乌克兰的内部审计和内部控制系统研究外文翻译(可编辑)

审计委员会、董事会和内部控制重大缺陷的整治Audit Committees, Boards of Directors, and Remediation of Material Weaknesses in Internal Control译文：本研究探讨审核委员会和董事会的有效性是否与公司的内部控制的重大缺陷修复的及时性有关。

选取的样本包括从2003年7月至2004年12月编报公司根据的“萨班斯- 奥克斯利法案”第302节披露的至少一种重大弱点。

采用Logistic回归分析发现，较大的审计委员会，审计委员会，更大的非会计财务专业知识，以及更多的独立委员会的企业更容易及时地修复重大缺陷。

这些结果表明，审计委员会及董事会对监督整治重大缺陷发挥了重要作用。

总的来说，这项研究有助于我们了解审计委员会和董事会根据萨班斯- 奥克斯利法案“的制度的有效性。

这项研究还确定了整治重大缺陷及时性的重要决定因素，这是提高财务报告质量和恢复投资者信心的关键。

研究表明，审核委员会的质量与该公司的内部控制的质量呈正相关。

克里希南（2005）使用的样本公司，改变了审计师在1994-2000年期间发现，独立审计委员会和审计委员会的财务专业知识是不太可能与内部控制的问题有相关性。

Zhang等人（2007）使用在“萨班斯- 奥克斯利法”颁布后披露内部控制缺陷的样本公司，发现这些企业更可能有财务专业知识少的审计委员会。

如果审计委员会的质量与内部控制的质量有关，似乎有理由相信，一个更有效的审计委员会将确保及时修复重大缺陷，以保持内部控制的有效性。

一个有效的审计委员会可以直接进行，通过审查财务和会计人员的会计程序和控制来监督公司的控制。

当发现重大弱点，有效的审计委员会，更可能采取实用的方法，并和审计师讨论如何整治重大缺陷。

通过努力跟进有关建议，以改善内部控制和监测整治力度的进展，一个更有效的审计委员会可能导致重大缺陷的及时整治。

虽然审计委员会在监督整治重大缺陷中发挥了重要作用，但在整治过程中，董事会可以提供增量的监督。

内部控制鉴证报告英文版English:Internal control is an essential component of an organization's governance structure, encompassing the policies, procedures, and practices implemented to ensure the achievement of objectives, reliability of financial reporting, and compliance with laws and regulations. As auditors, our responsibility is to evaluate and provide assurance on the effectiveness of internal control systems. This involves assessing the design and implementation of controls, as well as testing their operating effectiveness. Through our examination, we identify strengths and weaknesses in the internal control environment, including any deficiencies that could potentially lead to material misstatements in the financial statements. Our ultimate goal is to offer recommendations for improvement, enhancing the organization's ability to safeguard assets, maintain accurate records, and operate efficiently. We conduct our audit in accordance with generally accepted auditing standards, which require us to exercise professional skepticism and perform procedures to obtain reasonable assurance about whether the internal control system is effective in achieving its objectives. Additionally, we communicateour findings and recommendations to management and those charged with governance, providing them with valuable insights to enhance oversight and governance processes.中文翻译:内部控制是组织治理结构的重要组成部分，包括实施的政策、程序和做法，旨在确保实现目标、财务报告的可靠性以及遵守法律法规。

外文文献翻译原文+译文文献来源：Adams C. Role of internal audit in the organisations[J]. Accounting, Auditing & Accountability Journal, 2017, 1(2): 78-99.原文Role of internal audit in the organizationsAdams CINTRODUCTIONWith the transformations experienced by the corporate world, virtually related to globalization, there has been increased competition between organisations which forced management to take decisions with greater confidence. This does not only mean to keep pace with the rate at which businesses are growing, but also to develop them in a more sustainable manner. Thus, to achieve these goals, it has been necessary to improve the management methods, tools and techniques enhanced by the internal auditing function.The Internal Audit Function (IAF) fits into this scenario because it is an important tool available to stakeholders, internal and externally, as it is construed as an ongoing function, in order to support management in monitoring and surveillance of the planned activities, in both productive and financial areas, evaluating and reporting improvements with respect to the weaknesses, aiming to add value to the organisation.In this context, this study was based on the answers to the followingquestion: what is the perception of management on the role that Internal Audit plays in management practices and decision-making within the organisations? The present study has its relevance in exploring the role IAF is playing to mitigate the dissatisfaction of the business community after accounting and financial scandals which involved auditing as a whole and as has been notoriously publicised. These Media also showed situations where there have been failures by auditing, causing discredit to the activity. Additionally, there is the lack of academic researches on the role that Internal Audit has in management practices and decision making in organisations.This research is aimed at provoking a reflection upon the contribution of Internal Audit Function in decision making in the organisations in order to bring greater credibility to this area of applied social sciences. We hope it inspires further researches on topics addressing Internal Audit Functions in the academic environment.The study focused on non-financial organisations in the State of S o Paulo, whose shares are traded at S o Paulo Stock Exchange, excluding telephone organisations, sanitation, electricity and gas, because these organisations provide services of basic needs to the population and have a different administrative focus.The delimitation of the research to the State of S o Paulo was due to the fact that it is the Brazilian state with the highest concentration oforganisations with shares traded at BM&FBOVESPA. This entity requires of the organisations in its portfolio a good organizational structure and high degree of disclosure, which somehow gave credibility to the data obtained.Concept and objectives of internal auditIt is barely impossible to conceptualise internal audit considering the diversity of its application in business entities. Even so, one would cite the concept provided by the Brazilian Institute of Internal Auditors (AUDIBRA, 1991, p. 33). Internal Audit is an activity of independent evaluation and management assistance, directed to the examination and evaluation of the adequacy, efficiency and effectiveness of the internal control system, as well as of the quality of performance of the operational areas in relation to their tasks and plans, goals, objectives, and policies defined for them.Noteworthy, that effectiveness means adequate exploration of the resources to achieve the goals while efficiency means that required indexes were achieved using the minimum and necessary efforts. Thus, the internal auditor’s opinion should state whether the entity is being effective and efficient in achieving its goals.According to Vasconcelos and Pereira (2004, p. 69-70), the scope of binomial efficiency and effectiveness is a functional view that the organisation’s stakeholders have of the Internal Audit work [...] TheInternal Auditor, in our view, should monitor and seek to understand these dynamics and their effects on the economic and financial status. Therefore, we argue that this professional is the best suited to signal the potential risks of going concern of organisations considering operational anomalies.That is, it would be up to him, based on analysis to provide a straight forward assistance in the monitoring of the financial situation. Our most important argument rests on the following premise: the internal auditor may propose directives and valuable information based on their historical data and rapport with the organisations’ management.Quoting CFC (2005) NBC TI 01, the Brazilian Federal Council of Accountants, characterizes the functions of Internal Audit: [...] as structured with technical, objective, systematic and disciplined procedures, that aims to add value to the results of the organisation, providing data for the improvement of processes, management and internal controls through the recommendation of solutions for nonconformities identified in the reports.In this same way, CFC (2011) emphasizes the managerial support that internal audit has to provide so that business objectives are attained in a more adequate manner. This explicitly defines Internal Audit as an advisory body to the management of the entities, aiming to add value by providing data for improvement of management processes.According to Mendes (1996, p. 9), the objective of the Internal Audit is, in particular, “[...] forming opinion about the criteria, proced ures, methods and quantification, cost rationalization and providing information so that the top management decisions are based on concrete information.” The decisions to be made by management always depend on good information, that is, accurate and timely.The Internal Audit is an instrument of administrative control and systematic verification of the effectiveness and efficiency of occupational activities in the company; it evaluates the entity’s internal controls and its administrative and occupational processes, analyzing the failures and the risk involved and gives broad based recommendations for remediation of anomalies. The Internal Audit work aims to protect the company’s assets against frauds or intentional misstatements. Classified by Moyes et al. (2013) as i) misstatements resulting from fraudulent financial reporting and ii) misstatement resulting from misappropriation of assets. Characteristics of the internal audit function (IAF)The role of Internal Audit is presented through various concepts expressed by scholars with different characteristics of its functions and activities that converge to its main objective, which is to add value to organizations through assessments and advisory support to management.Since WorldCom whistle-blowing and other financial scandals that besieged the stock markets in the last decade, internal audit has assumed amore important role. The NYSE now requires all companies listed there to maintain internal audit functions to provide management and the audit committee w ith ongoing assessment of the company’s risk management process and of internal control, (Harrington, 2004 p. 65).Thus, Internal Audit should be knowledgeable, insightful, have the method, and the intelligence to check the best for the company, aiming to add value with the least resources. Internal Audit should be “[...] a highly qualified adviser, which allows the management to have a systematic view of their organisation. It must be a unit engaged in achievement of end results (Mendes 1996., p. 9).Authors such as Carvalho and Pinho (2004. p. 24), Vasconcelos and Pereira (2004, p. 68), who understand that the Internal Audit has a professional duty to issue independent opinions, justify the assumptions of technical skills and personal attributes required of the auditor, as well as the high level of demand from users and the need to add value to users of their services.The IAF in the organisation is to review, evaluate and produce report containing information on all activities of the organisation, to assist the management in their decision making process. Internal Audit performs a task that shareholders would like to perform in order to be always aware of how their investments are managed.Apart from overseeing the activities, based on the broad knowledgeof the business, IAF could be used to substitute certain strategic functions most importantly when a need for rotation arises. Companies that have an IAF specifically hire internal auditors with the purpose of rotating them into management positions or cycle current employees into the IAF for a short stint before promoting them into management positions (Messier et al., 2011, p. 2131).Vasconcelos and Pereira (2004, p. 70) emphatically point out that “[...] the exercise of Internal Audit is not a commodity. It is not a consumable service much less a mere cog. It is a potential value aggregator. “This characterization clearly demonstrates how valuable the internal function is when fully exerting its activities.Internal audit function adding valueIt is of paramount importance to characterize what adding value is, so that we can analyze the contribution of Internal Audit to the management of the entities. The interpretation of value, in this study, is not only limited to the financial aspects; it is more comprehensive, as it includes human and physical aspects. So, to add value in the internal audit concept is to harness all available resources, within and outside the company, with an aim of assuring gains, which may be financial, material and human, and will assist management in fulfilling their goals.Internal Audit Function may add value in various accounting processes where transactions are originated in an organisation. Forinstance, the evaluation of capital investments and their association with the capital budget when adequately checked to guarantee that such project is feasible tends to add value. Another value adding function is the assessment and or follow-up of the development and implementation of ERPs; which ensures the timing of the systems at an affordable cost and to meet up with operational necessities. The continuous auditing also adds value by installing the required technologies in the control environment to ensure that alerts are given when unusual transactions are run in the operational environment of the organisation. Directors believe that top management is appropriately defining the organisation’s internal audit function, and that the profession should concentrate its effects on providing guidance and support. “....most of their audit depar tments have shifted toward a more value-added” (Nagy and Cenker, pp. 136, 2002).Be it known that the wealth of knowledge acquired by the IAF during the auditing of the business, which makes one say that it knows it better that any other person in the organisation makes the IAF a training ground for the management posts.The Internal Audit, when monitoring and assessing the adequacy of internal controls, as well as the rules and procedures implemented by management, becomes an ally of real value to the management. It is a tool that, according to Santos (2007, p. 9) “[...] plays a role of great importance, helping to eliminate wastes, simplify tasks, supportmanagement and report to management on the development of tasks performed”. The thought is in line wit h the implementation of loss prevention nowadays when artefacts are installed to safeguard assets.Whistle blowing has been termed as more effective when considering some tools monitored by IAF to track frauds and corruption, notwithstanding, internal audit collaborates in the minimisation of the risks of frauds and potential errors that could result in a material misstatement. The level of the IAF and the extent to which the IAF incorporates quality assurance techniques into fieldwork and audits activities related to financial reporting, monitors the remediation of previously identified control problems. Also, the timing of Section 404 work and the nature of follow-up monitoring suggests that these aspects of IAF quality help prevent material weaknesses (MWs) from occurring (Lin et al., 2011, p. 287).Internal Audit plays a strategic role in organizations because it aims to add value to the results of the organisation, providing information to improve risk management and internal controls procedures. It is considered one of the pillars of corporate governance as it provides evaluation services and consulting. In other words, it is an important piece to the management of organisations, since it matches the results obtained with the strategy and the action plan prepared by the company in order to identify threats and/or opportunities for the achievement of futureresults.The existence of a good and active internal audit in the organisation is in itself a value-addition, considering that it could be used to reduce the amount of work that is required of the independent auditor with referece to IFAC 610. The usage of internal audit work by the independent auditors is generally considered in the extent deemed satisfactory to cover certain test that ought to be corroborated by the engagement.译文内部审计在组织中的作用引言企业界经历的转换实际上与全球化相关,组织之间的竞争加剧,迫使管理者更有把握地作出决策。

中英文翻译内部控制爆炸①摘要：Power的1997版书以审计社会为主题的探讨使得审计活动在联合王国（英国）和北美得到扩散。

由审计爆炸一同带动的是内部控制制度的兴起。

审计已经从审计结果转向审计制度和内部控制，它已然成为公众对公司治理和审计监管政策的辩论主题。

Power表示对什么是有效的内部控制各方说法不一。

本人对内部控制研究方面有一个合理的解释。

内部控制对非常不同概念的各个领域的会计进行探究，并研究如何控制不同水平的组织。

因此，内部控制研究的各类之间的交叉影响是有限的，而且，许多内部会计控制是研究是再更宽广的公司治理问题的背景下进行的。

所以，许多有关内部控制制度对公司治理的价值观点扔需要进行研究。

关键词：机构理论；公司治理；外部审计；内部审计；内部控制制度；管理控制1 概述Power的1997版书以审计社会为主题的探讨使得审计活动在联合王国（英国）和北美得到扩散。

