COSO《内部控制_整合框架》执行纲要2013版(中英文对照)

Internal Control–Integrated Framework
部控制整合框架
Executive Summary
执行纲要
Internal control helps entities achieve important objectives an d sustain and
improve performance.COSO’s Internal Control—I ntegrated Framework
(Framework)enables organizations to effectively and efficiently develop
systems of internal control that adapt to changing business and operating
environments, mitigate risks to acceptable levels, and support so und decision
making and governance of the organization.
部控制帮助组织达到重要的目标，维持和改进业绩。

科索委员
会的部控制整合框架使得组织能够开发有效果且有效率的部控
制体系，该体系且能够适应变化的商业和运营环境，将风险降低到可
接受的水平，并且促进规决策和组织的治理。

Designing and implementing an effective system of intern al control can be
challenging;operating that system effectively and efficiently every day can
be daunting.New and rapidly changing business mod
els,greater use and
dependence on technology, increasing regulatory requirements and s crutiny,
globalization, and other challenges demand any system of internal control to
be agile in adapting to changes in busin ess,operating and regulatory
第 1 页
environments.
设计并实施一套有效的部控制体系是充满挑战的；每天保持制
度运行的效果和效率会让人可望而不可及。

崭新且不断更新的商业模
型，对技术的深入应用和依赖，日益繁多的监管要求和检查，全球化
和其他挑战要求每一个组织的部控制体系都能够更加敏捷地适应
不断变化的商业、运营和监管的环境。

An effective system of internal control d emands more than rigorous
adherence to policies and procedures:it requires the use of judgment.
Management and boards of directors1use judgment to determine how much
control is enough. Management and other personnel use judgment e very day
to select,develop,and deploy controls across the enti ty.Management and
internal auditors,among other personnel,apply judgment as they monitor
and assess the effectiveness of the system of internal control.
一套有效的部控制体系除了对制度和流程严格遵守外，还要求
判断力。

管理层和董事会通过其判断来决定多少控制是充分的。

管理
层和其他员工每天通过其判断，在组织选取，推进和实施各类控制。

管理层和部审计师，以及其他的员工，通过其判断来监控和测试
部控制体系的有效性。

The Framework assists management,boards of directors,external stakeholders, and others interacting with the entity in their res pective duties
regarding internal control without being overly prescript ive.It does so by
1The Framework uses the term “board of directors,”which encompasses the governing
body, including board,
board of trustees, general partners, owner, or supervisory board.
本框架使用“董事会”一词，泛指治理层，包括：董事会，理事会，一般合伙人，所有者和监事会等。

第 2 页
providing both understanding of what constitutes a system of int ernal control
and insight into when internal control is being applied effectiv ely.
本框架在部控制方面，对管理层，董事会，外部的利益相关者
和其他与组织产生互动关系的相关方有所帮助，且不会过分死板；而
这有赖于对部控制体系构成要素的理解，有赖于对部控制体系能
够有效实施的时机的洞见。

For management and boards of directors, the Framework provides:对于管理层和董事会，本框架提供：
●
A means to apply internal control to any type
of entity,regardless of
industry or legal structure, at the levels of entity, operating unit, or function
一套工具，将部控制推广到各类型的组织，无论行业或法律形
式，无论在组织层面，经营单元层面或职能层面；
●
A principles-based approach that provides flexi bility and allows for
judgment in designing,implementing,and conducting internal control—principles that can be applied at the entity,operating,and
functional levels
一种原则导向的方法，能够灵活设计，实施和推进部控制，并
留有判断空间——这些原则可在组织层面、运营层面和职能层面
应用；
Requirements for an effective system of internal contr ol by considering
第 3 页
how components and principles are present
and functioning and how
components operate together
一些要求，具体阐述有效的部控制体系的要素和原则是如何存
在和发挥作用，如何在一起产生协调作用；
●
A means to identify and analyze risks,and
to develop and manage
appropriate responses to risks within acceptable levels and with a greater
focus on anti-fraud measures
一套工具，识别和分析风险，开发和管理合适的风险应对措施将
风险控制在可接受的水平，且更关注反舞弊措施；
●
An opportunity to expand the application of internal control beyond
financial reporting to other forms of reporting,operation s,and compliance
objectives
一个机会，将基于财务报告的部控制扩大应用围，满足各种
其他的报告、运营和遵循目标；
●
An opportunity to eliminate ineffective, redundant,or inefficient
controls that provide minimal value in reducing risks to th e achievement of
the entity’s objectives
一个机会，清理那些在降低风险方面价值不大的无效，冗余和低
效的控制。

