论民营企业内部控制制度以一品建设集团有限公司为例

1、From：The Chartered Institute of ManagementAccountants(CIMA)Management Accentuating 2009.2(MANAGEMENT ACCOUNTRINSK AND CONTROL STRATEGY INTERNAL CON)TROLDiscussion Internal Control System in EnterprisesAbstract ：article has conducted the comprehensive analysis research in view of enterprises internal

2、 control, through to the internal control basic concept and the principle theory discussion, elaborated the business management implementation internal control significance, has profited from COSO to the internal control concept and to the internal control environment limits, analyzes Our country En

3、terprise the flaw which exists in this aspect. And on enterprises internal control system construction, proposed some solution, elaborated own viewpoint and the suggestion.Keywords: Internal Control System the Limitation of Internal Control System inEnterprisesLimitation of Internal Control System i

4、n Enterprises， Referring to the latest research results of COSO, and with the application of legislation and practice based on circle operations and material operations, this paper tries to focus on the establishment of internal con trol based on risk man agementExpIoration of the Internal Control S

5、yzran of Modern Enterprises Some Thinking about Strengthening Internal Control in Enterprises， Internal control method of p reve nting enterp rise bus in ess riskExist ing Theories of Inv alidati on of Internal Con trol Mechanism & the Train of Resolving Thoughts。Inquiry into the Theory and Practice

6、 of Corporate Internal Control in China。 Thought about perfecting internalcontrol of enterprises。 An Inquiry into the Concept and Fundamental Natures of Internal Control。 Internal Controland The Quality of Accounting data。Some Think on Strengthening Internal Control of Enterprise ， Getting out of th

7、e Blind Area of Internal Control and Aiming at the Perfection of Internal Control system, In ternal Con trolof acco untin formati on system un der n etwork en vir onmen。The Fuzzy Appraisal of the Fitness of the Internal Control to Strategy。 Internal Corporate Governance and Internal Contro，l Develop

8、ment of Environment Control and Internal Control System，Strengthen accounting supervision and perfect internal control system in con struct ion enterp risesGetting out of the Blind Area of Internal Control and Aiming at the Perfection of Internal Control system。 The Perfecting of Internal Control Sy

9、stem in Enterprise。 Amplify internal control system and safeguard against financial risk 。 Development of Environment Control and Internal Control System。 Strengthen accounting supervision and p erfect in ternal con trol system in con struct ion enterp risesSuggestions on establishing internal contr

10、ol system of enterprises，Increasing Enterprises Financial Information。 Quality through Perfecting Enterprises Internal Control System。Promoting the Development of Enterprises through Perfecting Enterprises Internal Control System。 Research on Internal Control System of Environmental Protection in En

11、terprises， The necessity of improving national-enterprises internal control system under the market economy condition。Establishing and Perfecting the Internal Control System (ICS) within the Enterprise。 Strengthens Internal Control System, Governs Accounting Information Distortion 。 To strengthen in

12、ternal control system, and raise enterprise economic ben efits。The establishme nt and p erfecti on of in ternal control system in enterp risesThe Importance of and Measures for Establishing and Perfecting the Internal Control System in Enterprise。 Internal Audit is the Point of Emphasis of Internal

13、Control System in Modern Enterprise。LEARNING OUTCOMESAfter completing this chapter you should be able to:Discuss the purposes and importance of internal control for an organization;Evaluate risk management strategies;Evaluate the essential features of internal control systems for identifying, assess

14、ing andmanaging risks;evaluate the costs and benefits of a particular internal control system.IntroductionThe main purpose of this chapter is to define internal control and internal control systems,with its links to the Combined Code and the role of the board in internal control. A classificationof

15、control into financial, non-financial quantitative and non-financial qualitative isprovided. The chapter also describes the changing role of the management accountant.A number of qualitative and accounting controls are identified and the chapter concludeswith a discussion of the limitations and cost

16、-benefit of internal control.Internal controlInternal control isthe whole system of internal controls, financial and otherwise, established in order to provide reasonableassurance of:（一 ）Effective and efficient operation;（二 ）Internal financial control;（三 ）Compliance with laws and regulationsThis def

17、inition reflects the important business reasons for having a system of internalcontrol: to maximize the reliability and timeliness of information for making decisions.It also reflects the need to comply with regulation （see below）whilst there are hundreds of different controls working in any organiz