由审计爆炸一同带动的是内部控制制度的兴起。

审计已经从审计结果转向审①Maastricht Accounting and Auditing Research and Education Center (MARC), Faculty of Economics and Business Administration, Universiteit Maastricht, P.O. Box 616, 6200 MD Maastricht, The Netherlands s.maijoor@marc.unimaas.nl Fax: 31-43-3884876 Tel: 31-43-3883783计制度和内部控制，它已然成为公众对公司治理和审计监管政策的辩论主题。

例如，在最近的对于欧洲联盟内外部审计服务的内部市场形成的辩论中，监管建议建立关于内部控制和内部审计制度。

虽然对有关内部控制的价值期望高，但Power表示对什么是有效的内部控制各方说法不一。

本人对内部控制研究方面有一个合理的解释。

外文翻译原文Audit committee and internal audit and the quality of earnings: empirical evidence from Spanish companies Material Source:Springerlink database Author:Laura Sierra Garcı ´a Corporate scandals and failures such as Enron, WorldCom, etc. were highly catastrophic and had a terrible effect on stakeholders. The pressure of globalisation and the intense competition have lead to organisations encouraging good corporate governance. Organisations have to promote transparency and accountability of fin ancial information.As Gramling et al. (J Account Lit23:194–244, 2004) argued there are four important mechanisms of corporate governance include boards of directors, audit committees (among others) and internal and external audit functions. However, this paper will focus on the relationship between two corporate governance mechanisms (audit committee and internal audit function). Thus, our purpose is to analyse the relation between characteristics of the audit committee and internal audit function and earnings management measured as abnormal accruals to test the quality of financial statements. We hypothesise that the association between the effectiveness of the audit committee and the presence of an internal audit function and its relationship with this committee would indicate less opportunity for management to manipulate earnings. Using a sample of 108 non-financial Spanish companies that traded on the Madrid Stock Exchange between 2003 and 2006 (432 observations), we have found that the size and number of meetings of the audit committee had a signincent negative association with earnings manipulations. Also, our results suggest that a negative relation between having an internal audit function and earnings management.Since the end of the eighties and early nineties, the topic of corporate governance began to attract much attention in the academic world. We think that this interest was primarily due to two reasons: changes in the way of governing companies because of globalisation, competition, new technologies and social and environmental concern;and,secondly, as a result of financial scandals in several companies. These scandals were usually caused, in general terms, by the conflict ofinterest inherent in the relationship between the owner and managers. In th is conflict, it was necessary to establish formulas for government to regulate the actions of all actors involved in companies. Furthermore, to enhance the credibility and transparency of financial information, as well as contributing to greater control of managers, different codes of corporate governance were issued in Europe in the nineties (such as the Cadbury Report in the UK, 1992; the Vienot I Report in France,1995; the Olivencia Report in Spain 1998).Different codes proposed a series of recommendations to improve the quality of the financial information through mechanisms to control the accountability of organisations. Good mechanisms such as an independent board of directors,effective audit committees, etc. are needed, both internally and externally, to help management to control their companies. Corporate governance mechanisms are defined by at least four mechanisms, among others: (1) Board of Directors and Management, (2) Audit Committees, (3) the Internal Audit Function and (4) the External Audit Function (Gramling et al. 2004).In Spain, the issue of corporate governance started in 1998. That year, a document entitled ‘‘The Government of Societies’’ (known as the Olivencia Report) was published. Spain, as with other European countries, took from the Cadbury report (UK 1992) similar recommendations about the board of directors, audit committees, etc. Five years after the publication of the first code, the second phase of developments started in Spain. The ‘‘Report by the Special Commission for the Furtherance of Transparency and Security in Listed Markets and Companies’’ (referred to as the Aldama Report) was published. This report goes one step further in the principles of transparency and security, as well as the degree of information and loyalty required. In 2006 and following Anglo-Saxon countries, the Unified Code (known as the Conthe Report) was published. On 25 July 2005, the Government agreed to set up a Special Working Group to advise the Spanish Securities Markets Commission (Comisio ´n Nacional del Mercado de Valores,CNMV) with regard to the harmonisation and updating of the Olivencia and the Aldama Report recommendations for good governance in listed companies. In the table below, we outline the Spanish Corporate Governance system regarding board of directors, audit committee and internal audit function.In 2002, between the first and the second report, a new law was passed in Spain The Financial System Reform Act (Law 44/22 November 2002) seeks to achieve greater transparency and improve th e credibility of financial information byregulating auditors’ independence and providing for the mandatory creation of audit committees in listed companies. This law forced all Spanish firms that traded on the Stock Exchange to have an audit committee and imposed that the committee president and a majority of its members were independent. But this law did not regulate the characteristics of the audit committee; the companies themselves have to regulate this in their statutes. Also, after the Aldama report, the 26/2003 law was passed in Spain. This law addresses the following governance matters: shareholder agreements, substantive and disclosure rules of corporate governance, shareholders meetings and duties of directors. The law forced listed companies to publish an annual report on corporate governance for the 2004 financial year.Based on the aforementioned and in order to ensure clarity, the main objective of this paper is to study the relationship between an effective audit committee and the presence of an internal audit function on the quality of financial information. We will focus on the audit committee because it is one of the elements responsible for overseeing the interests of shareholders and supervising financial statements. The audit committee should be efficient and provide maximum transparency. This organ of a company needs other groups, such as the internal audit function, to complete their effectiveness (Davidson et al. 2005). We will carry this out by examining the role that effective audit committees, and the presence of the internal audit function, play in mitigating earnings management from a sample of 432 non-financial Spanish companies that traded on the Madrid Stock Exchange between 2003 and 2006. Also, we want to point out that our research is important and unique because, to date,there has not been a study carried out on the relationship between the internal audit function and audit committees in Spain. In addition, our country has two laws on corporate governance that make it different from other European countries.The remainder of this paper is organised as follows: Sect. 2 briefly review previous literature on the links between corporate governance mechanisms and earnings management. Furthermore, we provide our hypotheses. Section 3 describe the research design: the sample, model and main results. Finally, Sect. 4 sets out ou conclusions.A great number of studies are focused on the independence of directors (Beasley and Salterio 2001; Vafeas 2001; Klein 1998; Menon and Williams 1994; Vicknair et al. 1993; Verschoor 1993). Many of these authors concluded that an audit committee formed exclusively of external and independent directors would result in better accountability and transparency for organisations.We found studies related to the independence of the audit committee and earnings manipulation. Klein (2002b) carried out a study of 692 companies in the US and the results showed that audit committee independence was negatively associated with abnormal accruals, and reductions in audit committee independence was associated with large increases in abnormal accruals. Yang and Krishnan (2005) found a significant connection between audit committee independence and quarterly discretionary accruals. Bradbury et al. (2004) found audit committee independence was related to higher quality accounting. Thus, the results indicate that audit committees are more effective when they are comprised of independent directors.Also, in the Spanish context, we found that studies such as Pucheta-Martı ´nez et al. (2005); provide evidence, in a sample of 86 Spanish firms between 1996 and 2001, that the existence of an audit committee and its composition did not affect the quality of financial reporting. Furthermore, Pucheta-Martı ´nez and De Fuentes (2007), in a sample of 142 Spanish companies observed in 1999, argued that the voluntary formation of audit committees was positive related to independent members of the board. However, these studies were conducted before the new law in 2002 when corporate governance requirements were less severe and less related to the quality of financial statements. Nowadays, this has completely changed.In summary, the majority of studies argue that the presence of external and independent directors in the audit committee increases the quality and credibility o financial statements. Furthermore, corporate governance codes, such as the Smith Report (2003) in England or the Unified Report (2006) in Spain, recommended the presence of independent members on the audit committee.The size and the number of meetings of audit committees are mentioned in numerous codes or recommendations on Corporate Governance, such as the Cadbury Report (1992) and the Smith Report (2003). These reports recommended aminimum of three members on the audit committee. The Blue Ribbon Committee Report (1999) recommended a minimum of three members and four meetings a year for effectiveness of audit committees. The Sarbanes–Oxley Act (2002) stipulates a minimum of three members.The internal audit function has become an important mechanism for corporate governance in the last few years (IIA 2005). First of all, we investigate whether firms have an internal audit function and improved corporate governance(Scarbrough et al. 1998; Raghunandan et al. 2001; Goodwin 2003; James 2003). Secondly, we look at whether the audit committee and the internal auditfunction have a good relationship; they could enhance good corporate governance. As Gramling et al. (2004) argue, the internal audit function is one of the four cornerstones of corporate governance. The head of the internal audit function should inform about their progress to the audit committee.Several authors claim that a good relationship between the audit committee and internal auditors is necessary for the effectiveness of good internal control mechanisms and to improve the quality of financial statements. (Cooper and Craig 1984; Cooper et al. 1989; Rezaee and Lander 1993; Lightle and Bushong 2000; Nagy and Cenker 2002; Anderson 2004; Harrington 2004).Kalbers (1992), in a survey, concluded that 31% of the respondents stated that internal auditors did not have meetings in private with the audit committee in a whole year. Likewise, Scarbrough et al. (1998) informed that 24% of the interviewed companies with an internal audit function did not have access to the audit committee. However, McHugh and Raghunandan (1994) related that 65% of the interviewed companies had meetings with the audit committee.Strawser et al. (1995) and the Treadway Commission (1987) argued that the quality of the internal audit function (as a component of the structure of internal control of the company) was enhanced when the internal audit department reported directly to the audit committee. That is to say, if there is a robust working relationship between the audit committee and internal auditors then they could fulfil their duties.Some authors have tried to relate audit committee members with the internal audit function. For example, Raghunandan et al. (2001), in a survey carried out of 114 chief internal auditors, showed that audit committees with only independent directors, and at least one director with accounting knowledge, were more likely to have more meetings with the head of the internal audit department. Scarbrough et al.(1998), in a study carried out in Canada of 72 heads of internal auditors, showed that audit committees exclusively comprised of independent directors were more likely to meet with internal auditors and review their work. In accordance with Cooper (1993), the head of internal audit departments should report directly to the audit committee and have frequent meetings with this committee. Thus, DeZoort and Salterio (2001) showed, in a sample of 18 heads of internal audit departments, that good communication between internal auditors and audit committees could improve corporate governance quality.In conclusion, the studies reviewed showed that for internal auditing to be effective it should have a relationship with the audit committee, which togethercould improve corporate governance issues. These lead to the following hypotheses: H2.1 The existence of an internal audit function is negatively related to Earnings Management.H2.2 Meetings between the internal audit function and the audit committee is negatively related to Earnings Management. Finally, we have studied the interaction between an effective audit committee and the presence of the internal audit function. An effective audit committee, following the Blue Ribbon Committee Report (1999), is one which has an independent audit committee, at least four meetings per year and has a minimum of three members.译文审计委员会和内部审计：来自西班牙的公司的经验证据资料来源:斯普林格数据库作者：劳拉塞拉利昂安然、世通公司发生灾难性的丑闻，产生了可怕的影响。