For external stakeholders of an entity and others that i nteract with the
entity, application of this Framework provides:
第 4 页
对于外部利益相关者和组织的其他相关方，本框架的应用可使其：
●
Greater confidence in the board of directors’oversight of in ternal control
systems
对于董事会针对部控制的监管更有信心；
●
Greater confidence regarding the achievement of entity objectiv es
对于组织实现目标更有信心；
●
Greater confidence in the organization’s ability to identify, analyze, and
respond to risk and changes in the business and operating envir onments
对组织识别，分析和应对来自商业与运营环境风险与变化的能力
更有信心；
●
Greater understanding of the requirement of an effective system of
internal control
更了解有效的部控制体系的具体要求；
●
Greater understanding that through the use of judgmen t,management
may be able to eliminate ineffective, redundant, or inefficient c
ontrols
更了解管理层如何通过其判断清理那些无效，冗余和低效的控制。

Internal control is not a serial process but
a dynamic and integrated
process.The Framework applies to all entities: large,mid-size,small,
for-profit and not-for-profit,and government bodies.However,each
organization may choose to implement internal c ontrol differently.For
第 5 页
instance, a smaller entity’s system of internal control may be less formal and
less structured, yet still have effective internal control.
部控制不是一个按部就班的过程而是一个动态和整合的过程。

本框架可以适用于各类型的组织：大型，中型或小型；盈利，非盈利
或政府机构。

然而，每个组织都可以有权选择，实施不同的部控制。

例如，一个小型组织的控体系可以不那么正式和结构清晰，但仍保
持有效。

The remainder of this Executive Summary pro vides an overview of
internal control,including a definition,categories of ob jective,description
of the requisite components and associated principles, and require ment of an
effective system of internal control.It a lso includes a discussion of
limitations—the reasons why no system of internal contr ol can be perfect.
Finally,it offers considerations on how various parties may use the
Framework.
以下，本文将对部控制提供总览，包括定义，各类别的目标，
必要要素和相关原则的描述，以及对一个有效部控制体系的要求。

本文也将讨论部控制的局限性——为什么没有一个部控制体系
是完美的。

第 6 页
Defining Internal Control
定义部控制
Internal control is defined as follows:
部控制定义如下：
Internal control is a process,effected by an entity’s board of
directors,management,and other personnel,designed to provide reasonable assurance regarding the achievement of objectives relating to operations,reporting,and complianc e.
部控制是一套流程，受组织的董事会，管理层和其他员工所影响，被设计并用来为组织提供合理保证，使其实现运营，报告和遵循目标。

This definition reflects certain fundamental concepts. Internal con trol is:
以上定义体现了一些基础概念。

部控制是：
Geared to the achievement of objectives in one or more categories—operations, reporting, and compliance
使组织实现多个种类的目标，如运营，报告和遵循；
A process consisting of ongoing tasks and activities—a means
to an end,
not an end in itself
一个持续不断的过程，包括各种任务和活动——一个达到目的的手段，而非目的本身；
第7 页
Effected by people—not merely about policy and procedure manua ls,
systems, and forms, but about people and the actions they take a t every level
of an organization to affect internal control
受人的影响——不仅仅是制度和流程手册，体系和表单，而是组
织各个层级的人和他们所采取的行动；
Able to provide reasonable assurance—but not absolute assurance, to an
entity’s senior management and board of directors
可以向组织的高级管理层和董事会提供合理保证——而非绝对保
证；
Adaptable to the entity structure—flexible in application for the entire
entity or for a particular subsidiary, division, operating unit, o r business
process
可以适应组织的结构——可灵活应用于整个组织或一个分支机构，
业务部，运营单元或业务流程。

This definition is intentionally broad. It captures important conce pts that are
fundamental to how organizations design, implement, and conduct int ernal
control, providing a basis for application across organizations tha t operate in
different entity structures, industries, and geographic regions.
这个定义被设定的包含广泛，包括了关于组织如何设计，实施和
推进部控制的一些重要的基础概念，为不同的组织架构，行业和地
理区域的组织提供了操作支持。

