本科毕业论文（设计）外文翻译外文题目Committee of sponsoring organizationsof the treadway Commission 外文出处Enterprise risk management外文作者Committee of sponsoring organizations 原文：Committee of sponsoring organizations of the treadway commission Organizational overviewCOSO was formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting (the Treadway Commission). The Treadway Commission was originally jointly sponsored and funded by five main professional accounting associations and institutes headquartered in the United States: the American Institute of Certified Public Accountants (AICPA), American Accounting Association (AAA), Financial Executives International (FEI), Institute of Internal Auditors (IIA) and the Institute of Management Accountants(IMA). The Treadway Commission recommended that the organizations sponsoring the Commission work together to develop integrated guidance on internal control. These five organizations formed what is now called the Committee of Sponsoring Organizations of the Treadway Commission.The original chairman of the Treadway Commission was James C. Treadway, Jr., Executive Vice President and General Counsel, Paine Webber Incorporated and a former Commissioner of the U.S. Securities and Exchange Commission. Hence, the popular name "Treadway Commission". Currently, David L. Landsittel replaced Larry E. Rittenberg as the COSO Chairman.HistoryDue to questionable corporate political campaign finance practices and foreigncorrupt practices in the mid -1970s, the U.S. Securities and Exchange Commission (SEC) and the U.S. Congress enacted campaign finance law reforms and the 1977 Foreign Corrupt Practices Act(FCPA) which criminalized transnational bribery and required companies to implement internal control programs. In response, the Treadway Commission, a private-sector initiative, was formed in 1985 to inspect, analyze, and make recommendations on fraudulent corporate financial reporting.The Treadway Commission studied the financial information reporting system over the period from October 1985 to September 1987 and issued a report of findings and recommendations in October 1987 titled Report of the National Commission on Fraudulent Financial Reporting. As a result of this initial report, the Committee of Sponsoring Organizations (COSO) was formed and it retained Coopers & Lybrand, a major CPA firm, to study the issues and author a report regarding an integrated framework of internal control.In September 1992, the four volume report entitled Internal Control— Integrated Framework was released by COSO and later re-published with minor amendments in 1994. This report presented a common definition of internal control and provided a framework against which internal control systems may be assessed and improved. This report is one standard that U.S. companies use to evaluate their compliance with FCPA. According to a poll by CFO Magazine released in 2006, 82% of respondents claimed t hey used COSO’s framework for internal controls. Other frameworks used by respondents included COBIT, AS2 (Auditing Standard No. 2, PCAOB), and SAS 55/78 (AICPA).Internal control - integrated frameworkKey concepts of the COSO frameworkThe COSO framework involves several key concepts:∙Internal control is a process. It is a means to an end, not an end in itself.∙Internal control is affected by people. It’s not merely policy, manuals, and forms, but people at every level of an organization.∙Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board.Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.Use of the capability maturity modelThe capabilities of an organization in relation to the COSO model could be assessed based on universal states or plateaus that organizations typically target. The descriptions are incremental.The capability descriptions are based on evolution toward generally recognized best practices. Each organization determines which level of "maturity" would be the most appropriate in support of its business needs, priorities and availability of resources. A rating system of “0” to “5” is used. A rating of “5” does not necessarily mean “goodness”, but rather, maturity of capability. The ideal maturity rating for any area is dependent on the needs of the organization. The different and progressive plateaus are: 0 Non-existent when:The organization lacks procedures to monitor the effectiveness of internal controls. Management internal control reporting methods are absent. There is a general unawareness of IT operational security and internal control assurance. Management and employees have an overall lack of awareness of internal controls.1 Initial/Ad Hoc when:Management recognizes the need for regular IT management and control assurance. Individual expertise in assessing internal control adequacy is applied on an ad hoc basis. IT management has not formally assigned responsibility for monitoring the effectiveness of internal controls. IT internal control assessments are conducted as part of traditional financial audits, with methodologies and skill sets that do not reflect the needs of the information services function.2 Repeatable but Intuitive when:The organization uses informal control reports to initiate corrective action initiatives. Internal control assessment is dependent on the skill sets of key individuals. The organization has an increased awareness of internal control monitoring. Information service management performs monitoring over the effectiveness of what it believes are critical internal controls on a regular basis. Methodologies and tools formonitoring internal controls are starting to be used, but not based on a plan. Risk factors specific to the IT environment