple errors or mistakes. For example, errors may occur in designing,Maintaining, or monitoring automated controls. If an entity’s IT personnel do not completely understand how an order entry system processes sales transactions, they may erroneously design changes to the system to process sales for a new line of products. On the other hand, such changes may be correctly designed but misunderstood by individuals who translate the design into program code. Errors also may occur in the use of information produced by IT. For example, automated controls may be designed to report transactions over a specified dollar limit for management review, but individuals responsible for conducting the review may not understand the purpose of such reports and, accordingly, may fail to review them or investigate unusual items.Additionally, controls, whether manual or automated, can be circumvented by the collusion of two or more people or inappropriate management override of internal control. For example, management may enter into side agreements with customers that alter the terms and conditions of the entity’s standard sales con tract in ways that would preclude revenuerecognition. Also, edit routines in a software program that are designed to identify and report transactions that exceed specified credit limits may be overridden or disabled.Internal control is influenced by the quantitative and qualitative estimates and judgments made by management in evaluating the cost-benefit relationship of an entity’s internal control. The cost of an entity's internal control should not exceed the benefits that are expected to be derived. Although the cost-benefit relationship is a primary criterion that should be considered in designing internal control, the precise measurement of costs and benefits usually is not possible.Custom, culture, and the corporate governance system may inhibit fraud, but they are not absolute deterrents. An effective control environment, too, may help reduce the risk of fraud. For example, an effective board of directors, audit committee, and internal audit function may constrain improper conduct by management. Alternatively, the control environment may reduce the effectiveness of other components. For example, when the nature of management incentives increases the risk of material misstatement of financial statements, the effectiveness of control activities may be reduced.9. Balancing Risk and ControlRisk is the probability that an event or action will adversely affect the organization. The primary categories of risk are errors, omissions, delay and fraud In order to achieve goals and objectives, management needs to effectively balance risks and controls. Therefore, control procedures need to be developed so that they decrease risk to a level where management can accept the exposure to that risk. By performing this balancing act "reasonable assurance” can be attained. As it relates to financial and compliance goals, being out of balance can causebe proactive, value-added, and cost-effective and address exposure to risk.11. ConclusionThe concept of internal control and its aspects in any organization is so important, therefore understanding the components and standards of internal controls should be attend by management. Internal Control is a major part of managing an organization. Internal control is an accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error. According to custom definition, Internal Control is a process affected by an entity's board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories namely. The major factors of internal control are Control environment, Risk assessment, Control activities, Information and communication, Monitoring. This article reviews the main standards and principles of internal control and described the relevant concepts of internal control for all type of company.内部控制透视：理论与概念哈米德阿拉德（Philae）会计系，伊斯兰阿扎德大学，哈马丹，伊朗巴克Joshed -纳维德哈尼学院会员伊斯兰阿扎德大学，克尔曼伊朗国王，伊朗摘要：内部控制是会计程序或控制系统，旨在促进效率或保证一个执行政策或保护资产或避免欺诈和错误。

企业内部控制中英文对照外文翻译文献(文档含英文原文和中文翻译)译文：内部控制环境外文翻译摘要：为了保证企业需求内部控制活动的有效性和信息的可靠性以及遵守法律的适用性，每个组织要选择最适合的控制系统。

因此，就必须考虑到意外事故的风险是否切合权变理论。

本文研究的是检视这些风险特点的选择是否适应他们公司内部控制结构和它是否会导致一些更加优惠的有效性的评估控制管理。

虽然内部控制的组成部分已进行单独控制，本文尝试阐明内部控制的关键点并将其放到更加广阔的背景中。

结果证明，基于对741家芬兰公司的调查研究，表明公司用内部控制结构来应对环境的不确定性，并观测控制的有效性的战略对其内部控制结构有着显著的效果。

关键词：内部控制、成效、权变理论、结构方块建模1.绪论人们普遍认为，一个内部控制系统可以帮助企业降低风险，并且使财务报表的可靠性得以保证。

因此，越来越多的企业在他们具体的操作环境下更多的关注自己的内部控制。

在巨大的管理压力下，如何提高内部控制的有效性以及董事会和股东之间的沟通效果，是目前企业亟待解决的重要问题。

由于内部控制可能会影响长期的报告，因此审计人员、供应商、客户都对内部控制关注相当。

Kinney在2000年指出，尽管内部控制对公司影响很大，但在组织环境中内部控制结构却无法实现。

虽然关于内部控制的文献在国际研究上已取得进展，但迄今为止，内部控制的研究数量有限。

在2004年Selte and Widener出版的专业文章中提出，在管理控制中研究较少的内部控制有着很强的实用性。

本文的研究结论有助于了解内部控制结构及其在公司环境中观察到对公司的效果。

即使内部控制结构框架中提出了一个标准化的结构和内部控制目标，但仍然需要注意的是，有效地内部控制是要根据公司的不同特点来制定的。

因此，即使是内部控制的框架中也无法提供一个企业的特点和其控制系统的关系。

因此，本研究利用一个应急方法，审查内部控制结构的设计，并且将其放到不同的环境下观察其效果。

外文翻译原文Regulation by disclosure: the case of internal control Material:/content/351u43877v108j45/author：Laura F. Spira Michael Page…the subject of internal control, once a guaranteed remedy for sleeplessness, has made a spectacular entry onto political and regulatory agendas. (Power 1997: 57) In his analysis of the development of the role of audit, Power observes that internal control has become increasingly important as part of a system of regulation which relies on making internal mechanisms visible through forms of self-validation and disclosure. Corporate governance requirements have frequently been couched in the form of codes of practice on the principle of ‘comply or explain’ rat her than prescriptive legislation. The monitoring role of the board of directors, which forms the apex of the internal control system of an organisation, has been emphasised. The influence of particular interest groups has been important in the negotiation of these developments. Auditors, both internal and external, can claim expertise in internal control, advancing their organisational position in the case of internal auditors (Spira and Page 2003) and increasing the potential for sales of specialised services in the case of external auditors. Regulators and legislators have focused on internal control issues as a policy response to crises (Cunningham 2004).The use of internal control as a corporate governance device reflects a subtle but significant chang e in its conception, moving from the original ‘‘supportive’’ notion that internal control systems were an integral part of the structure of an organization which enabled its goals to be achieved, to the more recent view of internal control as a substantial ly ‘‘preventive’’ system, designed to minimise obstructions to goal achievement and carrying significantly greater expectations of the effectiveness of such systems. As Page and Spira (2004) note, companies have also increasingly taken ‘risk-based’ approac hes to internal control because of the increased pace of organizational change—control systems change too fast to be rigidly documented and companies may not even have full documentation relating to some of their IT based systems. For these reasons there has been an increase in‘delegation’ of control downwards in the organization and there is likely to be no central record of control systems.The emergence of risk-based approaches to internal control has resulted in a confluence of internal control and risk management to the point that an influential publication (Jones and Sutherland 1999) issued at the same time as the Turnbull guidance referred frequently to ‘‘internal control and risk management’’ as a single concept in providing practical assistance for boards in complying with the Turnbull disclosure requirements.The demonstration of ‘‘good’’ corporate governance is a challenge for boards of directors but describing structural mechanisms such as internal control processes may be one way of meeting demands for transparency. Thus, what was once an internal interest becomes a means of demonstrating regulatory compliance.Concerns about internal control in the US and the UK arose initially from a desire to establish the boundaries of external auditor responsibility. The difficulties of defining internal control are illustrated in the earliest US experience, as summarized in a lecture by Mautz (1980). He quotes the 1949 AICPA definition: Internal control comprises the plan of organization and all of the coordinate methods and measures adopted within a business to safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed managerial policies.and describes the concern of fi rms’ legal counsel about the broadness of this definition. This concern led to a new definition issued in 1958 which split the four parts of the original defi nition between ‘‘accounting control’’ (safeguarding assets and checking reliability and accura cy of accounting data) and ‘‘administrative control’’ (promotion of operational ef ficiency and encouragement of adherence to prescribed management policies) and defi ned auditors’ responsibility as reviewing accounting controls only. A further narrowing took place in 1972 when the US auditing profession limited the two components of ‘‘accounting control’’ even more.Up to this point, the definition was really only of concern to companies and their auditors but the passing of the Foreign Corrupt Practices Act in 1977 changed this. The Act was passed in response to bribery scandals and for the rst time envisaged the use of internal control as regulation. It was based on a narrow conception of internal control newly described as ‘‘internal accounting control’’. It also changed the focus of internal control: whereas the concerns of ‘‘accounting control’’ had been at low organizational levels and clerical procedures, the Act nowshifted attention to controls at board level for the first time.A process for identifying, evaluating and managing the significant risks faced by the Group has been in place throughout the period and is reviewed regularly by the Board. The management of each business is responsible for establishing detailed controls which are embedded within operational and financial procedures in order to manage business risks on a day-to-day basis. Changes in key business objectives which may impact on the risk role of the Group and require changes to existing controls and procedures were monitored during the year by the Chief Executive and Group Finance Director through the established framework of monthly reviews with the Managing Directors and Financial Controllers of each of the business units. The findings and recommendations of internal audit work carried out during the 2004 financial year have been reported to the Audit Committee and a summary of the findings has been presented to the Board. The internal audit program focuses on the key risks inherent in the businesses and the system of control necessary to manage such risks. (Parity Plc)There is little surprise here: in fact it appears to be a series of statements of the obvious. The same impression is gained when reviewing the disclosures of Shaftsbury Plc.The key elements of the Company’s procedur es and internal financial control framework are:1. The close involvement of the executive Directors in all aspects of day-to-day operations, including regular meetings with senior staff to review all operational aspects of the business.2. Clearly defined responsibilities and limits of authority. The Board has responsibility for strategy and has adopted a schedule of matters which are required to be brought to it for decision.3. A comprehensive system of financial reporting and forecasting. Financial accounts are prepared quarterly and submitted to the Board. Profit and cash flow forecasts are prepared at least quarterly, approved by the Board and used to monitor actual performance.4. Regular meetings of the Board and Audit Committee at which financial information is reviewed and business risks are identified and monitored.The company seems to have the kinds of controls that could be expected in a public company. The only context in which ‘risk’ is mentioned is ‘identi fication and monitoring’ that occurs, (in some unexplained way) at regular board and auditcommittee meetings.Both these disclosures are largely ‘statements of the obvious’; while they are apparently company specific there is nothing that surprises, indeed, one would be very surprised if the opposite were stated.Other companies disclosures fall on a continuum of informativeness. For example Electrocomponents plc explains that risk management is ‘an integral part of the system of internal control’ and goes on to give a details of its c ontrol structure and risk processes within a report of average length.Substantive disclosures may include:●descriptions of company structure, particularly relating to committeescharged with risk management responsibilities and their relationship and communications with the board●the role of the audit committee and of the internal audit function, and therelationship between them and with the board●descriptions of risks identified as material●descriptions of risk events and action taken in responseNat ional Grid plc provides a lengthy section ‘‘Risk Factors’’ which identi fies a very extensive range of risks faced by the company.But as one Turnbull Review respondent observed, this is a historical record and current situations may differ.4.5 Effectiveness of internal control and dealing with weaknessesPara 38 of the Guidance sates:In relation to Code Provision D.2.1, the board should summarise the process it (where applicable, through its committees) has applied in reviewing the effectiveness of the system of internal control. It should also disclose the process it has applied to deal with material internal control aspects of any significant problems disclosed in the annual report and accounts.As mentioned previously, reporting on internal control effectiveness was the most contentious of the Cadbury recommendations and the compromise reached in the Combined Code was that companies should report the process that they had undertaken, but not necessarily the results. Only one company expressed a positive opinion on the quality of internal control.The guidance does not ask explicitly that boards indicate the conclusions drawn from the reviews undertaken and only one company does so in a positive fashion The board considers that the measures taken, including physical controls,segregation of duties and reviews by management, provide sufficient and objective assurance.Others tend to frame their conclusions in a negative way:In the opinion of the Board the review did not indicate that the system was ineffective or unsatisfactory.Having reviewed its effectiveness, the directors are not aware of any significant weakness or defi ciency in the Group’s system of internal controls during the year. (Mersey Docks and Harbour Company)Where such a statement is accompanied by a more detailed account of the review process, it appears to have been included as a formality within a substantive, company specific disclosure.In rare cases, actions taken as a result of reviews or incidents are described:Following the significant issues experienced within the implementation of the new supply chain system, the following additional processes have been put in place:●specific management teams were convened to examine the root causeof the supply problems, and to put in place new processes and controls to reduce and eliminate these issues;●management report weekly to the Executive Committee on the progresswith the stabilization of the system and the effectiveness of supply to our customers;●the risk management process outlined below was reviewed andenhanced with the emphasis on ownership, risk mitigation activities and improved monitoring activities to act as early warning indicators of risk occurrence.These activities are designed to strengthen the control environment. (MFIFurniture Group plc)This analysis using the headings derived from the Turnbull guidance (see above) demonstrates the superficiality of disclosures that appear to comply formally with the guidance.译文信息披露制度：内部控制资料来源:/content/351u43877v108j45/作者：Laura F. Spira Michael Page使用内部控制作为公司治理的一种策略，反映了公司治理中一个微妙但是重要的改变。

