COSO《內(nèi)部控制-整合框架》執(zhí)行綱要2013版

1、Internal ControlIntegrated Framework第1 頁內(nèi)部控制整合框架Executive SummaryInternal control helps d sustain andobjectives an執(zhí)行綱要systems ofinternalcontrolthatadapttochangingbusinessand operatingenvironments,mitigate risks to acceptablelevels,andsupport soimproveperformance.COS'O sInternalControl ntegratedF

2、ramework(Framework)enablesorganizationsto effectivelyandentitiesachieve importantefficiently developund decisionorganization.making and governance of the內(nèi)部控制幫助組織達(dá)到重要的目標(biāo)，維持和改進(jìn)業(yè)績?？扑魑瘑T會(huì)的內(nèi)部控制整合框架使得組織能夠開發(fā)有效果且有效率的內(nèi)部控制體系，該體系且能夠適應(yīng)變化的商業(yè)和運(yùn)營環(huán)境，將風(fēng)險(xiǎn)降低到可接受的水平，并且促進(jìn)規(guī)范決策和組織的治理。Designing and implementinganeffective s

3、ystemof internal control can bechallenging; operating thatsystemeffectively andefficientlyevery day canbe daunting. New andrapidlychanging business models, greateruseanddependence ontechnology,increasingregulatoryrequirementsand scrutiny,globalization,and otherchallengesdemand anysystemofinternalcon

4、trol tobe agileinadaptingto changesinbusiness, operatingand regulatoryenvironments.設(shè)計(jì)并實(shí)施一套有效的內(nèi)部控制體系是充滿挑戰(zhàn)的；每天保持制 度運(yùn)行的效果和效率會(huì)讓人可望而不可及。嶄新且不斷更新的商業(yè)模 型，對技術(shù)的深入應(yīng)用和依賴，日益繁多的監(jiān)管要求和檢查，全球化 和其他挑戰(zhàn)要求每一個(gè)組織的內(nèi)部控制體系都能夠更加敏捷地適應(yīng) 不斷變化的商業(yè)、運(yùn)營和監(jiān)管的環(huán)境。An effective system of internal control demandsmorethanrigorousadherencetopolic

5、iesandprocedures: itrequirestheuseofjudgment.Managementandboards ofdirectors 1use judgment todeterminehow muchcontrol is enough. Management and other personnel use judgment e very dayto select, develop, anddeploycontrolsacrossthe entity. Management andinternal auditors, amongotherpersonnel,applyjudg

6、mentas they monitorand assess the effectivenessof thesystem ofinternalcontrol.一套有效的內(nèi)部控制體系除了對制度和流程嚴(yán)格遵守外，還要求 判斷力。管理層和董事會(huì)通過其判斷來決定多少控制是充分的。管理 層和其他員工每天通過其判斷，在組織內(nèi)選取，推進(jìn)和實(shí)施各類控制 管理層和內(nèi)部審計(jì)師，以及其他的員工，通過其判斷來監(jiān)控和測試內(nèi) 部控制體系的有效性。The Framework assists management, boards of directors, external stakeholders, and others i

7、nteractingwith the entity in their respective dutiesive. Itdoes so byregardinginternalcontrolwithoutbeing overly prescriptThe Framework uses the term “board of directors, ” which encompasses the governingbody, includingboard,board of trustees, general partners, owner, or supervisory board. 本框架使用“董事會(huì)

8、”一詞，泛指治理層，包括：董事會(huì)，理事會(huì)，一般合伙人，所有者和監(jiān)事會(huì)等。providing both understanding of what constitutes a system of int ernal controland insight into when internal control is being applied effectiv ely.本框架在內(nèi)部控制方面，對管理層，董事會(huì)，外部的利益相關(guān)者 和其他與組織產(chǎn)生互動(dòng)關(guān)系的相關(guān)方有所幫助，且不會(huì)過分死板；而 這有賴于對內(nèi)部控制體系構(gòu)成要素的理解，有賴于對內(nèi)部控制體系能 夠有效實(shí)施的時(shí)機(jī)的洞見。For management

9、 and boards ofdirectors,the Framework provides:對于管理層和董事會(huì)，本框架提供：Ameans toapplyinternalcontroltoany typeofentity,regardlessofindustryor legalstructure,at thelevels ofentity,operatingunit,or function一套工具，將內(nèi)部控制推廣到各類型的組織，無論行業(yè)或法律形式，無論在組織層面，經(jīng)營單元層面或職能層面；Aprinciples-basedapproachthatprovidesflexibilityand al

