coso內(nèi)部控制模型說明

1、1 / 17COSO 內(nèi)部操縱模型The COSO In ternal Control ModelThe COSO in ternal con trol framework was first in trod uced in1992, and in 1994 a comprehe nsive four-secti on report on internalcontrols was issued, consisting of a n executive summary, aframework, guida nee to public co mpanies on reporting on inte

2、rnalcontrols to third part ies, and evaluati on tools to help a compa nycomprehe nsi vely assess its curre nt con trol en viro nment.The COSO framework is releva nt to achiev ing compa nyobjectives in three areas:2 / 17Operati onal goals: The framework relates to the effe ctive andefficie nt usage o

3、f all of a compa nys resourc es.Finan cial report ing goals: The con struct gives guidanee on the con siste nt producti on of reliable finan cial reports.Complia nee goals: The guida nee creates a topology ofthe company s complianee requirements as they relate to in dustryregulati ons or legal requi

4、reme nts for publi c en tities.coso 內(nèi)部操縱框架提出三大目標(biāo)，即運(yùn)營(yíng)的效率和效果，財(cái)務(wù)報(bào)告的可靠性，以及遵守適用的法律和規(guī)章五大要素1。操縱環(huán)境Con trol En vir onmentThis eleme nt is the foun datio n of the COSO framework.It sets the overall tone of the organization with rega rd to the importanee of in ternal con trols.Ethical values, leadership resour

5、ce allocati on, staff compete nee at all levels, the3 / 17dyn amics of authority and resp on sibili ty with in the orga ni zati on,and man ageme nt philosophyare all parts of this critical comp onent.In a sen se, the con trol en vir onment is the most diff icult component to qua ntify, because much

6、of it relates to the overall culture ofthe orga ni zati on. But there are a nu mber of clear goals that an organi zati on can wo rk toward to en sure that the framework rests on afound atio n exemplify ing market leadership.Board and leadership in volveme nt is the most crucial eleme nt inan orga ni

7、 zatio n seek ing market leadership.As the board and leadership set expectatio ns and measure progress aga inst them, bus in ess un its or departme nt h eads begin to assig n in ternal con trols the priority the y require. The specificstrategies that can be employed to move to a market-leader positi

8、 onwith in an in dustry in clude the follow ing:?Conveying the importanee of ethical values 道德價(jià)值 by setting4 / 17an example and“walking the talk.” This includes relating stories of integrity and ethical value s through presentati ons, n ewsletter stories, and any ot her means of gett ing themessage

9、to every one that these values are important to theorganization. Public compa nies are now required to have a code ofcon duct for the board un der the requireme nts laid out by SOX. Nonprofi ts and private compa nies can also ben efit from a code o f conduct. The orga ni zatio n cannot tolerate viol

10、ati ons of this sta ndard.There are finan cial ben efits to this approach as well. One researchstudy performed by the I n stitute of Busin ess Ethics ( “ DoesBusin ess Ethics Pay?, ” April 2003) f ound that companies displaying a cle ar commitment to ethical con duct con siste ntly outperfor m compa

11、 nies that do notdisplay ethical con duct.?Developing clear organizational guidelines relating to resp on sibility and authoritywith acco un tability checks is ano ther clear hallmark of an market leader. Wi thin the orga5 / 17ni zatio n, leadership typically follows a d istributed model, with indiv

12、iduals un dersta nding the ov erall orga ni zati onal goals and howthe goals of their d epartme nt or bus in ess unit relate to them .Individuals should also un dersta nd their resp on sibilities and the l imitof their authority to en sure that the goals of the orga ni zati on areachieved. Whe n a l

13、eadership culture l ike this is achieved, the wholeorganization is focused on organizational objectives and committed tothe main tenance of the con trol structure. A guid ing coaliti on o fleadership members believ ing in the n eed for cha nge i s one of thefirst steps typically take n by orga ni za

14、tions that successfully make culture shifts, but cha nges will take effect slowly and steadily over time.?Embedding the internal control framework within th e orga nizatio nal culture將內(nèi)部操縱框架融入企業(yè)文化.Management must clearly define roles and responsibilities for internalcontrols, including responsibilit

15、y for the defi ning, docume nti ng, testing, and mon itori ng of cont rols and the remediati ng of problems. Theorga ni zati on must in corporate these resp on sibilities into the resp6 / 17on sible individuals performanee management goals.?The in ternal con trols en viro nment is no Ion ger vie wed

16、 asseparate from the operati ng comp onent of the bus in ess; con trolsare embedded in processes from the begi nning.內(nèi)部操縱環(huán)境不再獨(dú)立于企業(yè)經(jīng)營(yíng)要素，要從一開始就 執(zhí)行 This approach lowers the riskof in adequate con trol s and en sures that the con trol structure is inplace fr om the outse t of a process s planning and la

17、unch.?Support ing huma n resources policies and practices thatprovide clear corporate career paths. Huma n resources man ageme nt plays a key role in en suri ng that in divi duals arehired with the n eeded finan cial compete ncies and that career growthsupports an in creased level of f inancial repo

18、rting competencies. 對(duì)人力資源 / 人才的要求2。風(fēng)險(xiǎn)評(píng)估Risk Assessme ntLead ing compa nies take a risk-based approach to SOX7 / 17internal controls compliance as a key step in achievinga correct bala nce betwee n costs and ben efits. Rece nt guida nce from the Public Compa ny Acco un ti ng Oversight Bo ard(PCAOB) s

19、upports this approach with specific recomm en datio ns, includ ing the use of a risk-based method to determ ine which key controls are tested each year. The PCAOB also recommends that theviability of a company sbus in ess model is an importa nt con sideratio n whe n eval uatingrisks. Companies that

20、focus on these larger problems and risks will better meet the needs of all their stakeholders, includ ing in vestors and an alysts.Market leaders with respect to in ternal con trols exp and the riskfocus started un der internal complia nee ef forts to a broader venue.One popular con cept that ofte n

21、 precedes a mature enterprise riskmanagement initiati ve is the formati on of a risk coun cil. This coun cilis gen erally composed of man ageme nt represe ntatives from different areas of the bus in ess. Some of the early objec tives of riskcouncil meetings are as follows:8 / 17Use of a com mon term

22、inology for risk discussions thr oughout theorga ni zati on;Defin iti on of a risk framework or structure for fostering risk man ageme nt across the orga ni zati on;Characterization of the organization s current riskcapability as well as risk and performance indicators;9 / 17risk; andFormulation of

23、a plan to mitigate the operational ri sks ofthe orga ni zati on.If they do not already have a risk program, some companies take the risk man ageme nt process eve n further with a more formalized, en terprise-wide program headed by achief risk officer. Un der this approach, the orga niz ationembeds r

24、isk identification and mitigation into it s culture inthe same way it adopted its internal contr ol framework. Thegoal is to intertwine risk and busine ss strategy with otherorga ni zati onal systems such as p erforma nee man agement.Ano ther importa nt aspect to risk assessme nt is continuous monitoring of the internal and external environme ntin which the entity operates. This periodic scan of the operational en viro nment can highlight upco ming eve n ts affectingboth internal controls and risk strategy.Identification of the companys curre nt spendingon10