coso內(nèi)部控制模型介紹(英文版)

1、coso內(nèi)部控控制模型The COSSO Intternall Conttrol MModelThe COSSO intternall conttrol fframewwork wwas fiirst iintrodduced in 19992, aand inn 19944 a coomprehhensivve fouur-secction reporrt on interrnal ccontrools waas isssued, consiistingg of aan exeecutivve summmary, a fframewwork, guidaance tto pubblic cc

2、ompannies oon repportinng on interrnal ccontrools too thirrd parrties, and evaluuationn toolls to help a commpany comprrehenssivelyy asseess itts currrent contrrol ennvironnment. The COSSO fraameworrk is relevvant tto achhievinng commpany objecctivess in tthree areass:Operatiional goalss: Thee framm

3、eworkk relaates tto thee effeectivee and efficcient usagee of aall off a coompanyys reesourcces. Financiial reeportiing gooals: The cconstrruct ggives guidaance oon thee conssistennt prooductiion off reliiable finanncial reporrts. Compliaance ggoals: The guidaance ccreatees a ttopoloogy off the comp

4、aanys complliancee requuiremeents aas theey rellate tto inddustryy reguulatioons orr legaal reqquiremments for ppublicc entiities. coso內(nèi)部控控制框架提出出三大目標(biāo)，即即運(yùn)營的效率率和效果,財(cái)財(cái)務(wù)報(bào)告的可可靠性,以及及遵守適用的的法律和規(guī)章章五大要素1。控制環(huán)境Controll EnviironmeentThis ellementt is thhe fouundatiion off the COSO frameework. It ssets tthe ovver

5、alll tonee of tthe orrganizzationn withh regaard too the imporrtancee of iinternnal coontrolls. Etthicall valuues, lleaderrship resouurce aallocaation, stafff commpetennce att all levells, thhe dynnamicss of aauthorrity aand reesponssibiliity wiithin the oorganiizatioon, annd mannagemeent phhilosoop

6、hy aare alll parrts off thiss crittical compoonent.In a seense, the ccontrool envvironmment iis thee mostt diffficultt compponentt to qquantiify, bbecausse mucch of it reelatess to tthe ovveralll cultture oof thee orgaanizattion. But tthere are aa numbber off cleaar goaals thhat ann orgaanizattion c

7、can woork tooward to ennsure that the fframewwork rrests on a founddationn exemmplifyying mmarkett leaddershiip.Board aand leeadersship iinvolvvementt is tthe moost crruciall elemment iin an organnizatiion seeekingg markket leeadersship. As thhe boaard annd leaadershhip seet exppectattions and mmeas

8、urre proogresss agaiinst tthem, businness uunits or deepartmment hheads beginn to aassignn inteernal contrrols tthe prrioritty theey reqquire. The speciific sstrateegies that can bbe empployedd to mmove tto a mmarkett-leadder poositionn withhin ann induustry incluude thhe folllowinng:Conveyiing thhe

9、 impportannce off ethiical vvaluess道德價值 by seettingg an eexamplle andd “wallking the ttalk.” This incluudes rrelatiing sttoriess of iintegrrity aand etthicall valuues thhroughh pressentattions, newssletteer stoories, and any oother meanss of ggettinng thee messsage tto eveeryonee thatt thesse vallue

10、s aare immportaant too the organnizatiion. PPublicc comppaniess are now rrequirred too havee a coode off condduct ffor thhe boaard unnder tthe reequireementss laidd out by SOOX. Noonproffits aand prrivatee comppaniess can also beneffit frrom a code of coonductt. Thee orgaanizattion ccannott toleerat

11、e violaationss of tthis sstandaard. TThere are ffinanccial bbenefiits too thiss apprroach as weell. OOne reesearcch stuudy peerformmed byy the Instiitute of Buusinesss Ethhics (“Doess Busiiness Ethiccs Payy?,” AApril 2003) founnd thaat commpaniees dissplayiing a clearr commmitmennt to ethiccal coond

