外文文献翻译院系财经学院专业班级审计091 姓名王立民原文出处Larry D.Hubbard.Understanding Internal Controls.Internal Auditor.2003,(10).评分指导教师桑梓卿山东交通学院2013 年6 月了解内部控制拉里·哈伯德. 了解内部控制.内部审计者.2003,(10).内部控制的定义内部控制是一个过程,旨在为以下目标提供合理保证:(1)运作的效力和效率;(2)财务报告的可靠性;(3)遵守适用的法律和法规 。
这一定义包含以下几个关键点:(1)在一个组织中,每级员工对内部控制都有着影响。
在一定程度上,内部控制可以说是每个人的责任。
在美国加州大学,部门级的行政人员在本部门中对内部控制负有主要职责。
(2)有效的内部控制能帮助一个组织完成它的营运、财务报表和合规性目标。
有效的内部控制是管理过程中一个固定的部分(即计划、组织、指令和控制 )。
内部控制使得一个组织在规定过程中能始终围绕它的宗旨,达成它的使命,并且使意外事件发生的可能性降到最低。
内部控制促进了组织营运的效力和效率,减少了财产损失的风险,并且帮助确保企业能遵守法律和章程。
内部控制也保证了财务报表的可靠性(即所有交易被记录,并且所有记录的交易被真实和适当的给予重视,并被及时记录,适当分类,正确汇总和通知)。
(3)内部控制提供的仅是达到有关组织目标的合理保证,而不是绝对保证。
有效的内部控制可以帮助一个组织达到它的目标,但它不保证成功。
内部控制无法为目标的实现提供绝对保证是由于这样一些原因:现实成本/效益,员工之间勾结舞弊和处于组织控制无法涉及的外部事件中。
控制环境控制环境是控制意识的一个组成部分,它是人们开展活动和履行控制责任的大环境。
在一个有效的控制环境中,主管人员清楚自己的责任所在,清楚他们所拥有权利的有限性。
这些人知识渊博且警觉,致力于做正确的事情并且以正确的方式去做事。
他们以遵循一个组织的政策程序行事及遵守相应的道德和行为标准为己任。
控制环境包括技术能力和道德承诺,它是有效内部控制不可或缺的一个无形要素。
理事会成员和管理者建立有效沟通的书面政策和程序,道德守则和行为标准,以此来强化一个组织的控制环境。
此外,理事和管理者以道德的方式做出种种表率,建立一种积极的“高层调调”,并要求组织中的每个人都遵循相同的行为准则,这也是他们完善控制环境的途径。
谁负有责任?管理部门是负责“指定基调”的组织。
管理部门应该营造出一种控制环境来鼓励:(1)最高水平的完整性,个人和专业的水准 ;(2)可以在组织中促进内部控制的领导哲学和经营风格;(3)权力和责任的下放。
控制环境的关键点有效的人力资源政策和程序可以增强组织的控制环境。
这些政策和程序能够解决雇用、指导、培训、评价、咨询、促销、赔偿和纪律处分问题。
如果员工所做的不符合组织的政策程序或行为标准,那么组织必须采取适当的行为保证组织的纪律性,以维持一个有效的控制环境。
员工个人若能认识到他们肩负着责任,在某种程度上看来这会对控制环境产生很大影响。
下面是一些用以加强部门控制环境的小建议。
这个列表里并非是全部建议,也不是每一项都适用于各个部门,它只可以作为一个基础。
请确保部门具有以下政策和程序(难以复制和互联网式的接入方式):行政程序商业和金融简讯员工手册采购手册人事备忘录(1)确保部门拥有已成文的书面政策和程序方法,其中涉及其重大活动和特殊问题。
员工的责任,权力限制,执行标准,控制程序,在报告中必须给以了明确的说明。
(2)确保员工熟悉他们大学的政策和程序来配合他们的工作职责。
(3)讨论员工的道德问题。
如果员工需要更多的指导,发放部门的行为标准。
(4)确保雇员根据利害关系原则而透露出潜在的利益冲突(即公司的所有者权益正在或被提议将要与大学发生生意关系)。
(5)确保有工作说明存在,里面明确陈述了内部控制的责任,正确解释了人员在期望中所想要获得的知识、技能和经验方面的能力水平。
保证聘用的是有合格实践经验的人。
(6)保证部门建立一个能充分训练雇员的计划。
(7)保证能经常举办评估职员表现的活动,好的表现应该得到高度重视并且以一个积极地方式来承认它。
(8)确保当某位雇员不遵从政策规定或者有关行为标准时,企业会对其进行适当的处分。
控制活动正确及时的进行控制活动可以管理风险以及减少风险。
预防和检测控制。
控制是可以被预防或检测到的。
不同控制的目的不同。
预防性控制意图遏制或防止不良事件的发生。
他们是积极主动的控制,这有助于防止损失的发生。
预防控制包括职责的分离,正确的授权,足够的文件和实物资产的控制。
相反,侦查性控制试图发现不良的行为。
他们提供证据证明损失已经发生,但不能阻止损失的发生。
侦查性控制包括复核、分析、方差分析、核对、实物盘点和审计。
这两种类型的控制对于一个有效的内部控制制度来说都是必不可少的。
从质量角度看,预防性控制因为积极主动,并强调质量而显得至关重要。
然而,侦查性控制发挥着为预防性控制的运行和防止损失发生提供证据的关键作用。
控制活动包括批准,核准,核查,核对,回顾绩效,资产安全,职责分工,和信息系统控制。
审批、授权、核实(预防性活动)。
管理部门授权员工在有限的权利内执行相应的活动和交易。
此外,管理部门指定这些活动或交易需要由监管人员批准后才能执行。
主管审批(人工或电子时)意味着他或她已核实和确认的活动或交易符合既定的政策和程序。
对账(侦查性活动)。
员工在数据之间的联系不同,识别和调查这些不同,并在必要时要采取纠正行动。
资产安全(预防及侦查性活动)。
涉及设备、库存、证券、现金和其他资产的要受到限制,资产要定期清点,并且与控制记录的数额进行比较。
职责分工(预防性活动)。
职责在不同员工中被分离,旨在减少错误或不当活动所带来的风险。
通常交易的授权、交易的记录(会计)、相关资产的管理(保管)这些职责是被分离的。
控制信息系统(预防和侦查性活动)。
控制信息系统分为两大类,一般控制和应用控制。
一般控制通常包括控制数据中心运营,系统软件的购置和维修,存取安全以及应用系统的开发和维护。
如电脑匹配和检查程序等应用控制,是按照应用软件一步一步进行的,它们旨在保证交易过程、授权以及效力的完整性和准确性。
一般控制是应用控制能够运行的必要支持。
它们都必须确保信息处理的完整性和准确性。
控制活动的执行必须经过深思熟虑,并且要求相关人员尽职尽责、始终如一的去执行。
如果不根据指导性政策所限定的条件范围来考虑哪些是重点,从而机械化执行控制,那么程序将发挥不了应起到的作用。
此外,有必要把非常规状态认为是调查控制活动及采取适当的纠正行动所导致的结果。
Understanding internal controlsLarry D.Hubbard.Understanding internal controls.Internal Auditor.2003,(10).Internal Control DefinedInternal control is a process designed to provide reasonable assurance regarding the achievement of objectives in the following categories:∙ Effectiveness and efficiency of operations∙ Reliability of financial reporting∙ Compliance with applicable laws and regulationsSeveral key points should be made about this definition:1. People at every level of an organization affect internal control.Internal control is, to some degree, everyone's responsibility. Within the University of California, administrative employees at the department-level are primarily responsible for internal control in their departments.2. Effective internal control helps an organization achieve its operations, financial reporting, and compliance objectives. Effective internal control is a built-in part of the management process (i.e., plan, organize, direct, and control). Internal control keeps an organization on course toward its objectives and the achievement of its mission, and minimizes surprises along the way. Internal control promotes effectiveness and efficiency of operations, reduces the risk of asset loss, and helps to ensure compliance with laws and regulations. Internal control also ensures the reliability