10、lowsforjudgmentin designing,implementing,andconductinginternalcontrol principlesthat canbeappliedatthe entity,operating,andfunctionallevels一種原則導(dǎo)向的方法，能夠靈活設(shè)計(jì)，實(shí)施和推進(jìn)內(nèi)部控制，并留有判斷空間這些原則可在組織層面、運(yùn)營層面和職能層面 應(yīng)用；contrRequirements for an effective system of internal ol by considering第3 頁how components and principle

11、s are present and functioning and how components operate together一些要求，具體闡述有效的內(nèi)部控制體系的要素和原則是如何存 在和發(fā)揮作用，如何在一起產(chǎn)生協(xié)調(diào)作用；A means to identify and analyze risks, and to develop and manageappropriate responses to risks within acceptable levels and with a greaterfocus on anti-fraud measures一套工具，識(shí)別和分析風(fēng)險(xiǎn)，開發(fā)和管理合適的

12、風(fēng)險(xiǎn)應(yīng)對措施將 風(fēng)險(xiǎn)控制在可接受的水平，且更關(guān)注反舞弊措施；Anopportunityto expand theapplicationofinternalcontrolbeyondfinancialreportingto other forms ofreporting,operations, andcomplianceobjectives一個(gè)機(jī)會(huì)，將基于財(cái)務(wù)報(bào)告的內(nèi)部控制擴(kuò)大應(yīng)用范圍，滿足各種其他的報(bào)告、運(yùn)營和遵循目標(biāo)；Anopportunitytoeliminateineffective,redundant,orinefficientcontrolsthat provideminimalva

13、lue inreducing risks to the achievement ofthe entity's objectives一個(gè)機(jī)會(huì)，清理那些在降低風(fēng)險(xiǎn)方面價(jià)值不大的無效，冗余和低 效的控制。For external stakeholders of an entity and others that i nteract with theentity, application of this Framework provides:第# 頁對于外部利益相關(guān)者和組織的其他相關(guān)方，本框架的應(yīng)用可使其：Greater confidence in the board of directors

14、 ' oversight of in ternal control systems對于董事會(huì)針對內(nèi)部控制的監(jiān)管更有信心；Greater confidence regarding the achievement of entity objectiv es對于組織實(shí)現(xiàn)目標(biāo)更有信心；Greater confidence in the organization 's ability to identify, analyze, andrespond to risk and changes in the business and operating envir onments對組織識(shí)別，分

15、析和應(yīng)對來自商業(yè)與運(yùn)營環(huán)境風(fēng)險(xiǎn)與變化的能力 更有信心；Greater understanding of the requirement of an effective system ofinternal control更了解有效的內(nèi)部控制體系的具體要求；t,managementmaybe able to eliminate ineffective,redundant, or inefficientcGreater understandingthatthroughthe use of judgmenontrols更了解管理層如何通過其判斷清理那些無效，冗余和低效的控制Internal contr

16、ol is not a serial process but a dynamic and integratedprocess.The Framework appliestoall entities:large,mid-size, small,for-profitand not-for-profit,andgovernmentbodies.However, eachorganizationmay choose toimplementinternal control differently. For第5 頁instance, a smaller entity 's system of in

17、ternal control may be less formal andless structured, yet still have effective internal control.內(nèi)部控制不是一個(gè)按部就班的過程而是一個(gè)動(dòng)態(tài)和整合的過程 本框架可以適用于各類型的組織：大型，中型或小型；盈利，非盈利或政府機(jī)構(gòu)。然而，每個(gè)組織都可以有權(quán)選擇，實(shí)施不同的內(nèi)部控制。例如，一個(gè)小型組織的內(nèi)控體系可以不那么正式和結(jié)構(gòu)清晰，但仍保 持有效。TheremainderofthisExecutiveSummaryprovidesanoverviewofinternalcontrol,includinga

18、 definition,categoriesofobjective,descriptionof therequisite componentsand associatedprinciples,and requirement ofaneffectivesystemofinternalcontrol.Itlsoincludesdiscussionoflimitationsthereasonswhyno systemofinternalcontrolcanbeperfect.Finally,itoffersconsiderationsonhowvariouspartiesmayusetheFrame