外文翻译原文Audits of Internal ControlMaterial Source:/cpajournal/2005/505/essentials/p22.htmAuthor: Jack W. PaulMAY 2005 - The Sarbanes-Oxley Act of 2002 requires public accounting firms that audit public companies to register with the Public Company Accounting Oversight Board (PCAOB) and to adhere to professional standards established by the board for audits of public companies. The PCAOB’s pronouncement, Auditing Standard 2, An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements, requires auditors to issue an opinion on the effectiveness of their public company clients’ internal control.On June 5, 2003, the SEC issued Release 33-8238 to implement section 404(a) of the Sarbanes-Oxley Act (SOA), which requires management to include in the annual report to shareholders its assessment of the effectiveness of internal control. The company’s external auditors must attest to and report on management’s assessment for fiscal years beginning on or after January 15, 2006, for accelerated filers, and on or after July 15, 2006, for no accelerated filers. Standard 2 imposes many new responsibilities on public companies’ auditors and, by extension, on the public companies themselves. In it over 200 pages, Standard 2 delineates the PCAOB’s expectations for an internal control audit.Auditor’s responsibilities. Standard 2 requires the auditor to do the following: •Understand and evaluate management’s process for assessing the effectiveness of the company’s internal control over financial reporting.•Plan and conduct an audit of the company’s internal control.•Based on this audit, provide an opinion on management’s written assessment about the effectiveness of the company’s internal control.This opinion incorporates the auditor’s opinion on the effectiveness of the company’s internal control over financial reporting.These responsibilities augment those required for the financial statement audit. Included EntitiesIn general, the scope of the audit of internal control includes all entities over which management has the ability to affect internal control:•Entities acquired on or before the date of management’s assessment as of the end of the fiscal year, including consolidated entities or those proportionately consolidated; and•Those accounted for as discontinued operations at the end of the fiscal year.In some situations, such as when management does not have the ability to affect the controls of an equity method investee, the auditor’s s cope includes only the controls related to the investor’s financial reporting of its interest in the investee, rather than the controls in place at the investee. The applicable controls are those designed to ensure proper application of the equity method in reporting the company’s proportion of investee income or loss, the investment balance, adjustments, and disclosures. Variable interest entities (VIE), defined in FASB Interpretation 46, are treated in a similar fashion when management is not the primary beneficiary and does not consolidate the VIE. Importantly, the auditor must evaluate the reasonableness of management’s claims regarding its inability to affect controls at such entities.Whereas design effectiveness pertains to whether a control is properly crafted, operating effectiveness deals with use of a properly designed control to prevent, detect, or correct misstatements or irregularities on a timely basis. For example, a daily reconciliation of cash receipts is not effectively designed when the cashier performs the reconciliation. But if an independent person is designated to perform the reconciliation and the other procedures are properly documented, the control is effectively designed. The control is not operating effectively when the independent reconciler either fails to perform the reconciliation daily or does so in a perfunctory manner. Design effectiveness of this control could be tested by reviewing documentation to ensure that the procedures are satisfactory. Operating effectiveness could b e tested by examining the reconciler’s initials on the daily reconciliation sheet.A striking difference between a financial statement and an internal control audit relates to the opportunity to correct deficiencies. Whereas a company can correct material misstatements detected during a financial statement audit by accepting the auditor’s proposed adjustments, if the auditor detects a material control weakness, itmay not be possible to fix it in time. Because the auditor’s opinion is “as of” the balance sheet date, the auditor must issue an adverse opinion on internal control when material weaknesses exist, even when the company receives an unqualified opinion on the financial statements.Take as a whole. The auditor exercises judgment to ascertain those accounts considered “significant” or more than material. The auditor also considers qualitative characteristics. For example, investment balances not material to the overall financial statements may obscure the true nature of the relationship, especially when the investment is in partially consolidated entities or involves debt guarantees. And certain accounts that are liquid or incorporate significant estimates are riskier than others. Examples include cash, marketable securities, and warranty liabilities.Point in time. Internal control procedures can relate to either transaction flows or account balances, sometimes referred to as “stocks.” Examples of controls relating to transaction flows include approving cash disbursements; prelisting cash receipts; approving credit sales; and matching purchase orders, vendor invoices, and receiving reports when booking accounts payable. Controls over balances (stocks) include periodic reconciliation of bank accounts; reconciliation of subsidiary ledgers with control accounts; procedures for physical inventory counts; and controls governing the periodic preparation of financial statements. Overarching controls include the factors comprising the control environment. Overarching controls and those pertaining to flows operate continuously throughout the fiscal period; controls relating to balances typically operate less frequently. Thus bank accounts are reconciled monthly, whereas controls over cash flows are continuous.Timing considerations. Controls must operate for a long enough period, which need not be an entire fiscal year, to provide sufficient confidence in the auditor’s control tests. Accordingly, the auditor must make several observations of controls that operate only at a point in time. Controls that operate infrequently should be tested closer to the “as of” date. These include controls over: the periodic preparation of financial statements; individual account balances; and no routine transactions. Consider a calendar-year company that begins the procedure of reconciling the accounts-receivable subsidiary ledger to the control account only at the end of December. The auditor might conclude that one observation is not sufficient to evaluate this control’s operating effectiveness.These considerations suggest that an unqualified opinion on internal control should state: “The controls were effective for a sufficient period of time during the fiscal year to be able to support the conclusion that they were still effective at the end of the period.” Nevertheless, Standard 2 calls for expressing an opinion as of a point in time, the end of the fiscal year.PCAOB Standard 2 requires the auditor to obtain evidence of the effectiveness of controls pertaining to all relevant assertions for all significant accounts each year; each year must stand on its own. It also calls for the auditor to vary the nature, extent, and timing of testing from year to year to introduce unpredictability and to respond to changing circumstances. Examples of variations include changing the number of tests performed and adjusting the combination of testing procedures.Audit ReportsStandard 2 specifies the content of the report on internal control. Auditors should be aware of several factors:•An auditor may provide either separate or combined reports on the financial statements and internal control.•Whereas the opinion on the financial statements typically addresses multiple periods, the opinion on internal control covers only the most recent fiscal year.•When an auditor issues separate reports, the annual report must contain both.•The reports should have the same date, normally the last day of fieldwork.•An auditor’s report on management’s assessment of internal control over financial reporting includes an opinion on the company’s internal control.When the auditor issues an unqualified opinion on the financial statements but an adverse opinion on internal control, due to one or more material weaknesses, the report should indicate that the conduct of the financial statement audit took those material weaknesses into account. This information helps readers of the financial statements understand why the auditor gave an unqualified opinion on the financial statements. The auditor should include similar language when the adverse opinion on internal control affects the opinion on the financial statements.Most Likely Reasons for Opinion ModificationsAs a practical matter, opinion modifications are likely to arise from three circumstances:•Material misstatements detected by the auditor were not identified by the company. This situation could result in an adverse opinion.•Inadequate documentation. This situation is a control deficiency that may constitute a material weakness if extensive. In this case, the auditor renders an adverse opinion.•Inadequate management assessment creates a scope limitation requiring a disclaimer, a qualified opinion on internal control, or withdrawal from the engagement.Because it requires the auditor to go well beyond the review and evaluation of controls that was the norm for reporting on financial statements, Standard 2 promises to fundamentally alter the control systems in public companies and auditors’ assessment of them, thereby providing additional assurance to u sers.译文内部控制审计资料来源:http:// /cpajournal/2005/505/essentials/p22.htm作者：杰克·保罗2005年5月的萨班斯-奥克斯利法案, PCAOB发布了其第2号审计标准：“与财务报表审计相关的针对财务报告的内部控制的审计”，该标准关注对财务报告的内部控制的审计工作，以及这项工作与财务报表审计的关系问题。

内部审计外文文献翻译内部审计在沙特阿拉伯的发展：协会理论透视内部审计职能的价值1早先的研究已经运用各种各样的方法来制定适当的标准以评估内部审计职能的有效率。

比如说，视遵照标准的程度为影响内部审计表现的其中因素之一。

一份1988年国际会计师协会英国协会的研究报告就致力与研究内部审计作用价值中高级管理层和外部审计员的认知力。

这项研究证明了衡量所提供服务的价值的艰难性就是做评估的主要障碍。

收益性，费用标准以及资源利用率都被确认为服务价值的衡量标准。

在这项研究里，它强调了确保内部审计工作应遵从SPPIA的必要性。

在美国，1988的Albrechta研究过内部审计的地位和作用，还为了能有效的评估内部审计的效率特别制定出一套框架。

他们发现有四个能让内部审计部门发展从而提高内部审计效率的要件：一个合适的企业环境，高级管理层的支持，具备高素质的内部审计人员以及高质量的内部审计工作。

在这项研究里学者们强调管理层和审计人员都应该承认内部审计职能对于企业来说是一种具有增值性的职能。

在英国，1997年，Ridley 和D’Silva证明遵循专业标准的重要性是促进内部审计职能增值功能的最重要的因素。

遵循SPPIAAbdulrahman A. M. Al-Twaijry, John A. Brierley and David R. Gwilliam* Internal Audit Research大量的研究都特别专注于内部审计部门对于SPPIA遵从性的研究。

1992年，Powell et al对11个国家的国际会计师协会的成员进行了一项全球性的调查以证明是否有全球性的内部审计文化。

他们发现对这11个国家的国际会计师协会成员的调查中，有82%的是遵循SPPIA的。

这个蛮高的百分比率促使学者们建议SPPIA提供内部审计这个职业全球化的证据。

许多的研究已经关注涉及到独立性的SPPIA标准。

1981年，Clark et al发现内部审计部门的独立性和内部审计人员所做报告的权威性是影响他们工作客观性的最至关重要的两个因素。

附录A:internal control systeminternal control the management of internal checking, with the development of society has put forward the accounting control, management control, internal control structure, internal control integrated framework, internal control risk management framework, concepts.1.internal checkingas recorded in the historical books, as early as in the year before 3600 left and right of the Mesopotamia Cultural period, which, at that time was extremely simple financial management activities, the author requested the money to be paid for by money payment list, and by another record will be the inventory reconciliation and summary reports; and in ancient Egypt, the oversight officer of the institution; and the ancient Roman Empire of the royal treasury, there has been a double account; my Western Zhou period there have been "a bit financial access, the tree, the eyes and ears had been chapter." The period during the Song dynasty in the main library and 3 in the easy. All of these are internal checking of the application. Therefore, internal checking a person is not safe disposal account, and another person cannot be independent of the control system, that is to say it must be two employees of mutual restraint and mutual inspection. internal checking the implementation of the system is to two is of universal significance of the basic assumption that: One is two or more than two persons or departments inadvertently committing the same the possibility of errors is very small, 2 is two or more than two persons or departments of conscious collusion collusion and fraud of possibilities is far lower than a single individual or department for fraud. As part of its internal control, internal checking requirements in management, all the assets and cash and cash equivalents of receipt and payment, clearing and its registration, it should be by two or more people to deal with, in order to check each other, and troubleshooting the disadvantages.2.internal control systemwith the industrial revolution, the AB, the market competition is becoming increasingly intense, the original simple internal checking system gradually by individual economic control to all economic activities. The United States registered accounting belonging to the Association of the audit procedures in the 1958 release of the 29 audit procedures bulletin the independent auditors evaluating internal control of the internal accounting controls, in the internal control in the internalaccounting control", and "internal management control, and the internal accounting control" is defined as: "The security of property and the accuracy of the accounting records, and reliability with direct contact of the methods and procedures. internal accounting control, including the authorization and approval system, the financial assets of the physical control; accounting and preparation of financial statements, their property assets, and other on-the-job separation; as well as the internal audit and control.In 1972, the American Institute of Certified Public Accountants in the Auditing Standards Bulletin No. 1 in accounting control and management control of the definition of a re-specification. The notice pointed out that the accounting control plans and procedures, in order to safeguard assets and financial data for reliability, and for the following points provide reasonable assurance that: 1. Implementation of the economic business must meet the level of a general authorization or special authorization requirements; 2. Record economic business must, in accordance with generally accepted accounting principles, or other criteria based on financial statements, and the protection of assets; 3. To access assets, must be approved by the senior management; 4. accounting personnel must be in a certain interval period, the assets of the account number for the amount and the physical assets of the number and amount in the inventory stock, once it is found that difference, it is timely to take effective measures to remedy the situation. In 1973, the Auditing Standards Bulletin No. 1 of the amendment, it is necessary to further improve the accounting control of the definition and scope.3 internal control structure80's of the 20th Century, Western auditors gradually believe that internal control should be the focus of the internal control structure. In 1988 the American Institute of Certified Public Accountants in the audit guidelines Bulletin No. 55 of the notice stated that: "The Enterprise Internal control structures, including the provision to meet enterprise-specific goals and establish the norms and procedures. Notice of the internal control structure of the 3 elements, namely the control environment, the accounting system and control procedures. control environment, including the establishment of, and the strengthening or weakening of specific policies and procedures that affect various factors; accounting system provides the economic business identification, analysis, classification, and registration, as well as a report of the method, at the same time it made clear the assets and liabilities of the operational and management responsibilities; and control procedures wherebymanagement guidelines and procedures, with a view to achieving a certain goal. internal control structure, there are no longer clear distinction between accounting control and management control, and the content and scope has expanded to include more management control of the content. The salient features of which are the control environment, the elements, and stressed that the management of internal control of the attitudes, awareness and behavior, and control of their environment, lease, and that these factors is to achieve control objectives of the environment that requires auditors to assess the risks involved, in addition to our concern about accounting system and control procedures, it is responsible for the internal and external environment for evaluation. From the accounting control" and "management control" of the case, and that the internal control structure of the building, so that internal control has expanded the scope and content, and, more importantly, from a single policy and procedural changes to the 3 elements of build Chongqing people have learned, + thesis into the "structure" in order to bring about the internal control of the heat sink to the system of change and development. This shift also led the internal control from the technology-oriented enterprise to guide development.4 internal control the overall research frameworkto the 1990s, in order to curb the ever fiercer accounting fraud activities, 1992 COSO Committee published the internal control integrated framework report, as a result of the 1994 revision, and the internal control is defined as: "The internal control is a business by the Board, the management and other staff, the management layer is designed to achieve the following objectives and provide reasonable assurance that the process: Improve business performance and efficiency, and ensure that the financial reporting reliable and relevant laws are followed. Report and the internal control of the "3 elements" to "5 elements, namely control environment, risk assessment, control activities, information and communication, and monitoring. Since then, internal control into the overall framework of the era. COSO consolidation of the internal control framework emphasized the following concepts: the first, internal control is a long-term process that is used to achieve the purpose of the tool, and not an end in itself; its 2, internal control is in the organization at every level of staff, and is not simply a policy, the manual and a table; its 3, the internal control of the board of directors and management to provide reasonable assurance that, rather than an absolute guarantee of its 4, the internal control by adjusting to achieve one or more independent, but there are cross-cuttingobjectives.5 risk-management frameworksince the start of the 21st century, there have been a few major events, in particular, the Enron bankruptcy, WorldCom's scandal and Xerox's take account of events, the heavy blow to the investor confidence in capital markets. Based on this, and in 2004 for the month of September, the Commission COSO published the enterprise risk management framework, the constructor has an internal risk control framework, internal control of 4 goals and 8 major elements. 4 goals, strategic objectives, operational objectives, objective of the report and the legitimacy of target. 8 elements, respectively, to control the environment, goals, risk identification, risk assessment, risk response, control activities, information and communication, and monitoring. The report also pointed out that the risk to the business management is a process, and it is composed of a main body of the board of directors and management, as well as all of the other employees, and to the specified strategic and cross-cutting the enterprise production and management, and is designed to identify and assess the possible impact that the principal objectives of the potential issues and risk management, and to make it to the main goal of providing a risk capacity within reasonable assurance.The COSO for the enterprise risk management" concept of the State, has a strong emphasis on the following concepts: A. enterprise risk management is a process, and it flows to the business; B. enterprise risk management is applied to develop a strategy for the entire process; C. enterprise risk management is in the organization at all levels of all staff in the implementation of the; D. enterprise risk management throughout the business, at all levels and units, including the Enterprise at all levels of the risk portfolio;E. enterprise risk management to identify any in the event of a may affect business operations and production potential, and the risk to control the inclusion of risk capacity; F. enterprise risk management will be able to provide a corporate board and management to provide reasonable assurance that; G Enterprise Risk Management's goal was to achieve one or more different types, but also cross-cutting goals.附录B:内部控制制度发展内部控制源于企业管理的内部牵制，随着社会的发展先后提出了会计控制、管理控制、内部控制结构、内部控制整合框架、内部控制风险管理框架等概念。

