《外文翻译毕业论文内部控制和管理企业范围的风险.doc》由会员分享,可在线阅读,更多相关《外文翻译毕业论文内部控制和管理企业范围的风险.doc(14页珍藏版)》请在三一办公上搜索。
1、内部控制和管理企业范围的风险除了在公司治理和财务报告遵循Sarbanes-Oxley法案的大刀阔斧的改革,遵守,企业可以通过采用它包括企业范围的风险管理前景更广阔的视野进一步受益。 这种方法特别适用于Sarbanes-Oxley法案,与管理层的说法其中涉及有关其内部控制对财务报告的有效性第404条。 随着公司努力遵守这些新规则,他们可以建立自己的第404条的工作为机遇,以解决其他方面的风险的整个组织,包括财务,法律和运营。包括那些在内部控制审查评估 - - 评估和监测的业务风险范围的新兴的趋势可能会帮助企业同时实现战略目标,提升股东和利益相关者的价值,并注重善政。自我评估满足第404条的任务不
2、一定是阻碍实施企业风险管理工作。 相反,合规流程可以使企业通过分布式的评价集中在企业范围内的风险 -也就是说,风险和控制的自我评估。 该评价分配的评估责任那些谁是 “ 最接近的动作 ” - 换句话说,那些最直接参与在每个过程中的控制。 这种方法可以帮助企业实现更好的平衡风险和控制状态。传统的智慧前身认为,对内部控制的责任下放给一个组织的金融集团。 根据目前的想法,但是,内部控制是由那些谁管理日常运营和谁取决于控件,用于实现其目标的业务范围内所拥有。 这些控制流程负责人有充分的准备进行识别,评估和管理相关风险,帮助企业实现其财务目标的分布式评估。 萨班斯-奥克斯利法案规定加强这种基于风险评估的价
3、值。如果一家公司看起来未来一年如何可以测量超出了单纯的符合监管要求的成功? 对于跨国公司来说,成功的标志之一是内部控制的全球标准化,使组织本身的定位对一个被广泛接受的控制标准,如反虚假财务报告委员会(COSO)的发起组织委员会设定的内部控制框架或于2003年颁布的COSO企业风险管理(ERM)框架铸币一个 “ 控制语言 ” 在整个组织内共享可以帮助公司采取了一系列控制最大的优势 - 确定关键控制,以保持并它可以抛弃,因为他们不增值或在其他不必要的。过程改进此外,公司可能会使用一节404断言规则,以帮助他们实现业务流程的全公司范围内转型。 内部控制评估可能产生了一些改进: 更多地使用自动化,或系
4、统为基础,控制; 流程风险和缓解风险的较好评价; 在整个组织更均匀的控制; 和 为控制评估过程中业主承担更大的责任。履约程序也可以用于淘汰不必要的任务,每个业务流程中确定的良好做法: 不同业务部门之间的比较控制,或在一个公司在不同的国家开展业务; 切削误差的风险通过使用控制,而不是手动流程的更多的技术为基础的方法; 使用关键绩效指标来衡量各风险和时间段的跨度过程的有效性; 和 从获得在全球范围内的控制程序,它可以带来更好的报告功能的反馈。在研究他们的控件集,公司可能会发现它有价值,具成本效益的考虑自动化的系统,而不是一个人工审核。 内部控制评估,通过自动化的自我评估进行的,更不是一个简单的调查
5、问卷。 它可以收集信息,从控制业主介绍 主要控制的状态。 评估不是基于断言的频率,但对控件的类型 - 自动或手动 - 以及如何容易受到风险的控制措施可能。使用自动化系统,内部控制评估提供了一些其他的优势。 它整合了内部控制信息和状态,以及作为所有组织风险和控制的资源库。 不仅对第404条的申报责任,而且对任何企业风险管理举措的存储库是非常有用的。内部审计员的作用内部审计人员可以在连接的内部控制与企业风险管理报告起到了至关重要的作用。 内部审计人员可以营造一个环境,使该公司的企业风险管理方法的效率连结到组织的整体业务目标。除了 阐述内部控制与企业风险管理高级管理层报告的联动,内部审计人员可以执行
6、许多其他重要功能: 帮助控制流程负责人更好地了解内部控制评估和测试。 成为组织内最佳实践的传播者。 举例来说,如果内部审计人员发现,一个特定的业务采取了更有效的方法,以内部控制报告,她可以与其他业务部门分享这些知识。 一般而言加强内部控制在这一领域传授标的物知识组织的理解。 通过测试和反馈的控制状态监控组织的内部控制。着眼于治而分布式评估或风险评估,适当地分配给操作人员与直接经验在各自的领域,总体风险是一个组织的面孔继续成为公司治理的优先级为董事及管理董事会。 为了帮助他们更好地理解这些风险,企业领导人应该考虑以下问题: 什么类型的分析是组织做识别风险? 什么是组织做评估这些风险,并找到占便宜
7、或减轻它们的最好方法是什么?为响应任务和Sarbanes-Oxley法案的建议,高级管理人员可能会考虑其他一些措施,以提升企业的责任: 评估组织中的其他的自我认识和知识。 确保均匀的进程存在,并且随后其他成员 提供内部认证机构。 评估业务的变化可能对内部控制的效果的影响; 例如,收购或资产剥离,以及新的会计或美国证券交易委员会的规则。 获得正式的内部管理层声明书,每季,来自国内及海外子公司内部的会计人员。 拿着每月或每季度的会议与会计人员(包括全球运营)调用检讨新会计公告和便于关闭过程中的其他项目。 启动与关键流程所有者或分部的领导人(包括销售,采购,人力资源,法律等)的正式定期举行会议,讨论
8、可能影响会计和信息披露活动。 协调这些措施,任何企业风险管理的举措。运用企业风险管理办法,内部控制评估过程是有代价的。 这可能是更昂贵,但是,不抓住实施这一做法的机会。 投资将包括: 建立风险框架和共同的风险词汇; 建立和维护一个首席风险官或风险委员会; 持续测量和监测; 和 风险评估框架的定期更新。对于许多公司而言,分阶段进行的方式是最实用的方式来处理成本问题。 起初,公司只评估对财务报告的风险和控制,但它的设计评估工具和技术,使他们能够支持企业风险管理。 一旦通过萨班斯-奥克斯利法案所要求的评估完成后,公司可以扩大评估到业务和战略领域,直到一个完整的企业风险管理制度到位。约翰法雷尔,注册会
9、计师 ,是毕马威会计师事务所的内部审计服务合伙人,以及总部设在纽约市。Internal Controls and Managing Enterprise-Wide RisksBy John FarrellIn addition to complying with the sweeping reforms in corporate governance and financial reporting following the Sarbanes-Oxley Act, companies can benefit further by adopting a broader view that enc
10、ompasses an enterprise-wide risk-management outlook. This approach is especially applicable to section 404 of the Sarbanes-Oxley Act, which deals with managements assertion regarding the effectiveness of its internal controls over financial reporting. As companies work to comply with these new rules
11、, they can build their section 404 work into an opportunity to address other aspects of risk throughout the organization, including financial, legal, and operational.The emerging trend of evaluating and monitoring the range of business risksincluding those assessed in an internal control reviewmay h
12、elp companies simultaneously meet strategic goals, boost shareholder and stakeholder value, and focus on good governance.Self-AssessmentFulfilling the mandates of section 404 need not be an obstacle to implementing an enterprise risk-management effort. Instead, the compliance process can enable comp
