8.3 Understand internal control of the audited company在线视频

各位同学欢迎回到《审计学》的课堂
Every students, welcome back to the classroom of auditing.

本节我们将进一步介绍一下
In this section, we will further introduce

了解被审计单位内部控制的有关内容
the contents related to the internal control of the audited unit.

了解被审计单位的内部控制是
Understanding the internal control of the audited unit is

识别和评估重大错报风险
a basis for identifying and assessing the risk of material misstatement

设计和实施进一步审计程序的一个基础
and designing and implementing further audit procedures.

注册会计师应当了解与审计相关的内部控制
Certified public accountants should understand the internal control related to audit

以识别潜在的错报的类型
to identify potential types of misstatements.

同时考虑导致重大错报的因素
At the same time, the factors leading to material misstatement and

以及设计进一步审计程序
the design of further audit procedures are considered.

首先我们就需要了解
First, we need to understand

什么是与审计相关的控制
what audit related controls are.

与审计相关的控制主要包括
The control related to audit mainly includes

被审计单位为实现财务报告可靠性目标
the control designed and implemented by the auditee

而设计和实施的控制
to achieve the reliability target of financial report.

注册会计师应当运用职业判断
Certified public accountants should use professional judgment

考虑一项控制单独或连同其他控制
to consider whether a control, alone or together with other controls,

是否与评估的重大错报风险
is related to the risk of material misstatement of the assessment

以及针对评估的重大错报风险
and for the risk of material misstatement of the assessment

设计和实施的进一步审计程序有关
the further audit procedures designed and implemented

这是一个
that is one.

其实我们需要知道对内部控制了解的深度
In fact, we need to know the depth of understanding of internal control.

对内部控制了解我们说主要是了解
To understand internal control,

第一个就是评价控制的设计
we say that the first is to understand the design of evaluation control.

注册会计师在了解内部控制时
When CPAs understand internal control,

首先应当评价内控的设计是否合理
they should first evaluate whether the design of internal control is reasonable,

然后在这个基础之上再来确定
and then on that basis determine

它是否得到了执行
whether it has been implemented

所以评价控制的设计
The design of evaluation control

是指考虑一项控制单独或连同其他控制
is to consider whether a control alone or together with other controls

是否能够有效防止发现并纠正重大错报
can effectively prevent the detection and correction of major misstatements.

这个是指这项控制在设计的时候
This refers to when it is designed.

它能不能本质上实现这一点
whether this control can achieve this in essence

控制得到执行是指某项控制存在
Implementation of control means that a control exists

且被审计单位正在使用
and is being used by the auditee.

设计不当的控制可能表明内控存在重大缺陷
Improper design of control may indicate that there are major defects in internal control,

所以注册会计师在确定是否考虑
so when certified public accountants decide whether to consider

控制得到执行时
the implementation of control,

你首先要考虑控制的设计
you should first consider the design of control.

如果内控本身设计就是不当的
If the design of internal control itself is improper

设计就是有问题的
and the design is problematic,

我们就没有必要再考虑控制是否得到执行
there is no need for us to consider whether the control is implemented.

第二个就是获取控制设计和执行的审计证据
The second is to obtain audit evidence of control design and implementation.

注册会计师通常实施下列风险评估程序
Certified Public Accountants usually carry out the following risk assessment procedures

以获取有关控制设计和执行的审计证据
to obtain audit evidence on control design and implementation.

第一个询问被审计单位人员
The first one is to ask the personnel of the audited unit,

然后观察特定控制的运用检查文件和报告
and then observe the application of specific controls, check documents and reports,

还有追踪交易在财务报告
and track the processing process of transactions

信息系统中的处理过程
in the financial reporting information system,

也就所谓的穿行测试
so-called walkthrough test.

我们需要注意的是什么
What we need to pay attention to is that

除非存在某项可以使控制得到一贯
unless there is an automatic control that

运行的自动化控制
can make the control run consistently,

否则注册会计师对控制的了解
the CPA's understanding of the control

并不能够代替对控制运行有效性的测试
can not replace the test of the effectiveness of the control.

接下来我们从内控的五要素的角度
Next, we will from the perspective of the five elements of internal control

分别来谈一谈如何对
talk about how to

被审计单位内部控制进行了解
understand the internal control of the audited unit.

第一个方面对被审计单位控制环境的了解
The first aspect is the understanding of the control environment of the audited unit,

其中包括了解和评估被审计单位
including the understanding and evaluation of

诚信和道德价值观念的沟通与落实
the communication and implementation of the integrity and moral values of the audited unit.