中文4500字本科生毕业设计（论文）外文原文及译文所在系管理系学生姓名郭淼专业会计学班级学号指导教师2013年6月外文文献原文及译文Internal ControlEmergence and development of the theory of the evolution of the internal controlInternal control in Western countries have a long history of development, according to the internal control characteristics at different stages of development, the development of internal control can be divided into four stages, namely the internal containment phase, the internal control system phase, the internal control structure phase, overall internal control framework stage.Internal check stages: infancy internal controlBefore the 1940s, people used to use the concept of internal check. This is the embryonic stage of internal control. "Keshi Accounting Dictionary" definition of internal check is "to provide effective organization and mode of operation, business process design errors and prevent illegal activities occur. Whose main characteristic is any individual or department alone can not control any part of one or the right way to conduct business on the division of responsibility for the organization, each business through the normal functioning of other individuals or departments for cross-examination or cross-control. designing effective internal check to ensure that all businesses can complete correctly after a specified handler in the process of these provisions, the internal containment function is always an integral part. "The late 1940s, the internal containment theory become important management methods and concepts. Internal check on a "troubleshooting a variety of measures" for the purpose of separation of duties and account reconciliation as a means to money and accounting matters and accounts as the main control object primary control measures. Its characteristics are account reconciliation and segregation of duties as the main content and thus cross-examination or cross-control. In general, the implementation of internal check function can be roughly divided into the following four categories: physical containment; mechanical containment; institutional containment; bookkeeping contain. The basic idea is to contain the internal "security is the result of checks and balances," which is based on two assumptions: First: two or more persons1西安交通大学城市学院本科毕业设计（论文）or departments making the same mistake unconsciously chance is very small; Second: Two or more the possibility of a person or department consciously partnership possibility of fraud is much lower than a single person or department fraud. Practice has proved that these assumptions are reasonable, internal check mechanism for organizations to control, segregation of duties control is the foundation of the modern theory of internal control.Internal control system phases:generating of internal controlThe late1940s to the early1970s, based on the idea of internal check, resulting in the concept of the internal control system, which is the stage in the modern sense of internal control generated. Industrial Revolution has greatly promoted the major change relations of production, joint-stock company has gradually become the main form of business organization of Western countries, in order to meet the requirements of prevailing socio-economic relations,to protect the economic interests of investors and creditors, the Western countries have legal requirements in the form of strengthen the corporate financial and accounting information as well as internal management of this economic activity.In 1934, the "securities and exchange act" issued by the U.S. government for the first time puts forward the concept of "internal accounting control", the implementation of general and special authorization book records, trading records, and compared different remedial measures such as transaction assets. In 1949, the American institute of certified public accountants (AICPA) belongs to the audit procedures of the committee (CPA) in the essential element of internal control: the system coordination, and its importance to management department and the independence of certified public accountants' report, the first official put forward the definition of internal control: "the design of the internal control includes the organization and enterprise to take all of the methods and measures to coordinate with each other. All of these methods and measures used to protect the property of the enterprise, to check the accuracy of accounting information, improve the efficiency of management, promote enterprise stick to established management guidelines." The definition from the formulation and perfecting the inner control of the organization, plan, method and measures such as rules and regulations to implement internal control, break through the limitation of control related to the financial and accounting department directly, the four objectives of internal control, namely the enterprise in commercial2外文文献原文及译文activities to protect assets, check the veracity and reliability of financial data, improve the work efficiency, and promote to management regulations. The definition of positive significance is to help management authorities to strengthen its management, but the scope of limitation is too broad. In 1958, the commission issued no. 29 audit procedures bulletin "independent auditors evaluate the scope of internal control", according to the requirements of the audit responsibility, internal control can be divided into two aspects, namely, the internal accounting control and internal management control. The former is mainly related to the first two of the internal control goal, the latter mainly relates to the internal control after two goals. This is the origin of the internal control system of "dichotomy". Because the concept of management control is vague and fuzzy, in the actual business line between internal control and internal accounting control is difficult to draw. In order to clear the relations between the two, in 1972 the American institute of certified public accountants in the auditing standards announcement no. 1, this paper expounds the internal management control and internal accounting control: the definition of "internal management control including, but not limited to organization plan, and the administrative department of the authorized approval of economic business decision-making steps on the relevant procedures and records. This authorization of items approved activities is the responsibility of management, it is directly related to the management department to perform the organization's business objectives, is the starting point of the economic business accounting control." At the same time, the important content of internal accounting control degree and protect assets, to ensure that the financial records credibility related institutions plans, procedures and records. After a series of changes and redefine the meaning of the internal control is more clear than before and the specification, increasingly broad scope, and introduces the concept of internal audit, has received recognition around the world and references, the internal control system is made.The internal control structure stage: development of the internal controlTheory of internal control structure formed in the 90 s to the 1980 s, this phase of western accounting audit of internal control research focus gradually from the general meaning to specific content to deepen. During this period, the system management theory has become the new management idea, it says: no physical objects in the world are composed of elements of3西安交通大学城市学院本科毕业设计（论文）system, due to the factors, there exists a complicated nonlinear relationship between system must have elements do not have new features, therefore, should be based on the whole the relationship between elements. System management theory will enterprise as a organic system composed of subsystems on management, pay attention to the coordination between the subsystems and the interaction with the environment. In the modern company system and system management theory, under the concept of early already cannot satisfy the need of internal control systems. In 1988, the American institute of certified public accountants issued "auditing standards announcement no. 55", in the announcement, for the first time with the word "internal control structure" to replace the original "internal control", and points out that: "the enterprise's internal control structure including provide for specific target reasonable assurance of the company set up all kinds of policies and procedures". The announcement that the internal control structure consists of control environment, accounting system (accounting system), the control program "three components, the internal control as a organic whole composed of these three elements, raised to the attention of the internal control environment.The control environment, reflecting the board of directors, managers, owners, and other personnel to control the attitude and behavior. Specific include: management philosophy and operating style, organizational structure, the function of the board of directors and the audit committee, personnel policies and procedures, the way to determine the authority and responsibility, managers control method used in the monitoring and inspection work, including business planning, budgeting, forecasting, profit plans, responsibility accounting and internal audit, etc.Accounting systems, regulations of various economic business confirmation, the collection, classification, analysis, registration and preparing method. An effective accounting system includes the following content: identification and registration of all legitimate economic business; Classifying the various economic business appropriate, as the basis of preparation of statements; Measuring the value of economic business to make its currency's value can be recorded in the financial statements; Determine the economic business events, to ensure that it recorded in the proper accounting period; Describe properly in the financial statements of4外文文献原文及译文economic business and related content.The control program, refers to the management policies and procedures, to ensure to achieve certain purpose. It includes economic business and activity approval; Clear division of the responsibility of each employee; Adequate vouchers and bills setting and records; The contact of assets and records control; The business of independent audit, etc. Internal structure of control system management theory as the main control thought, attaches great importance to the environmental factors as an important part of internal control, the control environment, accounting system and control program three elements into the category of internal control; No longer distinguish between accounting control and management control, and uniform in elements describe the internal control, think the two are inseparable and contact each other.Overall internal control framework stages: stage of internal controlAfter entering the 1990 s, the study of internal control into a new stage. With the improvement of the corporate governance institutions, the development of electronic information technology, in order to adapt to the new economic and organizational form, using the new management thinking, "internal control structure" for the development of "internal control to control the overall framework". In 1992, the famous research institutions internal control "by organization committee" (COSO) issued a landmark project - "internal control - the whole framework", also known as the COSO report, made the unification of the internal control system framework. In 1994, the report on the supplement, the international community and various professional bodies widely acknowledged, has wide applicability. The COSO report is a historical breakthrough in the research of internal control theory, it will first put forward the concept of internal control system of the internal control by the original planar structure for the development of space frame model, represents the highest level of the studies on the internal control in the world.The COSO report defines internal control as: "designed by enterprise management, to achieve the effect and efficiency of the business, reliable financial reporting and legal compliance goals to provide reasonable assurance, by the board of directors, managers and other staff to5西安交通大学城市学院本科毕业设计（论文）implement a process." By defining it can be seen that the COSO report that internal control is a process, will be affected by different personnel; At the same time, the internal control is a in order to achieve business objectives the group provides reasonable guarantee the design and implementation of the program. The COSO report put forward three goals and the five elements of internal control. The three major target is a target business objectives, information and compliance. Among them, the management goal is to ensure business efficiency and effectiveness of the internal control; Information goal is refers to the internal control to ensure the reliability of the enterprise financial report; Compliance goal refers to the internal controls should abide by corresponding laws and regulations and the rules and regulations of the enterprise.COSO report that internal control consists of five elements contact each other and form an integral system, which is composed of five elements: control environment, risk assessment, control activities, information and communication, monitoring and review.Control Environment: It refers to the control staff to fulfill its obligation to carry out business activities in which the atmosphere. Including staff of honesty and ethics, staff competence, board of directors or audit committee, management philosophy and management style, organizational structure, rights and responsibilities granted to the way human resources policies and implementation.Risk assessment: It refers to the management to identify and take appropriate action to manage operations, financial reporting, internal or external risks affecting compliance objectives, including risk identification and risk analysis. Risk identification including external factors (such as technological development, competition, changes in the economy) and internal factors (such as the quality of the staff, the company nature of activities, information systems handling characteristics) to be checked. Risk analysis involves a significant degree of risk estimates to assess the likelihood of the risk occurring, consider how to manage risk.Control activities: it refers to companies to develop and implement policies and procedures, and 6外文文献原文及译文to take the necessary measures against the risks identified in order to ensure the unit's objectives are achieved. In practice, control activities in various forms, usually following categories: performance evaluation, information processing, physical controls, segregation of duties.Information and communication: it refers to enable staff to perform their duties, to provide staff with the exchange and dissemination of information as well as information required in the implementation, management and control operations process, companies must identify, capture, exchange of external and internal information. External information, including market share, regulatory requirements and customer complaints and other information. The method of internal information including accounting system that records created by the regulatory authorities and reporting of business and economic matters, maintenance of assets, liabilities and owners' equity and recorded. Communication is so that employees understand their responsibilities to maintain control over financial reporting. There are ways to communicate policy manuals, financial reporting manuals, reference books, as well as examples such as verbal communication or management.Monitoring: It refers to the evaluation of internal controls operation of the quality of the process, namely the reform of internal control, operation and improvement activities evaluated. Including internal and external audits, external exchanges.Five elements of internal control system is actually wide-ranging, interrelated influence each other. Control environment is the basis for the implementation of other control elements; control activities must be based on the risks faced by companies may have a detailed understanding and assessment basis; while risk assessment and control activities within the enterprise must use effective communication of information; Finally, effective monitoring the implementation of internal control is a means to protect the quality. Three goals and five elements for the formation and development of the internal control system theory laid the foundation, which fully reflects the guiding ideology of the modern enterprise management idea that security is the result of systems management. COSO report emphasizes the integration framework and internal control system composed of five elements, the framework for the7西安交通大学城市学院本科毕业设计（论文）establishment of an internal control system, operation and maintenance of the foundation.In summary,because of social, economic and environmental change management, internal control functions along with the changes, in order to guide the evolution of the internal control theory. As can be seen from the history of the development of internal control theory, often derived from the internal control organizational change management requirements, from an agricultural economy to an industrial economy, innovation management methods and tools for the development of the power to bring internal controls.From the internal containment center,controlled by the internal organization of the mutual relations between the internal control of various subsystems and went to COSO as the representative to the prevention and management loopholes to prevent the goal, through the organization of control and information systems,to achieve the overall system optimization of modern internal sense of control theory, from Admiral time, corresponding to the two economic revolution.Therefore, in the analysis of foreign internal control theory and Its Evolution, requires a combination of prevailing socio-economic environment and business organization and management requirements, so as to understand the nature of a deeper internal control theory of development.8外文文献原文及译文译文：内部控制Ge.McVay一、内部控制理论的产生与发展演进内部控制在西方国家已经有比较长的发展历史，根据内部控制在不同发展阶段的特征，可以将内部控制的发展分为四个阶段，即内部牵制阶段、内部控制制度阶段、内部控制结构阶段、内部控制整体框架阶段。