12、uctt conssistenntly ooutperrform compaanies that do noot dissplay ethiccal coonductt. Developping cclear organnizatiional guideeliness relaating to reesponssibiliity annd autthoritty witth acccountaabilitty cheecks iis anoother clearr halllmark of ann markket leeader. Withhin thhe orgganizaation, le

13、addershiip typpicallly folllows a disstribuuted mmodel, withh indiividuaals unndersttandinng thee overrall oorganiizatioonal ggoals and hhow thhe goaals off theiir deppartmeent orr busiiness unit relatte to them. Indiividuaals shhould also underrstandd theiir ressponsiibilitties aand thhe limmit off

14、 theiir autthoritty to ensurre thaat thee goalls of the oorganiizatioon aree achiieved. Whenn a leeadersship cculturre likke thiis is achieeved, the wwhole organnizatiion iss focuused oon orgganizaationaal objjectivves annd commmitteed to the mmainteenancee of tthe coontroll struucturee. A gguidinng

15、 coaalitioon of leadeershipp membbers bbelievving iin thee needd for changge is one oof thee firsst steeps tyypicallly taaken bby orgganizaationss thatt succcessfuully mmake cculturre shiifts, but cchangees willl takke effeect sllowly and ssteadiily ovver tiime. Embeddiing thhe intternall conttrol f

16、framewwork wwithinn the organnizatiional cultuure將內(nèi)部部控制框架融融入企業(yè)文化化. Mannagemeent muust cllearlyy defiine rooles aand reesponssibiliities for iinternnal coontrolls, inncludiing reesponssibiliity foor thee defiining, documentting, testiing, aand moonitorring oof conntrolss and the rremediiatingg of ppr

17、obleems. TThe orrganizzationn mustt incoorporaate thhese rresponnsibillitiess intoo the respoonsiblle inddividuuals perfoormancce mannagemeent gooals. The intternall conttrols envirronmennt is no loonger vieweed as separrate ffrom tthe opperatiing coomponeent off the businness; contrrols aare emmbed

18、deed in proceesses from the bbeginnning. 內(nèi)部控制環(huán)環(huán)境不再獨(dú)立立于企業(yè)經(jīng)營營要素，要從從一開始就執(zhí)執(zhí)行Thiss apprroach lowerrs thee riskk of iinadeqquate contrrols aand ennsuress thatt the contrrol sttructuure iss in pplace from the ooutsett of aa proccessss plannning and llaunchh. Supportting hhuman resouurces policcies aand prr

19、acticces thhat prrovidee cleaar corrporatte carreer ppaths. Humaan ressourcees mannagemeent pllays aa key role in ennsurinng thaat inddividuuals aare hiired wwith tthe neeeded finanncial compeetenciies annd thaat carreer ggrowthh suppports an inncreassed leevel oof finnanciaal repportinng commpetenn

20、cies.對人力資源源/人才的要要求 2。風(fēng)險(xiǎn)評估Risk AsssessmmentLeadingg comppaniess takee a riisk-baased aapproaach too SOX interrnal ccontrools coompliaance aas a kkey sttep inn achiievingg a coorrectt balaance bbetweeen cossts annd bennefitss. Reccent gguidannce frrom thhe Pubblic CCompanny Acccountiing Ovversigght Bo

21、oard (PCAOBB) suppportss thiss apprroach with speciific rrecommmendattions, inclludingg the use oof a rrisk-bbased methood to deterrmine whichh key contrrols aare teested each year. The PCAOBB alsoo recoommendds thaat thee viabbilityy of aa comppanyss busiiness modell is aan impportannt connsiderrat

22、ionn whenn evalluatinng rissks. CCompannies tthat ffocus on thhese llargerr probblems and rrisks will betteer meeet thee needds of all ttheir stakeeholdeers, iincludding iinvesttors aand annalystts.Market leadeers wiith reespectt to iinternnal coontrolls exppand tthe riisk foocus sstarteed undder in

23、nternaal commpliannce efffortss to aa broaader vvenue. One popullar coonceptt thatt ofteen preecedess a maature enterrprisee riskk manaagemennt iniitiatiive iss the formaation of a risk counccil. TThis ccounciil is generrally compoosed oof mannagemeent reepreseentatiives ffrom ddifferrent aareas of