外文翻译Risk Analysis-Specific Procedure of the Internal AuditMaterial Source:Annals of the University of Petrosani Author:George;TraianRisks, as inherent elements in the conduct of any activity, can lead to different effects. In the literature there are found many definitions of the risk. Thus, one of the recognized experts in the French environment, Dominique Vicente, quoted in the literature in Romania, considers that: “risk is a threat in the purpose that an event or action to have an adverse impact on the company's capacity to fulfill its objectives successfully”. In another publication in the area, Risk Management: Changing the Internal Auditor's Paradigm, two renowned experts, David Mcmanee and George Selim, argue that “risk is a concept used to expre ss uncertainty about the event and/ or their results, which may have a significant effect on the objectives of the organization”.International Standards on Internal Audit define risk as “the probability of producing an event that may impact on the achieve ment of the objectives”. Internal audit rules applicable to public sector entities define risk as being ,“any event, action, situation or behavior with negative impact on the public entity's ability to achieve its objectives”. Analysis of such definitions points out that risk is a problem which has not yet occurred but could occur in the future, where it constitute a threat to the entity regarding the achievement of the objectives set by the multiannual and annual plans and those concerning each function of the enterprise; the risk should be seen as a combination of probability and impact.Considering the volume on the impact, there may be strategic or operational risks (in some approaches appear intermediate risks or program risks as well). Also, some risks have their origin in the external environment of the organization (external risks), and others are risks of the organization itself (internal risks). However, risks can be seen in the light of nature of the activity, in which case they may be risks: legal, judicial, financial, professional, social, commercial, informational, operational, environmental, image (goodwill), property. For illustrating different types of risks that may affect the activity of an entity, we consider as representative the tableshown below including the categories of risks.According to General rules regarding the exercise of public internal audit activity, the main categories of risks are: organizational risks (unformalized procedures): lack of clear responsibilities, insufficient organization of human resources, inadequate documentation, outdated; operational risks: not recording in the accounts, improper archiving of justificatory documents, lack of control on high-risk operations; financial risks: unsecured payments, not detecting financial risk operations; - other risks: risks arising from legislative, structural changes or managerial changes.From the above it results that the risks must be identified and evaluated in terms of the combination of its two components namely, the probability that something (the risk) may occur and the impact (the consequence in the objective) that the materialization of such probability will have:a) Measuring the probability means determining the likelihood of occurrence probability of a specific result. We would like to recall that the risk is a problem (situation, event) that may occur (to materialize), case that leads the objectives to be affected. In other words, there is uncertainty in the occurrence of the situation or event that may affect the achievement of the objectives. The probability is a measure of uncertainty. The probability of risk’s advent varies from impossibility to certainty and is expressed on a scale of values on three levels: low probability, average probability, high probability.In practice, for the probability of risk’s advent measurement, two criteria are used: a.1. vulnerability assessment of the entity. To make the assessment, the auditor will examine all the factors that could have an incidence on the vulnerability of theexisting technical means. The vulnerability is expressed on three levels: low vulnerability, average vulnerability, high vulnerability.a.2. assessment of internal control. The assessment of internal control is based on an analysis of the entity's internal quality control on three levels: appropriate internal control, insufficient internal control, deficient internal control.b) Measuring the severity of the consequences of the event (at impact level). The impact represents the consequence on the expected objectives (outcomes), which may be, depending on the nature of the risk, positive or negative. In some situations, especially when it comes to strategic objectives and the organizations are complex (alike, complex projects, complex activities), the assessment of impact becomes a difficult problem that requires impact studies. But, in an organization, most risks are not of the above mentioned the nature and their impact can be measured with considerably less effort. The impact of any risk is characterized by the consequences of different natures. Besides qualitative consequences, expressed in a descriptive way, can be identified and consequences can be expressed in terms of budget (costs), effort (work time) and time (possible delays in the allocated period to achieve the objectives).Performing risk analysis in accordance with the rules of internal public audit,supposes crossing the following phases:A. Identify the risks associated activities. Identifying the risks associated to the objects that may be audited, has as its starting point, the analysis of the objects and / or the operations covered by the Centralized list of objects that may be audited. For this purpose, the auditors collect information about the objects that may be audited, information which are then examined in order to determine their impact on the mission.Regarding the information that the auditors need at this time of deployment of internal audit activity, reviews the literature points out that these concerns: business objectives and goals; rules, plans, procedures, legal and contractual regulations which may have significant impact on the operations; audited entity/structure: number and names of the employees, employees who occupy key positions, job descriptions, changes in the organizational structure, changes in information systems; the income and expenditure, turnover and financial data regarding the audited activity; working documents of previous internal audit assignments; results of other missions, including external auditors, completed or under development; corre- spondence files to detect important problems; information on the technical reference documentation for the activity being audited;technical reference documentation for the activity concerned.However, in order to achieve the analysis of risks, the auditors should assess the processes of risk management. Regarding these issues, The International Internal Audit Standards states: “We must distinguish between the assessment of risk management processes and risk analysis that the auditors must make, in order to plan their activities. However, the information resulting from a full risk management process and in particular from the identification of the subjects of interest to the managers and the Council may help the internal auditor to plan audit activities”. In such conditions and requisitions we consider as necessary the following presentation of several issues that may be considered as useful in terms of the auditor's awareness of the situations they may encounter in practice.A first practical issue that can be incorporated, relates to the situation where the risk management process, as part of the organizational management process is well organized within the entity1, in which case there is a risk registry book that highlights the main risks, identified and assessed, associated with relevant objectives. Because the risks are constantly changing, the auditor will be interested to see whether the risks and their mitigation measures were reviewed regularly and recently.If this is evident in practice, the auditor will be interested to explore and validate the content revision, or if full, current and well-founded.Finally, if the auditor concludes that the risk registry book is a good basis to guide the audit activity, he will focus on the higher risks involved, to ensure that control instruments are put with effectiveness in practice. Likewise, it should be mentioned that these risks are seen by the auditor on one hand as an "exposure" because the control instruments are not sufficiently consistent, and on the other hand as a potential for adding value based on the made recommendations.Another relevant practical issue to this problem, is specific to entities that do not have organized such a risk registry book and the management does not have a clear idea on the most important risks they are facing. In these circumstances, the auditor should discuss with the management about the risks, their impact and probability. This thing is recorded by the internal auditor as part of the audit trail. If the management is not very concerned by these risks, the auditor should seek to identify and assess the risks on his own knowledge and experience and using all other sources of information that is available. This can be done only when all other options mentioned above have been already explored and considered as inappropriate. In practice this first phase of risk analysis procedure is completed by internal auditors through elaboration of the document called Identification of risks. Regarding this document, the internal auditing standards applicable in Romania do not provide a standardized templatet, leaving it up to the professionals to prepare this document as necessary.B. Establishing the criteria, weightings and levels of risk assessment. On the subject of risk assessment, the internal auditor should develop an assessment methodology. Best practice in the field recommends that the structure of the internal audit to establish a set of criteria (factors), objectives for impact measurement and another set of instruments as targets for measuring the probability. In international practice, the impact criteria include financial criteria, operational criteria, reputational criteria, compliance criteria etc., and the probability criteria are often a combination of experience and insight sustained by information. The rules of internal audit in Romania, applicable to public economic entities, recommends for the risk analysis the following factors/criteria of risk: assessment of internal control, quantitative assessment, qualitative assessment.C. Determination of risk level and determining the total risk score. Based on the risk factors described above in this phase of the risk analysis procedure, a riskassessment is carried out associated to the activities that may be audited which materializes in: applying to the weights of the risk factors for assessing the level of risk, risk factors, based on evaluations conducted by internal auditors; determining total risk score is achieved by applying the share of each risk assessment factor level to determine the total score.D. Risk Ranking based on total scores. After the calculation, the phase of Appraisal of the level of risk and determining the total risk score is necessary to indicate to which level of risk corresponds numerical result of the calculation. To conduct this work, it is necessary to establish intervals which will indicate the level of risk, in fact the priority it gives a risk audit. Best practice in the field recommends that in establishing the size of the interval, to consider the available resources within the entity in order to carry out the mission of internal audit. Internal audit rules applicable to public economic entities in Romania, recommends sharing the risks - depending on the risk factors taken into analysis – on three risk levels: low, medium, large. At the same time, practice in the related area from our country, recommends for risk classification in the case of three risk factors, using the following intervals: small risk from 1.0 to 1.8; average risk from 1,9 to 2,3; high risks from 2.4 to 3.0. All activities developed by the auditors in this phase of risk analysis are summarized with a summary document - Ranking objects that may be audited, which the legislation has enabled the user to adapt to his needs.E. Hierarchy of activities / operations depending on risk analysis. Prioritizing activities which are to be audited shall be based on previously prepared document. For the successful completion of this activity is necessary to take into account the number of staff, available time, other activities taking place within the structure of internal audit and risk analysis specifically identified in other areas of the entity.F. Develop the detailed thematic of the internal audit mission. The detailed thematic of the internal audit mission is that phase within the internal audit mission, which is done by selecting objectives that may be audited, having as starting point the Table of strengths and weaknesses document, which were assessed as weaknesses and will be considered further for auditing. Regarding the method of selecting objects that may be audited, we consider it appropriate to mention the view of experts from Romania, respectively, “In practice usually there are considered all the objectives that were classified as weaknesses, but may be covered by the auditors and objectives that are qualified as strengths, if the auditor believes it necessary to investigate whether the internal control system is functioning”. Theresults of this work are reflected in elaboration of the the detailed thematic of the internal audit mission document, for which the rules of internal audit applicable to public economic entities, do not recommend to use a formalized document, leaving it up to an auditor to use this document in accordance with his needs.译文风险分析——内部审计的特定过程资料来源:帕特罗萨尼大学经济学年报作者：卡罗特乔治，特拉扬风险，作为任何活动的内在因素，会对活动造成不同的影响。