第二个就是了解和评估被审计单位
The second is to understand and evaluate the importance of the auditee

对胜任能力的重视情况
on the competence of employees.

第三个是了解和评估被审计单位
The third is to understand and evaluate

治理层的参与程度
the degree of participation of the management of the audited unit.

第二个方面我们要对被审计单位
The second aspect is to understand

风险评估过程进行了解
the risk assessment process of the auditee.

在评价与被审计单位风险评估过程的
When evaluating in the risk assessment process of the auditee

是一些控制制度设计和执行时
the design and implementation of some control systems ,

注册会计师应当确定管理层是如何识别
the certified public accountant shall determine how the management identifies

与财务报表相关的经营风险的
the operational risks related to the financial statements,

以及它是如何评估该风险的重要性
how it assesses the importance of the risks,

如何评估风险发生的可能性
how it assesses the possibility of the risks

以及它是如何采取措施来管理这些风险的
and how it takes measures to manage these risks.

如果被审计单位的风险评估过程
If the risk assessment process of the auditee

符合其具体情况
conforms to its specific situation,

了解被审计单位的风险评估过程和结果
then understanding the risk assessment process and results of the auditee

就会有助于注册会计师识别财务报表
will help the certified public accountant to identify

重大错报的一个风险
the risk of material misstatement of the financial statements.

其中在了解和评估被审计单位
Among them, when understanding and evaluating the risk assessment process

整体层面的风险评估过程时
at the overall level of the auditee

应当考虑因素主要有四个方面
there are four main four factors to be considered

第一个被审计单位是不是已经建立
First, has the entity established

并沟通了它的整体目标
and communicated its overall objectives,

并辅之以具体的策略
supported by specific strategies

和业务流程层面的一个计划
and business process level plans?

第二被审计单位是否已建立了风险评估的过程
Has the second entity established a risk assessment process?

包括如何识别风险如何评估风险重大性
It includes how to identify risks, how to assess the significance of risks,

如何评估风险发生的可能性
how to assess the possibility of risks

以及针对风险评估的结果怎么采取应对措施
and how to take countermeasures against the results of risk assessment.

第三个会计部门是不是建立了某种流程
Third, has the accounting department established a process

已识别会计准则的重大变化
to identify significant changes in accounting standards?

第四个风险管理部门是不是建立了某种流程
Fourthly, does the risk management department establish a process

已识别经营环境包括监管环境发生了重大变化
to identify major changes in the business environment, including the regulatory environment?

第三个方面我们就要对被审计单位
Third, for auditee we need

控制活动进行一个了解
to understand the control activities

首先注册会计师应当重点考虑
First of all, certified public accountants should focus on

一项控制活动单独或连同其他控制活动
whether a control activity alone or together with other control activities

是否能够以及如何防止或发现并纠正
can and how to prevent or detect and correct

各类交易 账户余额 列报存在的重大错报
major misstatements in various transactions, account balances and presentation.

提供的重点是识别和了解针对重大错报
The work focus of Certified Public Accountants is to identify and understand the control activities

可能发生的领域的控制活动
in the areas where major misstatement may occur.

如果多项控制活动能够实现同一目标
If multiple control activities can achieve the same goal,

这个时候注册会计师不必了解
the certified public accountant does not need to know

与该控制目标有关的每一项控制
every control activity related to the control goal.

其次注册会计师对被审计单位
Secondly, for auditee the CPA

整体层面的控制活动进行了解和评估
understands and evaluates the control activities at the overall level ,

这个时候主要是针对
which is mainly aimed at

被审计单位一般控制活动
the general control activities of the auditee,

特别是信息技术的一般控制
especially the general control of information technology.

在了解和评估一般控制活动的时候
When we understand and evaluate the general control activities,

我们要考虑这么一些因素
we should consider some factors

比如说对被审计单位的主要经营活动
such as for the main business activities of the auditee

是否都有必要的控制政策和程序进行一个评估
whether there is a necessary control policy and procedure

是否存在一个计划和报告系统
whether there is a planning and reporting system

以识别与目标业绩的差异
to identify the differences with the target performance

并向适当层次的管理层报告该差异
and report the differences to the appropriate level of management;

是否由适当层次的管理员对差异进行调查
whether there is an appropriate level of administrator to investigate the differences

然后采取纠正措施
and take corrective action

还有不同人员的职责应在何种程度上相分离
To what extent should the responsibilities of different personnel be separated

以降低舞弊和不正当行为的风险
to reduce the risk of fraud and misconduct；

还有就是会计系统的数据
Whether the data in the accounting system

是否与实物资产定期核对
is regularly checked with the physical assets；

它是否建立了适当的保护措施
Whether appropriate safeguards are in place

以防止未经授权接触了文件记录和资产
to prevent unauthorized access to documents, records and assets；

还要关注是否存在信息安全
Also focus on whether exist security,

职能部门负责监督我们的信息安全
for monitoring information security

政策和程序的问题
policies and procedures,

有没有这个信息安全职能部门专门干这个事
Is there an information security function responsible ?