外文翻译原文来源：R e s e a r c h P a p e r, J u l y2009,S o c i a l S c i e n c e R e s e a r c hN e t w o r k中文译文：内部控制透视：理论与概念学院专业姓名学号指导教师年月日内部控制透视：理论与概念环境需要新的业务控制变量不为任何潜在的股东和管理人士的响应因子为1，另外应执行/她组织了一个很大的控制权。

控制是管理活动的东西或以上施加控制。

思想的产生和近十年的发展需要有系统的商业资源和控制这种财富一个新的关注。

主题之一热一回合管制的商业资源是分析每个控制成本效益。

作为内部控制和欺诈的第一道防线，维护资产以及预防和侦查错误。

内部控制，我们可以说是一种控制整个系统的财务和其他方面的管理制定了为企业的顺利运行;它包括内部的脸颊，内部审计和其他形式的控制。

COSO的内部控制描述如下。

内部控制是一个客观的方法用来帮助确保实现。

在会计和组织理论，内部控制是指或目标目标的过程实施由组织的结构，工作和权力流动，人员和具体的管理信息系统，旨在帮助组织实现。

这是一种手段，其中一个组织的资源被定向，监控和测量。

它发挥着无形的（重要的作用，预防和侦查欺诈和保护组织的资源，包括生理（如，机械和财产）和乙二醇，声誉或知识产权，如商标）。

在组织水平，内部控制目标与可靠性的目标或战略的财务报告，及时反馈业务上的成就，并遵守法律，法规。

在具体的交易水平，内部控制是指第三方采取行动以实现一个具体目标（例如，如何确保本组织的款项，在申请服务提供有效的。

）内部控制程序reduce程变异，导致更加具有可预见性outcomes。

在业务实体内部控制也被称为业务控制。

它们是日常的工具使用的经理。

所有管理人员使用的内部控制，以帮助确保他们的经营单位，按照计划，他们使用的方法-政策、程序、组织设计和身体的障碍构成。

内部控制是对以下组合： 1、财务控制 2、其他控件。

LNTU---Acc附录A关于内部控制的意见 如果要证明功能扩展到包含内部控制的有效性，那么报告准则则必须制定，若干基本问题必须被解决。

随着日益频繁增长，审计员听取了他们应该发表的一个效力于客户的内部控制制度建议的意见。

这一证明功能扩展的主张者迅速指出，目前已经有了实例如独立审计师的报告公开他们的客户的内部控制制度和一些政府机构的成效，包括一些空置中的美国证券和交易委员会，都需要一个报告。

这些证实类型的反对者公布了任何关于内部控制的有效性，他们认为，目前有显着性差异监管机构的报告要求和提出意见的内部控制将会误导公众。

本文综述了目前报告的做法，考虑到理想状态相关的危害的特点，并最后提出了一些在任何给与最后判决之前必要的予以回答的问题。

现状报告 虽然审计员的报告中的一些情况提及了内部控制的性质，但作出的本质陈述还有很大不同的效应。

大型银行。

关于对内部控制的观点事实上出现在一些大型银行和看法发行的年度报告中。

有时这些意见是被董事会要求的。

例如，下面的主张出现在1969年年度报告的一个大型纽约银行中，作为第3款的独立会计师的标准短形式的报告： 我们的审核工作包括评价有效性，大块的内部会计控制，其中还包括内部审计。

我们认为，在于程序的影响下，再加上银行内部审计工作人员所进行的审核，这些构成一个有效的系统的内部会计控制。

意见被提供给几个其他银行，但它们基本上引用的意见是一样的。

美国证券交易委员会的规定。

美国证券交易委员会表格X-17A-5，要求独立审计师作出某些有关的内部控制陈述，并必须在每年的大多数成员国家与每一个证券经纪或注册的交易商根据1934年证券交易法第15条进行交流时。

此外，美国证券交易委员会的第17a-5(g)规定要求独立的核数师的报告要包含“一份如，是否会计师审查了程序，要安全措施保障客户的证券的声明中”此外，许多股票交易所要求该报告要表明审查已取得的“会计制度，内部会计控制和程序，是为维护证券，包括适当的测试它们对以后的期间，检验日期前”，很显然，美国证券交易委员会的工作人员更倾向于考虑，会计师包括了语言相似，所要求的所有报告的交流提交给证券交易委员会。