of financial reporting (i.e., all transactions are recorded and that all recorded transactions are real, properly valued, recorded on a timely basis, properly classified, and correctly summarized and posted).3. Internal control can provide only reasonable assurance - not absolute assurance - regarding the achievement of an organization's objectives.Effective internal control helps an organization achieve its objectives; it does not ensure success. There are several reasons why internal control cannot provide absolute assurance that objectives will be achieved: cost/benefit realities, collusion among employees, and external events beyond an organization's control.Control EnvironmentThe control environment is the control consciousness of an organization; it is theatmosphere in which people conduct their activities and carry out their control responsibilities.An effective control environment is an environment where competent people understand their responsibilities, the limits to their authority, and are knowledgeable, mindful, and committed to doing what is right and doing it the right way. They are committed to following an organization's policies and procedures and its ethical and behavioral standards. The control environment encompasses technical competence and ethical commitment; it is an intangible factor that is essential to effective internal control.A governing board and management enhance an organization's control environment when they establish and effectively communicate written policies and procedures, a code of ethics, and standards of conduct. Moreover, a governing board and management enhance the control environment when they behave in an ethical manner-creating a positive "tone at the top"--and when they require that same standard of conduct from everyone in the organization.Who is Responsible?Management is responsible for "setting the tone" for their organization. Management should foster a control environment that encourages:∙ the highest levels of integrity and personal and professional standards∙ a leadership philosophy and operating style which promote internal control throughout the organization∙ assignment of authority and responsibility.Control Environment TipsEffective human resource policies and procedures enhance an organization's control environment. These policies and procedures should address hiring, orientation, training, evaluations, counseling, promotions, compensation, and disciplinary actions. In the event that an employee does not comply with an organization's policies and procedures or behavioral standards, an organization must take appropriate disciplinary action to maintain an effective control environment. The control environment is greatly influenced by the extent to which individuals recognize that they will be held accountable.Listed below are some tips to enhance a department's control environment. This list is not all inclusive, nor will every item apply to every department; it can, however, serve as a starting point.Make sure that the following policies and procedures are available in yourdepartment (hard copy or Internet access):Administrative ProceduresBusiness and Finance BulletinsEmployee HandbookPurchasing ManualPersonnel Memorandum∙ -written departmental policies and procedures manual which addresses its significant activities and unique issues. Employee responsibilities, limits to authority, performance standards, control procedures, and reporting relationships should be clear.∙ Make sure that employees are well acquainted with the University’s policies and procedures that pertain to their job responsibilities.∙ Discuss ethical issues with employees. If employees need additional guidance, issue departmental standards of conduct.∙ Make sure that employees comply with the Conflict of Interest policy and disclose potential conflicts of interest (e.g., ownership interest in companies doing business or proposing to do business with the University).∙ Make sure that job descriptions exist, clearly state responsibility for internal control, and correctly translate desired competence levels into requisite knowledge, skills, and experience; make sure that hiring practices result in hiring qualified individuals.