24、thhe bussinesss. Somme of the eearly objecctivess of rrisk ccounciil meeetingss are as foollowss: Use of a commmon tterminnologyy for risk discuussionns thrroughoout thhe orgganizaation; Definittion oof a rrisk fframewwork oor strructurre forr fostteringg riskk manaagemennt acrross tthe orrganizzati

25、onn; Charactterizaation of thhe orgganizaations currrent risk capabbilityy as wwell aas rissk andd perfformannce inndicattors; Identifficatiion off the compaanys curreent sppendinng on risk; and Formulaation of a plan to miitigatte thee operrationnal riisks oof thee orgaanizattion. If theyy do nnot

26、allreadyy havee a riisk prrogramm, somme commpaniees takke thee riskk manaagemennt proocess even furthher wiith a more formaalizedd, entterpriise-wiide prrogramm headded byy a chhief rrisk oofficeer. Unnder tthis aapproaach, tthe orrganizzationn embeeds riisk iddentifficatiion annd mittigatiion innt

27、o itts cullture in thhe samme wayy it aadopteed itss inteernal contrrol frramewoork. TThe gooal iss to iinterttwine risk and bbusineess sttrateggy witth othher orrganizzationnal syystemss suchh as pperforrmancee manaagemennt.Anotherr impoortantt aspeect too riskk asseessmennt is contiinuouss moniito

28、rinng of the iinternnal annd extternall enviironmeent inn whicch thee entiity opperatees. Thhis peeriodiic scaan of the ooperattionall enviironmeent caan higghlighht upccomingg evennts afffectiing booth innternaal conntrolss and risk strattegy. Eventts succh as systeems chhange, merggers aand accqui

29、siitionss, losss of key ppersonnnel, and oother eventts mayy requuire aa closser loook att exissting contrrols aand riisk maanagemment控制活動Controll ActiivitieesMarket leadeershipp in tthe acctual desiggn of contrrols rrequirres coorporaate-wiide cooordinnationn and the iinvolvvementt of oownersship.

30、Policcies aare seet entterpriise-wiide, aallowiing ann effiicientt impllementtationn whille avooidingg dupllicatee effoorts aand deefinittions. Conttrol ddesignn workkshopss or ttrainiing caan raiise thhe knoowledgge andd capaabilitty of managgementt and stafff to ddeal wwith ddefiniing, ddocumeenti

31、ngg, mannagingg, tessting, and reporrting on innternaal conntrolss. Gloobal oorganiizatioons haave reecentlly beggun too rolll thesse sesssionss out throuugh onnline trainning ssessioons foor forreign regisstrantt comppliancce witth SOXX secttion 4404. TThese modulles caan be used with more-experrie

32、nceed useers too reinnforcee otheer objjectivves, ssuch aas a rreturnn to bbasic contrrols aand ann emphhasis on coontinuuous iimprovvementt. Leaading organnizatiions hhave mmoved to moore-coomprehhensivve traainingg on bbasic accouuntingg conccepts, and in thhe proocess have improoved tthe tiiming

33、of thheir cclosinng cyccle, iimplemmentedd proccess iimprovvementts, annd redduced the eerror rate in acccountting ttransaactionns.Market leadeers haave foocusedd conttrols on prreventtion rratherr thann deteectionn (seee the Sidebbar onn typees of contrrols). Theyy havee reenngineeered bbusineess p

34、rrocessses, wwhere needeed, too incoorporaate prreventtion. Autommatingg conttrol ccheckss by uutilizzing ssoftwaare feeaturees thaat cann compplete checkks witthout any sspeciffic acction is allso beeneficcial. Interrnal aauditiing caan hellp proovide direcction to buusinesss proocess ownerrs seaar

35、chinng forr the best approoach tto usee. Worrking closeely wiith thhe boaard wiill heelp thhe intternall audiit funnctionn receeive tthe coompanyy-widee expoosure necesssary for bbusineess prrocesss owneers too recoognizee the valuee deliiveredd to tthe orrganizzationn. It will also make it moore li

