8.2 The meaning and elements of internal control在线视频

各位同学欢迎回到《审计学》课堂
Welcome back to auditing class.

通过上节课的学习
Through the study of the last lesson,

我们对注册会计师风险评估程序的含义
For the meaning of CPA risk assessment procedure we

有了一定的了解
have a certain understanding

这节课我们将进一步学习
In this lesson, we will learn more about

内部控制的含义及要素的有关内容
the meaning and elements of internal control.

首先我们要了解一下什么叫内部控制
First, we need to understand what is internal control.

内部控制就是指被审计单位为了合理保证
Internal control refers to the auditee in order to reasonably ensure

财务报告的可靠性经营的效率和效果
the reliability of financial reports, the efficiency and effect of operations,

以及对法律法规的遵守
and the compliance with laws and regulations.

由治理层管理层和其他人员
the policies and procedures designed

设计与执行的政策与程序
and implemented by the management and other personnel of the governance level

那么内部控制它其实可以分为五个要素
In fact, internal control can be divided into five elements:

控制环境 风险评估过程 信息系统与沟通
control environment, risk assessment process, information system and communication,

控制活动以及对控制的监督
control activities and supervision of control.

我们这里需要强调的是
What we need to emphasize here is that

内部控制这个定义实际包含了三层含义
the definition of internal control actually contains three meanings.

第一层含义就是内部控制目标
The first meaning is internal control target.

这里指出了内控的三大目标
This paper points out three major objectives of internal control:

保证报告的可靠性 经营的效率效果
to ensure the reliability of the report, the efficiency of the operation

以及对法律法规的遵守 这是第一层含义
and the compliance with laws and regulations, which is the first meaning.

第二层含义揭示了内控的实施或者执行的主体
The second meaning reveals that the main body of the implementation or execution of internal control

是治理层管理层和其他人员
is the management and other personnel.

第三层含义告诉我们内部控制的本质是什么
The third meaning tells us the essence of internal control.

内控的本质实际上就是政策和程序
The essence of internal control is actually policy and procedure.

来分别看一下内控的五要素它的涵义
Let's take a look at the five elements of internal control.

第一个是控制环境
The first is to control the environment,

控制环境包括治理职能和管理职能
which includes the governance function and management function

以及治理层和管理层对内部控制
as well as the attitude, understanding and measures of

及其重要性的态度 认识和措施
the governance and management to the internal control and its importance.

控制环境设定了被审计单位的内部控制基调
The control environment sets the tone of the internal control of the audited unit,

它会影响员工对内部控制的认识和态度
which will affect the employees' understanding and attitude towards the internal control.

良好的控制环境是实施有效内部控制的基础
Good control environment is the basis of effective internal control.

控制环境主要包括这些要素
The control environment mainly includes the following elements.

第一个对诚信和道德价值观念的沟通与落实
The first is the communication and implementation of honesty and moral values.

诚信和道德价值观念的沟通与落实
The communication and implementation of integrity and moral values

是控制环境的重要组成部分
is an important part of the control environment,

它会影响到重要业务流程的设计和运行
which will affect the design and operation of important business processes.

内控是不是有效直接依赖于负责创建
Whether internal control is effective or not depends directly on

管理监督内控的人员的诚信和道德价值观念
the integrity and moral values of the personnel responsible for the establishment, management and supervision of internal control.

我们讲到内控的局限性就会提到
When we talk about the limitations of internal control, we will mention that

内部控制是有固有局限性的
internal control has inherent limitations.

管理当局会超越内控管理当局如果超越内控
The management will surpass the internal control. If the management surpasses the internal control,

其实某种意义上就意味着
in a sense, it means that

他的诚信和道德价值观念这块是有问题的
his integrity and moral values are problematic,

也就是控制环境是有问题的
that is, the control environment is problematic.

第二个是对胜任能力的重视
The second is the emphasis on competence.

胜任能力是指具备完成某一职位的工作
Competence refers to

所应有的知识和能力
having the knowledge and ability to complete a certain position.

注册会计师应当考虑
A certified public accountant shall consider

主要管理员和其他相关人员是不是有能力
whether the main administrators and other relevant personnel are competent

胜任所担任的工作和职责
for their work and responsibilities.

胜任能力不足
If you are incompetent,

无论你的内控制度规定的多么的完善
no matter how perfect your internal control system is,

最终执行者他的能力达不到
the final executor's ability will still be in trouble.

还是会出问题的
that will be in trouble

第三个治理层的参与程度
The third is the degree of participation of the management.

被审计单位治理环境在很大程度上
To a large extent, the governance environment of the audited unit is

受治理层的影响
affected by the governance.

治理层的职责应在被审计单位的
The responsibilities of the management

章程和政策当中加以规定
should be stipulated in the Constitution and politics of the audited unit.