∙ Make sure that the department has an adequate training program for employees.∙ Make sure that employee performance evaluations are conducted periodically. Good performance should be valued highly and recognized in a positive manner.∙ Make sure that appropriate disciplinary action is taken when an employee does not comply with policies and procedures or behavioral standards.Control ActivitiesControl activities are actions, when carried out properly and in a timely manner, manage or reduce risks.Preventive and Detective Controls.Controls can be either preventive or detective. The intent of these controls is different. Preventive controls attempt to deter or prevent undesirable events from occurring. They are proactive controls that help to prevent a loss. Examples of preventive controls are separation of duties, proper authorization, adequate documentation, and physical control over assets.Detective controls, on the other hand, attempt to detect undesirable acts. Theyprovide evidence that a loss has occurred but do not prevent a loss from occurring. Examples of detective controls are reviews, analyses, variance analyses, reconciliations, physical inventories, and audits. Both types of controls are essential to an effective internal control system. From a quality standpoint, preventive controls are essential because they are proactive and emphasize quality. However, detective controls play a critical role providing evidence that the preventive controls are functioning and preventing losses.Control activities include approvals, authorizations, verifications, reconciliations, reviews of performance, security of assets, segregation of duties, and controls over information systems.Approvals, Authorizations, and Verifications (Preventive). Management authorizes employees to perform certain activities and to execute certain transactions within limited parameters. In addition, management specifies those activities or transactions that need supervisory approval before they are performed or executed by employees. A supervisor’s approval (manual or electronic) implies that he or she has verified and validated that the activity or transaction conforms to established policies and procedures.Reconciliations (Detective). An employee relates different sets of data to one another, identifies and investigates differences, and takes corrective action, when necessary.Security of Assets (Preventive and Detective).Access to equipment, inventories, securities, cash and other assets is restricted; assets are periodically counted and compared to amounts shown on control records.Segregation of Duties (Preventive). Duties are segregated among different people to reduce the risk of error or inappropriate action. Normally, responsibilities for authorizing transactions, recording transactions (accounting), and handling the related asset (custody) are divided.Controls over Information Systems (Preventive and Detective). Controls over information systems are grouped into two broad categories-general controls and application controls. General controls commonly include controls over data center operations, system software acquisition and maintenance, access security, and application system development and maintenance. Application controls such as computer matching and edit checks are programmed steps within application software; they are designed to help ensure the completeness and accuracy of transaction processing, authorization, and validity. General controls are needed to support thefunctioning of application controls; both are needed to ensure complete and accurate information processing.Control activities must be implemented thoughtfully, conscientiously, and consistently; a procedure will not be useful if performed mechanically without a sharp continuing focus on conditions to which the policy is directed. Further, it is essential that unusual conditions identified as a result of performing control activities be investigated and appropriate corrective action be taken.。