19、work.以下，本文將對內(nèi)部控制提供總覽，包括定義，各類別的目標(biāo)， 必要要素和相關(guān)原則的描述，以及對一個(gè)有效內(nèi)部控制體系的要求。 本文也將討論內(nèi)部控制的局限性為什么沒有一個(gè)內(nèi)部控制體系 是完美的。第6 頁Defining Internal Control定義內(nèi)部控制Internal control is defined as follows:內(nèi)部控制定義如下：Internal control is a process, effected by an entity 's board ofdirectors, management, and other personnel, designe

20、d to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and complianc e.內(nèi)部控制是一套流程，受組織的董事會(huì)，管理層和其他員工所影響， 被設(shè)計(jì)并用來為組織提供合理保證， 使其實(shí)現(xiàn)運(yùn)營， 報(bào)告和遵循目標(biāo)。This definition reflects certain fundamental concepts. Internal con trol is:以上定義體現(xiàn)了一些基礎(chǔ)概念。內(nèi)部控制是：Geared to the a

21、chievement of objectives in one or more categories operations, reporting, and compliance使組織實(shí)現(xiàn)多個(gè)種類的目標(biāo)，如運(yùn)營，報(bào)告和遵循；A process consisting of ongoing tasks and activities a means to an end,not an end in itself一個(gè)持續(xù)不斷的過程，包括各種任務(wù)和活動(dòng)一個(gè)達(dá)到目的的手段，而非目的本身；第7 頁Effected by people not merely about policy and procedure m

22、anua ls,systems, and forms, but about people and the actions they take a t every levelof an organization to affect internal control受人的影響 不僅僅是制度和流程手冊，體系和表單，而是組 織各個(gè)層級的人和他們所采取的行動(dòng)；Able to provide reasonable assurance but not absolute assurance, to anentity 's senior management and board of directors

23、可以向組織的高級管理層和董事會(huì)提供合理保證而非絕對保證；Adaptable to the entity structure flexiblein application forthe entireentity or for a particular subsidiary, division, operating unit, o r businessprocess可以適應(yīng)組織的結(jié)構(gòu) 可靈活應(yīng)用于整個(gè)組織或一個(gè)分支機(jī)構(gòu)， 業(yè)務(wù)部，運(yùn)營單元或業(yè)務(wù)流程。This definition isintentionallybroad. Itcapturesimportantconcepts that aref

24、undamental to howorganizationsdesign,implement,and conductinternalcontrol, providinga basis forapplicationacrossorganizationsthat operate indifferent entity structures, industries, and geographic regions.這個(gè)定義被設(shè)定的包含廣泛，包括了關(guān)于組織如何設(shè)計(jì)，實(shí)施和推進(jìn)內(nèi)部控制的一些重要的基礎(chǔ)概念，為不同的組織架構(gòu)，行業(yè)和地理區(qū)域的組織提供了操作支持。第8 頁Objectives目標(biāo)The Fram

25、ework provides for three categories of objectives, which alloworganizations to focus on differing aspects of internal control: 本框架提供了三個(gè)類型的目標(biāo)，使得組織可以關(guān)注于內(nèi)部控制的不同 方面：Operations Objectives These pertain to effectiveness and efficiency of theentity 's operations, including operational and financial per

26、formanc e goals,and safeguarding assets against loss. 運(yùn)營目標(biāo)組織運(yùn)營的效果和效率，包括運(yùn)營和財(cái)務(wù)績效目標(biāo)，資 產(chǎn)安全不受損失。Reporting Objectives These pertain to internal and external financ ial andnon-financial reporting and may encompass reliability, timeliness, transparency, or other terms as set forth by regulators, recognized

27、stan dard setters,or the ent ity 's policies. 報(bào)告目標(biāo)內(nèi)、外部的財(cái)務(wù)和非財(cái)務(wù)報(bào)告的可靠性、及時(shí)性、透明 度，以及其他監(jiān)管者、公認(rèn)的標(biāo)準(zhǔn)制定機(jī)構(gòu)和組織政策所要求的方面。 Compliance Objectives These pertain to adherence to laws and regu lationsto which the entity is subject.遵循目標(biāo)遵守對組織適用的法律法規(guī)。第9 頁Components of Internal Control內(nèi)部控制的要素Internal control consists o