外文文献翻译译文一、外文原文原文：Internal controlIntroductionThe system of internal control over financial reporting in Japan under the Financial Instruments and Exchange Act (FIEA) was implemented as of the fiscal year starting on April 1 2008.Under this system, executive officers of listed companies are obligated to evaluate their company's internal control over financial reporting and to file the results of such evaluation in the form of an internal audit report with the Financial Services Agency (FSA). In this report, executive officers should state material weakness if they judge any material weakness exists in the company's internal control over financial reporting. The report should also be audited by outside accounting auditors before being filed with the FSA. Since most Japanese companies have a fiscal year that ends in March, June 2009 will be the first time most companies file such a report.When the internal control system was introduced, it made reference to the Sarbanes-Oxley Act of the US. Under the Japanese system, clear standards were set regarding the set-up of internal controls over financial reporting in an effort to prevent the creation of excessive documentation and to control costs, two issues which had occurred in the US. However, even with such standards, some uncertainty exists. In particular, uncertainty arises regarding the connection between this system under the FIEA and the rules of the Companies Act.Failure to submit the internal audit report or submission of false statements can lead to liabilities and criminal penalties under the Financial Instruments and Exchange Act (FIEA). However, if there is a material weakness in the company's internal controls over financial reporting and executive officers disclose such material weakness in theinternal audit report, no sanctions will be imposed under the Financial Instruments and Exchange Act, nor will it directly lead to the director's liabilities under the Companies Act. Rather, disclosure of such material weakness is thought to be desirable, because by disclosing such material weakness, a company can improve the quality of its internal control over financial reporting, which will enable the company to submit more accurate financial reports in the future.Internal control is a process-effected by an entity's board of directors, management, and other personnel--designed to provide reasonable assurance regarding the achievement of objectives in the following categories: reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. Internal control consists of the following five interrelated components.1、Control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure.2、Risk assessment is the entity's identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed.3、Control activities are the policies and procedures that help ensure that management directives are carried out.4、Information and communication are the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities.5、Monitoring is a process that assesses the quality of internal control performance over time.The interlaced audit issue is as follows: under the internal control system of the Companies Act, company auditors must audit the method and the results of the accounting audit conducted by outside accounting auditors. On the other hand, the internal control system of the FIEA requires the outside accounting auditors to auditthe company auditors' monitoring of internal financial controls. Therefore, company auditors that audit outside accounting auditors under the Companies Act are audited by the same outside accounting auditors under the FIEA. This interlaced audit however is expected to make each audit more effective because the company auditor and the outside accounting auditor will each monitor the audit of the other.The time lag issue is expected to arise due to the timing of the submissions of the various audit reports required under the FIEA and the Companies Act. Company auditors will need to prepare and submit audit reports regarding the execution of duties by directors for the fiscal year as required by the Companies Act. However, it is expected that these audit reports will be submitted before the internal audit report required under the FIEA is submitted and audited by the outside accounting auditors. Thus, if the internal audit report points out a material weakness that was not referred to in the audit reports prepared by the company auditor, the company auditor will be placed in a difficult position and will need to decide whether to amend and make changes to the audit reports as such audit reports should also disclose such weaknesses. However, if the directors, the company auditors, and the accounting auditors are cooperating properly, this issue would not arise.It is expected that the system of internal control over financial reporting will prompt companies to build better control systems through cooperation between the directors, company auditors and outside accounting auditors.Connection between the two internal control systemsOn the internal financial controls and internal accounting control the similarities and differences.A difference between monitoring and control objectives.Reason for the difference between the two, simply because of financial supervision and control of the target company's material flow and cash flow, and accounting internal control object is the information flow. Understanding of Marx's words, “the production and the production of bookkeeping records are two different things after all, just to ship the same loading and shipping order are two differentthings.” Corporate material production process is based on the currency as the leading material movement, production and operation of the currency as the beginning and the end result, is achieving its goal of expanding the value of value. And accounting control is passed that have occurred in the material flow, capital flow formed by the flow of information to be the recognition, measurement, reporting. The former to productivity gains, the latter objective, the real target. However, operation of the accounting value of enterprise assets, after all, subordinate to the overall objective, we should also ask for the overall objective of internal control should also be an asset value of its end. Why is this request? This is because the production activities of financial decisions and accounting need to subordinate corporate financial activities, accounting control objectives are to be subject to financial control target.Internal accounting control system is now setting goals, still remain in traditional accounting supervision and legal, reasonable levels, while ignoring the principles of economic efficiency, not subordinated to the overall goal of corporate finance. We know that even if the security integrity of corporate assets and personnel compliance. However, poor economic efficiency of enterprises can not continue to exist, then such an accounting internal control system, despite the integrity of the specification how beneficial for them? Accounting supervision, internal accounting controls, is the business management of the important part, if not for the continued survival and development of enterprises play a useful role, it is indeed sad . Although the internal financial control and internal accounting control objectives differ, but the overall goal should always be consistent. Accounting control objectives should always be subject to financial supervision and corporate goals. Accounting internal controls for business expenses from their own legitimacy and rationality to make judgments, give expenditure or expenditure not to start. This is the person in charge of the accounting organization's powers. The specific operation is completed by the cashier. Economic business is completed, signed by the person in charge, after verification of the accounting charge, the decision to grant or not to grant reimbursement claims. Practices through review of the original certificate and found areas of doubt or vulnerability. In acheck, be controlled when reimbursement. Another major accounting internal control task is to ensure that the accounting information provided by an objective, true, complete and timely.Financial internal control is based on the financial accounts of enterprises as the main target of supervision, to consider the legality of the decision-making costs, reasonable, and consistent with the principles of economic interests. The right balance of enterprises in the enterprise legal person units, in determining the expenditure, the accounting bodies and accounting personnel to provide business only the amount of funds available for expenditure obligations, and no decision-making rights. Usually the meeting was the participation by the general accountant, accounting bodies and accounting personnel did not participate in conference events. Therefore, the financial supervision to monitor the main orientation is very necessary. Financial supervision should be in advance of supervision as well, so that you can not burn in prevention. Matter of course, need supervision in order to promptly correct the error.From a doctrinal perspective the Catholic Church is highly centralized under the authority of the pope and his bishops. However, from an administrative perspective the church is quite decentralized with each diocese and each parish within the diocese having a fair amount of autonomy. Dioceses have virtually no external or regulatory oversight of their financial statements. Unlike corporations which provide quarterly financial statements to the SEC and hold quarterly conference calls with outside analysts, the church is subject to almost no recurring outside financial scrutiny. Many dioceses voluntarily post their audited annual financial statements on their website at the conclusion of the year-end audit. Additionally, many dioceses provide parishioners with an annual financial and administrative newsletter which provides a highly summarized view of the cash flows for the year and the results of social and spiritual programs offered by the diocese. But many other dioceses do neither. Since they are not required by law to be transparent and accountable in their finances, they choose to keep their finances private.Corporate Financial ControlsRecent scandals, such as the Enron and Tyco scandals, contributed to the passage of the Sarbanes-Oxley Act in 2002. This has resulted in U.S. corporations undergoing intensive review, analysis, and testing of their internal control structures.The primary focus of the Sarbanes-Oxley bill is on fraudulent financial reporting. In a number of high-profile cases, management aggressively recognized revenue or manipulated (deferred) expenses to purposely make the company look better than it really was. This financial reporting chicanery had the impact of inflating the stock price which greatly benefited top management, holders of large blocks of the companies’ stock and stock options.Fraudulent financial reporting is much less of a concern for the dioceses and other not-for-profit entities. Safeguarding an entity’s assets is a bigger concern for not-for-profit entities. Revelations of embezzlements in not-for-profit entities are routinely reported in the media. Occasionally, those embezzlements occur at the highest levels of the organization. For example, the Orthodox Church of America recently fired its chancellor and began an audit. The chancellor is at the center of allegations brought by the former church treasurer of missing money, diverted cash, and un-audited accounts totaling millions of dollars. A pastor in the Bridgeport, Connecticut Catholic diocese was investigated on charges that he misspent $1.4 million of parish donations. Four purchasing agents for the archdiocese of New York allegedly extorted over two million dollars in a kickback scheme over eight years from various food vendors to maintain lavish lifestyles. The church lost over one million dollars by having to pay higher prices for the food being purchased for schools and parishes.There have been a number of studies that have documented the importance of and the general inadequacy of internal financial controls in churches. Others have focused on the relationship between the spiritual aspects of a church and its accounting practices.The objectives of the internal financial control structure of an entity are:1. Provide reliable financial statements and accounting records2. Safeguard the entity’s assets3. Promote operational efficiency and effectiveness4. Promote adherence to management’s policies and proceduresAn effective internal control structure consists of three levels:1. Control environment2. Accounting system3. Control proceduresRegardless of whether the entity is a Fortune 500 company or a diocese of the Catholic Church, the objectives of the internal control structure remain the same.They have difficulty separating duties and employees often have little supervision by a qualified financial manager. A fundamental tenet of internal accounting control is to keep the financial recordkeeping duties separate from those individuals that have access to assets, especially cash.Source: Jean C. Bedard, 2009 “Internal control”. T he Accounting Rreview.V ol.84,No.3.pp.839-867.二、翻译文章译文：内部控制介绍内部控制下的财务报告在日本的金融商品交易法（FIEA）下系统实施是从2008年4月1日开始的。

附件1：外文资料翻译译文企业内部控制的决定因素和后果：一个权变理论为基础的分析1简介人们普遍认为，内部控制制度能帮助企业降低风险、保证财务报表的可靠性和加强对法律法规的遵守。