第8 页
Objectives
目标
The Framework provides for three categories of objectives, which allow
organizations to focus on differing aspects of internal control:本框架提供了三个类型的目标，使得组织可以关注于部控制的不同
方面：
Operations Objectives—These pertain to effectiveness and efficiency of the
entity’s operations, including operational and financial performanc e goals,
and safeguarding assets against loss.
运营目标——组织运营的效果和效率，包括运营和财务绩效目标，资
产安全不受损失。

Reporting Objectives—These pertain to internal and external financ ial and
non-financial reporting and may encompass reliability, timeliness, transpar-
ency, or other terms as set forth by regulators, recognized stan dard setters,
or the entity’s policies.
报告目标——、外部的财务和非财务报告的可靠性、及时性、透明
度，以及其他监管者、公认的标准制定机构和组织政策所要求的方面。

Compliance Objectives—These pertain to adherence to laws and regu lations
to which the entity is subject.
遵循目标——遵守对组织适用的法律法规。

第9 页
Components of Internal Control
部控制的要素
Internal control consists of five integrated components.
部控制包括五个相关关联的要素。

Control Environment
控制环境
The control environment is the set of standards, processes, and structures
that provide the basis for carrying out internal control across the organization.
The board of directors and senior management establish the tone at the top
regarding the importance of internal control including expected st andards of
conduct. Management reinforces expectations at the various levels of the
organization. The control environment comprises the integrity and ethical
values of the organization; the parameters enabling the board of directors to
carry out its governance oversight responsibilities; the organizati onal struc-
ture and assignment of authority and responsibility; the process for attracting,
developing, and retaining competent individuals; and the rigor aro und
performance measures, incentives, and rewards to drive accountabili ty for
performance. The resulting control environment has a pervasive imp act on
the overall system of internal control.
控制环境是一套标准、流程和结构，能够为部控制的实施提供基础。

董事会和高级管理层为部控制的重要性（包括期待的行为准则）提
第10 页
供高层定调（the tone at the top）。

组织各个层级的管理活动强化了这种期望。

控制环境包括了组织正直和道德的价值观；促进董事会行
使公司治理的监控职责的机制；吸引、开发和保留人才的机制；严格
的绩效衡量、激励和汇报机制以保证绩效实现。

控制环境会对部控
制的整体体系产生全面影响。

Risk Assessment
风险评估
Every entity faces a variety of risks from external and interna l sources. Risk is
defined as the possibility that an event will occur and advers ely affect the
achievement of objectives. Risk assessment involves a dynamic and iterative
process for identifying and assessing risks to the achievement of objectives.
Risks to the achievement of these objectives from across the e ntity are
considered relative to established risk tolerances. Thus, risk as sessment
forms the basis for determining how risks will be managed.
每个组织都面临着来自外部的各类风险。

风险是潜在事件发生并对
组织实现其目标产生负面影响的可能性。

风险评估包括了根据组织要
实现的目标，动态和反复的识别和评估风险的过程。

将全组织围的
影响目标实现的风险同已经建立的风险容忍度一同考量后，风险评估
就为决定风险如何进行管理打下了基础。

A precondition to risk assessment is the establishment of object
ives, linked at
different levels of the entity. Management specifies objectives w ithin
categories relating to operations, reporting, and compliance with sufficient
第11 页
clarity to be able to identify and analyze risks to those obj ectives.
Management also considers the suitability of the objectives for the entity.
Risk assessment also requires management to consider the impact of possible
changes in the external environment and within its own business model that
may render internal control ineffective.
风险评估的先决条件是组织各个层级的目标的确立。

管理层要结合运
营、报告和遵循的三大类目标，明确相应的具体目标，以便识别和分
析相关的风险。

管理层也要考虑这些目标对于组织的可持续性。

风险
评估还要求管理层考虑可能导致控失效的外部环境和部商业模
式的可能变化。

Control Activities
控制活动
Control activities are the actions established through policies a nd procedures
that help ensure that ma nagement’s directives to mitigate risks to the
achievement of objectives are carried out. Control activities are performed
at all levels of the entity, at various stages within business processes, and
over the technology environment. They may be preventive or dete ctive in
nature and may encompass a range of manual and automated activ ities such
as authorizations and approvals, verifications, reconciliations, an d business
performance reviews. Segregation of duties is typically built int o the
selection and development of control activities. Where segregation of duties
is not practical, management selects and develops alternative con trol
activities.
第12 页
控制活动是通过制度和流程所确立的行动，旨在确保管理层降低影响
组织目标实现的风险的方针得以实现。