28、f five integrated components.內(nèi)部控制包括五個(gè)相關(guān)關(guān)聯(lián)的要素。Control Environment 控制環(huán)境The control environment is the set of standards, processes, and structuresthat provide the basis for carrying out internal control across the organization.The board of directors and senior management establish the tone at the topre

29、garding the importance of internal control including expected st andards ofconduct. Management reinforces expectations at the various levels of theorganization. The control environment comprises the integrity and ethicalvalues of the organization; the parameters enabling the board of directors tocar

30、ryout its governance oversightresponsibilities;theorganizationalstruc-tureand assignment ofauthorityand responsibility;theprocessforattracting,developing, and retainingcompetentindividuals; andtherigor aroundperformance measures, incentives, and rewards to drive accountabili ty forperformance. The r

31、esulting control environment has a pervasive imp act onthe overall system of internal control. 控制環(huán)境是一套標(biāo)準(zhǔn)、流程和結(jié)構(gòu)，能夠?yàn)閮?nèi)部控制的實(shí)施提供基礎(chǔ)。 董事會(huì)和高級管理層為內(nèi)部控制的重要性（包括期待的行為準(zhǔn)則）提第 10 頁供高層定調(diào)(the tone at the top )。組織各個(gè)層級的管理活動(dòng)強(qiáng)化了 這種期望?？刂骗h(huán)境包括了組織正直和道德的價(jià)值觀；促進(jìn)董事會(huì)行 使公司治理的監(jiān)控職責(zé)的機(jī)制；吸引、開發(fā)和保留人才的機(jī)制；嚴(yán)格 的績效衡量、激勵(lì)和匯報(bào)機(jī)制以保證績效實(shí)現(xiàn)?？刂骗h(huán)境會(huì)對內(nèi)部控 制

32、的整體體系產(chǎn)生全面影響。Risk Assessment風(fēng)險(xiǎn)評估Every entity faces a variety of risks from external and internal sources. Risk isdefined as the possibility that an event will occur and advers ely affect theachievement of objectives. Risk assessment involves a dynamic and iterativeprocess for identifying and assessin

33、g risks to the achievementof objectives.Risks to the achievement of these objectives from across the e ntity areconsidered relative to established risk tolerances. Thus, risk as sessmentforms the basis for determining how risks will be managed. 每個(gè)組織都面臨著來自內(nèi)外部的各類風(fēng)險(xiǎn)。風(fēng)險(xiǎn)是潛在事件發(fā)生并對 組織實(shí)現(xiàn)其目標(biāo)產(chǎn)生負(fù)面影響的可能性。風(fēng)險(xiǎn)評估包括

34、了根據(jù)組織要 實(shí)現(xiàn)的目標(biāo)，動(dòng)態(tài)和反復(fù)的識(shí)別和評估風(fēng)險(xiǎn)的過程。將全組織范圍的 影響目標(biāo)實(shí)現(xiàn)的風(fēng)險(xiǎn)同已經(jīng)建立的風(fēng)險(xiǎn)容忍度一同考量后，風(fēng)險(xiǎn)評估 就為決定風(fēng)險(xiǎn)如何進(jìn)行管理打下了基礎(chǔ)。A precondition to risk assessment is the establishment of objectives, linked atdifferent levels of the entity. Management specifies objectives ithincategories relating to operations, reporting, and compliance with

35、 sufficient第 11 頁clarity to be able to identify and analyze risks to those obj ectives.Management also considers the suitability of the objectives forthe entity.Risk assessment also requires management to consider the impactof possiblechanges in the external environment and within its own businessmo

36、del thatmay render internal control ineffective.風(fēng)險(xiǎn)評估的先決條件是組織各個(gè)層級的目標(biāo)的確立。管理層要結(jié)合運(yùn) 營、報(bào)告和遵循的三大類目標(biāo)，明確相應(yīng)的具體目標(biāo)，以便識(shí)別和分 析相關(guān)的風(fēng)險(xiǎn)。管理層也要考慮這些目標(biāo)對于組織的可持續(xù)性。風(fēng)險(xiǎn) 評估還要求管理層考慮可能導(dǎo)致內(nèi)控失效的外部環(huán)境和內(nèi)部商業(yè)模 式的可能變化。Control Activities控制活動(dòng)Control activities are the actions established through policies a nd proceduresthat help ensure that

37、 management's directives to mitigate risksto theachievement of objectives are carried out. Control activities are performedat all levels of the entity, at various stages within businessprocesses, andover the technology environment. They may be preventive or dete ctive innature and may encompass

