coso内部控制模型
The COSO Internal Control Model
The COSO internal control framework was first introduced in 1992, and in 1994 a comprehensive four-section report on internal controls was issued, con sisting of an executive summary, a framework, guidance to public companies o n reporting on internal controls to third parties, and evaluation tools to help a company comprehensively assess its current control environment.
The COSO framework is relevant to achieving company objectives in three areas:
Operational goals: The framework relates to the effective and efficient usag e of all of a company's resources.
Financial reporting goals: The construct gives guidance on the consistent pr oduction of reliable financial reports.
Compliance g oals: The guidance creates a topology of the company’s compl iance requirements as they relate to industry regulations or legal requirements f or public entities.
coso内部控制框架提出三大目标,即运营的效率和效果,财务报告的可靠性,以及遵守适用的法律和规章
五大要素
1。控制环境
Control Environment
spring framework表达式assign
This element is the foundation of the COSO framework. It sets the overall tone of the organization with regard to the importance of internal controls. Et hical values, leadership resource allocation, staff competence at all levels, the d ynamics of authority and responsibility within the organization, and managemen t philosophy are all parts of this critical component.
In a sense, the control environment is the most difficult component to quan tify, because much of it relates to the overall culture of the organization. But t here are a number of clear goals that an organization can work toward to ensu re that the framework rests on a foundation exemplifying market leadership.
Board and leadership involvement is the most crucial element in an organiz ation seeking market leadership. As the board and leadership set expectations a nd measure progress against them, business units or department heads begin to assign internal controls the priority they require. The spec
ific strategies that c an be employed to move to a market-leader position within an industry include the following:
∙Conveying the importance of ethical values道德价值by setting an exam ple and “walking the talk.” This includes relating stories of integrity and ethica l values through presentations, newsletter stories, and any other means of gettin g the message to everyone that these values are important to the organization. Public companies are now required to have a code of conduct for the board u nder the requirements laid out by SOX. Nonprofits and private companies can also benefit from a code of conduct. The organization cannot tolerate violations of this standard. There are financial benefits to this approach as well. One re search study performed by the Institute of Business Ethics (“Does Business Eth ics Pay?,” April 2003) f ound that companies displaying a clear commitment to ethical conduct consistently outperform companies that do not display ethical conduct.
∙Developing clear organizational guidelines relating to responsibility and a uthority with accountability checks is another clear hallmark of an market lead er. Within the organization, leadership typically follows a distributed model, wi th individuals understanding the overall organizational goals and how the goals of their department or business unit relate to them. Individuals should also un derstand their responsibilities and the limit of their authority to ensure that the goals of the organization are achieved.
When a leadership culture like this is achieved, the whole organization is focused on organizational objectives and co mmitted to the maintenance of the control structure. A guiding coalition of lea dership members believing in the need for change is one of the first steps typi
cally taken by organizations that successfully make culture shifts, but changes will take effect slowly and steadily over time.
∙Embedding the internal control framework within the organizational cultu re将内部控制框架融入企业文化. Management must clearly define roles and res ponsibilities for internal controls, including responsibility for the defining, docu menting, testing, and monitoring of controls and the remediating of problems. The organization must incorporate these responsibilities into the responsible indi viduals’ performance management goals.
∙The internal controls environment is no longer viewed as separate from the operating component of the business; controls are embedded in processes fr om the beginning. 内部控制环境不再独立于企业经营要素,要从一开始就执行T his approach lowers the risk of inadequate controls and ensures that the control structure is in place from the outse t of a process’s planning and launch.
∙Supporting human resources policies and practices that provide clear cor porate career paths. Human
resources management plays a key role in ensuring that individuals are hired with the needed financial competencies and that care er growth supports an increased level of financial reporting competencies.对人力资源/人才的要求
2。风险评估
Risk Assessment
Leading companies take a risk-based approach to SOX internal controls co mpliance as a key step in achieving a correct balance between costs and benef its. Recent guidance from the Public Company Accounting Oversight Board (P CAOB) supports this approach with specific recommendations, including the us e of a risk-based method to determine which key controls are tested each year. The PCAOB als o recommends that the viability of a company’s business mod el is an important consideration when evaluating risks. Companies that focus o n these larger problems and risks will better meet the needs of all their stakeh olders, including investors and analysts.
Market leaders with respect to internal controls expand the risk focus starte d under internal compliance efforts to a broader venue. One popular concept th at often precedes a mature enterprise risk management initiative is the formatio n of a risk council. This council is generally composed of ma
nagement represe ntatives from different areas of the business. Some of the early objectives of ri sk council meetings are as follows:
Use of a common terminology for risk discussions throughout the organizati on;
Definition of a risk framework or structure for fostering risk management a cross the organization;

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。