在组织的各个层级，业务的各
个环节，信息技术的整个环境中都应实施控制活动。

从性质上，可以
是预防性的，也可以是检查性的；应覆盖手工和自动控制；包括授权
和批准，复核，对账和业务绩效评估。

不相容职责分离也是典型的应
选取和推进的控制活动。

如果不相容职责分离无法实施，管理层应选
择和推进替代性的控制活动。

Information and Communication
信息与沟通
Information is necessary for the entity to carry out internal control
responsibilities to support the achievement of its objectives. Ma nagement
obtains or generates and uses relevant and quality information from both
internal and external sources to support the functioning of othe r components
of internal control.
信息对于组织而言，对推进控、促进其目标实现是非常必要的。

管
理层从外部获得或生成，并且使用相关的有质量的信息来支持部
控制其他要素的正常运转。

Communication is the continual, iterative process of providing, s haring, and
obtaining necessary information. Internal communication is the mea ns by
which information is disseminated throughout the organization, flo
wing up,
down, and across the entity. It enables personnel to receive a clear message
from senior management that control responsibilities must be taken seriously.
第13 页
External communication is twofold: it enables inbound communication of
relevant external information, and it provides information to extern al parties
in response to requirements and expectations.
沟通是一个持续和不断重复的提供、分享和获得必要的信息的过程，。

部沟通是一个手段，使得信息能够在整个组织向上、向下和横向扩
散，能够帮助员工接受来自高管层的清晰的信息——控制的职责必须
认真实施。

外部沟通包括两个部分：将外部的相关信息传入组织部，
以及根据其要求和期望，提供信息给外部的相关方。

Monitoring Activities
监督活动
Ongoing evaluations, separate evaluations, or some combination of t he two
are used to ascertain whether each of the five components of int ernal control,
including controls to effect the principles within each component, is present
and functioning. Ongoing evaluations, built into business processes at
different levels of the entity, provide timely information. Separat e
evaluations, conducted periodically, will vary in scope and frequen cy
depending on assessment of risks, effectiveness of ongoing evaluati ons, and
other management considerations. Findings are evaluated against crit eria
established by regulators, recognized standard-setting bodies or mana
gement
and the board of directors, and deficiencies are communicated to management and the board of directors as appropriate.
持续的评价，独立的评价，或者两者的某种组合可以用来确认部控
制的五个要素以及每个要素下的原则是否存在并发挥作用。

嵌入整个
业务体系的持续评价可以提供及时的信息；独立的评价需要定期开展，
第14 页
其围和频率可能因风险评估，持续评价的有效程度以及管理层的其他考虑而有所不同。

评价中的发现应结合监管者、标准订立机构和管理层、董事会所设定的标准进行评估；缺陷应当视情况传递给管理层和董事会。

第15 页
Relationship of Objectives and Components
目标和要素的关系
A direct relationship exists between objectives,which
are what an entity
strives to achieve, components, which represent what is required to achieve
the objectives, and the organizational structure of the entity (the operating
units, legal entities, and other). The relationship can be depic ted in the form
of a cube.
组织要实现的目标，为了实现目标所必须的要素，组织的组织架构（如
运营单元，法律实体及其他）这三者之间存在着直接的关系。

这个关
系可以以一个立方体的形式展现。

•The three categories of objectives—operations,reporting,and compliance—are represented by the columns.
运营、报告和遵循三类目标以纵列表示。

•The five components are represented by the rows.
部控制的五个要素以横行表示。

•An entity’s organizational structure is represented by the third dimension.
组织的组织架构以第三维表示。

第16 页
Components and Principles
要素及原则
The Framework sets out seventeen principles representing t he fundamental
concepts associated with each component.Because
these principles are
drawn directly from the components, an entity can achieve effect ive internal
control by applying all principles.
本框架确立了十七项原则代表了与每个控制要素相关的基本概念。

因
为这些原则直接从控制要素中提炼，一个组织可以直接应用全部这些
原则来实施部控制。

All principles apply to operations, reporting, and compliance obj ectives. The
principles supporting the components of internal control are list ed below.
这些原则都可以应用于运营、报告和遵循三类目标。