外文文献及翻译THE CONCEPT OF INTERNALCONTROLSYSTEM: THEORETICALASPECTVaclovas Lakis, Lukas Giriūnas*Vilnius University, LithuaniaIntroductionOne of the basic instruments of enterprise control, whose implementation in modern economic conditions provide conditions for achieving a competitive advantage over other enterprises is the creation of an effective internal control system. In the industry sector, the market is constantly changing, and this requires changing the attitude to internal control from treating it only in the financial aspect to the management of the control process. Internal control as such becomes an instrument and means of risk control, which helps the enterprise to achieve its goals and to perform its tasks. Only an effective internal control in the enterprise is able to help objectively assessing the potential development and tendencies of enterprise performance and thus to detect and eliminate the threats and risks in due time as well as to maintain a particular fixed level of risk and to provide for its reasonablesecurity .The increasing variety of concepts of internal control systems requires their detailed analysis. A detailed analysis of the conceptions might help find the main reasons for their increasing number. It may also help to elaborate a structural scheme of the generalized concept of internal control. Consequently, it may help decrease the number of mistakes and frauds in enterprises and to offer the precautionary means that might help to avoid mistakes and build an effective internal control system.The purpose of the study: to compile the definition of the concept of internal control system and to elaborate the structural scheme of the generalized conception for Lithuanian industrial enterprises.The object of the research: internal control.To achieve the aim, the following tasks were carried out:to examine the definitions of internal control;to design a flowchart for the existing definitions of internal control;to formulate a new internal control system definition;? to identify the place of the internal control system in a company’s objectives and ? its management activities.Study methods: for the analysis of the conceptions of control, internal control, theconcept of internal control system, systematic and comparative means of scietific methods of analysis were used.1. Research of control conceptionAccording to J. Walsh, J. Seward (1990), H. K. Chung, H. Lee Chong, H. K.Jung (1997), control may be divided into two types – internal and external controls those might help to equalize authority or concerned party‘s attitudes to some certain organization control. Internal control involves the supreme enterprise control apparatus and enterprise shareholders, whereas external control might be defined as the power in the market or branch, competitive environment or state business regulation. Such analytical division is essential when analysing industrial or other enterprises, because this attitude to control makes it more specific and properly defined.The identification of an appropriate primary theoretical base is an important task in forming the structure of knowledge about the study subject. Appropriately selected conceptions enable to elucidate the essence of the processes, to characterize them and to realize their interplays and interaction principles. Conceptions may be defined as a summation of empirical cognition which transforms practically achieved results into conceptions. The above ideas might be taken as abstractions and lead to an ungrounded conclusion, and through conceptions the reality might be lost. Operating with more than one conceptions allows to form a universal opinion about the reality. Noteworthy, when operating with conceptions an optimal agreement might be found between theory and practice: using the common point of contact –conceptions –a theorist and a practician will always find the way and understand one another.The main problem of internal control is related to the definition of control conception and the identification of the place of internal control in an organization. Constant changes of the extent, functions and roles of internal control enable to form acommon definition of internal control and to identify its place in an organization.Analysis of the concept of internal control and its interpretation are essential for assessing the internal control system, because the conception of control is widely used not only in scientific research, but also in the daily activities of an enterprise; therefore the same conception might have a lot of various meanings and interpretations. Analysis of the concept provides conditions for the further research, because it is impossible to form a model of internal control assessment if the research object is unknown. A lot of definitions and variations of control can be found in thepublications by Lithuanian and foreign scientists and in public information sources. For example, in the Dictionary of International Words (2002), control is defined as: supervision, inspection of something; comparison of actual and required ? conditions; an enterprise or a group of people that control the work and responsibility of other ? enterprises or groups of people;maintenance of something.?In addition to the above seven internal control, and documentation control. Performance control and worker quality control, etc. The new system of accounting supervision system on the unit interior, the main contents of the internal control system.On the other hand, in the specialized Dictionary of Economic Terms (2005), control is defined as a performance with a definite influence on the management of an enterprise, as rights based on laws and contracts that involve proprietary rights to the whole property or its part, or any other rights that enable to exert a significant influence on the management and performance of an enterprise, or state supervision. Even in common information sources the definitions of control are formulated differently, although the common meaning is quite similar. Analysis and practical studies of Lithuanian scientists’ works enable to state that there is no one solid concept, definition or description of control. For example, E. Bu?kevi?iūt? (2008) says that when control is more particularly defined, its rules and requirements are described in more detail, it becomes more effective, more specific, more psychologically suggestive, it gives more freedom limits of choice for supervisors and less possibilities of lawlessness for people under control when. Identifying the object of the research, it should be noted that different definitions of control are given in scientific studies by Sakalas, 2000; Navickas, 2011; Katkus, 1997; Bu?kevi?iūt?, 2008; Drury, 2012; Bi?iulaitis, 2001; Lee Summers, 1991; Patrick, Fardo, 2009; Spencer, Pickett, 2010; Gupta, 2010 and other Lithuanian and foreign scientists (see Fig. 1).The different conceptions and their interpretations indicate that there is no solid opinion about how to define control, and even scientists and practicians themselves do not agree upon a unified definition or description of control or the conception of internal control and its interpretations. In scientific literature, different interpretations of control conceptions are usually related to different aspects of this conception, and their meaning in different situations may be defined in different ways depending on the situation and other external factors. According to A. Katkus (1997), C. Drury (2009), R. Bi?iulaitis (2001), D. R. Patrick, S. W. Fardo (2009), K. H. S. Pickett (2010), during a long-term period control is usually related to achieving the alreadysettled goals, their improvement and insurance. In other information sources (Dictionary of International Words, 2002; Sakalas, 2000; Bukeviiūt, 2008; Lee Summers, 1991) control is emphasized as a certain means of inspection which provides a possibility to regulate the planned and actual states and their performance. Despite these different opinions, control might be reasoned and revealed as a traditional function of any object of control, emphasized as one of the main self-defence means from the possible threats in the daily performance of an organization. There is also a more modern approach. For example, V. Navickas (2011) and P. Gupta (2010), presenting the concept of control, name it not only as one of the main factors that influence the organization’s performance and influences its management, but also as one of the assessment means of the taken decisions and achieved values. Such interpretation of the conception of control shows the main role of control. For example, R. Kanapickien? (2008) has analysed a big number of control definitions and says that only an effective and useful control should exist in an enterprise because each enterprise tries to implement its purposes and avoid the possible losses, i.e. mistakes and frauds. According to J.A. Pfister (2009), there are several types of control, and they can be grouped into strategic, management, and internal control. Thus, different researchers give different definitions of control, their descriptions have different goals, but different control definitions lead to numerous variations in the analysis of the conception of control. Thus, to create an effective control, the presence of its unified concept becomes a necessity and the basis for ensuring an effective control of the organization’s performance. The existence of different conceptions of control also indicates that there might be different types or kinds of control.2. The conception of internal controlHistorical development of internal control as individual enterprise system is not as broad as other management spheres in science directions. The definition of internal control was presented for the first time in 1949 by the American Institute of Certificated Accountants (AICPA). It defined internal control as a plan and other coordinated means and ways by the enterprise to keep safe its assets, check the covertness and reliability of data, to increase its effectiveness and to ensure the settled management politics. However, the presented definition of control concept has been constantly improved, and nowadays there is quite an extensive set of conceptions that indicates the system of internal control as one of the means of leadership to ensure safety of enterprise assets and its regular development. In 1992, the COSOmodelappeared; its analysis distinguished the concepts of risk and internal control. Nnow, the concept of internal control involved not only accounting mistakes and implementing means of their prevention, but also a modern attitude that might identify the spheres of control management and processes, and also a motivated development of their detailed analysis. The Worldwide known collapses of such companies as Enron, Worldcom, Ahold, Parmalat and others determined to issue in 2002 the Law of Sarbanes–Oxley in the USA, in which attention is focused on the effectiveness of the enterprise internal control system and its assessment. Such a significant law as that of Sarbanes–Oxley has dearly show that not only the internal control system must be concretized and clearly defined, but also the means of implementing the internal control system and assessing their effectiveness must be covered. The concept of internal control was further improved by such Lithuanian and foreign scientists as A.Сонин(2000), D. Robertson (1993), M.R. Simmons (1995), I. Toliatien? (2002), V. Lakis (2007), R. Biiulaitis (2001), J. Mackeviius (2001) and the international scientific organizations COSO, INTOSAI, CICA, IT Governance Institute.A comparative analysis of the introduced concepts of internal control shows that the usage of the concept of internal control is quite broad as it is supposed to involve the performance not only of the state, but also of the private sector. Although the conception of internal control is defined in different ways emphasizing its different aspects, the essential term still remains the same in all authors’ definitions: internal control is the inspection, observation, maintenance and regulation of the enterprise’s work (see Fig. 3.).It should be also be mentioned that the system of internal control may be defined in different ways every time. For example, R. T. Yeh and S. H. Yeh (2007) pay attention to the fact that usually such values as honesty, trust, respect, openness, skills, courage, economy, initiative, etc. are not pointed out, although they definitely can influence not only the understanding of the concept of internal control, but also its definition, because in different periods of time and in different situations it can obtain slightly different shades of meaning. Control and people, and values produced by people or their performance are tightly connected; consequently, internal control must be also oriented to the enterprise’s values, mission and vision; it does not matter how differently authors define the conception assessment limits: significant attention must be paid not to internal control itself, but to the identification of its functions andevaluation. Mostly internal control is concerned with authority management tools that help to control processes and achieve enterprise goals (COSO, 1992; Сонин, 2000; INTOSAI, 2004; CobiT, 2007; Toliatien?, 2002; Coco, 1995).C.J. Buck, J.B. Breuker (2008) declare internal control as a mistake detecting and correctingsystem; although J. Mackevi?ius (2001) and R. Bi?iulaitis (2001a) state that internal control is defined as a summation of certain rules, norms and means, actually such definitions are identical, but internal control must be related to safety, the rational use of property and the reliability of financial accounting.Results of a comprehensive analysis of internal control enable to state that, although different authors give different definitions of internal control, there are still some general purposes of the system of internal control, aimed, to ensure reliable and comprehensive information, to protect the property and documents, to enssure an effective economic performance, observation of accounting principles and presentation of reliable financial records, obeying laws and executive acts, enterprise rules and the effective control of risk. Analysis of concept of internal control, presented in both foreign and Lithuanian literature enables to formulate its generalized definition: the system of internal control is part of enterprise management system, which ensures the implementation of its goals, effective economic and commercial performance, observance of accounting principles and an effective control of risks, which enables to minimize the number of intentional and unintentional mistakes and to avoid frauds in the process of enterprise performance, made by its authority or employees.The internal control is an important symbol of modern enterprise management, through the practice of the conclusion is: to control is strong, weak, without control is controlled, disorderly. The new regulations "accounting law 27 units shall establish and perfect the system of supervision unit interior accountant. Unit interior accountant controls on the execution, the internal control is.The internal control is the formation of a series of measures to control functions, procedures, methods, and standardized and systematized, make it become a rigorous, relatively complete system. According to the control of the internal control can be divided into different purpose accounting control and management control. Accounting control and protection of assets is safe, the accounting information authenticity and integrity and financial activities related to the legitimacy of control, Management control means to ensure operation policy decision, implementation ofbusiness activities and promote the efficiency and effectiveness, and the effect of the relevant management to achieve the goals of control. Accounting control and management control and not mutually exclusive, incompatible, some control measures can be used for accounting control, and can also be used to control.The goal is to ensure that the internal control unit operations efficiency and effect, safety, economic information of assets and financial reports of reliability. Its main functions: one is to achieve target management policy and management, Second is the assets of safety protection unit is complete, prevent loss of assets, Three is to guarantee the business and financial accounting information authenticity and integrity. In addition, the legitimacy of the financial activities within the unit is the internal control goals.Good, although the internal control to achieve these goals, but whether the internal control design and operation, it is not how to eliminate its inherent limitations. This limitation must also be clear and prevention. Main show is: (1) the limited by cost benefit principle, (2) if the employee has different responsibility ignore control program, misjudgment, even the collusion, inside and outside, often cause in fraud internal control malfunction, (3) management personnel abuse, and to set up or Passover control of internal control ignored, also can make the establishment of internal control non-existing.The internal control system in a company must cover and help to properly organize and control the entire activity of the company; thus, according to majority of authors, internal control is all-inclusive activity in financial and management accounting, as well as in the strategic management of projects, operations, personneland the total quality management. However, the most important thing is that internal control should not only cover the entire activity of the company, but also take into account its objectives, goals and tasks in order to make its economic-commercial activity as effective as possible. Analysis of scientific literature in the field shows that it is important not only to predict the particular areas of internal control and interrelate them, but also to stress that the most important objective of internal control is the effective management of risk by identifying and eliminating errors and frauds inside the company. Therefore, the concept of internal control offered by the authors covers a company’s areas of activities, its tasks and objectives; also, it provides for the main goal – an effective risk management.Despite the quantitative indicators used for goal assessment, each enterprise and especially extractive industry enterprises where attention should be focused onavoiding mistakes and fraud should elaborate and introduce a really effective and optimal system of internal control and accounting so as to strengthen its position in the market and optimize profitability.ConclusionsThe analysis of control definitions has shown that rather wide variations of definitions and their interpretations prove control to be a wide concept, mainly due to the fact that control has quite many different aspects and its meaning in different situations may be also defined differently.Nevertheless, there are still some general aspects of the system of internal control, which include ensuring reliable and comprehensive information, protecting the property and documents, to ensure an effective economic performance, keeping to the principles of accounting and presenting reliable financial records, obeying laws and executive acts, enterprise rules and ensuring an effective control of risk.As a result of the study, the authors present an inclusive and generalizing definition of internal control: the system of internal control is part of the enterprise management system that ensures the implementation of the enterprise’s goals, its effect ive economic-commercial performance, observance of accounting principles and an effective control of work risks, which enables to minimize the number of intentional and unintentional mistakes, and to avoid frauds in the process of enterprise performance, made by its authority or employees.中文翻译：内部控制制度：理论研究拉基斯，卢卡斯维尔纽斯大学，立陶宛引言企业控制的基本工具之一，建立一个有效的内部控制制度，为现代经济条件下企业获得竞争优势提供了条件。

会计内部控制中英文对照外文翻译文献会计内部控制中英文对照外文翻译文献(文档含英文原文和中文翻译)内部控制系统披露—一种可替代的管理机制根据代理理论，各种治理机制减少了投资者和管理者之间的代理问题（Jensen and Meckling，1976； Gillan，2006）。

传统上，治理机制已经被认定为内部或外部的。

内部机制包括董事会及其作用、结构和组成（Fama，1980；Fama and Jensen，1983），管理股权(Jensen and Meckling，1976)和激励措施，起监督作用的大股东(Demsetz and Lehn，1985)，内部控制系统(Bushman and Smith，2001)，规章制度和章程条款(反收购措施)和使用的债务融资（杰森，1993）。

外部控制是由公司控制权市场(Grossman and Hart,1980)、劳动力管理市场（Fama,1980）和产品市场（哈特,1983）施加的控制。

各种各样的金融丑闻，动摇了世界各地的投资者，公司治理最佳实践方式特别强调了内部控制系统在公司治理中起到的重要作用。

内部控制有助于通过提供保证可靠性的财务报告，和临时议会对可能会损害公司经营目标的事项进行评估和风险管理来保护投资者的利益。

这些功能已被的广泛普及内部控制系统架构设计的广泛认可，并指出了内部控制是用以促进效率，减少资产损失风险，帮助保证财务报告的可靠性和对法律法规的遵从（COSO,1992）。