are identified based on the skills of individuals.3 Defined when:Management supports and institutes internal control monitoring. Policies and procedures are developed for assessing and reporting on internal control monitoring activities. An education and training program for internal control monitoring is defined. A process is defined for self-assessments and internal control assurance reviews, with roles for responsible business and IT managers. Tools are being utilized but are not necessarily integrated into all processes. IT process risk assessment policies are being used within control frameworks developed specifically for the IT organization. Process-specific risks and mitigation policies are defined.4 Managed and Measurable when:Management implements a framework for IT internal control monitoring. The organization establishes tolerance levels for the internal control monitoring process. Tools are implemented to standardize assessments and automatically detect control exceptions. A formal IT internal control function is established, with specialized and certified professionals utilizing a formal control framework endorsed by senior management. Skilled IT staff members are routinely participating in internal control assessments. A metrics knowledge base for historical information on internal control monitoring is established. Peer reviews for internal control monitoring are established.5 Optimized when:Management establishes an organization wide continuous improvement program that takes into account lessons learned and industry best practices for internal control monitoring and reporting. The organization uses integrated and updated tools, where appropriate, that allow effective assessment of critical IT controls and rapid detection of IT control monitoring incidents. Knowledge sharing specific to the information services function is formally implemented. Benchmarking against industry standards and good practices is formalized.Definition of internal control and framework objectivesThe COSO framework defines internal control as a process, effected by an entity’sboard of directors, management and other personnel, designed to provide "reasonable assurance" regarding the achievement of objectives in the following categories: ∙Effectiveness and efficiency of operations∙Reliability of financial reporting∙Compliance with applicable laws and regulationsThe five framework componentsThe COSO internal control framework consists of five interrelated components derived from the way management runs a business. According to COSO, these components provide an effective framework for describing and analyzing the internal control system implemented in an organization as required by financial regulations (see Securities Exchange Act of 1934, Section 240 15d-15). The five components are the following:Control environment:The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values, management's operating style, delegation of authority systems, as well as the processes for managing and developing people in the organization.Risk assessment:Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment is establishment of objectives and thus risk assessment is the identification and analysis of relevant risks to the achievement of assigned objectives. Risk assessment is a prerequisite for determining how the risks should be managed.Control activities: Control activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address the risks that may hinder the achievement of the entity's objectives. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties.Information and communication:Information systems play a key role in internal control systems as they produce reports, including operational, financial and compliance-related information, that make it possible to run and control the business. In a broader sense, effective communication must ensure information flows down, across and up the organization. For example, formalized procedures exist for people to report suspected fraud. Effective communication should also be ensured with external parties, such as customers, suppliers, regulators and shareholders about related policy positions.Monitoring: Internal control systems need to be monitored—a process that assesses the quality of the system's performance over time. This is accomplished through ongoing monitoring activities or separate evaluations. Internal control deficiencies detected through these monitoring activities should be reported upstream and corrective actions should be taken to ensure continuous improvement of the system. LimitationsInternal control involves human action, which introduces the possibility of errors in processing or judgment. Internal control can also be overridden by collusion among employees (see separation of duties) or coercion by top management.CFO magazine reported that companies are struggling to apply the complex model provided by COSO. “One of the biggest problems: limiting internal audits to one of the three key objectives of the framework. In the COSO model, those objectives are applied to five key components (monitoring, information and communication, control activities, risk assessment, and control environment). Given the number of possible matrices, it's not surprising that the number of audits can get out of hand.” CFO magazine continued by stating, that many organization are creating their own risk-and-control matrix by taking the COSO model and altering it to focus on the components that relate directly to Section 404 of the Sarbanes-Oxley Act.Source：Enterprise risk management,2004.译文：美国反舞弊性财务报告委员会发起组织的报告组织概述COSO是成立于1985年的美国反虚假财务报告委员会（特雷德韦委员会）的发起组织委员会。