36、ikely that businness pprocesss ownners wwill “bbuy inn” to the pprocesss.Leadingg-edgee comppaniess in iinternnal coontrolls impplemenntatioon efffectivvely uutilizze tecchnoloogy inn seveeral wways. Firstt, theey buiild inn conttrols whereever ccost-eeffecttive, becauuse thhis onne-timme chaange aa

37、ctivaates aa conttinuall and long-lastiing prrocesss of ccontrool tessting. Autoomatedd conttrol ttestinng alsso briings aabout a quiicker respoonse ttime tto pottentiaal prooblemss and needeed corrrectiions.Managemment ccan allso uttilizee techhnologgy to suppoort thhe doccumenttationn and testiing

38、 coomponeents oof theeir coontroll actiivitiees. Nuumerouus venndors (e.g., BWiise, MMethoddware) provvide ccustommizablle sofftwaree to pprovidde a cconsisstent approoach aacrosss the enterrprisee. Thee use of sooftwarre to suppoort thhese eeffortts is not llimiteed to largee comppaniess, as many p

39、rogrrams aare sccalablle andd affoordablle forr smalll commpaniees. Thhese pprograams heelp ennsure that the iinitiaal invvestmeent inn docuumentaation and ttestinng is well mainttainedd and that complliancee effoorts wwill bbe susstaineed intto thee futuure. TThey ccan allso seerve aas a bbasis for

40、 hhigherr-valuue iniitiatiives ddownsttream, suchh as bbusineess prrocesss imprrovemeent annd morre-commpreheensivee riskk manaagemennt acttivitiies.信息與交流Informaation and CCommunnicatiionAn openn floww of iinformmationn and ease of coommuniicatioon witthin aan orgganizaation are eessenttial wwith aa

41、ny neew iniitiatiive. EExperiiencedd projject mmanageers arre welll verrsed iin thee commmunicaationss needded too dispperse inforrmatioon to stakeeholdeers. TThey aalso hhave eexperiience with changge mannagemeent, wwhich can ccontriibute to thhe timmelierr acceeptancce of new pprocessses aand thhe

42、 conntinuoous immproveement needeed to excell. Expperiennced pprojecct mannagerss willl builld meaasuremments into the pplans to asssess succeess. Leadingg comppaniess fostter oppen coommuniicatioon bettween interrnal aauditoors, mmanageement, and exterrnal aauditoors. TThe fiirst yyear oof SOXX imp

43、llementtationn for accellerateed fillers rresultted inn lesss thann ideaal commmuniccationns witth extternall audiitors, accoordingg to tthe SEEC Aprril 20005 Rooundtaable oon Intternall Conttrol RReportting PProvissions. Receent reecommeendatiions ffrom tthe SEEC andd the PCAOBB havee clarrifiedd e

44、xpeectatiions rregardding eexternnal auuditorr commmunicaationss, witth thee speccific goal of immproviing thhe quaality of teestingg, doccumenttationn, andd remeediatiion inn the contrrol ennvironnment, thuss addiing buusinesss vallue. Informaation overlload iis preevalennt thrroughoout buusinesss.

45、 Inn the “infoormatiion ecconomyy,” maanagemment iis freequenttly ovverwheelmed by thhe quaantityy of ddata aavailaable, oftenn resuultingg in aa faillure tto connvert imporrtant businness iinformmationn intoo knowwledgee to ssupporrt theeir coompetiitive advanntage in thhe marrketpllace. Leadiing c

46、oompaniies haave reecogniized tthat eeffecttive rreportting oof excceptioons annd an “execcutivee dashhboardd” appproachh are the bbest wways tto foccus atttentiion onn impoortantt infoormatiion, aand thhey caan avooid pllacingg manaagemennt adrrift iin a ssea off meanningleess daata frrom enndlesss sourrces.5。監(jiān)測MonitorringControll selff-asseessmennts (CCSA) ccan pllay ann impoortantt p