这些每个控制要
素的原则如下：
Control Environment控制环境
1.The organization demonstrates a commitment to
integrity and ethical
values.
组织对正直和道德等价值观做出承诺。

2.The board of directors demonstrates independence
from management
第17 页
and exercises oversight of the development and performance of internal
control.
董事会独立于管理层，并对部控制的推进与成效加以监督控制。

3.Management establishes, with board oversight, structures, r eporting lines,
and appropriate authorities and responsibilitie s in the pursuit of
objectives.
管理层围绕其目标，在治理层监督下，建立健全组织架构、汇报
条线、合理的授权与责任等机制。

4.The organization demonstrates a commitment to att ract,develop,and
retain competent individuals in alignment with objectives.
组织对吸引、开发和保留与认同组织目标的人才做出承诺。

5.The organization holds individuals accountable for the ir internal control
responsibilities in the pursuit of objectives.
组织根据其目标，使员工各自担负起部控制的相关责任。

Risk Assessment风险评估
6.The organization specifies objectives with sufficient clari ty to enable the
identification and assessment of risks relating to objectives.
就识别和评估与其目标相关的风险，组织做出清晰的目标设定。

7.The organization identifies risks to the ach ievement of its objectives
across the entity and analyzes risks as a basis f or determining how the
第18 页
risks should be managed.
组织对影响其目标实现的风险进行全围的识别和分析，并以此
为基础来决定风险应如何进行管理。

8.The organization considers the potential for fraud in as sessing risks to the
achievement of objectives.
组织在风险评估过程中，考虑潜在的舞弊行为。

9.The organization identifies and assesses changes that could significantly
impact the system of internal control.
组织识别和评估对部控制体系可能造成较大影响的改变。

Control Activities控制活动
10. The organization selects and develops control activiti es that contribute
to the mitigation of risks to the achievement of objectives to acceptable
levels.
组织选择并开展控制活动，将风险对其目标实现的影响降到可接
受水平。

11. The organization selects and develops general control activities over
technology to support the achievement of objectives.
对（信息）技术，组织选择并开展一般控制以支持其目标的实现。

12. The organization deploys control activities through policies that establish
what is expected and procedures that put policies into actio n.
第19 页
组织通过合理的政策制度和保证这些政策制度切实执行的流程程
序，来实施控制活动。

Information&Communication信息与沟通
13. The organization obtains or generates a nd uses relevant,quality
information to support the functioning of internal control.
组织获取或生成，并使用相关、有质量的信息来支持部控制发
挥作用。

14. The organization internally communicates information,including
objectives and responsibilities for internal control, necessary to support
the functioning of internal control.
组织在其部沟通传递包括部控制的目标和责任在的必要信
息以支持部控制发挥作用。

15. The organization communicates with external parties reg arding matters
affecting the functioning of internal control.
组织与外部相关方就影响部控制发挥作用的事宜进行沟通。

Monitoring Activities监督活动
16. The organization selects,develops,and
performs ongoing and/or
separate evaluations to ascertain whether the compon
ents of internal
control are present and functioning.
第20 页
组织选择、推动并实施持续且（或）独立的评估以确认部控制
的要素是存在且正常运转的。

17. The organization evaluates and communicates internal control
deficiencies in a timely manner to those parties responsible for taking
corrective action,including senior management and the board of
directors, as appropriate.
组织在相应的时间围，评价部控制的缺陷，并视情况与那
些应采取正确行动的相关方（如：高级管理层，董事会）沟通。

第21 页
Effective Internal Control
部控制的有效性
The Framework sets forth the requirements for an e ffective system of
internal control.
本框架对一个有效的部控制体系设定了要求。

An effective system provides reasonable assurance regarding achievement of an entity’s objectives.An effective system of internal
control reduces,to an acceptable level,the ris k of not achieving an
entity objective and may relate to one,two,or al l three categories of
objectives. It requires that:
一个有效的体系应当为组织目标的实现提供合理保证。

一个有效
的部控制体系将影响组织目标实现的风险降低到可接受的水平，
无论这些风险与一个、两个或三个类别的目标相关。

一个有效的部控制体系要求：
•Each of the five components and relevant principles i s present and
functioning.
五个要素及相关的原则都存在且发挥作用。

