内部控制英文文献翻译及参考文献 第7页
anticipated so they can be avoided or mitigated to the greatest extent possible. To revert to analogy, the time to install lights at a railway crossing is before a major accident occurs. Likewise, lights may become necessary at a railway crossing where none were needed previously because of changes in population or traffic patterns.
How then should managers go about the process of trying to identify previously unidentified risks? First, management should focus its attention on change, because all change involves some element of risk. Examples of types of change that can entail a high degree of risk include the following:
* Changes in the operating environment (e.g., changes in regulations)
* Changes in personnel (especially in sensitive positions)
* Changes in information systems and technology (e.g., if processes have been reengineered, are control procedures still adequate?)
* Rapid growth (e.g., pressure to "cut comers" to meet increased demand)
* New programs and services (e.g., lack of experience)
* Changes in structure (e.g., elimination of a program)
Managers also should consider inherent risk, which involves the notion that certain situations, even when they are ongoing, involve heightened levels of risk. Examples of situations that typically involve a high degree of inherent risk include the following:
* Complexity (the more that can go wrong, the more that will go wrong)
* Cash receipts ("when cash passes hands it tends to stick")
* Direct third-party beneficiaries (cash payments of assistance to individuals)
* Prior problems (programs with a "problem past" are likely to continue to experience problems)
* Prior unresponsiveness to identified control weaknesses (situations where problems identified in the past have still not been remedied)毕业论文
http://www.youerw.com/ 论文网
http://www.youerw.com/ Traditionally, control-related policies and procedures related to finance are classified into one of the following basic categories:
* Authorization (all transactions need to be properly authorized)
* Properly designed records (records should be designed to highlight missing items)
* security of assets and records (assets and records should be protected and available only to those who need them)
* Segregation of incompatible duties (ideally, individual employees should not be in the position to both commit and conceal an irregularity)
* Periodic reconciliations (accounting records should regularly be compared and reconciled)
* Periodic verifications (accounting data should regularly be compared with the actual items they represent)
* Analytical review (the reasonabiliry of financial data should be assessed by comparing that data with other data, both financial and nonfinancial, as well as with expectations)
Specific control-related policies and procedures also can be divided between those designed to actually eliminate a problem (like a fire sprinkler system) and those designed with the more limited goal of alerting managers to a potential problem so they can eliminate it (like a smoke alarm). The importance of this distinction will become apparent later in the discussion of monitoring.
Communication. Unlike the other four components of a comprehensive framework of internal control, communication does not really exist separately. Rather, it is a pervasive and necessary characteristic of each of the remaining components if they are to function effectively. For example, a sound control environment requires good communication among levels of management as well as between managerial and non-managerial staff. Indeed, it was to underscore the importance of communication to each of the other components of a comprehensive framework of internal control that COSO chose to treat it as a separate component in its own right.
Of special importance to good communication from the perspective of financial managers is the documentation of accounting-related policies and procedures. Traditionally an accounting policies and procedures manual has generally been used for this purpose. More recently, governments have begun to use internal Web sites to ensure that staff has ready access to the most updated information.4
Managers, of course, are in a position to override whatever controls they establish. Because of this unavoidable risk of management override, it is important that staff be provided with a clear way of communicating around managers in situations where management override does occur.
Not all types of information have the same urgency. For example, indications of irregularities or fraud need to be communicated to the appropriate parties immediately, whereas periodic reporting may be sufficient for many less sensitive types of control-related information. Good communication will ensure that the speed of communication is consistent with such considerations.
Monitoring. The fifth and final component of a comprehensive framework of internal control is monitoring. Just as even the best-constructed house may reasonably be expected to require regular upkeep and occasional repairs, control-related policies and procedures tend naturally to deteriorate over time. Therefore, managers must periodically evaluate their control-related policies and procedures to ensure that they have been properly implemented and remain fully operational.
Just as important, many control-related policies and procedures are designed to alert managers to a potential problem rather than to actually eliminate the problem. Therefore an essential element of monitoring is to evaluate how past indications of possible errors and irregularities signaled by control-related policies and procedures have been dealt with.
上一页 [1] [2] [3] [4] [5] [6] [7] [8] 下一页
内部控制英文文献翻译及参考文献 第7页下载如图片无法显示或论文不完整,请联系qq752018766