内控的五要素Components of Internal Control_内控五要素

内控的五要素Components of Internal Control由刀豆文库小编整理，希望给你工作、学习、生活带来方便，猜你可能喜欢“内控五要素”。

Components of Internal Control

内部控制的要素

Internal control consists of five integrated components.内部控制包括五个相关关联的要素。

Control Environment 控制环境

The control environment is the set of standards, procees, and structures that provide the basis for carrying out internal control acro the organization.The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct.Management reinforces expectations at the various levels of the organization.The control environment comprises the integrity and ethical values of the organization;the parameters enabling the board of directors to carry out its governance oversight responsibilities;the organizational struc-ture and aignment of authority and responsibility;the proce for attracting, developing, and retaining competent individuals;and the rigor around performance measures, incentives, and rewards to drive accountability for performance.The resulting control environment has a pervasive impact on the overall system of internal control.控制环境是一套标准、流程和结构，能够为内部控制的实施提供基础。董事会和高级管理层为内部控制的重要性（包括期待的行为准则）提供高层定调（the tone at the top）。组织各个层级的管理活动强化了这种期望。控制环境包括了组织正直和道德的价值观；促进董事会行使公司治理的监控职责的机制；吸引、开发和保留人才的机制；严格的绩效衡量、激励和汇报机制以保证绩效实现。控制环境会对内部控制的整体体系产生全面影响。

Risk Aement 风险评估

Every entity faces a variety of risks from external and internal sources.Risk is defined as the poibility that an event will occur and adversely affect the achievement of objectives.Risk aement involves a dynamic and iterative proce for identifying and aeing risks to the achievement of objectives.Risks to the achievement of these objectives from acro the entity are considered relative to established risk tolerances.Thus, risk aement forms the basis for determining how risks will be managed.每个组织都面临着来自内外部的各类风险。风险是潜在事件发生并对组织实现其目标产生负面影响的可能性。风险评估包括了根据组织要实现的目标，动态和反复的识别和评估风险的过程。将全组织范围的影响目标实现的风险同已经建立的风险容忍度一同考量后，风险评估就为决定风险如何进行管理打下了基础。

A precondition to risk aement is the establishment of objectives, linked at different levels of the entity.Management specifies objectives within categories relating to operations, reporting, and compliance with sufficient clarity to be able to identify and analyze risks to those objectives.Management also considers the suitability of the objectives for the entity.Risk aement also requires management to consider the impact of poible changes in the external environment and within its own busine model that may render internal control ineffective.风险评估的先决条件是组织各个层级的目标的确立。管理层要结合运营、报告和遵循的三大类目标，明确相应的具体目标，以便识别和分析相关的风险。管理层也要考虑这些目标对于组织的可持续性。风险评估还要求管理层考虑可能导致内控失效的外部环境和内部商业模式的可能变化。

Control Activities 控制活动

Control activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out.Control activities are performed at all levels of the entity, at various stages within busine procees, and over the technology environment.They may be preventive or detective in nature and may encompa a range of manual and automated activities such as authorizations and approvals, verifications, reconciliations, and busine performance reviews.Segregation of duties is typically built into the selection and development of control activities.Where segregation of duties is not practical, management selects and develops alternative control activities.控制活动是通过制度和流程所确立的行动，旨在确保管理层降低影响组织目标实现的风险的方针得以实现。在组织的各个层级，业务的各个环节，信息技术的整个环境中都应实施控制活动。从性质上，可以是预防性的，也可以是检查性的；应覆盖手工和自动控制；包括授权和批准，复核，对账和业务绩效评估。不相容职责分离也是典型的应选取和推进的控制活动。如果不相容职责分离无法实施，管理层应选择和推进替代性的控制活动。

Information and Communication 信息与沟通

Information is neceary for the entity to carry out internal control responsibilities to support the achievement of its objectives.Management obtains or generates and uses relevant and quality information from both internal and external sources to support the functioning of other components of internal control.信息对于组织而言，对推进内控、促进其目标实现是非常必要的。管理层从内外部获得或生成，并且使用相关的有质量的信息来支持内部控制其他要素的正常运转。

Communication is the continual, iterative proce of providing, sharing, and obtaining neceary information.Internal communication is the means by which information is dieminated throughout the organization, flowing up, down, and acro the entity.It enables personnel to receive a clear meage from senior management that control responsibilities must be taken seriously.External communication is twofold: it enables inbound communication of relevant external information, and it provides information to external parties in response to requirements and expectations.沟通是一个持续和不断重复的提供、分享和获得必要的信息的过程。内部沟通是一个手段，使得信息能够在整个组织向上、向下和横向扩散，能够帮助员工接受来自高管层的清晰的信息——控制的职责必须认真实施。外部沟通包括两个部分：将外部的相关信息传入组织内部，以及根据其要求和期望，提供信息给外部的相关方。Monitoring Activities 监督活动

Ongoing evaluations, separate evaluations, or some combination of the two are used to ascertain whether each of the five components of internal control, including controls to effect the principles within each component, is present and functioning.Ongoing evaluations, built into busine procees at different levels of the entity, provide timely information.Separate evaluations, conducted periodically, will vary in scope and frequency depending on aement of risks, effectivene of ongoing evaluations, and other management considerations.Findings are evaluated against criteria established by regulators, recognized standard-setting bodies or management and the board of directors, and deficiencies are communicated to management and the board of directors as appropriate.持续的评价，独立的评价，或者两者的某种组合可以用来确认内部控制的五个要素以及每个要素下的原则是否存在并发挥作用。嵌入整个业务体系的持续评价可以提供及时的信息；独立的评价需要定期开展，其范围和频率可能因风险评估，持续评价的有效程度以及管理层的其他考虑而有所不同。评价中的发现应结合监管者、标准订立机构和管理层、董事会所设定的标准进行评估；缺陷应当视情况传递给管理层和董事会。