商业银行内部控制简介培训课件

IntroductiontoInternalControls内部控制简介FederalReserveSystem2InternalControl-DiscussionOutline内部控制—研讨提纲DefinitionofInternalControl内部控制的定义ExplanationofInternalControlConcepts内部控制概念的解释DiscussionofInternalControlBreakdowns内部控制的缺陷3DefinitionofInternalControl内部控制的定义CurrentdefinitionintheU.S.-adoptedforworld-wideuse美国现行定义—已为世界各国采用COSO-Internalcontrolisaprocesseffectedbyanentity’sBoardofDirectorsandSeniorManagementandotherpersonneldesignedtoprovidereasonableassuranceregardingthreeobjectivesandfivecomponents内部控制是为确保三项目标和五项元素而设计并由公司董事会和高级管理层以及有关人员执行的一种程序4ThreeObjectivesofInternalControl内部控制的三项目标Effectivenessandefficiencyofoperations(includingsafeguardingofassets)运作有效（包括资产保护）Reliabilityoffinancialreporting财务报表可靠Compliancewithapplicablelawsandregulations合法合规5FiveComponents-InternalControl内部控制的五项元素ControlEnvironment-“toneatthetop”控制环境—“至关重要”RiskAssessment-management’sidentificationofkeyrisks风险评估—管理层对主要风险的认知ControlActivities-entitylevelandactivitylevel控制手段—面向公司层面和具体经营活动的控制手段InformationandCommunication-internalandexternal内部之间以及对外的信息交流与沟通Monitoring-adequacyofcontrolsovertime监控—持续充分的管理6Component1-ControlEnvironment元素一—控制环境Integrity&EthicalValues品行与道德价值CommitmenttoCompetence竞争力Management’sPhilosophy/OperatingStyle管理哲学/经营风格OrganizationalStructure组织结构AssignmentofAuthority&Responsibility权力与责任的分配BoardofDirector’sorAuditCommitteeParticipation董事会或审计委员会的参与HumanResourcesPolicies&Procedures人事政策与程序7IntegrityandEthicalValues品行与道德价值Essentialelement关键要素Impactsdesignofinternalcontrols影响内部控制的设计Prerequisiteforethicalbehavior正当行为的先决条件Difficulttoachieve-balancebetweenemployees,shareholdersandpublic难点—在员工、股东与公众间寻求平衡Disincentives-pressuretomeettargets,high-performancerewards阻力—实现目标的压力，表现优秀的回报8CommitmenttoCompetence竞争力Appropriatelevelsofmanagementandmanagementreview恰当的管理与管理评价Jobcriteriaandjobspecificskills工作守则与能力要求Appropriatepaylevelsforworkperformed按劳分配Natureanddegreeofjudgmentrequired评价的性质与程度9Management’sPhilosophy/OperatingStyle管理哲学/经营风格Formalversusinformalmanagementstyles正式与非正式的管理风格Impactstheinstitution’soperationsincludingtheriskprofile影响公司的经营，包括风险预测Majorimpactoncontrolissues是控制问题的主要影响因素Attitudestowardfinancialreporting:对财务报告的态度：–conservativeoraggressive保守还是激进10OrganizationalStructure组织结构Frameworkforachievingentity-wideobjectives实现总体目标的框架Definekeyareasofauthorityandresponsibility划分权责部门Establishappropriatereportinglines建立恰当的报告体系Centralizedversusdecentralized集权与分权Dependsonsizeandnatureofactivities取决于业务的规模与性质11AssignmentofAuthorityandResponsibility权力与责任的分配Responsibilityforoperatingactivities各种经营活动的职责Establishmentofreportingrelationships建立报告关系Authorizationprotocols授权协议Limitsonauthority对权力的限制Policiesonbusinesspractices经营政策Pushingdownofresponsibility职责的下放12BoardofDirectorandAuditCommitteeParticipation董事会与审计委员会的参与IndependenceofBoardand/orAuditCommitteefrommanagement董事会与/或审计委员会独立于管理层ExperienceandstatureofBoardmembers-newrulesintheU.S.forSECregistrants董事的资历与品行—证券交易委员会对于注册人的新规定InvolvementoftheBoard-criticaltoanappropriatecontrolenvironment董事会的参与—对良好控制环境十分关键Appropriateinformationflowsandscrutinyofmanagementactions良好的信息流动和对管理行为的审查13HumanResourcesPoliciesandProcedures人事政策与程序Criticalmessagetoemployees对员工非常重要的信息Globalwrittencodeofconduct国际通行的书面行为准则Additionalrequirementsfortraders对交易员的附加要求Practicesonhiring,orientation,training,evaluating,counseling,promoting,compensatingandremedialactions录用、定岗、培训、考核、咨询、晋升、薪酬与福利的操作Ongoinginvolvement–critical持续参与—十分重要14Component2-RiskAssessmentObjectives元素之二—风险评估的目标Identificationandanalysisofobjectives目标的确定与分析–operationsobjectives营运目标–financialreportingobjectives财务报告目标–complianceobjectives合规目标Overlappingofobjectives-complimentaryandlink目标重叠—补充与联系15RiskAssessmentObjectives风险评估的目标Activitiestoachieveobjectives实现目标的行动–clearforeachbusinessline对每项业务界定清晰–multipleobjectivesforeachactivity每项活动的多重目标Riskidentification风险识别–entitylevel公司层面–activitylevel经营层面–productlevel产品层面16RiskIdentification风险识别Entitylevel公司层面–External:technology,changingcustomerneeds,competition,legislation,economicchanges外部风险：技术风险，消费者需求变化的风险，竞争风险，法律风险，经济变化的风险–Internal:systemsdisruption,qualityofpersonnel,managementchanges内部风险：系统崩溃，人员素质，管理层变更Activitylevel-Volume,automationlevels经营层面—经营规模，自动化程度Productlevel-Inherentrisk,adequacyofcontrols产品层面—内在风险，控制的充分性Analysisandmanagementofriskexposure风险敞口的分析与管理17Component3-ControlActivities元素之三—控制手段Widevarietyandrange非常广泛Canincludepreventative,investigative,manualorcomputercontrols包括预防性手段和调查性手段，人工手段和计算机手段Twoessentialelements两个重要因素–Policies方针–Procedures程序18Preventativevs.DetectiveControls预防性手段与调查性手段Preventative-preventsundesirableevents预防性手段—防止不利事件的发生Detective-revealserrors&irregularitiesthathavealreadyoccurred调查性手段—揭示已经发生的错误和反常情形19ExamplesofTypesofControlActivities控制手段例举Authorizationorapproval授权或批准Verification确认Reconciliation协调Segregationofduties职责分工Operatingperformancereviews绩效考评Physicalsecurityofassets资产的实际安全Physical/logicalsecurityreviews实际安全评估/理论安全评估Supervisoryreviews监管评估Twoweekvacationpolicy两周休假政策Systemchecks系统检查Limits限制ReviewofMISdata管理信息系统数据评价20Compone