因此，一些企业的倒闭现象和一些欺诈行为的广泛宣传逐渐增加，针对企业特定的经营环境，从而使企业对内部控制制度更加重视。

有效地管理对加强企业内部控制的有效性，并有效地传达给董事会和股东具有更大的压力。

例如审计人员、供应商、顾客跟内部控制也有关系，因为它们可能影响长期财务报告的可信度、管理人员的责任和企业的组织形式。

尽管内部控制是影响公司的一个重要因素，证据表明，内部控制结构的实际表现在组织结构中是不存在的。

正如金尼所提到的那样，该议题还未被研究人员所开发。

关于内部控制的专业文献对于发展国际管制框架已经取得了一定的进展，但迄今为止，内部控制研究的数量是有限的。

Selto和Windener出版的研究和分析的专业文章，发现在管理控制的研究中，关于内部控制专题的文学比实际文学少。

人们越来越重视内部控制业务发挥的作用，缺乏现有的研究，所以建立新的研究需要和机会是当务之急。

这项研究有助于了解内部控制结构及其在公司环境中的成效。

即使内部控制框架提出了内部控制的一个标准化的结构和目标，他们认为根据公司的特点来判断内部控制的不同需要。

然而无论是框架还是先前的文学都不能提供一个适合于企业特点及其控制系统关系的图片。

因此，本研究利用一个应急的方法来审查内部控制结构的设计及其在不同环境下观察到的成效。

研究报告分析了结构方程关系模型和芬兰提出的741公司的实证结果。

这项研究结果使内部控制几个重要方面的研究知识增加了局限性。

首先，研究提出利用实证研究结果对内部控制及其在实践中的有效性进行研究。

世界各地有一些组织把内部控制框架作为基金会开展活动。

无论如何，还有一些关于实践框架以外的证据，从而对模式有一个更深入的研究的重视。

除了少数以外，早期研究通常集中于特定的控制因素，如控制环境、通讯或风险评估。

内部控制【外文翻译】外文文献翻译译文一、外文原文原文：Internal controlIntroductionThe system of internal control over financial reporting in Japan under the Financial Instruments and Exchange Act (FIEA) was implemented as of the fiscal year starting on April 1 2008.Under this system, executive officers of listed companies are obligated to evaluate their company's internal control over financial reporting and to file the results of such evaluation in the form of an internal audit report with the Financial Services Agency (FSA). In this report, executive officers should state material weakness if they judge any material weakness exists in the company's internal control over financial reporting. The report should also be audited by outside accounting auditors before being filed with the FSA. Since most Japanese companies have a fiscal year that ends in March, June 2009 will be the first time most companies file such a report.When the internal control system was introduced, it made reference to the Sarbanes-Oxley Act of the US. Under the Japanese system, clear standards were set regarding the set-up of internal controls over financial reporting in an effort to prevent the creation of excessive documentation and to control costs, two issues which had occurred in the US. However, even with such standards, some uncertainty exists. In particular, uncertainty arises regarding the connection between this system under the FIEA and the rules of the Companies Act.Failure to submit the internal audit report or submission of false statements can lead to liabilities and criminal penalties under the Financial Instruments and Exchange Act (FIEA). However, if there is a material weakness in the company's internal controls over financial reporting and executive officers disclose such material weakness in theinternal audit report, no sanctions will be imposed under the Financial Instruments and Exchange Act, nor will it directly lead to the director's liabilities under the Companies Act. Rather, disclosure of such material weakness is thought to be desirable, because by disclosing such material weakness, a company can improve the quality of its internal control over financial reporting, which will enable the company to submit more accurate financial reports in the future.Internal control is a process-effected by an entity's board of directors, management, and other personnel--designed to provide reasonable assurance regarding the achievement of objectives in the following categories: reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. Internal control consists of the following five interrelated components.1、Control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure.2、Risk assessment is the entity's identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed.3、Control activities are the policies and procedures that help ensure that management directives are carried out.4、Information and communication are the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities.5、Monitoring is a process that assesses the quality of internal control performance over time.The interlaced audit issue is as follows: under the internal control system of the Companies Act, company auditors must audit the method and the results of the accounting audit conducted by outside accounting auditors. On the other hand, the internal control system of the FIEA requires the outside accounting auditors to auditthe company auditors' monitoring of internal financial controls. Therefore, company auditors that audit outside accounting auditors under the Companies Act are audited by the same outside accounting auditors under the FIEA. This interlaced audit however is expected to make each audit more effective because the company auditor and the outside accounting auditor will each monitor the audit of the other.The time lag issue is expected to arise due to the timing of the submissions of the various audit reports required under the FIEA and the Companies Act. Company auditors will need to prepare and submit audit reports regarding the execution of duties by directors for the fiscal year as required by the Companies Act. However, it is expected that these audit reports will be submitted before the internal audit report required under the FIEA is submitted and audited by the outside accounting auditors. Thus, if the internal audit report points out a material weakness that was not referred to in the audit reports prepared by the company auditor, the company auditor will be placed in a difficult position and will need to decide whether to amend andmake changes to the audit reports as such audit reports should also disclose such weaknesses. However, if the directors, the company auditors, and the accounting auditors are cooperating properly, this issue would not arise.It is expected that the system of internal control over financial reporting will prompt companies to build better control systems through cooperation between the directors, company auditors and outside accounting auditors.Connection between the two internal control systemsOn the internal financial controls and internal accounting control the similarities and differences.A difference between monitoring and control objectives.Reason for the difference between the two, simply because of financial supervision and control of the target company's material flow and cash flow, and accounting internal control object is the information flow. Understanding of Marx's words, “the production and the production of bookkeeping records are two different things after all, just to ship the same loading and shipping order are two differentthings.” Corporate material production process is based on the currency as the leading material movement, production and operation of the currency as the beginning and the end result, is achieving its goal of expanding the value of value. And accounting control is passed that have occurred in the material flow, capital flow formed by the flow of information to be the recognition, measurement, reporting. The former to productivity gains, the latter objective, the real target. However, operation of the accounting value of enterprise assets, after all, subordinate to the overall objective, we should also ask for the overall objective of internal control should also be an asset value of its end. Whyis this request? This is because the production activities of financial decisions and accounting need to subordinate corporate financial activities, accounting control objectives are to be subject to financial control target.Internal accounting control system is now setting goals, still remain in traditional accounting supervision and legal, reasonable levels, while ignoring the principles of economic efficiency, not subordinated to the overall goal of corporate finance. We know that even if the security integrity of corporate assets and personnel compliance. However, poor economic efficiency of enterprises can not continue to exist, then such an accounting internal control system, despite the integrity of the specification how beneficial for them? Accounting supervision, internal accounting controls, is the business management of the important part, if not for the continued survival and development of enterprises play a useful role, it is indeed sad . Although the internal financial control and internal accounting control objectives differ, but the overall goal should always be consistent. Accounting control objectives should always be subject to financial supervision and corporate goals. Accounting internal controls for business expenses from their own legitimacy and rationality to make judgments, give expenditure or expenditure not to start. This is the person in charge of the accounting organization's powers. The specific operation is completed by the cashier. Economic business is completed, signed by the person in charge, after verification of the accounting charge, the decision to grant or not to grant reimbursement claims. Practices through review of the original certificate and found areas of doubt or vulnerability. In acheck, be controlled when reimbursement. Another majoraccounting internal control task is to ensure that the accounting information provided by an objective, true, complete and timely.Financial internal control is based on the financial accounts of enterprises as the main target of supervision, to consider the legality of the decision-making costs, reasonable, and consistent with the principles of economic interests. The right balance of enterprises in the enterprise legal person units, in determining the expenditure, the accounting bodies and accounting personnel to provide business only the amount of funds available for expenditure obligations, and no decision-making rights. Usually the meeting was the participation by the general accountant, accounting bodies and accounting personnel did not participate in conference events. Therefore, the financial supervision to monitor the main orientation is very necessary. Financial supervision should be in advance of supervision as well, so that you can not burn in prevention. Matter of course, need supervision in order to promptly correct the error.From a doctrinal perspective the Catholic Church is highly centralized under the authority of the pope and his bishops. However, from an administrative perspective the church is quite decentralized with each diocese and each parish within the diocese having a fair amount of autonomy. Dioceses have virtually no external or regulatory oversight of their financial statements. Unlike corporations which provide quarterly financial statements to the SEC and hold quarterly conference calls with outside analysts, the church is subject to almost no recurring outside financial scrutiny. Many dioceses voluntarily post their audited annual financial statements on their website at the conclusion of the year-end audit. Additionally, many dioceses provide parishioners with an annual financial and administrativenewsletter which provides a highly summarized view of the cash flows for the year and the results of social and spiritual programs offered by the diocese. But many other dioceses do neither. Since they are not required by law to be transparent and accountable in their finances, they choose to keep their finances private.Corporate Financial Controls。

外文翻译原文Internal Control SystemsMaterial Source:Encyclopedia of Business Author:Audrey Gramling Internal control can be described as any action taken by an organization to help enhance the likelihood that the objectives of the organization will be achieved. The definition of internal control has evolved as different internal control models have been developed. This article will describe these models, present the definitions of internal control they provide, and indicate the components of internal control. Various parties responsible for and affected by internal control will also be discussed.THE COSO MODELIn the United States many organizations have adopted the internal control concepts presented in the report of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Published in 1992, the COSO report defines internal control as:a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:1.effectiveness and efficiency of operations2.reliability of financial reportingpliance with applicable laws and regulationsCOSO describes internal control as consisting of five essential components, include:1.The control environment2.Risk assessment3.Control activitiesrmation and communication5.MonitoringAs the base of the pyramid, the control environment is arguably the most important component because it sets the tone for the organization. Factors of thecontrol environment include employees' integrity, the organization's commitment to competence, management's philosophy and operating style, and the attention and direction of the board of directors and its audit committee.Risk assessment refers to the identification, analysis, and management of uncertainty facing the organization. Risk assessment focuses on the uncertainties in meeting the organization's financial and operational objectives. Changes in personnel, new product lines, or rapid expansion could affect an organization's risks.Control activities include the policies and procedures maintained by an organization to address risk-prone areas. An example of a control activity is a policy requiring approval by the board of directors for all purchases exceeding a predetermined amount. Control activities were once thought to be the most important element of internal control, but COSO suggests that the control environment is more critical since the control environment fosters the best actions, while control activities provide safeguards to prevent wrong actions from occurring.Information and communication encompasses the identification, capture, and exchange of financial, operational, and compliance information in a timely manner. People within an organization who have timely, reliable information are better able to conduct, manage, and control the organization's operations.Monitoring refers to the assessment of the quality of internal control. Monitoring activities provide information about potential and actual breakdowns in a control system that could make it difficult for an organization to accomplish its goals. Informal monitoring activities might include management's checking with subordinates to see if objectives are being met. A more formal monitoring activity would be an assessment of the internal control system by the organization's internal auditors.OTHER CONTROL MODELSSome users of the COSO report have found it difficult to read and understand.A model that some believe overcomes this difficulty is found in a report from the Canadian Institute of Chartered Accountants, which was issued in 1995. The report presents a control model referred to as Criteria of Control (CoCo). The CoCo model, which builds on COSO, is thought to be more concrete and user-friendly. CoCo describes internal control as actions that foster the best result for an organization. These actions, which contribute to the achievement of the organization's objectives, center around:1.Effectiveness and efficiency of operations2.Reliability of internal and external reportingpliance with applicable laws and regulations and internal policiesCoCo indicates that control comprises:those elements of an organization (including its resources, systems, processes, culture, structure and tasks) that, taken together, support people in the achievement of the organization's objectives.CoCo model recognizes four interrelated elements of internal control, including purpose, capability, commitment, and monitoring and learning. An organization that performs a task is guided by an understanding of the purpose of the task and supported by capability (information, resources, supplies, and skills). To perform the task well over time, the organization needs a sense of commitment. Finally, the organization must monitor task performance to improve the task process. These elements of control, which include twenty specific control criteria, are seen as the steps an organization takes to foster the right action.In addition to the COSO and CoCo models, two other reports provide internal control models. One is the Institute of Internal Auditors Research Foundation's Systems Auditability and Control (SAC), which was issued in 1991 and revised in 1994. The other is the Information Systems Audit and Control Foundation's COBIT (Control Objectives for Information and Related Technology), which was issued in 1996.The Institute of Internal Auditors issued SAC to provide guidance to internal auditors on internal controls related to information systems and information technology (IT). The definition of internal control included in SAC is:a set of processes, functions, activities, sub-systems, and people who are grouped together or consciously segregated to ensure the effective achievement of objective and goals.COBIT focuses primarily on efficiently and effectively monitoring information systems. The report emphasizes the role and impact of IT control as it relates to business processes. This control model can be used by management to develop clear policy and good practice for control of IT. The following COBIT definition of internal control was adapted from COSO:The policies, procedures, practices, and organizational structures are designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.While the specific definition of internal control differs across the various models, a number of concepts are very similar across these models. In particular, themodels emphasize that internal control is not only policies and procedures to help an organization accomplish its objectives but also a system affected by people. In these models, people are perceived to be central to adequate internal control.These models also stress the concept of reasonable assurance as it relates to internal control. Internal control systems cannot guarantee that an organization will meet its objectives. Instead, internal control can only be expected to provide reason -able assurance that a company's objectives will be met. The effectiveness of internal controls depends on the competency and dependability of the organization's people. Limitations of internal control include faulty human judgment, misunder -standing of instructions, errors, management override of controls, and collusion. Further, because of cost-benefit considerations, not all possible controls will be implemented. Because of these inherent limitations, internal controls cannot guarantee that an organization will meet its objectives.PARTIES RESPONSIBLE FOR AND AFFECTED BY INTERNAL CONTROLWhile all of an organization's people are an integral part of internal control, certain parties merit special mention. These include management, the board of directors (including the audit committee), internal auditors, and external auditors.The primary responsibility for the development and maintenance of internal control rests with an organization's management. With increased significance placed on the control environment, the focus of internal control has changed from policies and procedures to an overriding philosophy and operating style within the organization. Emphasis on these intangible aspects highlights the importance of top management's involvement in the internal control system. If internal control is not a priority for management, then it will not be one for people within the organization either.As an indication of management's responsibility, top management at a publicly owned organization will include in the organization's annual financial report to the shareholders a statement indicating that management has established a system of internal control that management believes is effective. The statement may also provide specific details about the organization's internal control system.Internal control must be evaluated in order to provide management with some assurance regarding its effectiveness. Internal control evaluation involves everything management does to control the organization in the effort to achieve its objectives. Internal control would be judged as effective if its components are present andfunction effectively for operations, financial reporting. The board of directors and its audit committee have responsibility for making sure the internal control system within the organization is adequate. This responsibility includes determining the extent to which internal controls are evaluated. Two parties involved in the evaluation of internal control are the organization's internal auditors and their external auditors.Internal auditors' responsibilities typically include ensuring the adequacy of the system of internal control, the reliability of data, and the efficient use of the organization's resources. Internal auditors identify control problems and develop solutions for improving and strengthening internal controls. Internal auditors are concerned with the entire range of an organization's internal controls, including operational, financial, and compliance controls.Internal control will also be evaluated by the external auditors. External auditors assess the effectiveness of internal control within an organization to plan the financial statement audit. In contrast to internal auditors, external auditors focus primarily on controls that affect financial reporting. External auditors have a responsibility to report internal control weaknesses to the audit committee of the board of directors.译文内部控制制度资料来源：商业百科全书作者：奥德丽·格拉姆内部控制被认为是任何能够提高组织目标完成效率的措施。