第四个是我们管理层的理念和经营风格
The fourth is the concept and management style of our management.

管理层负责企业的运作
The management is responsible for the operation of the enterprise

以及经营策略和程序的制定 执行和监督
and the formulation, implementation and supervision of business strategies and procedures.

控制环节每个方面在很大程度上
Every aspect of the control link is largely

都受管理层采取的措施和作出决策的影响
affected by the measures taken and decisions made by the management,

或在某些情况下受管理层
or in some cases by the management's

不采取某些措施或不作出某种决策的影响
failure to take some measures

也是管理层的理念和经营风格
or make some decisions.

甚至进一步来讲
Even more,

他的激进型风格保守型风格
his radical style, conservative style

以及中庸性风格都会影响到企业的风险
and moderate style will affect the risk of the enterprise,

进而影响到企业的内控在执行过程当中
and then affect whether the internal control of the enterprise

是严谨 还是比较马虎
is rigorous or sloppy in the implementation process.

第五个组织结构和职责与权力的分配
Fifth, organizational structure, responsibility and power distribution.

被审计单位的组织结构为计划 运作
The organizational structure of the audited entity

控制和监督经营活动提供了一个整体框架
provides an overall framework for planning, operating, controlling and supervising business activities.
00:04:13,184 --> 00:04:15,032
通过集权或者分权决策
Through centralized or decentralized decision-making,
78

可在不同部门之间进行适当的职责划分
we can divide responsibilities among different departments

建立适当层次的一个报告体系
and establish a reporting system at appropriate levels.

所以这里讲组织结构
Therefore, the organizational structure

它会影响到权利责任和工作任务
will affect the distribution of rights, responsibilities

在组织成员当中的一个分配
and tasks among the members of the organization.

被审计单位的组织结构
the organizational structure of the auditee will

将在一定程度上取决于被审计单位的规模
To some extent, depend on the scale of the auditee

和经营活动的性质
and the nature of its business activities.

就是组织结构设置不合理
If the organizational structure is not set properly,

内控有的时候就会失效
internal control will sometimes fail.

比如说我们有些企业在它的销售公司下面
For example, under their sales company

设置一个财务部单独对它的销售业绩
some of our enterprises set up a finance department

销售收入确认进行核算
to separately account for their sales performance and sales revenue.

如果这个财务部门直接受销售公司领导的
If the financial department is directly led by the sales company,

可见它的财务信息失真的可能性会非常大
it can be seen that its financial information is likely to be distorted,

因为它的组织结构设置不合理
because its organizational structure is unreasonable.

最后一个是人力资源政策和实务
The last is human resources policy and practice.

人力资源政策和实务涉及招聘
Human resource policies and practices involve recruitment,

培训 考核 晋升和薪酬等方面
training, assessment, promotion and remuneration.

被审计单位是否有能力招聘
Whether the auditee is able to recruit

并保留一定数量既有能力又有责任心的员工
and retain a certain number of capable and responsible employees

在很大程度上取决于其人事政策和实务
depends largely on its personnel policy and practice.

当然我们还需要指出的就是
Of course, we also need to point out that

我们后面说到的控制活动里面有一个轮岗制度
the implementation of the rotation system

强制休假制度
and the compulsory leave system in the control activities

这一些制度落实都需要我们人力资源政策
we will talk about later needs our human resources policy

来作为一个基础
as a basis.

所以人力资源政策和实务
So human resource policies and practices

是控制环境里面非常重要的一个部分
are a very important part of the control environment.

内控的第二个要素是风险评估过程
The second element of internal control is the risk assessment process.

每个企业都面临诸多来自内部
Every enterprise is faced with many internal

和外部的有待评估的风险
and external risks to be evaluated.

风险评估是企业确认和分析
Risk assessment is a process in which an enterprise confirms and analyzes

与其目标实现相关的风险这么一个过程
the risks related to the realization of its objectives.

它形成了如何管理风险一个基础
It forms a basis for how to manage risks.

导致风险产生和变化的事项和情形有很多
There are many ideas and situations that lead to the generation and change of risks,

比如说监管及经营环境的变化
such as the change of regulatory and business environment,

新员工的加入新信息的系统的使用
the addition of new employees, the use of new information systems,

还有对原系统进行升级业务快速发展
the rapid development of upgrading the original system,

新技术 新产品 新作业
new technology, new products, new operations,

企业重组 发展海外经营等等
enterprise restructuring, the development of overseas operations, etc.,

这些都会影响到风险的产生和变化
which will affect the generation and change of risks.

所以风险评估过程的作用就是
Therefore, the role of risk assessment process is to

识别评估和管理影响被审计单位
identify and manage

实现经营目标能力的各种风险
various risks that affect the ability of the audited unit to achieve business objectives.