13、anies to focus on enterprise-wide risks through a distributed evaluationthat is, a self-assessment of risk and control. This evaluation assigns responsibility for the assessment to those who are “closest to the action”in other words, those most directly involved in the control over each process. Suc
14、h an approach can help companies achieve a better-balanced risk and control status.Conventional wisdom formerly held that responsibility for internal controls was delegated to an organizations financial group. According to current thinking, however, internal controls are owned by those within the bu
15、siness who manage daily operations and who depend on the controls for achieving their goals. These control process owners are well prepared to perform the distributed evaluation of identifying, evaluating, and managing pertinent risks to assist the business in achieving its financial goals. The Sarb
16、anes-Oxley rules reinforce the value of such risk-based evaluations.If a company looks ahead one year, how can it measure success beyond mere compliance with regulatory requirements? For multinational companies, one sign of success would be a worldwide standardization of internal controls that allow
17、s the organization to orient itself toward a widely accepted set of control criteria, such as the Committee of Sponsoring Organizations of the Treadway Commission (COSO) internal control framework or the COSO enterprise risk- management (ERM) framework issued in 2003. Coining a “controls language” s
18、hared throughout the organization can help a company take greatest advantage of its set of controlsdeciding which key controls to keep and which it can discard because they do not add value or are otherwise unnecessary.Process ImprovementIn addition, companies may use the section 404 assertion rules
19、 to help them achieve a company-wide transformation of business processes. The internal-control assessment may produce several improvements: Greater use of automated, or system-based, controls; Better evaluation of process risks and mitigation of risk; More uniform controls throughout the organizati
20、on; and Greater responsibility for controls assessment for the process owners.The compliance procedures can also be used to weed out nonessential tasks and determine good practices within each business process: Comparing controls between different business units, or within a companys operations in d
21、ifferent countries; Cutting the risk of error by using a more technology-based method of control rather than manual processes; Using key performance indicators to gauge the effectiveness of a process across a span of risks and time periods; and Getting feedback from control procedures on a worldwide
22、 basis, which can lead to better reporting capabilities.In examining their sets of controls, companies may find it valuable and cost-effective to consider an automated system rather than a manual review. The internal control assessment, performed through an automated self-assessment, is more than a
23、simple questionnaire. It can gather information from control owners about the status of key controls. The assessment is based not on the frequency of the assertion but on the type of controlautomated or manualand how vulnerable to risk the controls may be.Using an automated system for internal contr
24、ol assessment offers several other advantages. It consolidates internal control information and status, as well as being a repository of all organizational risks and controls. The repository is useful not only for section 404 reporting responsibilities but also for any ERM initiatives.待添加的隐藏文字内容2Rol