尽管有其相关性，但投资者不能直接观察，因此也无法得到内部控制系统设计和发挥功能的信息，因为它们都是组织内的内在机制、活动和过程（Deumes and Knechel,2008）。

由于投资者考虑到成本维持监控管理其声称的（Jensen and Meckling，1976）,内部控制系统在管理激励信息沟通上的特性，以告知投资者内部控制系统的有效性,是当其他监控机制（该公司的股权结构和董事会）比较薄弱，从而为其提供便捷的监控（Leftwich et等,1981）。

内部控制【外文翻译】外文文献翻译译文一、外文原文原文：Internal controlIntroductionThe system of internal control over financial reporting in Japan under the Financial Instruments and Exchange Act (FIEA) was implemented as of the fiscal year starting on April 1 2008.Under this system, executive officers of listed companies are obligated to evaluate their company's internal control over financial reporting and to file the results of such evaluation in the form of an internal audit report with the Financial Services Agency (FSA). In this report, executive officers should state material weakness if they judge any material weakness exists in the company's internal control over financial reporting. The report should also be audited by outside accounting auditors before being filed with the FSA. Since most Japanese companies have a fiscal year that ends in March, June 2009 will be the first time most companies file such a report.When the internal control system was introduced, it made reference to the Sarbanes-Oxley Act of the US. Under the Japanese system, clear standards were set regarding the set-up of internal controls over financial reporting in an effort to prevent the creation of excessive documentation and to control costs, two issues which had occurred in the US. However, even with such standards, some uncertainty exists. In particular, uncertainty arises regarding the connection between this system under the FIEA and the rules of the Companies Act.Failure to submit the internal audit report or submission of false statements can lead to liabilities and criminal penalties under the Financial Instruments and Exchange Act (FIEA). However, if there is a material weakness in the company's internal controls over financial reporting and executive officers disclose such material weakness in theinternal audit report, no sanctions will be imposed under the Financial Instruments and Exchange Act, nor will it directly lead to the director's liabilities under the Companies Act. Rather, disclosure of such material weakness is thought to be desirable, because by disclosing such material weakness, a company can improve the quality of its internal control over financial reporting, which will enable the company to submit more accurate financial reports in the future.Internal control is a process-effected by an entity's board of directors, management, and other personnel--designed to provide reasonable assurance regarding the achievement of objectives in the following categories: reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. Internal control consists of the following five interrelated components.1、Control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure.2、Risk assessment is the entity's identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed.3、Control activities are the policies and procedures that help ensure that management directives are carried out.4、Information and communication are the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities.5、Monitoring is a process that assesses the quality of internal control performance over time.The interlaced audit issue is as follows: under the internal control system of the Companies Act, company auditors must audit the method and the results of the accounting audit conducted by outside accounting auditors. On the other hand, the internal control system of the FIEA requires the outside accounting auditors to auditthe company auditors' monitoring of internal financial controls. Therefore, company auditors that audit outside accounting auditors under the Companies Act are audited by the same outside accounting auditors under the FIEA. This interlaced audit however is expected to make each audit more effective because the company auditor and the outside accounting auditor will each monitor the audit of the other.The time lag issue is expected to arise due to the timing of the submissions of the various audit reports required under the FIEA and the Companies Act. Company auditors will need to prepare and submit audit reports regarding the execution of duties by directors for the fiscal year as required by the Companies Act. However, it is expected that these audit reports will be submitted before the internal audit report required under the FIEA is submitted and audited by the outside accounting auditors. Thus, if the internal audit report points out a material weakness that was not referred to in the audit reports prepared by the company auditor, the company auditor will be placed in a difficult position and will need to decide whether to amend andmake changes to the audit reports as such audit reports should also disclose such weaknesses. However, if the directors, the company auditors, and the accounting auditors are cooperating properly, this issue would not arise.It is expected that the system of internal control over financial reporting will prompt companies to build better control systems through cooperation between the directors, company auditors and outside accounting auditors.Connection between the two internal control systemsOn the internal financial controls and internal accounting control the similarities and differences.A difference between monitoring and control objectives.Reason for the difference between the two, simply because of financial supervision and control of the target company's material flow and cash flow, and accounting internal control object is the information flow. Understanding of Marx's words, “the production and the production of bookkeeping records are two different things after all, just to ship the same loading and shipping order are two differentthings.” Corporate material production process is based on the currency as the leading material movement, production and operation of the currency as the beginning and the end result, is achieving its goal of expanding the value of value. And accounting control is passed that have occurred in the material flow, capital flow formed by the flow of information to be the recognition, measurement, reporting. The former to productivity gains, the latter objective, the real target. However, operation of the accounting value of enterprise assets, after all, subordinate to the overall objective, we should also ask for the overall objective of internal control should also be an asset value of its end. Whyis this request? This is because the production activities of financial decisions and accounting need to subordinate corporate financial activities, accounting control objectives are to be subject to financial control target.Internal accounting control system is now setting goals, still remain in traditional accounting supervision and legal, reasonable levels, while ignoring the principles of economic efficiency, not subordinated to the overall goal of corporate finance. We know that even if the security integrity of corporate assets and personnel compliance. However, poor economic efficiency of enterprises can not continue to exist, then such an accounting internal control system, despite the integrity of the specification how beneficial for them? Accounting supervision, internal accounting controls, is the business management of the important part, if not for the continued survival and development of enterprises play a useful role, it is indeed sad . Although the internal financial control and internal accounting control objectives differ, but the overall goal should always be consistent. Accounting control objectives should always be subject to financial supervision and corporate goals. Accounting internal controls for business expenses from their own legitimacy and rationality to make judgments, give expenditure or expenditure not to start. This is the person in charge of the accounting organization's powers. The specific operation is completed by the cashier. Economic business is completed, signed by the person in charge, after verification of the accounting charge, the decision to grant or not to grant reimbursement claims. Practices through review of the original certificate and found areas of doubt or vulnerability. In acheck, be controlled when reimbursement. Another majoraccounting internal control task is to ensure that the accounting information provided by an objective, true, complete and timely.Financial internal control is based on the financial accounts of enterprises as the main target of supervision, to consider the legality of the decision-making costs, reasonable, and consistent with the principles of economic interests. The right balance of enterprises in the enterprise legal person units, in determining the expenditure, the accounting bodies and accounting personnel to provide business only the amount of funds available for expenditure obligations, and no decision-making rights. Usually the meeting was the participation by the general accountant, accounting bodies and accounting personnel did not participate in conference events. Therefore, the financial supervision to monitor the main orientation is very necessary. Financial supervision should be in advance of supervision as well, so that you can not burn in prevention. Matter of course, need supervision in order to promptly correct the error.From a doctrinal perspective the Catholic Church is highly centralized under the authority of the pope and his bishops. However, from an administrative perspective the church is quite decentralized with each diocese and each parish within the diocese having a fair amount of autonomy. Dioceses have virtually no external or regulatory oversight of their financial statements. Unlike corporations which provide quarterly financial statements to the SEC and hold quarterly conference calls with outside analysts, the church is subject to almost no recurring outside financial scrutiny. Many dioceses voluntarily post their audited annual financial statements on their website at the conclusion of the year-end audit. Additionally, many dioceses provide parishioners with an annual financial and administrativenewsletter which provides a highly summarized view of the cash flows for the year and the results of social and spiritual programs offered by the diocese. But many other dioceses do neither. Since they are not required by law to be transparent and accountable in their finances, they choose to keep their finances private.Corporate Financial Controls。

文献出处：Gramling A, Maletta M. Corporate Internal Governance and Role of Internal Audit [J]. Journal of Accounting Literature, 2014, 23(1): 194-244.（声明：本译文归百度文库所有，完整译文请到百度文库。

）原文Corporate Internal Governance and Role of Internal AuditGramling A, Maletta M.AbstractIn the recent years, a series of events of corporate governance failure have caused the rethought on corporate governance .In many countries, laws, governments and associations start to focus on the internal governance of corporate, corporate governance shows a trend of internalization. But, it still doesn't form the common sense about the core of the internal governance of corporate and the role of internal audit in the internal governance. This article argues that the core of the internal governance of corporate is risk management and internal control; internal audit plays an active role of supervisor and enabler in internal corporate governance framework by its independence and competence.Keywords: Internal governance；Risk management；Internal control；Internal audit 1 IntroductionWorldwide in recent years a large number of organizations failures occur (such as accounting fraud, bankruptcy, etc.), from the United States of Enron, Enron, WorldCom (WorldCom) to domestic silver metal, ST events such as the dawn, the quality of corporate governance has been questioned, changes in the environment is put forward to strengthen the corporate governance requirements. This kind of failure, especially the accounting fraud, prove that the company's internal governance, such as the board's lack of independence, the poor quality of the audit committee and internal audit function absence) can lead to problems (Abbott, 2000; Beasley, 2000).Legal environment increased the responsibilities of the directors and senior management of listed companies, Securities Class Action according to Stanford law school institute (Stanford Law School Securities Class Action Clearinghouse) studies have shown that the number of Securities Class Action increased significantly, especially in the 2001years later, this change reflects the company directors face greater legal risks. Promulgated in 2002, the United States of SOX act: chief executive and chief financial officer of financial report must be submitted to the SEC's legitimacy and to ensure fair expression, in violation of regulations will be fined or sentenced to prison. Many groups also made an urgent appeal for improved corporate governance, Tread way commission of sponsors, namely in 1992, the COSO committee released the report related to corporate governance, Internal Control overall Framework (Internal Control - Integrated Framework), in 2004, and put forward related to corporate governance report - the Risk Management Framework (Enterprise Risk Management - Integrated Framework), intended to develop applicable Risk Management Framework for the Management and directors.The changes in the environment is put forward to strengthen the corporate governance requirements, in order to make more reasonable and effective corporate governance, the focus of corporate governance have started to change from country to country, and presents a trend of the internalization of corporate governance, and the trend of the internalization of present a mandatory change, all countries through the form of laws and regulations on driving the rapid development of the company's internal governance. The core of company governance is risk management and internal control, each subject both for-profit and nonprofit; purpose is to provide value for its stakeholders. All subjects faced with uncertainty, the uncertainty hidden damage to the value or increase, both risks is represented at the chance. Enterprise risk management and internal control the management authorities to effectively deal with uncertainty and associated risk and opportunity, thus improve the body's ability to create value.Corporate internal governance efficiency needs to be within the company set up a complete organizational structure, internal management in the internal governance structure of the board of directors and the professional committee, is the company's internal governance policy makers and consignor, management is the executor of the internal corporate governance and the consignee, internal audit organization and internal auditors because of its special properties on the organization (independence)and personnel's professional competence, determines the internal audit in the internal governance of listed companies plays an important "monitor" and "promote" leading role. The risk of internal audit through direct monitoring and confirm to other internal and external governance and internal control related subject conveying information about risk management and internal control, in the company's internal governance plays an irreplaceable role in promoting the guide.2 The new trend of corporate governance: the trend of internalizationCorporate governance includes internal governance and external governance. External governance elements including product market, manager market, and capital market, financial market and control the market. Internal governance includes the shareholders meeting, board of directors and the professional committee and board of supervisors, management, etc., in practice due to the country's political, economic and cultural development trajectory, the corporate governance mode is not exactly the same, the us and the UK model is given priority to with external corporate governance mechanism, weak internal governance; German and Japanese mode is given priority to with internal corporate governance mechanism, external governance is weak. Lin think external governance mechanism to standardize the operation of the company plays a more important role, compared with the market competition mechanism, the company's internal governance structure is the external governance mechanism on the basis of the derived system arrangement, plays a supplement of external governance and protect the interests of the related interest subjects. Worldwide in recent years a large number of corporate governance failure cases, such as Enron, Enron, World com (World com) and so on, also resulted in the changes of the trend of corporate governance, corporate governance presents the trend of internalization, countries all over the world paid attention to the construction of the company's internal governance mechanism, the SOX act in 2002 is undoubtedly further promoted the process of the internalization of corporate governance.2.1 Audit committee system further attention and deepenBefore the Enron, the audit committee system has gained the attention of the countries in the west. In 1992 famous British Cadbury report; Canada MACDONALD,a report released in 1988; Australian company practice and operation working group published in 1990, according to a report in every company should set up the audit committee; in 1992 the board of directors of the New Zealand practice draft guidelines also suggest to set up the audit committee. After Enron event, the United States in 2002 issued the SOX act with particular emphasis on the role of the audit committee in corporate governance, on the composition of the audit committee, independence, accountability, economic source are made clear rules, the law regulation: did not establish internal audit of the company, must set up internal audit committee, and there is no "real" relationship with company's independent directors, from the legal safeguard the implementation of the audit committee in corporate governance role. Independent audit committees established is under the board, and the independence of the audit committee, authority and financial expertise to emphasize. Require commercial Banks to set up the audit committee, the audit committee is head of the independent directors, and the duties of the audit committee to the rules. To set up an independent director of the audit committee, remuneration and appraisal committee and give full play to its role. Each country to the attention of the audit committee and the deepening of the audit committee responsibilities and authorities, reflect the supervision department of the audit committee in improve the quality of financial reporting and ensure that the CPA independence and prevent the failure of corporate governance in corporate governance activities, such as legal action to evadea good forecast.2.2 The independent director system to speed up the pace of globalizationAlthough the independent director system originated in the United States, but since the 1980 s the independent director system to the global expansion and transplantation, a process which peaked in the late 90 s and the beginning of this century. The British in 1991, 1995 and 1998, respectively, Cadbury report, Granbury report and the joint principles: principles of good corporate governance and best code of conduct "published in 1999, France the Vienna report, Canada in the report, released in 1994 and 1997.After Enron, in 2002, the New York stock exchange and NASDQ Suggestions to consummate the two exchanges and reform scheme ofindependent director system, request to increase the number of independent directors, independent directors in the board of directors of the listed company must be majority; And strengthen the requirement of "independence", and requires independent directors to the listed company and shareholders or managers of listed companies related organization relationship in no major, requires public companies to set up all the governance committee composed of independent directors, the compensation committee and audit committee, etc. In 2002, congress passed the SOX act on reform of the accounting and corporate governance, regulations, the securities and exchange commission has sacked for corporate directors, can temporarily or permanently banned problem into the listed company directors, audit committee composed of independent directors and all upgraded to statutory bodies, the audit committee is not controlled by shareholders or management. From various countries in the world can be seen in the development of the independent director system, increasing the proportion of independent directors of board of directors, independent director function area expands unceasingly, in the audit, remuneration and nomination or governance committee are gradually increased the independence requirements, and give more authority, and responsibility. Independent director is gradually to a formal assessment of CEO and board of directors, dominated by independent director evaluation procedure and conclusion. Improved significantly with legal status of independent directors, independent director’s responsibility deepening embodied the important position of the independent director system in corporate governance.3 The core of the company's internal governance: risk management and internal controlPresents the trend of the internalization of corporate governance is the indisputable fact that, but what is the core of the internal corporate governance and no consensus .It is thought that the main purpose of the corporate governance is to protect the interests of investors, ensure that can get enough return, so as to arouse the enthusiasm of its investment. This view more popular in British and American countries. Company also has the view that, in addition to the investors and other stakeholders, including employees, customers, suppliers and communities, where ourcompany is located is the purpose of corporate governance in the process of company's business goal, should seek a balance between the interests in the company or the coordination. This view is popular in the European continent; And view, the core of corporate governance is to deal with the relationship between the enterprise owners and professional managers.On the basis of deepening the reform of property right system perfect incentive constraint mechanism for managers, in order to achieve effective incentive and restraint managers' behavior; also has a view also have thought, the board of directors is the core of corporate governance, the board of directors in corporate governance structure, like in the role of principal-agent. For the shareholders meeting, board of directors is the company's major decision agents, but for senior management, board of directors and the implementation plan of the principal major policy decisions. This hub of principal-agent relationship roles, the board of directors decides the issue of the board of directors is the kernel of corporate governance.Before two views will be to achieve the purpose of corporate governance as the core of corporate governance;The third kind of view will be the object of corporate governance as the core of corporate governance; The last view will be corporate governance as the control core of a subject. These views do not reveal the true core of the company's internal governance, international federation of accountants (IFAC) business committee council (PAIB) and the chartered institute of management accountants (CIMA), puts forward the corporate governance (Enterprise governance) and management (Easiness governance) the corporate governance structure of the new combination. Left part of the show the main body and core of the company internal governance, including the chairman and CEO/CFO, independent directors, audit committee, remuneration committee, and internal audit is internal governance body, and the risk management and internal control is the core of internal governance. The traditional corporate governance focuses on the relationship of each part in the governance structure and governance of checks and balances and target, but did not reveal the key of the corporate governance, risk management and control. In fact, each subject, both for-profit and nonprofit, or government agencies, its purpose is to provide value forshareholdersAll subjects faced with uncertainty, the uncertainty hidden damage to the value or increase, both risks is represented at the chance. Enterprise risk management and internal control the management authorities to effectively deal with uncertainty and associated risk and opportunity, thus improve the body's ability to create value. At the same time, risk management and internal control in a joint as a Corporate governance (Corporate governance) core at the same time, and through the strategic risk management and internal control on the strategic process for effective supervision Over - sight to reach the company's management (Business governance), effective use of resources, create value. In the new concept of corporate governance, risk management and internal control is the management performance of entrusted economic responsibility and the effective use of resources to create value, risk management and internal control have become the key and core problems of corporate governance.译文公司内部治理与内部审计作者：格拉姆林；玛勒塔摘要近年来一系列公司治理失败案件引发了人们对公司治理的重新审视，社会团体都呼吁增强公司内部治理, 公司治理呈现出内部化的趋势。