第四个方面我们要对被审计单位的
Fourth, for the auditee we need to

信息系统与沟通进行了解
understand the information system and communication.

注册会计师应当从以下方面来了解
The certified public accountant should understand the information system related to the financial report of the auditee from the following aspects:

第一个在被审计单位经营过程当中
first, in the operation process of the auditee

对财务报表具有重大影响的各类交易
all kinds of transactions that have a significant impact on the financial statements

然后在信息技术和人工系统中
then, in the information technology and artificial system,

交易生产记录处理和报告的程序
the procedures of transaction generation, recording, processing and reporting.

在获取了解的时候
When obtaining the information,

注册会计师应当同时考虑被审计单位
the certified public accountant should consider

将交易处理系统中的数据过入总分类账
the procedure of the audited unit passing the data in the transaction processing system into the general ledger

和财务报告的一个程序
and financial report at the same time.

第三个管理层凌驾于账户记录控制之上的风险
Third, the risk that management is above the control of account records.

另外注册会计师还应当了解
In addition, the certified public accountant should also understand

被审计单位内部如何对财务报告的岗位职责
how the auditee communicates with the post responsibilities of

以及财务报告相关的重大事项进行沟通
the financial report and the major matters related to the financial report,

并了解管理层和治理层之间是怎么沟通的
and how the management and the management communicate with each other,

以及被审计单位和外部之间是怎么沟通的
and how the auditee communicates with the outside.

第五个方面就是了解被审计单位的
The fifth aspect is to understand

内部控制的监督
the supervision of the internal control of the audited unit,

就是了解一下它的对控制的监督
that is, to understand over the control

到底有哪些方面
what aspects of its supervision are.

我们来看一下首先了解和评估被审计单位
First of all, understand and evaluate

整体层面的内部控制的监督
the supervision of internal control at the overall level of the audited unit.

应该包括这七个方面
It should include the following seven aspects:

第一个被审计单位有没有定期评价内控
first, does the audited unit evaluate internal control regularly;

第二被审计单位的人员在履行正常职责时
second, to the personnel of the audited unit when performing their normal duties;

他能够在多大程度上获取内控
what extent can they obtain evidence

是否有效运行的证据
of effective operation of internal control

第三个方面是什么呢
and third, what is it?

就是与外部的沟通能够在多大程度上
To what extent can external communication

证实内部产生信息或者指出存在的问题
confirm the internal information or point out the existing problems；

第四个方面管理层是否采纳内部注册会计师
The fourth aspect is whether the management adopts the internal control suggestions

和注册会计师有关内部控制的建议
of the internal certified public accountant and the certified public accountant;

第五个方面管理层是否及时纠正控制
the fifth aspect is whether the management timely corrects

运行当中的偏差
the deviation in the control operation;

第六个方面管理层根据监管机构报告及建议
the sixth aspect is the management according to the reports and suggestions of the regulatory authority

是否及时采取了纠正措施
whether timely takes the corrective measures

第七个方面是否存在协助管理层
the seventh aspect is whether there are functional departments assisting the management

监督内部控制的职能部门
to supervise the internal control.

比如说内部审计部门
For example, the internal audit department

其次如果被审计单位有内部审计部门
Secondly, if the auditee has an internal audit department,

那么注册会计师对被审计单位
the CPA's

内部审计职能理解和评估
understanding and evaluation of the auditee's internal audit function

还需要考虑下面因素
also needs to consider the following factors:

第一内审机构它有没有独立性
first, does the internal audit organization have independence?

它有没有权威性它向谁报告
Is it authoritative? Who does it report to?

它有没有足够的人员
Does it have enough people?

人员有没有足够的培训
Is there enough training for personnel?

人员的特殊技能怎么样
What are the personnel's special skills?

还有它有没有坚持适用的专业准则
And does it adhere to applicable professional standards?

内审机构的活动范围是什么
What is the scope of activities of internal audit institutions?

所以这些都要进行评估
All of this needs to be evaluated.

通过这一节的学习
Through the learning of this section,

我们对如何了解被审计单位内部控制
About how to understand the internal control of the audited unit we

有了一定的认识
have a certain understanding.

谢谢大家
Thank you