coso内部控制模型

coso内部控制模型TheCOSOInternalControlModelTheCOSOinternalcontrolframeworkwasfirstintroducedin1992,andin1994acomprehensivefour-sectionreportoninternalcontrolswasissued,consistingofanexecutivesummary,aframework,guidancetopubliccompaniesonreportingoninternalcontrolstothirdparties,andevaluationtoolstohelpacompanycomprehensivelyassessitscurrentcontrolenvironment.TheCOSOframeworkisrelevanttoachievingcompanyobjectivesinthreeareas:Operationalgoals:Theframeworkrelatestotheeffectiveandefficientusageofallofacompany'sresources.Financialreportinggoals:Theconstructgivesguidanceontheconsistentproductionofreliablefinancialreports.Compliancegoals:Theguidancecreatesatopologyofthecompany’scompliancerequirementsastheyrelatetoindustryregulationsorlegalrequirementsforpublicentities.coso内部控制框架提出三大目标，即运营的效率和效果,财务报告的可靠性,以及遵守适用的法律和规章五大要素1。控制环境ControlEnvironmentThiselementisthefoundationoftheCOSOframework.Itsetstheoveralltoneoftheorganizationwithregardtotheimportanceofinternalcontrols.Ethicalvalues,leadershipresourceallocation,staffcompetenceatalllevels,thedynamicsofauthorityandresponsibilitywithintheorganization,andmanagementphilosophyareallpartsofthiscriticalcomponent.Inasense,thecontrolenvironmentisthemostdifficultcomponenttoquantify,becausemuchofitrelatestotheoverallcultureoftheorganization.Butthereareanumberofcleargoalsthatanorganizationcanworktowardtoensurethattheframeworkrestsonafoundationexemplifyingmarketleadership.Boardandleadershipinvolvementisthemostcrucialelementinanorganizationseekingmarketleadership.Astheboardandleadershipsetexpectationsandmeasureprogressagainstthem,businessunitsordepartmentheadsbegintoassigninternalcontrolstheprioritytheyrequire.Thespecificstrategiesthatcanbeemployedtomovetoamarket-leaderpositionwithinanindustryincludethefollowing:Conveyingtheimportanceofethicalvalues道德价值bysettinganexampleand“walkingthetalk.”Thisincludesrelatingstoriesofintegrityandethicalvaluesthroughpresentations,newsletterstories,andanyothermeansofgettingthemessagetoeveryonethatthesevaluesareimportanttotheorganization.PubliccompaniesarenowrequiredtohaveacodeofconductfortheboardundertherequirementslaidoutbySOX.Nonprofitsandprivatecompaniescanalsobenefitfromacodeofconduct.Theorganizationcannottolerateviolationsofthisstandard.Therearefinancialbenefitstothisapproachaswell.OneresearchstudyperformedbytheInstituteofBusinessEthics(“DoesBusinessEthicsPay?,”April2003)foundthatcompaniesdisplayingaclearcommitmenttoethicalconductconsistentlyoutperformcompaniesthatdonotdisplayethicalconduct.Developingclearorganizationalguidelinesrelatingtoresponsibilityandauthoritywithaccountabilitychecksisanotherclearhallmarkofanmarketleader.Withintheorganization,leadershiptypicallyfollowsadistributedmodel,withindividualsunderstandingtheoverallorganizationalgoalsandhowthegoalsoftheirdepartmentorbusinessunitrelatetothem.Individualsshouldalsounderstandtheirresponsibilitiesandthelimitoftheirauthoritytoensurethatthegoalsoftheorganizationareachieved.Whenaleadershipculturelikethisisachieved,thewholeorganizationisfocusedonorganizationalobjectivesandcommittedtothemaintenanceofthecontrolstructure.Aguidingcoalitionofleadershipmembersbelievingintheneedforchangeisoneofthefirststepstypicallytakenbyorganizationsthatsuccessfullymakecultureshifts,butchangeswilltakeeffectslowlyandsteadilyovertime.Embeddingtheinternalcontrolframeworkwithintheorganizationalculture将内部控制框架融入企业文化.Managementmustclearlydefinerolesandresponsibilitiesforinternalcontrols,includingresponsibilityforthedefining,documenting,testing,andmonitoringofcontrolsandtheremediatingofproblems.Theorganizationmustincorporatetheseresponsibilitiesintotheresponsibleindividuals’performancemanagementgoals.Theinternalcontrolsenvironmentisnolongerviewedasseparatefromtheoperatingcomponentofthebusiness;controlsareembeddedinprocessesfromthebeginning.内部控制环境不再独立于企业经营要素，要从一开始就执行Thisapproachlowerstheriskofinadequatecontrolsandensuresthatthecontrolstructureisinplacefromtheoutsetofaprocess’splanningandlaunch.Supportinghumanresourcespoliciesandpracticesthatprovideclearcorporatecareerpaths.Humanresourcesmanagementplaysakeyroleinensuringthatindividualsarehiredwiththeneededfinancialcompetenciesandthatcareergrowthsupportsanincreasedleveloffinancialreportingcompetencies.对人力资源/人才的要求2。风险评估RiskAssessmentLeadingcompaniestakearisk-basedapproachtoSOXinternalcontrolscomplianceasakeystepinachievingacorrectbalancebetweencostsandbenefits.RecentguidancefromthePublicCompanyAccountingOversightBoard(PCAOB)supportsthisapproachwithspecificrecommendations,includingtheuseofarisk-basedmethodtodeterminewhichkeycontrolsaretestedeachyear.ThePCAOBalsorecommendsthattheviabilityofacompany’sbusinessmodelisanimportantconsiderationwhenevaluatingrisks.Companiesthatfocusontheselargerproblemsandriskswillbettermeettheneedsofalltheirstakeholders,includinginvestorsandanalysts.Marketleaderswithrespecttointernalcontrolsexpandtheriskfocusstartedunderinternalcomplianceeffortstoabroadervenue.Onepopularconceptthatoftenprecedesamatureenterpriseriskmanagementinitiativeistheformationo