18、ation; they can becategorized into four main types:1. Detective: These controls identify undesirable outcomes that have occurred and functionafter the event has happened. This means that they are suited when it is possible to acceptthe loss or damage incurred. An example of this type of control is a

19、 financial reconciliation（where unauthorized transactions are detected after they have occurred）.2. Directive: These controls direct an activity towards a desired outcome. An example ofthis type of control would be training staff to work towards achieving particular objectivesfor the organization, o

20、r the existence of a strategy that informs employees, to carrya particular series of acts.3. Preventative: These controls limit or stop the possibility of an undesirable event happening.Examples include physical accesscontrols, separation of duty controls or authorizationlimits and levels.4 .Correct

21、ive: These correct undesirable outcomes after they have happened. An example ofthis might be the terms and conditions of a contract to recover an overpayment from anemployee.Internal control systemAn internal control system includes all the policies and procedures (internal controls)adopted by the d

22、irectors and managementof an entity to assist in achieving their objectivesof ensuring, as far as practicable, the orderly and efficient conduct of a business, includingadherence to internal policies, the safeguarding of assets, the prevention and detection offraud and error, the accuracy and comple

23、teness of the accounting records, and the timelypreparation of reliable financial information (CIMA Official Terminology).An internal control system comprises the control environment and control procedures.Control environment is:The overall attitude, awareness and actions of directors and management

24、 regarding internal controls and their encompasses the management style, and corporate culture and values sharedby all employees. It provides a background against which the various other controls are operated (CIMAOfficial Terminology).Control procedures are:Those policies and procedures in addition

25、 to the control environment which are established to achieve theentity s specific objectives (CIMA Official Terminology).The Institute of Internal Auditors ( IIA) describes the control system as:The attitude and actions of management and the board regarding the significance of control within theorga

26、nization. The control environment provides the discipline and structure for the achievement of theprimary objectives of the system of internal control. The control environment includes the following elements:integrity and ethical values, management s philosophy and operating style, organizational st

27、ructure,assignment of authority and responsibility, human resource policies and practices, and competence ofpersonnel.A further definition of an internal control system isThe policies, procedures, practices and organizational structures, designed to provide reasonable assurancethat business objectiv

28、es will be achieved and that undesired events will be prevented, or detected andcorrected (Information Systems Control & Audit Association (ISACA).COSO model of internal controlCOSO s Enterprise Risk ManagementIntegrated Framework (COSO, 2004) states that internalcontrol is an integral part of enter

29、prise risk management. This is described in COSOsInternal Control Integrated Framework (COSO, 1992) which is encompassed within the ERMframework.The COSO, internal control framework contains five elements:1. Control environment2. Risk assessment3. Control activities4. Monitoring5. Information and co

30、mmunication.The control environment was discussed above. The risk assessment section of the modelidentifies the risks of failing to meet financial reporting objectives; failing to meet complianceand failing to meet operational objectives. This is consistent with the CIMA definition(above) of interna

31、l control. COSO recommends the identification of external and internalrisks to the organization and its activities.Control activities are the policies and procedures that help ensure management directivesare carried out and objectives are achieved. These include both accounting and Nona countingcont

32、rols.Information and communications covers the need to capture relevant internal and externalinformation about competition, economic and regulatory matters and the potential ofstrategic and integrated information systems.Monitoring is concerned with the need for management to monitor the entire cont

33、rolsystem through specific evaluations.Control activities relate to the procedures carried outand the need to integrate these procedures with risk assessment.The elements of the COSO model were described in detail in the previous chapter.Internal control and the Combined CodeLike the IFAC report (In

34、ternational Federation of Accountants,1999), the Turnbull report( Institute of Chartered Accountants in England & Wales,1999) emphasized thatSince profits are, in part, the reward for successful risk-taking in business, the purpose of internal control isto help manage and control risk appropriately

35、rather than to eliminate it.Code C.2 of the Combined Code (Financial Reporting Council, 2003) relates to internal control. Code provision C.2.1 states:The board should, at least annually, conduct a review of the effectiveness of the groups system of internalcontrols and should report to shareholders

36、 that they have done so. The review should cover all materialcontrols, including financial, operational and compliance controls and risk management systems. The Combined Code encompasses the Turnbull Guidance (Institute of CharteredAccountants in England and Wales, 1999), which provides guidance fur