25、e of the Internal AuditorThe internal auditor can play a vital role in linking internal control reporting with ERM. The internal auditor can foster an environment that allows the company to link the efficiencies of an ERM approach to the overall business aims of the organization.In addition to artic
26、ulating the linkage of internal control reporting with ERM to senior management, the internal auditor can perform a number of other important functions: Helping control process owners gain a better understanding of internal control assessment and testing. Becoming a purveyor of best practices within
27、 the organization. For example, if the internal auditor discovers that a particular business segment has adopted a more efficient approach to internal control reporting, she can share that knowledge with other business segments. Generally enhancing the organizations understanding of internal control
28、s by imparting subject-matter knowledge in this area. Monitoring the organizations internal controls through testing and feedback on its control status.Focus on GovernanceWhile the distributed evaluation, or risk assessment, is properly assigned to the operations people with direct experience in the
29、ir respective areas, the overall risks that an organization faces continue to be a corporate-governance priority for the board of directors and management. To help them better understand those risks, corporate leaders should consider the following questions: What types of analyses is the organizatio
30、n doing to identify risks? What is the organization doing to assess those risks and find the best way to take advantage of or mitigate them?In response to the mandates and recommendations of Sarbanes-Oxley, senior management may consider several other measures to enhance corporate accountability: As
31、sessing self-knowledge and knowledge of others in the organization. Ensuring that a uniform process exists and is followed by other members of the organization that provides internal certification. Assessing the impact of changes in the business that may have an effect on internal controls; for exam
32、ple, acquisitions or divestitures, and new accounting or SEC rules. Obtaining formal internal management representation letters, on a quarterly basis, from internal accounting personnel for domestic and foreign subsidiaries. Holding monthly or quarterly conference calls with accounting staff (includ
33、ing worldwide operations) to review new accounting pronouncements and other items that facilitate the closing process. Initiating a formal regular meeting with key process owners or segment leaders (including sales, purchasing, human resources, and legal) to discuss activities that may influence acc
34、ounting and disclosure. Harmonizing these measures with any ERM initiatives.Applying an ERM approach to the internal-control assessment process has costs. It may be more costly, however, not to seize the opportunity to implement this approach. The investment would include: Establishing a risk framew
35、ork and common risk vocabulary; Establishing and maintaining a chief risk officer or risk committee; Continued measuring and monitoring; and Periodic updating of the risk assessment framework.For many companies, a phased-in approach is the most practical way to deal with the cost issue. Initially, a
36、 company evaluates only the risks and controls over financial reporting, but it designs the evaluation tools and techniques so they can support ERM. Once the evaluations required by Sarbanes-Oxley are complete, the company can expand the assessment into the operational and strategic realms, until a complete ERM system is in place.John Farrell, CPA, is a partner in the internal audit services practice of KPMG LLP, and is based in New York City.