企业内部控制外文文献及翻译企业内部控制外文文献及翻译此外，管理者的以身作则是非常重要的。

很多时候，经理人似乎认为，内部控制仅仅是对他们的部属,那就是经理人采取措施对那些向他们汇报的下属实施控制。

当然，这种做法可能的结果就是员工会把内部控制视为一种规避（证明其级别和重要性的组织），而不是视作一种避免。

一个特别重要的例子，该原则只是针对违反相关政策和程序的控制讨论关于管理的问题。

管理人员为了避免发生冲突，并没有对某些措施采取有效的纪律处分，即使某些情况是涉及欺诈的。

无可避免的是，这样的做法对其他人发出了一个明确且危险的讯息：内部控制和管理并不是很严格。

当然，一个积极的审计委员会和有效的内部审计部门，都是宏观控制环境中重要的积极因素。

风险评估。

在管理者实现其目标（即风险）的过程当中，挑战是永远存在的。

此外，昨天的风险和今天的、明天的风险不一定相同。

因此，风险评估是不可能凭“一次性”的努力就可以完成，而必须是定期的、持续进行的过程。

同样，为了使他们能够避免或减轻风险，风险必须是可预期的。

打个比方，在铁道路口设置路灯可避免一个重大事故的发生,同样，如果此前的入口或交通情况发生变化，路灯在铁道路口设置就显得越来越有必要。

那么，经理人需怎样才能设法找出以前未知的风险呢？首先，管理应把注意力集中在改变上，因为所有的变化都会涉及一定程度的风险。

可以带来高风险的变化包括以下：1、经营环境的改变（例如，改变企业内部的规章制度）；2、人事变动（特别是敏感职位的变动）；3、信息系统和技术的改变（例如，如果过程已被重新设计，控制程度是否仍然足够？）4、快速增长（例如，为应付需求增加而施加的压力）；5、新的项目和服务（例如，缺乏经验）；6、结构变化（例如，取消原项目的实施）。

经理也应考虑目前的固定风险，并处理高风险的情况。

一般的内存高风险包括以下：1、复杂度（越复杂越容易出错）；2、现金收入；3、直接第三方受益人（现金支付帮助个人）；4、以前遇到的问题（过去存在问题的项目很可能会继续遇到相同的问题）；5、事先确定的控制弱点（查明的问题在过去没有得到纠正的情形）。

外文文献及原稿原稿IntroductionInt ernal a ud it ef fe ctive n e s s, t h e ext e nt t o whic h an inte r nal a udit offic e me e ts i ts ra ison d'êt re, i s a r guably a result o f the i n t e rpla y a mong four fa c tors: in t erna l audi tq uali t y; management support; or gani z at i onal sett i ng; and attributes of the audi t or.An i nt ern al audit func t ion's capabil i ty to provi de us eful a udi t findi ngs and re commendations w oul d help ra isemanagement'sintere s ti n it s re c omm e ndation s.T he m a na gementsupportw i thresourcesandc om mi t me nt to i mplement t heinternal a udi t reco m me nd ationsi s essenti a l in attainingaudit e ffec t ive ne s s.A l s o,the o rganizati o nals et ting i n w hi c h i ntern a laudit ope rat e s,i.e.t he or ga nizatio na ls t at us ofth eof fi ce,i t si nt erna lor ganizatio n andthepoli c ie s andpr oc edure s applyi ng t o eachaudi t o r, sho ul d enable smooth audi t s t ha t l ea d to reaching us e f ul a udi tfindings.Furth e r,thecapab i li t y,at t itudesandl e velofcoopera t ionoftheaudi t or i mpacton t heeffec t ive ne ss ofaud i ts.T herefore, internal audit ef fe ct i veness s houl d be vie w e d as a dynamicprocessthat is c ontinuously s ha ped by t h e interac t ions among t he fo ur factors me ntionedabove.Thi s s t udy e xami n ed,u singcasestudyan a lysis,t heint e rnala udi ts e rvic eof ala rgepublicsectororganization.Thepaperisstructuredasfollows.Thenextsectionpresents a review of the related literature; introduces a model for analyzingauditeffectiveness; and provides the research question. The third section presentstheresearch methodology; fourth section provides empirical analysis based on acasestudy; and fifth section presents a summary of the findings. The paperthensummarizes the conclusions, noting limitations of the study and suggesting avenuesfor futureresearch. InternalauditeffectivenessThe Instituteof Internal Auditors (IIA, 1999a) defined internal auditing as:an independent, objective assurance and consulting activity designed to add valueandimprove an organization's operations. It helps an organization accomplish itsobjectives by bringing a systematic, disciplined approach to evaluate and improvetheeffectiveness of risk management, control, and governanceprocesses.This definition signifies that internal audit has undergone a paradigmshift froman emphasis on accountability about the past to improving future outcomes tohelpauditors operate more effectively and efficiently (Nagy and Canker, 2002; Stern,1994;Goodwin, 2004). Since, the definition equally serves both the private and thepublicsectors (Goodwin, 2004), it is used in this study as a basis to analyze publicsectorinternal auditeffectiveness.Internal audit is effective if it meets the intended outcome it is supposed tobringabout.Sawyer(1995)states,“…internalauditor'sjobisnotdoneuntildefectsarecorrecte d and remain corrected.”Van Hansberger (2005) explains that internalauditeffectiveness in the public sector should be evaluated by the extent to whichitcontributes to the demonstration of effective and efficient service delivery, asthisdrives the demand for improved internal audit services. Based on the results ofaconsultative forum that focused on improving public sector internal audit [1],VanHansberger (2005) identified perceptionsandownership; organizationandgovernance framework; legislation; improved professionalism; conceptualframework;and also resources as factors influencing internal audit effectiveness.Effectiveinternal audit undertakes an independent evaluation of financial andoperatinginformation and of systems and procedures, to provide useful recommendationsfor improvements asnecessary.The effectiveness of internal audit greatly contributes to the effectiveness ofeachauditor in particular andthe organization at large (Dittenhofer, 2001).Dittenhofer(2001) has also observed that if internal audit quality is maintained, it will contributeto the appropriateness of procedures and operations of the auditor, and therebyinternal audit contributes to effectiveness of the auditor and the organization asawhole. Using agency theory, Dingdong (1997) explained the role that internalauditplays in an economy and points out that internal audit has an advantage over externalauditin obtaining information quickly and finding problems at an earlier stage; and Sparkman (1997), applying the theory of transaction cost economics, demonstratedhow internal audit recommendations are important to the management ofgovernmentorganizations.Priorliteraturerelatingtointernalauditeffectivenesshaseitherfocusedontheinternal audit's ability to plan, execute and objectively communicate usefulfindings(Dingdong, 1997 Sparkman, 1997;Dittenhofer, 2001); or taken a broader viewandincluded factors that transcend the boundary of a single organization (VanHansberger,2005). This paper attempts to introduce a new perspective for evaluation of internalaudit effectiveness by identifying factors within an organization that impact onauditeffectiveness. A model, which assumes that there is a common interest to achieveorganizational goals for auditor management, top management and internal audit,isused for analysis of this case study. Since, audit effectiveness fosters theachievementof a common goal; there would be a natural incentive in an organization to improveit.The model considers four potential factors –internal audit quality,managementsupport, organizational setting, and auditor attributes to explain audit effectiveness,and shows how the interaction of these factors improves audit effectiveness.Internal audit quality, which is determined by the internal audit department'scapability to provide useful findings and recommendations, is central toauditeffectiveness. Internal audit has to prove that it is of value to the organization and earna reputation in the organization (Sawyer, 1995). Internal audit has to evaluateitsperformance and continually improve its service .audit quality is a function ofthelevelofstaffexpertise,thescopeofservicesprovidedandtheextenttowhichaudits areprope rlyplanned,executedandcommunicated.Audit findings and recommendations would not serve much purposeunlessmanagement is committed to implement them. Adams (1994) used agency theorytoexplain that it is in the interest of management to maintain a strong internalauditdepartment. Implementation of audit recommendations is highly relevant toauditeffectiveness (Van Hansberger, 2005) and the management of an organization isviewed as the customer receiving internal audit services. As a result,management'scommitment to useaudit recommendations and its support in strengthening internalauditis vital to audit effectiveness (Sawyer,1995).Organizational setting refers to the organizational profile, internal organizationand budgetary status of the internal audit office; and also the organizationalpoliciesand procedures that guide operation of auditors. It provides the context inwhichinternal audit operates. Thus, organizational setting can exert influence on the levelofeffectiveness that internal audit could achieve. The auditor attributes relate tothecapability of the auditor to meet its intended objectives. Auditor attributeswithimplications on audit effectiveness include the auditors' proficiency to efficientlyandeffectively meet organizational sub-goals; their attitude towards internal audit; andthelevel of cooperation provided to the auditor .Since, the four factors discussed aboveare intricately linked, audit effectiveness is a dynamic process that results fromtheeffect of each factor and the interplay among all. audit quality andmanagementsupport strongly affects audit effectiveness. Better audit effectiveness, in turn, hasapositivebearingonthesetwofactors.Ifinternalaudit enhancesqualitytotheextent itelicits management's interest, management support would be a natural quid proquobecause the management would realize the contribution of internal audit totheachievement of organizational goals. This would positively reflecton auditqualityand enhance audit effectiveness. The management's commitment to implementauditrecommendations improves the operation of the auditor, as a result of whichtheauditor attributes would improve to the benefit of audit effectiveness.Further,management retains the authority to improve the organizational setting andinfluencethe auditor towards a positive effect on audit effectiveness, whichin turn,benefitsauditquality.ConcludingcommentsThis study investigated the internal audit service of a large public sectorhighereducational institution, to identify factors influencing internal audit effectiveness,using a model developed for the analysis. The model consisted of fourinterrelatedfactors: internal audit quality; management support; the organizational setting;andattributes of theauditors.The findings of the study reveal that the internal audit office of theorganizationstudied needs to enhance the technical proficiency of the internal audit staffandminimizestaff turnover so as to foster audit effectiveness. The organizational statusand internal organization of the internal audit office are fairly rated, butinternalaudit'slackofauthorityonbudgetsreducesitscontrolofresourceacquisitionandutil ization.The scope of internal audit services is limited to regular activities. Extendingthescopeofservicesbywideningtherangeofsystemsandactivitiesaudited,withappropr iateriskanalysis,wouldimprove auditeffectiveness. Management'scommitment in providing greater attention to internalaudit recommendations andstaffingtheofficewithwell-qualifiedemployeesdeservesattentioninthisstudy.Theinternalauditors,undertheimpressionthat theirreportsarenotsufficientlyutilizedbythe management, may not be encouraged to exert the maximum possible effort in their engagements. In addition, the lack of attention by management may send awrongsignal about the importance of internal audit services to the audited, which in turnadversely affects the auditedattributes.The study has shown that internal audit of the organization studiedneedsimprovement in the areas of audit planning, documentation of audit work,auditcommunications and follow-up of recommendations. Audit effectiveness couldbeenhanced by ensuring consistency in documenting audit work to enableimprovedreview of audit work; proper follow-up of the status of audit findingsandrecommendations; increased distribution of audit reports; and further improvementinthe quality ofreporting.The limitation of this study is readily apparent. As in all case studies,thegeneralisabilityof the findings and the conclusions drawn is limited, althoughthestudy does provide evidence of the problems internal auditors face in providinganeffective service to management. Further, research could be welcome tofullyunderstand the level of internal audit effectiveness in the Ethiopian public sectorvis-à-vis its private sector, with a view to highlighting differences, if any,andconclusively defining the variables affecting internal audit effectiveness inEthiopia.译文简介内部审计的有效性，在何种程度上满足了内部审计处其存在的理由，可以说是一个四因素之间的相互作用的结果：内部审计质量，管理支持，组织设臵，以及受审核方属性。