第三个要素是信息系统与沟通
The third element is information system and communication.

信息系统与沟通就意味着
Information system and communication means that

我们的组织应该有一个完备的信息系统
our organization should have a complete information system.

它应该包括生成 记录 处理
It should include generating, recording, processing

报告交易 事项和情况
and reporting transactions and situations,

并对相关资产 负债所有者权益
and recording the procedures for the relevant assets and liabilities' owners' equity

履行经营管理责任的程序和这么一个记录
to perform the operation and management responsibilities.

对报表审计来讲
For statement audit,

注册会计师关注的是与财务报告相关的
CPA focuses on the information system

信息系统与沟通
and communication related to financial report,

其中的信息系统又应当与业务流程相适应
and the information system should adapt to the business process.

与财务报告相关的沟通包括使员工了解
Communication related to financial reporting, including making employees understand

各自在财务报告有关的内部控制方面的角色
their roles and responsibilities in internal control related to financial reporting,

职责 员工之间的工作联系
working contacts between employees,

以及向适当级别的管理层
and ways to report exceptions to

报告例外事项的方式
appropriate levels of management.

第四个要素是控制活动
The fourth element is control activities.

控制活动是指为了确保管理层的指令
Control activities refer to ensure the implementation of management's instructions

得以实施而制定并执行的政策和程序
that policies and procedures formulated and implemented

控制活动它有助于确保实施必要的控制
Control activities help to ensure that necessary controls

以管理风险实现经营目标
are implemented to manage risk and achieve business objectives.

它主要包括什么
What does it mainly include?

包括授权 业绩评价 信息处理
It includes activities related to authorization, performance evaluation, information processing,

实物控制和职责分离等相关的活动
food control and separation of responsibilities.

首先什么叫授权
First of all, what is authorization?

就是注册会计师应当了解
That is, certified public accountants should understand

与授权有关的控制活动
the control activities related to authorization,

包括一般授权和特别授权
including general authorization and special authorization.

授权的目的在于保证交易在
The purpose of authorization is to ensure that transactions are

管理层授权范围内进行
conducted within the scope of management authorization.

第二个关注的是业绩评价
The second concern is performance evaluation.

注册会计师应当了解业绩评价有关的控制活动
The certified public accountant shall understand the control activities related to performance evaluation,

主要包括被审计单位
mainly including

分析评价实际业绩和预算的差异
the analysis and evaluation of the actual performance and budget differences of the auditee,

综合分析财务数据
the comprehensive analysis of the internal relationship

与经营数据之间的内在关系
between financial data and business data,

将内部数据与外部数据进行比较
the comparison of internal data and external data,

评价职能部门 分支机构
the evaluation of the performance of functional departments, branches and

和项目活动的业绩
project activities,

以及对发现的异常差异或关系
as well as for the abnormal differences or relations found

采取必要的调查与纠正措施等等
adopt the necessary investigation and corrective measures

第三个是信息处理
The third is information processing.

注册会计师应当了解信息处理有关控制活动
Certified public accountants shall understand the control activities related to information processing.

我们说信息技术一般包括一般控制和应用控制
We say that information technology generally includes general control and application control.

信息技术一般控制是与多个应用系统
General control of information technology

有关的政策和程序
is a policy and procedure related to multiple application systems,

有助于保证信息系统持续恰当的运行
which helps to ensure the continuous and proper operation of information systems

支持应用控制作用的有效发挥
and supports the effective play of application control functions.

信息技术应用控制是什么呢
What is it application control?

是指主要在业务流程层面运行的
It refers to the manual or automatic program

人工和自动化控制
mainly running at the business process level,

与用于生成 记录 处理 报告交易
which is related to the program used to generate, record, process, report transactions

和其他财务数据的程序相关
or other financial data.

第四个控制是实物控制
The fourth control is physical control.

注册会计师应当了解实物控制
The certified public accountant shall understand the physical control,

主要包括了解对资产和记录
which mainly includes knowing to

采取适当的安全保护措施
take appropriate security protection measures for assets and records,

对访问计算机程序和数据文件
setting permissions for accessing computer programs and data files,

设置权限以及定期盘点
and making regular inventory,

并将盘点记录跟我们的会计记录进行核对
and checking the inventory records with our accounting records.

最后一个相关的活动是职责分离
The last related activity is separation of duties.

就是说注册会计师应了解职责分离情况
That is to say, certified public accountants should understand the separation of duties.

就不相容职务分离情况
The situation of incompatible job separation

主要包括了解被审计单位如何将交易授权
mainly includes understanding how the auditee assigns the responsibilities of transaction authorization,

交易记录以及资产保管等
transaction record and asset custody

职责分配给不同员工
to different employees

以防范同一员工在履行多项职责时
to prevent the possible fraud or error of

可能发生的舞弊或错误
the same employee when performing multiple duties.