37、ther to Code C.2, thatThe board should maintain a sound system of internal control to safeguard shareholdersinvestment and thecompanys assets.Seniorexecutives have long sought ways to better control the enterprises they run.Internal controlsInternal controls are put in place to keep the company on c

38、ourse toward profitability goals and achievement of its mission, and to minimize surprises along the way. They enable management to deal with rapidly changing economic and competitive environments, shifting customer demands and priorities, and restructuring for future growth. Internal controls promo

39、te efficiency, reduce risk of asset loss, and help ensure the reliability of financial statements and compliance with laws and regulations.Because internal control serves many important purposes, there are increasing calls for better internal control systems and report cards on them. Internal contro

40、l is looked upon more and more as a solution to a variety of potential problems.What Internal Control IsInternal control means different things to different people. This causes confusion among businesspeople, legislators, regulators and others. Resulting miscommunication and different expectations c

41、ause problems within an enterprise. Problems are compounded when the term, if not clearly defined, is written into law, regulation or rule.This report deals with the needs and expectations of managementand others. It defines and describes internal control to:Establish a common definition serving the

42、 needs of different parties.Provide a standard against which business and other entities-large or small, in the public or private sector, for profit or not-can assess their control systems and determine how to improve them.Internal control is broadly defined as a process, effected by an entitys boar

43、d of directors, managementand other personnel, designed to provide reasonableassurance regarding the achievement of objectives in the following categories:1. Effectiveness and efficiency of operations.2. Reliability of financial reporting.3. Compliance with applicable laws and regulations.The first

44、category addresses an entitys basic business objectives, including performance and profitability goals and safeguarding of resources. The second relates to the preparation of reliable published financial statements, including interim and condensed financial statements and selected financial data der

45、ived from such statements, such as earnings releases, reported publicly. The third deals with complying with those laws and regulations to which the entity is subject. These distinct but overlapping categories address different needs and allow a directed focus to meet the separate needs.Internal con

46、trol systems operate at different levels of effectiveness.Internal control can be judged effective in each of the three categories, respectively, if the board of directors and management have reasonable assurance that:1. They understand the extent to which the entitys operations objectives are being

47、 achieved.2. Published financial statements are being prepared reliably.3. Applicable laws and regulations are being complied with.While internal control is a process, its effectiveness is a state or condition of the process at one or more points in time. Internal control consists of five interrelat

48、ed components. These are derived from the way managementruns a business, and are integrated with the management process. Although the components apply to all entities, small and mid-size companies may implement them differently than large ones. Its controls may be less formal and less structured, ye

49、t a small company can still have effective internal control. The components are:Control EnvironmentThe control environment sets the tone of an organization, influencing the control consciousnessof its people. It is the foundation for all other components of internal control, providing discipline and

50、 structure. Control environment factors include the integrity, ethical values and competence of the entitys people; managements philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by

51、the board of directors.Risk AssessmentEvery entity faces a variety of risks from external and internal sources that must be assessed.A precondition to risk assessmentis establishment of objectives, linked at different levels and internally consistent. Risk assessmentis the identification and analysi

52、s of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed. Because economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change.Con

53、trol ActivitiesControl activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement of the entitys objectives. Control activities occur throughout the organization, at all levels a

54、nd in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assetsand segregationof duties. Internal control is, to some degree, the responsibility of everyone in an organization and th

55、erefore should be an explicit or implicit part of everyones job description. Virtually all employees produce information used in the internal control system or take other actions neededto effect control. Also, all personnel should be responsible for communicating upward problems in operations, nonco

56、mpliance with the code of conduct, or other policy violations or illegal actions.Information and CommunicationPertinent information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. Information systems produce reports, conta

57、ining operational, financial and compliance-related information, that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary to informed business decision-making and external

58、 reporting. Effective communication also must occur in a broader sense, flowing down, across and up the organization. All personnel must receive a clear messagefrom top management that control responsibilities must be taken seriously. They must understand their own role in the internal control syste

59、m, as well as how individual activities relate to the work of others. They must have a means of communicating significant information upstream.There also needs to be effective communication with external parties, such as customers, suppliers, regulators and shareholders.MonitoringInternal control systems need to be monitored-a process that assesses the quality of the systems performance over time. This is accomp