外文文献及翻译THE CONCEPT OF INTERNALCONTROLSYSTEM: THEORETICALASPECTVaclovas Lakis, Lukas Giriūnas*Vilnius University, LithuaniaIntroductionOne of the basic instruments of enterprise control, whose implementation in modern economic conditions provide conditions for achieving a competitive advantage over other enterprises is the creation of an effective internal control system. In the industry sector, the market is constantly changing, and this requires changing the attitude to internal control from treating it only in the financial aspect to the management of the control process. Internal control as such becomes an instrument and means of risk control, which helps the enterprise to achieve its goals and to perform its tasks. Only an effective internal control in the enterprise is able to help objectively assessing the potential development and tendencies of enterprise performance and thus to detect and eliminate the threats and risks in due time as well as to maintain a particular fixed level of risk and to provide for its reasonablesecurity .The increasing variety of concepts of internal control systems requires their detailed analysis. A detailed analysis of the conceptions might help find the main reasons for their increasing number. It may also help to elaborate a structural scheme of the generalized concept of internal control. Consequently, it may help decrease the number of mistakes and frauds in enterprises and to offer the precautionary means that might help to avoid mistakes and build an effective internal control system.The purpose of the study: to compile the definition of the concept of internal control system and to elaborate the structural scheme of the generalized conception for Lithuanian industrial enterprises.The object of the research: internal control.To achieve the aim, the following tasks were carried out:to examine the definitions of internal control;to design a flowchart for the existing definitions of internal control;to formulate a new internal control system definition;? to identify the place of the internal control system in a company’s objectives and ? its management activities.Study methods: for the analysis of the conceptions of control, internal control, theconcept of internal control system, systematic and comparative means of scietific methods of analysis were used.1. Research of control conceptionAccording to J. Walsh, J. Seward (1990), H. K. Chung, H. Lee Chong, H. K.Jung (1997), control may be divided into two types – internal and external controls those might help to equalize authority or concerned party‘s attitudes to some certain organization control. Internal control involves the supreme enterprise control apparatus and enterprise shareholders, whereas external control might be defined as the power in the market or branch, competitive environment or state business regulation. Such analytical division is essential when analysing industrial or other enterprises, because this attitude to control makes it more specific and properly defined.The identification of an appropriate primary theoretical base is an important task in forming the structure of knowledge about the study subject. Appropriately selected conceptions enable to elucidate the essence of the processes, to characterize them and to realize their interplays and interaction principles. Conceptions may be defined as a summation of empirical cognition which transforms practically achieved results into conceptions. The above ideas might be taken as abstractions and lead to an ungrounded conclusion, and through conceptions the reality might be lost. Operating with more than one conceptions allows to form a universal opinion about the reality. Noteworthy, when operating with conceptions an optimal agreement might be found between theory and practice: using the common point of contact –conceptions –a theorist and a practician will always find the way and understand one another.The main problem of internal control is related to the definition of control conception and the identification of the place of internal control in an organization. Constant changes of the extent, functions and roles of internal control enable to form acommon definition of internal control and to identify its place in an organization.Analysis of the concept of internal control and its interpretation are essential for assessing the internal control system, because the conception of control is widely used not only in scientific research, but also in the daily activities of an enterprise; therefore the same conception might have a lot of various meanings and interpretations. Analysis of the concept provides conditions for the further research, because it is impossible to form a model of internal control assessment if the research object is unknown. A lot of definitions and variations of control can be found in thepublications by Lithuanian and foreign scientists and in public information sources. For example, in the Dictionary of International Words (2002), control is defined as: supervision, inspection of something; comparison of actual and required ? conditions; an enterprise or a group of people that control the work and responsibility of other ? enterprises or groups of people;maintenance of something.?In addition to the above seven internal control, and documentation control. Performance control and worker quality control, etc. The new system of accounting supervision system on the unit interior, the main contents of the internal control system.On the other hand, in the specialized Dictionary of Economic Terms (2005), control is defined as a performance with a definite influence on the management of an enterprise, as rights based on laws and contracts that involve proprietary rights to the whole property or its part, or any other rights that enable to exert a significant influence on the management and performance of an enterprise, or state supervision. Even in common information sources the definitions of control are formulated differently, although the common meaning is quite similar. Analysis and practical studies of Lithuanian scientists’ works enable to state that there is no one solid concept, definition or description of control. For example, E. Bu?kevi?iūt? (2008) says that when control is more particularly defined, its rules and requirements are described in more detail, it becomes more effective, more specific, more psychologically suggestive, it gives more freedom limits of choice for supervisors and less possibilities of lawlessness for people under control when. Identifying the object of the research, it should be noted that different definitions of control are given in scientific studies by Sakalas, 2000; Navickas, 2011; Katkus, 1997; Bu?kevi?iūt?, 2008; Drury, 2012; Bi?iulaitis, 2001; Lee Summers, 1991; Patrick, Fardo, 2009; Spencer, Pickett, 2010; Gupta, 2010 and other Lithuanian and foreign scientists (see Fig. 1).The different conceptions and their interpretations indicate that there is no solid opinion about how to define control, and even scientists and practicians themselves do not agree upon a unified definition or description of control or the conception of internal control and its interpretations. In scientific literature, different interpretations of control conceptions are usually related to different aspects of this conception, and their meaning in different situations may be defined in different ways depending on the situation and other external factors. According to A. Katkus (1997), C. Drury (2009), R. Bi?iulaitis (2001), D. R. Patrick, S. W. Fardo (2009), K. H. S. Pickett (2010), during a long-term period control is usually related to achieving the alreadysettled goals, their improvement and insurance. In other information sources (Dictionary of International Words, 2002; Sakalas, 2000; Bukeviiūt, 2008; Lee Summers, 1991) control is emphasized as a certain means of inspection which provides a possibility to regulate the planned and actual states and their performance. Despite these different opinions, control might be reasoned and revealed as a traditional function of any object of control, emphasized as one of the main self-defence means from the possible threats in the daily performance of an organization. There is also a more modern approach. For example, V. Navickas (2011) and P. Gupta (2010), presenting the concept of control, name it not only as one of the main factors that influence the organization’s performance and influences its management, but also as one of the assessment means of the taken decisions and achieved values. Such interpretation of the conception of control shows the main role of control. For example, R. Kanapickien? (2008) has analysed a big number of control definitions and says that only an effective and useful control should exist in an enterprise because each enterprise tries to implement its purposes and avoid the possible losses, i.e. mistakes and frauds. According to J.A. Pfister (2009), there are several types of control, and they can be grouped into strategic, management, and internal control. Thus, different researchers give different definitions of control, their descriptions have different goals, but different control definitions lead to numerous variations in the analysis of the conception of control. Thus, to create an effective control, the presence of its unified concept becomes a necessity and the basis for ensuring an effective control of the organization’s performance. The existence of different conceptions of control also indicates that there might be different types or kinds of control.2. The conception of internal controlHistorical development of internal control as individual enterprise system is not as broad as other management spheres in science directions. The definition of internal control was presented for the first time in 1949 by the American Institute of Certificated Accountants (AICPA). It defined internal control as a plan and other coordinated means and ways by the enterprise to keep safe its assets, check the covertness and reliability of data, to increase its effectiveness and to ensure the settled management politics. However, the presented definition of control concept has been constantly improved, and nowadays there is quite an extensive set of conceptions that indicates the system of internal control as one of the means of leadership to ensure safety of enterprise assets and its regular development. In 1992, the COSOmodelappeared; its analysis distinguished the concepts of risk and internal control. Nnow, the concept of internal control involved not only accounting mistakes and implementing means of their prevention, but also a modern attitude that might identify the spheres of control management and processes, and also a motivated development of their detailed analysis. The Worldwide known collapses of such companies as Enron, Worldcom, Ahold, Parmalat and others determined to issue in 2002 the Law of Sarbanes–Oxley in the USA, in which attention is focused on the effectiveness of the enterprise internal control system and its assessment. Such a significant law as that of Sarbanes–Oxley has dearly show that not only the internal control system must be concretized and clearly defined, but also the means of implementing the internal control system and assessing their effectiveness must be covered. The concept of internal control was further improved by such Lithuanian and foreign scientists as A.Сонин(2000), D. Robertson (1993), M.R. Simmons (1995), I. Toliatien? (2002), V. Lakis (2007), R. Biiulaitis (2001), J. Mackeviius (2001) and the international scientific organizations COSO, INTOSAI, CICA, IT Governance Institute.A comparative analysis of the introduced concepts of internal control shows that the usage of the concept of internal control is quite broad as it is supposed to involve the performance not only of the state, but also of the private sector. Although the conception of internal control is defined in different ways emphasizing its different aspects, the essential term still remains the same in all authors’ definitions: internal control is the inspection, observation, maintenance and regulation of the enterprise’s work (see Fig. 3.).It should be also be mentioned that the system of internal control may be defined in different ways every time. For example, R. T. Yeh and S. H. Yeh (2007) pay attention to the fact that usually such values as honesty, trust, respect, openness, skills, courage, economy, initiative, etc. are not pointed out, although they definitely can influence not only the understanding of the concept of internal control, but also its definition, because in different periods of time and in different situations it can obtain slightly different shades of meaning. Control and people, and values produced by people or their performance are tightly connected; consequently, internal control must be also oriented to the enterprise’s values, mission and vision; it does not matter how differently authors define the conception assessment limits: significant attention must be paid not to internal control itself, but to the identification of its functions andevaluation. Mostly internal control is concerned with authority management tools that help to control processes and achieve enterprise goals (COSO, 1992; Сонин, 2000; INTOSAI, 2004; CobiT, 2007; Toliatien?, 2002; Coco, 1995).C.J. Buck, J.B. Breuker (2008) declare internal control as a mistake detecting and correctingsystem; although J. Mackevi?ius (2001) and R. Bi?iulaitis (2001a) state that internal control is defined as a summation of certain rules, norms and means, actually such definitions are identical, but internal control must be related to safety, the rational use of property and the reliability of financial accounting.Results of a comprehensive analysis of internal control enable to state that, although different authors give different definitions of internal control, there are still some general purposes of the system of internal control, aimed, to ensure reliable and comprehensive information, to protect the property and documents, to enssure an effective economic performance, observation of accounting principles and presentation of reliable financial records, obeying laws and executive acts, enterprise rules and the effective control of risk. Analysis of concept of internal control, presented in both foreign and Lithuanian literature enables to formulate its generalized definition: the system of internal control is part of enterprise management system, which ensures the implementation of its goals, effective economic and commercial performance, observance of accounting principles and an effective control of risks, which enables to minimize the number of intentional and unintentional mistakes and to avoid frauds in the process of enterprise performance, made by its authority or employees.The internal control is an important symbol of modern enterprise management, through the practice of the conclusion is: to control is strong, weak, without control is controlled, disorderly. The new regulations "accounting law 27 units shall establish and perfect the system of supervision unit interior accountant. Unit interior accountant controls on the execution, the internal control is.The internal control is the formation of a series of measures to control functions, procedures, methods, and standardized and systematized, make it become a rigorous, relatively complete system. According to the control of the internal control can be divided into different purpose accounting control and management control. Accounting control and protection of assets is safe, the accounting information authenticity and integrity and financial activities related to the legitimacy of control, Management control means to ensure operation policy decision, implementation ofbusiness activities and promote the efficiency and effectiveness, and the effect of the relevant management to achieve the goals of control. Accounting control and management control and not mutually exclusive, incompatible, some control measures can be used for accounting control, and can also be used to control.The goal is to ensure that the internal control unit operations efficiency and effect, safety, economic information of assets and financial reports of reliability. Its main functions: one is to achieve target management policy and management, Second is the assets of safety protection unit is complete, prevent loss of assets, Three is to guarantee the business and financial accounting information authenticity and integrity. In addition, the legitimacy of the financial activities within the unit is the internal control goals.Good, although the internal control to achieve these goals, but whether the internal control design and operation, it is not how to eliminate its inherent limitations. This limitation must also be clear and prevention. Main show is: (1) the limited by cost benefit principle, (2) if the employee has different responsibility ignore control program, misjudgment, even the collusion, inside and outside, often cause in fraud internal control malfunction, (3) management personnel abuse, and to set up or Passover control of internal control ignored, also can make the establishment of internal control non-existing.The internal control system in a company must cover and help to properly organize and control the entire activity of the company; thus, according to majority of authors, internal control is all-inclusive activity in financial and management accounting, as well as in the strategic management of projects, operations, personneland the total quality management. However, the most important thing is that internal control should not only cover the entire activity of the company, but also take into account its objectives, goals and tasks in order to make its economic-commercial activity as effective as possible. Analysis of scientific literature in the field shows that it is important not only to predict the particular areas of internal control and interrelate them, but also to stress that the most important objective of internal control is the effective management of risk by identifying and eliminating errors and frauds inside the company. Therefore, the concept of internal control offered by the authors covers a company’s areas of activities, its tasks and objectives; also, it provides for the main goal – an effective risk management.Despite the quantitative indicators used for goal assessment, each enterprise and especially extractive industry enterprises where attention should be focused onavoiding mistakes and fraud should elaborate and introduce a really effective and optimal system of internal control and accounting so as to strengthen its position in the market and optimize profitability.ConclusionsThe analysis of control definitions has shown that rather wide variations of definitions and their interpretations prove control to be a wide concept, mainly due to the fact that control has quite many different aspects and its meaning in different situations may be also defined differently.Nevertheless, there are still some general aspects of the system of internal control, which include ensuring reliable and comprehensive information, protecting the property and documents, to ensure an effective economic performance, keeping to the principles of accounting and presenting reliable financial records, obeying laws and executive acts, enterprise rules and ensuring an effective control of risk.As a result of the study, the authors present an inclusive and generalizing definition of internal control: the system of internal control is part of the enterprise management system that ensures the implementation of the enterprise’s goals, its effect ive economic-commercial performance, observance of accounting principles and an effective control of work risks, which enables to minimize the number of intentional and unintentional mistakes, and to avoid frauds in the process of enterprise performance, made by its authority or employees.中文翻译：内部控制制度：理论研究拉基斯，卢卡斯维尔纽斯大学，立陶宛引言企业控制的基本工具之一，建立一个有效的内部控制制度，为现代经济条件下企业获得竞争优势提供了条件。

