内部控制英文文献翻译及参考文献 第8页
4 Inherent limitations of internal control
While a sound framework of internal control is essential, it is important to bear in mind that no such framework can ever be perfect. For example, as already explained, managers normally are in a position to override whatever control-related policies and procedures they establish. Also, controls dependent upon the segregation of incompatible duties typically could be circumvented through collusion (i.e., individuals intended to act as a control upon one another could instead work together to frustrate the control). Finally, and most important, it would be inappropriate to implement a control-related policy or procedure that would end up costing more than the benefit it was reasonably expected to achieve. Thus, for instance, it sometimes may not be feasible to fully implement the segregation of incompatible duties, in which case alternative (and potentially less effective) methods may need to be employed instead.
FROM INTERNAL CONTROL TO ENTERPRISE RISK MANAGEMENT
As noted earlier, COSO's 1992 report was groundbreaking and has served ever since as the basis for all serious discussion of internal control. For all that, COSO did not abandon its mission with the 1992 publication of Internal Control - an Integrated Framework. Rather, it decided to enhance its work on internal control by placing it within the even broader context of enterprise risk management. The result was COSO's 2004 publication Enterprise Risk Management - an Integrated Framework (COSO II).
COSOII describes enterprise risk management as:
a process effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. This process necessarily involves both individual units within an organization and the organization as a whole.
A comprehensive enterprise risk management framework, according to COSOII, is one that provides reasonable assurance (1) that an entity's objectives are being achieved or (2) that management is made aware of risks that could impede their achievement:
COSO II reiterates the three basic managerial objectives identified in the original COSO Report: operations (effectiveness and efficiency), reporting (broadened to encompass nonfinancial and internal reporting), and compliance. It also identifies a new fourth category of strategic objectives that it describes as being on a "higher level," because all of the other objectives would need to be aligned to it.
Consistent with the emphasis on enterprise risk management, COSOII expands the single risk assessment component of the ear lier framework into four separate components (including one that continues to be called "risk assessment"), bringing to eight the total number of components in a comprehensive framework of enterprise risk management:
* Internal environment (including the identification of an entity's tolerance for loss or risk appetite)
* Objective setting (providing the context for the risk assessment, given that a risk is to be defined as something that could prevent an entity from achieving its objectives)
* Event identification (both positive -opportunities, and negative - risks)
* Risk 毕业论文
http://www.youerw.com/ 论文网
http://www.youerw.com/)
* Control activities (concrete steps taken to respond to risk)
* Information and communication (specifically to include a provision for "upstream reporting" in the case of management override)
* Monitoring
Exhibit 1 compares and contrasts the objectives set forth in the original 1992 COSO Report with those presented in COSO II. Exhibit 2 provides a similar comparison between the elements of a comprehensive framework of internal control (1992 COSO Report) and the elements of a comprehensive framework of enterprise risk management (COSO II).
Because of the wide acceptance already accorded the guidance provided in the 1992 COSO Report, COSOII emphasizes that nothing in the latter report amends or replaces the guidance found in the earlier report. That is, COSO II is designed to supplement rather than replace the original COSO guidance for those who desire a "more robust" context for assessing internal control5 CONCLUSION
Internal control, by its very nature, is essentially a managerial responsibility. Awareness of management's responsibility for internal control has been significantly heightened of late by recent private sector developments, such as the federal Sarbanes-Oxley legislation. GFOA has gone on record stating that public sector financial managers have an affirmative obligation under GFOA's Code of Professional Ethics to fulfill their internal control responsibility. The first step in meeting that obligation is for managers to become familiar with the COSO guidance on internal control. Likewise, public sector governing boards, which are ultimately responsible for ensuring that management meets its internal control-related responsibilities, should become familiar with the COSO's comprehensive framework of internal control so they can better hold management accountable.
上一页 [1] [2] [3] [4] [5] [6] [7] [8]
内部控制英文文献翻译及参考文献 第8页下载如图片无法显示或论文不完整,请联系qq752018766