38、a range of manual and automated activ ities suchas authorizations and approvals, verifications, reconciliations, an d businessperformance reviews. Segregation of duties is typically built int o theselection and development of control activities. Where segregation of dutiesis not practical, managemen

39、t selects and develops alternative con trolactivities.第 12 頁控制活動(dòng)是通過制度和流程所確立的行動(dòng)，旨在確保管理層降低影響 組織目標(biāo)實(shí)現(xiàn)的風(fēng)險(xiǎn)的方針得以實(shí)現(xiàn)。在組織的各個(gè)層級，業(yè)務(wù)的各 個(gè)環(huán)節(jié)，信息技術(shù)的整個(gè)環(huán)境中都應(yīng)實(shí)施控制活動(dòng)。從性質(zhì)上，可以 是預(yù)防性的，也可以是檢查性的；應(yīng)覆蓋手工和自動(dòng)控制；包括授權(quán) 和批準(zhǔn)，復(fù)核，對賬和業(yè)務(wù)績效評估。不相容職責(zé)分離也是典型的應(yīng) 選取和推進(jìn)的控制活動(dòng)。如果不相容職責(zé)分離無法實(shí)施，管理層應(yīng)選 擇和推進(jìn)替代性的控制活動(dòng)。Information and Communication 信息與溝通Inform

40、ation is necessary for the entity to carry out internal controlresponsibilities to support the achievement of its objectives. Ma nagementobtains or generates and uses relevant and quality information from bothinternal and external sources to support the functioning of othe r componentsof internal co

41、ntrol.信息對于組織而言，對推進(jìn)內(nèi)控、促進(jìn)其目標(biāo)實(shí)現(xiàn)是非常必要的。管 理層從內(nèi)外部獲得或生成，并且使用相關(guān)的有質(zhì)量的信息來支持內(nèi)部 控制其他要素的正常運(yùn)轉(zhuǎn)。Communication is the continual, iterative process of providing, s haring, andobtaining necessary information. Internal communication is the mea ns bywhich information is disseminated throughout the organization, floto re

42、ceive amust be takenwing up,down, and across the entity. It enables personnel clear messagefrom senior management that control responsibilities seriously.第 13 頁External communication is twofold: it enables inbound communicationofrelevant external information, and it provides information to extern al

43、 partiesin response to requirements and expectations.溝通是一個(gè)持續(xù)和不斷重復(fù)的提供、分享和獲得必要的信息的過程。， 內(nèi)部溝通是一個(gè)手段，使得信息能夠在整個(gè)組織向上、向下和橫向擴(kuò) 散，能夠幫助員工接受來自高管層的清晰的信息控制的職責(zé)必須 認(rèn)真實(shí)施。外部溝通包括兩個(gè)部分：將外部的相關(guān)信息傳入組織內(nèi)部， 以及根據(jù)其要求和期望，提供信息給外部的相關(guān)方。Monitoring Activities監(jiān)督活動(dòng)Ongoing evaluations, separate evaluations, or some combination of t he twoa

44、re used to ascertain whether each of the five components of int ernal control,including controls to effect the principles within each component,is presentand functioning. Ongoing evaluations, built into business processesatdifferent levels of the entity, provide timely information. Separat eevaluati

45、ons, conducted periodically, will vary in scope and frequen cydepending on assessment of risks, effectiveness of ongoing evaluati ons, andother management considerations. Findings are evaluated against crit eriaestablished by regulators, recognized standard-setting bodies or mana gementand the board

46、 of directors, and deficiencies are communicated to management and the board of directors as appropriate.持續(xù)的評價(jià)，獨(dú)立的評價(jià)，或者兩者的某種組合可以用來確認(rèn)內(nèi)部控制的五個(gè)要素以及每個(gè)要素下的原則是否存在并發(fā)揮作用。嵌入整個(gè) 業(yè)務(wù)體系的持續(xù)評價(jià)可以提供及時(shí)的信息；獨(dú)立的評價(jià)需要定期開展，第 14 頁其范圍和頻率可能因風(fēng)險(xiǎn)評估，持續(xù)評價(jià)的有效程度以及管理層的其 他考慮而有所不同。評價(jià)中的發(fā)現(xiàn)應(yīng)結(jié)合監(jiān)管者、標(biāo)準(zhǔn)訂立機(jī)構(gòu)和管 理層、董事會(huì)所設(shè)定的標(biāo)準(zhǔn)進(jìn)行評估；缺陷應(yīng)當(dāng)視情況傳遞給管理層 和董事會(huì)

47、。第 15 頁Relationship of Objectives and Components目標(biāo)和要素的關(guān)系A(chǔ) direct relationship exists between objectives, which are what an entitystrives to achieve,components, whichrepresent whatisrequiredtoachievetheobjectives, andthe organizationalstructure oftheentity(theoperatingunits,legal entities,and other).