企业内部控制外文文献及翻译企业内部控制外文文献及翻译此外，管理者的以身作则是非常重要的。

很多时候，经理人似乎认为，内部控制仅仅是对他们的部属,那就是经理人采取措施对那些向他们汇报的下属实施控制。

当然，这种做法可能的结果就是员工会把内部控制视为一种规避（证明其级别和重要性的组织），而不是视作一种避免。

一个特别重要的例子，该原则只是针对违反相关政策和程序的控制讨论关于管理的问题。

管理人员为了避免发生冲突，并没有对某些措施采取有效的纪律处分，即使某些情况是涉及欺诈的。

无可避免的是，这样的做法对其他人发出了一个明确且危险的讯息：内部控制和管理并不是很严格。

当然，一个积极的审计委员会和有效的内部审计部门，都是宏观控制环境中重要的积极因素。

风险评估。

在管理者实现其目标（即风险）的过程当中，挑战是永远存在的。

此外，昨天的风险和今天的、明天的风险不一定相同。

因此，风险评估是不可能凭“一次性”的努力就可以完成，而必须是定期的、持续进行的过程。

同样，为了使他们能够避免或减轻风险，风险必须是可预期的。

打个比方，在铁道路口设置路灯可避免一个重大事故的发生,同样，如果此前的入口或交通情况发生变化，路灯在铁道路口设置就显得越来越有必要。

那么，经理人需怎样才能设法找出以前未知的风险呢？首先，管理应把注意力集中在改变上，因为所有的变化都会涉及一定程度的风险。

可以带来高风险的变化包括以下：1、经营环境的改变（例如，改变企业内部的规章制度）；2、人事变动（特别是敏感职位的变动）；3、信息系统和技术的改变（例如，如果过程已被重新设计，控制程度是否仍然足够？）4、快速增长（例如，为应付需求增加而施加的压力）；5、新的项目和服务（例如，缺乏经验）；6、结构变化（例如，取消原项目的实施）。

经理也应考虑目前的固定风险，并处理高风险的情况。

一般的内存高风险包括以下：1、复杂度（越复杂越容易出错）；2、现金收入；3、直接第三方受益人（现金支付帮助个人）；4、以前遇到的问题（过去存在问题的项目很可能会继续遇到相同的问题）；5、事先确定的控制弱点（查明的问题在过去没有得到纠正的情形）。

内部控制外文翻译外文翻译原文来源：Research Paper, July XXXX年月日A Clear Look at Internal Controls: Theory and Concepts内部控制透视：理论与概念The necessity of control in new variable business environment is not latent for any person and managementas a response factor for stockholdersand another should implement a greatcontrol over his/her organization. 环境需要新的业务控制变量不为任何潜在的股东和管理人士的响应因子为1，另外应执行/她组织了一个很大的控制权。

控制是管理活动的东西或以上施加控制。

思想的产生和近十年的发展需要有系统的商业资源和控制这种财富一个新的关注。

One of the hot topic a boutcontrols over business resource is analyzingthe cost-benefit of each control. 主题之一热一回合管制的商业资源是分析每个控制成本效益。

作为内部控制和欺诈的第一道防线，维护资产以及预防和侦查错误。

内部控制，我们可以说是一种控制整个系统的财务和其他方面的管理制定了为企业的顺利运行;它包括内部的脸颊，内部审计和其他形式的控制。

COSOdescribe Internal Control as follow. Internalcontrols are the methods employed to help ensure the achievement of an objective. COSO的内部控制描述如下。