接下来我们来看一下
Next, let's take a look at

最后一个组成要素就是对控制的监督
the last component, which is the supervision of control.

内部控制系统需要被监督
The internal control system needs to be supervised,

即对该系统有效性进行评估的一个过程
which is a process of evaluating the effectiveness of the system.

该过程包括及时评价控制的设计和运行情况
The process includes timely evaluation of the design and operation of the control

以及根据情况变化采取必要的纠正措施
as well as taking necessary corrective measures according to the change of the situation.

可以通过持续性的监督行为独立的评价行为
The internal control system can be supervised by continuous supervision, independent evaluation

或两者结合来实现对内部控制系统的一个监督
or a combination of the two.

这其中有四个要点
There are four main points.

第一个单位是否定期评价内控
Whether the first unit evaluates internal control regularly.

通常来讲我们说被审计单位
Generally speaking, we say that the auditee

它有一个持续的监督活动
has a continuous supervision activity,

专门的评价活动或者两者结合来实现
a special evaluation activity or a combination of the two

对控制的监督
to achieve the supervision of the control.

所以这里注意两项
So here we pay attention to two activities:

一项是监督活动
Supervision

一项是专项评价活动
and special evaluation.

持续的监督活动通常贯穿于
Continuous supervision activities usually run through

被审计单位的日常经营活动
the daily business activities

和常规管理工作当中
and routine management of the audited unit.

这项工作可以由谁来做
Who can do this work?

由内审人员或者类似职能的人员来实施
Internal auditors or personnel with similar functions can do it.

第二条就是说管理层是否能够及时纠正
The second is whether the management can correct

控制运行中的偏差
the deviation in the control operation in time.

第三条就是管理层有没有根据监管机构的
The third is whether the management according to the reports and suggestions of the regulatory authorities.

报告和建议采取纠正措施
has taken corrective measures

还有最后一点
Finally,

有没有存在一个协助管理层
is there a functional department

监督内控的职能部门
to assist the management to supervise the internal control.

比如说我们一般说这个机构是内部审计部门
For example, we generally say that this organization is the internal audit department.

这个是我们内部控制的一个框架图
This is a framework diagram of our internal control.

我们说控制环境是基础信息沟通是载体
We say that control environment is the basis, information communication is the carrier,

然后风险评估是依据 控制活动是手段
then risk assessment is the basis, control activities are the means,

监控是保证
monitoring is the guarantee,

这样共同构成了一个有效的内控系统
which together constitute an effective internal control system,

从而有助于控制目标的实现
thus contributing to the realization of control objectives.

我们当然也要了解一下内控的局限性
Of course, we also need to understand the limitations of internal control.

首先 被审计单位实施内部控制的
First of all, the cost-effectiveness of the implementation of internal control

成本效益问题会影响到其职能
by the auditee will affect its functions.

就当实施某项控制成本大于控制效果
When the cost of a control is greater than the loss,

而发生损失时就没有必要去设置控制环节
there is no need to set the control link.

比方说我们说针对不相容职务
For example, for incompatible positions.

我们设置两个三个岗位
we set up two or three positions

其实这样做其实还是意味着
In fact, this means that

我们的控制成本会小于
our control cost will be less than

我们的一旦发生损失的这个损失的金额
the amount of our loss once it occurs.

第二点内部控制一般都是针对
The second point is that internal control is

经常而重复发生的业务
generally aimed at the frequent and repeated business,

对一些非常规业务可能原有的内控就不适用了
which may not be applicable to the original internal control of some unconventional business,

所以要进行动态更新
so it needs to be updated dynamically.

第三点我们刚才说的人人是很关键的
The third point is that the people we just mentioned are very important,

所以强调胜任能力
so we emphasize competence.

但是不管怎么说都存在人为判断错误的问题
But in any case, there is the problem of human error in judgment,

所以人为判断错误或者人为的失误
so human error in judgment or human error may

也可能导致内控的失效
also lead to the effectiveness of internal control.

第四点如果被审计单位内部
Fourth, if the quality of the internal

行使控制职能人员
control personnel of the audited unit

他的素质不适应岗位要求也会有问题的
does not meet the requirements of the post, there will be problems.

最后就是所谓的串谋
Finally, the so-called collusion

还有管理层凌驾内控之上
collusion is that more people collude and the management is superior to the internal control,

这样内控也可能会被规避
so the internal control may also be evaded.

这是我们内控的这么几个局限性
These are the limitations of our internal control.

通过这节课的学习
Through the study of this lesson,

我们对企业内部控制的含义
for the meaning of internal control and its components. we

及其组成要素有了一定的了解
have a certain understanding

谢谢大家
Thank you.