A Clear Look at Internal Controls: Theory and ConceptsHammed Arad (Philae)Department of accounting, Islamic Azad University, Hamadan, IranBarak Jamshedy-NavidFaculty Member of Islamic Azad University, Kerman-shah, IranAbstract: internal control is an accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error. Internal Control is a major part of managing an organization. It comprises the plans, methods, and procedures used to meet missions, goals, and objectives and, in doing so, support performance-based management. Internal Control which is equal with management control helps managers achieve desired results through effective stewardship of resources. Internal controls should reduce the risks associated with undetected errors or irregularities, but designing and establishing effective internal controls is not a simple task and cannot be accomplished through a short set of quick fixes. In this paper the concepts of internal controls and different aspects of internal controls are discussed. Keywords: Internal Control, management controls, Control Environment, Control Activities, Monitoring1. IntroductionThe necessity of control in new variable business environment is not latent for any person and management as a response factor for stockholders and another should implement a great control over his/her organization. Control is the activity of managing or exerting control over something. he emergence and development of systematic thoughts in recent decade required a new attention to business resource and control over this wealth. One of the hot topic a bout controls over business resource is analyzing the cost-benefit of each control.Internal Controls serve as the first line of defense in safeguarding assets and preventing and detecting errors and fraud. We can say Internal control is a whole system of controls financial and otherwise, established by the management for the smooth running of business; it includes internal cheek, internal audit and other forms of controls.COSO describe Internal Control as follow. Internal controls are the methods employed to help ensure the achievement of an objective. In accounting and organizational theory, Internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks). At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations. At the specific transaction level, internal control refers to the actions taken to achieve a specific objective (e.g., how to ensure the organization's payments to third parties are for valid services rendered.) Internal controlprocedures reduce process variation, leading to more predictable outcomes. Internal controls within business entities are called also business controls. They are tools used by manager's everyday.discourage theft, and reviewing your monthly statement of account to verify transactions are common internal controls employed to achieve specific objectives.All managers use internal controls to help assure that their units operate according to plan, and the methods they use--policies, procedures, organizational design, and physical barriers-constitute. Internal control is a combination of the following：1. Financial controls, and2. Other controlsAccording to the institute of chartered accountants of India internal control is the plan of organization and all the methods and procedures adopted by the management of an entity to assist in achieving management objective of ensuring as far as possible the orderly and efficient conduct of its business including adherence to management policies, the safe guarding of assets prevention and detection of frauds and error the accuracy and completeness of the accounting records and timely preparation of reliable financial information, the system of internal control extends beyond those matters which relate to the function of accounting system. In other words internal control system of controls lay down by the management for the smooth running of the business for the accomplishment of its objects. These controls can be divided in two parts i.e. financial control and other controls.Financial controls:- Controls for recording accounting transactions properly.- Controls for proper safe guarding company assets like cash stock bank debtor etc- Early detection and prevention of errors and frauds.- Properly and timely preparation of financial records I e balance sheet and profit and loss account.- To maximize profit and minimize cost.Other controls: Other controls include the following:Quality controls.Control over raw materials.Control over finished products.Marketing control, etc6. Parties responsible for and affected by internal controlWhile all of an organization's people are an integral part of internal control, certain parties merit special mention. These include management, the board of directors (including the audit commit tee), internal auditors, and external auditors.The primary responsibility for the development and maintenance of internal control rests with an organization's management. With increased significance placed on the control environment, the focus of internal control has changed from policies and procedures to an overriding philosophy and operating style within the organization. Emphasis on these intangible aspects highlights the importance of top management's involvement in the internal control system. If internal control is not a priority for management, then it will not be one for people within the organization either.As an indication of management's responsibility, top management at a publicly owned organization will include in the organization's annual financial report to the shareholders a statement indicating that management has established a system of internal control that management believes is effective. The statement may also provide specific details about the organization's internal control system.Internal control must be evaluated in order to provide management with some assurance regarding its effectiveness. Internal control evaluation involves everything management does to control the organization in the effort to achieve its objectives. Internal control would be judged as effective if its components are present and function effectively for operations, financial reporting, and compliance. he boards of directors and its audit committee have responsibility for making sure the internal control system within the organization is adequate. This responsibility includes determining the extent to which internal controls are evaluated. Two parties involved in the evaluation of internal control are the organization's internal auditors and their external auditors.Internal auditors' responsibilities typically include ensuring the adequacy of the system of internal control, the reliability of data, and the efficient use of the organization's resources. Internal auditors identify control problems and develop solutions for improving and strengthening internal controls. Internal auditors are concerned with the entire range of an organization's internal controls, including operational, financial, and compliance controls.Internal control will also be evaluated by the external auditors. External auditors assess the effectiveness of internal control within an organization to plan the financial statement audit. In contrast to internal auditors, external auditors focus primarily on controls that affect financial reporting. External auditors have a responsibility to report internal control weaknesses (as well as reportable conditions about internal control) to the audit committee of the board of directors.8. Limitations of an Entity's Internal ControlInternal control, no matter how well designed and operated, can provide only reasonable assurance of achieving an entity's control objectives. The likelihood of achievement is affected by limitations inherent to internal control. These include the realities that human judgment in decision-making can be faulty and that breakdowns in internal control can occur because of human failures such as simple errors or mistakes. For example, errors may occur in designing,Maintaining, or monitoring automated controls. If an entity’s IT personnel do not completely understand how an order entry system processes sales transactions, they may erroneously design changes to the system to process sales for a new line of products. On the other hand, such changes may be correctly designed but misunderstood by individuals who translate the design into program code. Errors also may occur in the use of information produced by IT. For example, automated controls may be designed to report transactions over a specified dollar limit for management review, but individuals responsible for conducting the review may not understand the purpose of such reports and, accordingly, may fail to review them or investigate unusual items.Additionally, controls, whether manual or automated, can be circumvented by the collusion of two or more people or inappropriate management override of internal control. For example, management may enter into side agreements with customers that alter the terms and conditions of the entity’s standard sales contract in ways that would preclude revenuerecognition. Also, edit routines in a software program that are designed to identify and report transactions that exceed specified credit limits may be overridden or disabled.Internal control is influenced by the quantitative and qualitative estimates and judgments made by management in evaluating the cost-benefit relationship of an entity’s internal control. The cost of an entity's internal control should not exceed the benefits that are expected to be derived. Although the cost-benefit relationship is a primary criterion that should be considered in designing internal control, the precise measurement of costs and benefits usually is not possible.Custom, culture, and the corporate governance system may inhibit fraud, but they are not absolute deterrents. An effective control environment, too, may help reduce the risk of fraud. For example, an effective board of directors, audit committee, and internal audit function may constrain improper conduct by management. Alternatively, the control environment may reduce the effectiveness of other components. For example, when the nature of management incentives increases the risk of material misstatement of financial statements, the effectiveness of control activities may be reduced.9. Balancing Risk and ControlRisk is the probability that an event or action will adversely affect the organization. The primary categories of risk are errors, omissions, delay and fraud In order to achieve goals and objectives, management needs to effectively balance risks and controls. Therefore, control procedures need to be developed so that they decrease risk to a level where management can accept the exposure to that risk. By performing this balancing act "reasonable assurance” can be attained. As it relates to financial and compliance goals, being out of balance can causebe proactive, value-added, and cost-effective and address exposure to risk.11. ConclusionThe concept of internal control and its aspects in any organization is so important, therefore understanding the components and standards of internal controls should be attend by management. Internal Control is a major part of managing an organization. Internal control is an accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error. According to custom definition, Internal Control is a process affected by an entity's board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories namely. The major factors of internal control are Control environment, Risk assessment, Control activities, Information and communication, Monitoring. This article reviews the main standards and principles of internal control and described the relevant concepts of internal control for all type of company.内部控制透视：理论与概念哈米德阿拉德（Philae）会计系，伊斯兰阿扎德大学，哈马丹，伊朗巴克Joshed -纳维德哈尼学院会员伊斯兰阿扎德大学，克尔曼伊朗国王，伊朗摘要：内部控制是会计程序或控制系统，旨在促进效率或保证一个执行政策或保护资产或避免欺诈和错误。

内部控制外文翻译外文翻译原文来源：Research Paper, July XXXX年月日A Clear Look at Internal Controls: Theory and Concepts内部控制透视：理论与概念The necessity of control in new variable business environment is not latent for any person and managementas a response factor for stockholdersand another should implement a greatcontrol over his/her organization. 环境需要新的业务控制变量不为任何潜在的股东和管理人士的响应因子为1，另外应执行/她组织了一个很大的控制权。

控制是管理活动的东西或以上施加控制。

思想的产生和近十年的发展需要有系统的商业资源和控制这种财富一个新的关注。

One of the hot topic a boutcontrols over business resource is analyzingthe cost-benefit of each control. 主题之一热一回合管制的商业资源是分析每个控制成本效益。

作为内部控制和欺诈的第一道防线，维护资产以及预防和侦查错误。

内部控制，我们可以说是一种控制整个系统的财务和其他方面的管理制定了为企业的顺利运行;它包括内部的脸颊，内部审计和其他形式的控制。

COSOdescribe Internal Control as follow. Internalcontrols are the methods employed to help ensure the achievement of an objective. COSO的内部控制描述如下。

内部控制是一个客观的方法用来帮助确保实现。

Internal management, establish a sound internal control system, enterprises and the needs for enterprises to face market risks and challenges. Only in accordance with the actual situation of their own, developed to meet the needs of internal management control system, and strictly follow the implementation can be sustained, steady and healthy development.内部管理，建立健全内部控制制度，企业和企业面临的市场风险和挑战的需要。

只有按照自己的实际情况，开发出满足内部管理控制系统的需求，并严格遵照执行能够持续，稳定和健康的发展。

The so-called internal control, the means by the enterprises board of directors, managers and other staff implementation, in order to ensure the reliability of financial reporting, operating efficiency and effectiveness of existing laws and regulations to follow, and so provide reasonable assurance that the purpose of the course. Internal controls related to enterprise production and management of the control environment, risk assessment, supervision and decision-making, information and transfer and self-examination, from a business perspective on the whole in all aspects of production. Their effective implementation will undoubtedly promote enterprise production and management to a new level, to promote the rationalization of business processes and standardization.所谓内部控制，董事会的企业董事会，经理和其他员工实施的，为保证财务报告的可靠性，现有的法律法规，经营的效率和效果跟踪，并提供合理的保证，本课程的教学目的。