内部控制是一个客观的方法用来帮助确保实现。

会计内部控制中英文对照外文翻译文献n:Internal control is an accounting re or control system ___ policies。

protecting assets。

and preventing fraud and errors。

It is an important component of nal management that includes planning。

methods。

and res used to meet tasks。

goals。

and objectives。

and in doing so。

supports performance-based management。

Internal control is equal to management control and can help managers achieve the expected effective management of resources。

However。

designing and establishing effective internal control is not a simple task and cannot be achieved through quick fixes。

This article discusses the different aspects of the concept of internal control and management.Keywords: internal control。

management control。

control environment。

control activities。

n2.Internal Control Perspective: ___The environment requires new business control variables that are not responsive to any potential ___ control。

外文翻译原文：Internal Control –Integrated FrameworkRisksThe process of identifying and analyzing risk is an ongoing iterative process and is a critical component of an effective internal control system. Managements must focus carefully on risks at all levels of the entity and take the necessary actions to manage them.Risk IdentificationAn entity’s performance can be at risk due to internal or external factors. These factors, in turn, can affect either stated or implied objectives. Risk increases as objectives increasingly differ from past performance. In a number of areas of performance, an entity often does not set explicit entity-wide objectives because it considers its performance to be acceptable. Although there might not be an explicit or written objective in these circumstances, there is an implied objective of “no change” or “as is.” This does not mean that an implied objective is without either internal or external risk. For example, an entity might view its service to customers as acceptable, yet, due to a change in a competitor’s practices, its service, as viewed by its customers, might deteriorate.Regardless of whether an objective is stated or implied, an entity’s risk-assessment process should consider risks that may occur. It is important that risk identification be comprehensive. It should consider all significant interactions — of goods, services and information —between an entity and relevant external parties. These external parties include potential and current suppliers, investors, creditors, shareholders, employees, customers, buyers, intermediaries and competitors, as well as public bodies and news media.Risk identification is an iterative process and often is integrated with the planning process. It also is useful to consider risk from a “clean sheet of paper” approach, and not merely relate the risk to the previous review.Entity Level. Risks at the entity-wide level can arise from external or internal factors. Examples include:External Factors●Technological developments can affect the nature and timing of research and development, or lead to changes in procurement.●Changing customer needs or expectations can affect product development, production process, customer service, pricing or warranties.●Competition can alter marketing or service activities.●New legislation and regulation can force changes in operating policies and strategies.●Natural catastrophes can lead to changes in operations or information systems and highlight the need for contingency planning.●Economic changes can have an impact on decisions related to financing, capital expenditures and expansion.Internal Factors●A disruption in information systems processing can adversely affect the entity’s operations.●The quality of personnel hired and methods of training and motivation can influence the level of control consciousness within the entity.● A change in management responsibilities can affect the way certain controls are effected.●The nature of the entity’s activities, and employee accessibility to assets, can contribute to misappropriation of resources.●An unassertive or ineffective board or audit committee can provide opportunities for indiscretions.Many techniques have been developed to identify risks. The majority —particularly those developed by internal and external auditors to determine the scope of their activities —involve qualitative or quantitative methods to prioritize and identify higher-risk activities. Other practices include: periodic reviews of economic and industry factors affecting the business, senior management business-planningconferences and meetings with industry analysts. Risks may be identified in connection with short- and long-range forecasting and strategic planning. Which methods an entity selects to identify risks is not particularly important. What is important is that management considers carefully the factors that may contribute to or increase risk. Some factors to consider include: past experiences of failure to meet objectives; quality of personnel; changes affecting the entity such as competition, regulations, personnel, and the like; existence of geographically distributed, particularly foreign, activities; significance of an activity to the entity; and complexity of an activity.To illustrate, an importer of apparel and footwear established an entity-wide objective of becoming an industry leader in high-quality fashion merchandise. Risks considered at the entity-wide level included: supply sources, including the quality, number and stability of foreign manufacturers; exposures to fluctuations in the value of foreign currencies; timeliness of receiving shipments and effect of delays in customs inspections; availability and reliability of shipping companies and costs; likelihood of international hostilities and trade embargoes; and pressures from customers and investors to boycott doing business in a foreign country whose government adopts unacceptable policies. These were in addition to the more generic risks considered, such as the impact of a deterioration in economic conditions, market acceptance of products, new competitors in the entity’s market, and changes in environmental or regulatory laws and regulations.Identifying external and internal factors that contribute to risk at an entity-wide level is critical to effective risk assessment. Once the major contributing factors have been identified, management can then consider their significance and, where possible, link risk factors to business activities.Activity Level. In addition to identifying risk at the entity level, risks should be identified at the activity level. Dealing with risks at this level helps focus risk assessment on major business units or functions such as sales, production, marketing, technology development, and research and development. Successfully assessing activity-level risk also contributes to maintaining acceptable levels at the entity-widelevel.In most instances, for any stated or implied objective, many different risks can be identified. In a procurement process, for example, an entity may have an objective related to maintaining adequate raw materials inventory. The risks to not achieving the activity objective might include goods not meeting specifications, or not being delivered in needed quantities, on time or at acceptable prices. These risks might affect the way specifications for purchased goods are communicated to vendors, the use and appropriateness of production forecasts, identification of alternative supply sources and negotiation practices.Potential causes of failing to achieve an objective range from the obvious to the obscure and from the significant to the insignificant in potential effect. Certainly, readily apparent risks that significantly affect the entity should be identified. To avoid overlooking relevant risks, this identification is best made apart from assessment of the likelihood of the risk occurring. There are, however, practical limitations to the identification process, and often it is difficult to determine where to draw the line. It doesn’t make much sense to consider the risk of a meteor falling from space onto a company’s production facility, while it may be reasonable to consider the risk of an airplane crash for a facility located near an airport runway.Risk AnalysisAfter the entity has identified entity-wide and activity risks, a risk analysis needs to be performed.The methodology for analyzing risks can vary, largely because many risks are difficult to quantify.Nonetheless, the process —which may be more or less formal —usually includes:●Estimating the significance of a risk;●Assessing the likelihood (or frequency) of the risk occurring;●Considering how the risk should be managed —that is, an assessment of what actions need to be taken.A risk that does not have a significant effect on the entity and that has a lowlikelihood of occurrence generally does not warrant serious concern. A significant risk with a high likelihood of occurrence, on the other hand, usually demands considerable attention. Circumstances in between these extremes usually require difficult judgments. It is important that the analysis be rational and careful.There are numerous methods for estimating the cost of a loss from an identified risk. Management should be aware of them and apply them as appropriate. However, many risks are indeterminate in size. At best they can be described as “large,” “moderate” or “small.”Once the significance and likelihood of risk have been assessed, management needs to consider how the risk should be managed. This involves judgment based on assumptions about the risk, and reasonable analysis of costs associated with reducing the level of risk. Actions that can be taken to reduce the significance or likelihood of the risk occurring include a myriad of decisions management may make every day. These range from identifying alternative supply sources or expanding product lines to obtaining more relevant operating reports or improving training programs. Sometimes actions can virtually eliminate the risk, or offset its effect if it does occur. Examples are vertical integration to reduce supplier risk, hedging financial exposures and obtaining adequate insurance coverage.Note that there is a distinction between risk assessment, which is part of internal control, and the resulting plans, programs or other actions deemed necessary by management to address the risks. The actions undertaken, as discussed in the prior paragraph, are a key part of the larger management process, but not an element of the internal control system.Along with actions for managing risk is the establishment of procedures to enable management to track the implementation and effectiveness of the actions. For example, one action an organization might take to manage the risk of loss of critical computer services is to formulate a disaster recovery plan. Procedures then would be affected to ensure that the plan is appropriately designed and implemented. Those procedures represent “control activities”, discussed in Chapter 4.Before installing additional procedures, management should consider carefullywhether existing ones may be suitable for addressing identified risks. Because procedures may satisfy multiple objectives, management may discover that additional actions are not warranted; existing procedures may be sufficient or may need to be performed better.Management also should recognize that it is likely some level of residual risk will always exist not only because resources are always limited, but also because of other limitations inherent in every internal control system. These are discussed in Chapter 7.Risk analysis is not a theoretical exercise. It is often critical to the entity’s success. It is most effective when it includes identification of all key business processes where potential exposures of some consequence exist. It might involve process analysis, such as identification of key dependencies and significant control nodes, and establishing clear responsibility and accountability. Effective process analysis directs special attention to cross-organizational dependencies, identifying, for example: where data originate, where they are stored, how they are converted to useful information and who uses the information. Large organizations usually need to be particularly vigilant in addressing intracompany and intercompany transactions and key dependencies. These processes can be positively affected by quality programs which, with a “buy-in”by employees, can be an important element in risk containment.Unfortunately, the importance of risk analysis is sometimes recognized too late, as in the case of a major financial services firm where a senior executive offered what amounted to a wistful epitaph: “We just didn’t think we faced so much risk.”Managing ChangeEconomic, industry and regulatory environments change, and entities’ ac tivities evolve. Internal control effective under one set of conditions will not necessarily be effective under another. Fundamental to risk assessment is a process to identify changed conditions and take actions as necessary.Thus, every entity needs to have a process, formal or informal, to identify conditions that can significantly affect its ability to achieve its objectives. Asdiscussed further in Chapter 5, a key part of that process involves information systems that capture, process and report information about events, activities and conditions that indicate changes to which the entity needs to react. Such information may involve changes in customer preferences or other factors affecting demand for the company’s products or services. Or, it may involve new technology affecting production processes or other business activities, or competitive or legislative or regulatory developments. With the requisite information systems in place, the process to identify and respond to changing conditions can be established.This process will parallel, or be a part of, the entity’s regular risk assessment process described above. It involves identifying the changed condition — this requires having mechanisms in place to identify and communicate events or activities that affect the entity’s objectives —and analyzing the associated opportunities or risks. Such analysis includes identifying potential causes of achieving or failing to achieve an objective, assessing the likelihood that such causes will occur, evaluating the probable effect on achievement of the objectives and considering the degree to which the risk can be controlled or the opportunity exploited.Although the process by which an entity manages change is similar to, if not a part of, its regular risk-assessment process, it is discussed separately. This is because of its critical importance to effective internal control and because it can too easily be overlooked or given insufficient attention in the course of dealing with everyday issues.Source: Committee of Sponsoring Organizations of the Treadway Commission (COSO), Internal Control–Integrated Framework, 1992:P39-44译文：内部控制-整体框架风险识别和分析风险的过程是一个重复不断的过称，并且是有效内部控制制度的关键组成部分。