InternalControl–IntegratedFramework内部控制整合框架ExecutiveSummary执行纲要Internalcontrolhelpsentitiesachieveimportantobjectivesandsustainandimproveperformance.COSO’sInternalControl—IntegratedFramework(Framework)enablesorganizationstoeffectivelyandefficientlydevelopsystemsofinternalcontrolthatadapttochangingbusinessandoperatingenvironments,mitigateriskstoacceptablelevels,andsupportsounddecisionmakingandgovernanceoftheorganization.内部控制帮助组织达到重要的目标,维持和改进业绩。科索委员会的内部控制整合框架使得组织能够开发有效果且有效率的内部控制体系,该体系且能够适应变化的商业和运营环境,将风险降低到可接受的水平,并且促进规范决策和组织的治理。Designingandimplementinganeffectivesystemofinternalcontrolcanbechallenging;operatingthatsystemeffectivelyandefficientlyeverydaycanbedaunting.Newandrapidlychangingbusinessmodels,greateruseanddependenceontechnology,increasingregulatoryrequirementsandscrutiny,globalization,andotherchallengesdemandanysystemofinternalcontroltobeagileinadaptingtochangesinbusiness,operatingandregulatory第1页environments.设计并实施一套有效的内部控制体系是充满挑战的;每天保持制度运行的效果和效率会让人可望而不可及。崭新且不断更新的商业模型,对技术的深入应用和依赖,日益繁多的监管要求和检查,全球化和其他挑战要求每一个组织的内部控制体系都能够更加敏捷地适应不断变化的商业、运营和监管的环境。Aneffectivesystemofinternalcontroldemandsmorethanrigorousadherencetopoliciesandprocedures:itrequirestheuseofjudgment.Managementandboardsofdirectors1usejudgmenttodeterminehowmuchcontrolisenough.Managementandotherpersonnelusejudgmenteverydaytoselect,develop,anddeploycontrolsacrosstheentity.Managementandinternalauditors,amongotherpersonnel,applyjudgmentastheymonitorandassesstheeffectivenessofthesystemofinternalcontrol.一套有效的内部控制体系除了对制度和流程严格遵守外,还要求判断力。管理层和董事会通过其判断来决定多少控制是充分的。管理层和其他员工每天通过其判断,在组织内选取,推进和实施各类控制。管理层和内部审计师,以及其他的员工,通过其判断来监控和测试内部控制体系的有效性。TheFrameworkassistsmanagement,boardsofdirectors,externalstakeholders,andothersinteractingwiththeentityintheirrespectivedutiesregardinginternalcontrolwithoutbeingoverlyprescriptive.Itdoessoby1TheFrameworkusestheterm“boardofdirectors,”whichencompassesthegoverningbody,includingboard,boardoftrustees,generalpartners,owner,orsupervisoryboard.本框架使用“董事会”一词,泛指治理层,包括:董事会,理事会,一般合伙人,所有者和监事会等。第2页providingbothunderstandingofwhatconstitutesasystemofinternalcontrolandinsightintowheninternalcontrolisbeingappliedeffectively.本框架在内部控制方面,对管理层,董事会,外部的利益相关者和其他与组织产生互动关系的相关方有所帮助,且不会过分死板;而这有赖于对内部控制体系构成要素的理解,有赖于对内部控制体系能够有效实施的时机的洞见。Formanagementandboardsofdirectors,theFrameworkprovides:对于管理层和董事会,本框架提供:Ameanstoapplyinternalcontroltoanytypeofentity,regardlessofindustryorlegalstructure,atthelevelsofentity,operatingunit,orfunction一套工具,将内部控制推广到各类型的组织,无论行业或法律形式,无论在组织层面,经营单元层面或职能层面;Aprinciples-basedapproachthatprovidesflexibilityandallowsforjudgmentindesigning,implementing,andconductinginternalcontrol—principlesthatcanbeappliedattheentity,operating,andfunctionallevels一种原则导向的方法,能够灵活设计,实施和推进内部控制,并留有判断空间——这些原则可在组织层面、运营层面和职能层面应用;Requirementsforaneffectivesystemofinternalcontrolbyconsidering第3页howcomponentsandprinciplesarepresentandfunctioningandhowcomponentsoperatetogether一些要求,具体阐述有效的内部控制体系的要素和原则是如何存在和发挥作用,如何在一起产生协调作用;Ameanstoidentifyandanalyzerisks,andtodevelopandmanageappropriateresponsestoriskswithinacceptablelevelsandwithagreaterfocusonanti-fraudmeasures一套工具,识别和分析风险,开发和管理合适的风险应对措施将风险控制在可接受的水平,且更关注反舞弊措施;Anopportunitytoexpandtheapplicationofinternalcontrolbeyondfinancialreportingtootherformsofreporting,operations,andcomplianceobjectives一个机会,将基于财务报告的内部控制扩大应用范围,满足各种其他的报告、运营和遵循目标;Anopportunitytoeliminateineffective,redundant,orinefficientcontrolsthatprovideminimalvalueinreducingriskstotheachievementoftheentity’sobjectives一个机会,清理那些在降低风险方面价值不大的无效,冗余和低效的控制。Forexternalstakeholdersofanentityandothersthatinteractwiththeentity,applicationofthisFrameworkprovides:第4页对于外部利益相关者和组织的其他相关方,本框架的应用可使其:Greaterconfidenceintheboardofdirectors’oversightofinternalcontrolsystems对于董事会针对内部控制的监管更有信心;Greaterconfidenceregardingtheachievementofentityobjectives对于组织实现目标更有信心;Greaterconfidenceintheorganization’sabilitytoidentify,analyze,andrespondtoriskandchangesinthebusinessandoperatingenvironments对组织识别,分析和应对来自商业与运营环境风险与变化的能力更有信心;Greaterunderstandingoftherequirementofaneffectivesystemofinternalcontrol更了解有效的内部控制体系的具体要求;Greaterunderstandingthatthroughtheuseofjudgment,managementmaybeabletoeliminateineffective,redundant,orinefficientcontrols更了解管理层如何通过其判断清理那些无效,冗余和低效的控制。Internalcontrolisnotaserialprocessbutadynamicandintegratedprocess.TheFrameworkappliestoallentities:large,mid-size,small,for-profitandnot-for-profit,andgovernmentbodies.However,eachorganizationmaychoosetoimplementinternalcontroldifferently.For第5页instance,asmallerentity’ssystemofinternalcontrolmaybelessformalandlessstructured,yetstillhaveeffectiveinternalcontrol.内部控制不是一个按部就班的过程而是一个动态和整合的过程。本框架可以适用于各类型的组织:大型,中型或小型;盈利,非盈利或政府机构。然而,每个组织都可以有权选择,实施不同的内部控制。例如,一个小型组织的内控体系可以不那么正式和结构清晰,但仍保持有效。TheremainderofthisExecutiveSummaryprovidesanoverviewofinternalcontrol,includingadefinition,categoriesofobjective,descriptionoftherequisitecomponentsandassociatedprinciples,andrequirementofaneffectivesystemofinternalcontrol.Italsoincludesadiscussionoflimitations—thereasonswhynosystemofinternalcontrolcanbeperfect.Finally,itoffersconsiderationsonhowvar