“Present”refers to the determination that the
components and
relevant principles exist in the design and implementation of the system
第22 页
“
of internal control to achieve specified objectives. “Fun ctioning” refers to the determination that
the
components
and
relevant
principles
continue to exist in the operations and conduct of the sys tem of internal
control to achieve specified objectives.
“存在”是指这些控制要素和相关原则都已包含在部控制
体系的设计和运行中，以实现具体目标。

发挥作用”是指这些控
制要素和相关原则，确定的持续的存在于部控制体系的运行和
行为中。

•
The five components operate together in an integrate
d manner.
五个控制要素共同运行，发挥整合的作用。

“Operating together”
refers to the dete
rmination
that all
five
components collectively reduce, to an acceptable level, the risk of not
achieving an objective. Components should not be considered d iscretely;
instead, they operate together as an integrated system. Compo nents are
interdependent with a multitude of interrelationships and linka ges among them, particularly
the manner in which principles
interact
within
and
across components.
“共同运行”是指所有的五个控制要素共同的将影响目标实
现的风险降低到可接受水平。

控制要素不应被割裂的看待，而应
被视为一个整体。

When a major deficiency exists with respe ct to the presence and
functioning of a component or relevant principle, or with respect to the
components operating together in an integrated manner, the org anization
第23 页
cannot conclude that it has met the requirements for an effe ctive system
of internal control.
当一个重大的缺陷存在，可能影响控制要素和相关原则的存在
和发挥作用，或影响其共同运行发挥整合的作用，该组织不能认
为其达到了部控制的有效性。

When a system of internal control is determin ed to be effective,
senior management and the board of directors have reasonable assurance,
relative to the application within the entity structure,that the
organization:
当一个部控制体系要实现有效性，高级管理层和董事会要
在整个组织架构中对其实施有合理保证，使得组织：
•Achieves effective and efficient operations when external events
are considered unlikely to have a significant impact on the achievement
of objectives or where the organization can reasonably predict the nature
and timing of external events and mitigate the impact to a n acceptable
level
在不太可能有外部事件对组织实现其目标产生重大影响的情
况下，或者组织可以合理的预测外部事件的性质和时间点以降低
其影响到可接受水平的情况下，组织能够保证有效果和有效率的
运营。

•
Understands the extent to which op erations are managed
effectively and efficiently when external events may h ave a significant
impact on the achievement of objectives or where the o rganization can
第24 页
reasonably predict the nature and timing of external events and mitigate
the impact to an acceptable level
在不太可能有外部事件对组织实现其目标产生重大影响的情
况下，或者组织可以合理的预测外部事件的性质和时间点以降低
其影响到可接受水平的情况下，了解其运营受到管理的效果和效
率所达到的程度。

•Prepares reports in conformity with applicable r ules,regulations,
and standards or with the entity’s specified reporting objec tives
能够根据相关规则、规定和标准，或者具体的报告目标提供
报告。

•Complies with applicable laws,rules,regu lations,and external
standards
遵循相关的法律、规则、规定和外部标准。

The Framework requires judgment in designing, implementing,and
conducting internal control and assessing its effecti veness.The use of
judgment, within the boundaries established by laws, rules, regulations,
and standards, enhances management’s ability to make better decisions
about internal control, but cannot guarantee perfect outcomes.
本标准要求在设计、实施和推进部控制和评价其有效性时进行判断。

在法律、规则、规定和标准允许的围，判断的使用将加强管理层对于部控制做出更佳决策的能力，但不能保证完美的结果。

第25 页
Limitations
局限性
The Framework recognizes that while intern al control provides
reasonable assurance of achieving the entity’s objectives, li mitations do
exist.Internal control cannot prevent bad judgm ent or decisions,or
external events that can cause an organization
to fail to achieve its
operational goals.In other words,even an effective system of internal
control can experience a failure. Limitations may result from the:
本框架承认：虽然部控制为组织实现目标提供合理保证，但仍存在局限性。

部控制无法防止错误的判断和决策，或者外
部可能造成组织无法实现其运营目标的事件。

换言之，即使一个
有效的部控制体系也会经历失败。

其局限性是由于：
Suitability of objectives established as a p recondition to internal
control
组织所建立的目标的合理性是部控制的先决条件；
Reality that human judgment in decision making c an be faulty and
subject to bias。