48、 Therelationshipcanbe depictedin the formof a cube.組織要實(shí)現(xiàn)的目標(biāo)，為了實(shí)現(xiàn)目標(biāo)所必須的要素，組織的組織架構(gòu)（如 運(yùn)營單元，法律實(shí)體及其他）這三者之間存在著直接的關(guān)系。這個(gè)關(guān) 系可以以一個(gè)立方體的形式展現(xiàn)。? The three categories of objectives operations, reporting, and compliance are represented by the columns.運(yùn)營、報(bào)告和遵循三類目標(biāo)以縱列表示。?The five components are represented by the row

49、s.內(nèi)部控制的五個(gè)要素以橫行表示。?An entity 's organizational structureis represented by thethird dimension.組織的組織架構(gòu)以第三維表示。第 16 頁Components and Principles要素及原則TheFramework setsoutseventeenprincipleshefundamentalconcepts associatedwithrepresenting teach component. Becausethese principles aredrawn directlyfrom the

50、 components, an entitycan achieve effectcontrolive internalby applying all principles.本框架確立了十七項(xiàng)原則代表了與每個(gè)控制要素相關(guān)的基本概念。因 為這些原則直接從控制要素中提煉，一個(gè)組織可以直接應(yīng)用全部這些 原則來實(shí)施內(nèi)部控制。All principles apply to operations, reporting, and compliance obj ectives. Theprinciples supporting the components of internal control are lis

51、t ed below.這些原則都可以應(yīng)用于運(yùn)營、報(bào)告和遵循三類目標(biāo)。這些每個(gè)控制要 素內(nèi)的原則如下：Control Environment 控制環(huán)境1. The organization demonstrates a commitment to integrity and ethicalvalues.組織對正直和道德等價(jià)值觀做出承諾demonstratesindependence2. The board of directors from management第 17 頁and exercises oversight of the development and performance of

52、internalcontrol.董事會(huì)獨(dú)立于管理層，并對內(nèi)部控制的推進(jìn)與成效加以監(jiān)督控制。3. Management establishes, with board oversight, structures, r eporting lines,and appropriate authorities and responsibilitie s in the pursuit ofobjectives.管理層圍繞其目標(biāo)，在治理層監(jiān)督下，建立健全組織架構(gòu)、匯報(bào) 條線、合理的授權(quán)與責(zé)任等機(jī)制。4. The organization demonstrates a commitment to att ra

53、ct, develop, andretain competent individuals in alignment with objectives.組織對吸引、開發(fā)和保留與認(rèn)同組織目標(biāo)的人才做出承諾。5. The organization holds individuals accountable for the ir internal controlresponsibilities in the pursuit of objectives.組織根據(jù)其目標(biāo)，使員工各自擔(dān)負(fù)起內(nèi)部控制的相關(guān)責(zé)任。Risk Assessment 風(fēng)險(xiǎn)評估6. The organization specifies o

54、bjectives with sufficient clari ty to enable theidentification and assessment of risks relating to objectives.就識(shí)別和評估與其目標(biāo)相關(guān)的風(fēng)險(xiǎn)，組織做出清晰的目標(biāo)設(shè)定7.Theorganization identifiesrisksto the achievement ofitsobjectivesacross theentityand analyzesrisksas a basis fordetermininghowthe第 # 頁risks should be managed.as組織對影響其目標(biāo)實(shí)現(xiàn)的風(fēng)險(xiǎn)進(jìn)行全范圍的識(shí)別和分析，并以此 為基礎(chǔ)來決定風(fēng)險(xiǎn)應(yīng)如何進(jìn)行管理。8. The organization considers the potential for fraud insessing risks to theachievement of objectives.組織在風(fēng)險(xiǎn)評估過程中，考慮潛在的舞弊行為。9. The organization identifies an