英国公司内部控制指引报告

内部控制鉴证报告英文版English:Internal control is an essential component of an organization's governance structure, encompassing the policies, procedures, and practices implemented to ensure the achievement of objectives, reliability of financial reporting, and compliance with laws and regulations. As auditors, our responsibility is to evaluate and provide assurance on the effectiveness of internal control systems. This involves assessing the design and implementation of controls, as well as testing their operating effectiveness. Through our examination, we identify strengths and weaknesses in the internal control environment, including any deficiencies that could potentially lead to material misstatements in the financial statements. Our ultimate goal is to offer recommendations for improvement, enhancing the organization's ability to safeguard assets, maintain accurate records, and operate efficiently. We conduct our audit in accordance with generally accepted auditing standards, which require us to exercise professional skepticism and perform procedures to obtain reasonable assurance about whether the internal control system is effective in achieving its objectives. Additionally, we communicateour findings and recommendations to management and those charged with governance, providing them with valuable insights to enhance oversight and governance processes.中文翻译:内部控制是组织治理结构的重要组成部分，包括实施的政策、程序和做法，旨在确保实现目标、财务报告的可靠性以及遵守法律法规。

前沿CUTTING EDGE英国和美国公司治理的差异及其根源常常被我们归结为一类的英美公司治理模式,事实上在诸多关键领域存在着重大差异,启示我们借鉴国外经验时要择善而从,注意自身的适用条件文 /饶育蕾李蕊公司治理根据法律渊源的不同而分为以大陆法系为起源的日德模式和以普通法系为起源的英美模式。

英国和美国的公司治理常常被被认为是相同的,它们之间存在的差异常常被忽略了。

事实上,与美国模式在 20世纪 90年代被大加追捧与 2002年的财务丑闻以及治理改革方案的饱受批评相比,英国的治理模式以其渐进的改革、稳健的发展为特征逐渐演进着,到目前已经构建了世界上最严谨、最完善的公司治理体系。

面对财务丑闻:乱世出重典还是慢工出细活? 20世纪 80年代末,英国的公司治理像 21世纪初的美国一样,面临着巨大的信任危机。

当时英国的镜报集团、BCCI、Polly Peck 等一连串知名公司爆发了严重的财务舞弊案,引发了英国的理论和实务界对公司治理问题的高度关注和激烈讨论。

为了稳定社会经济和保障投资人的权益, 英国成立了以Adrian Cadbury 爵士为首的委员会进行调查,并于 1992年公布了著名的《Cadbury 报告》。

该报告奠定了英国一系列公司治理改革的基础,并形成了独具特色的公司治理调查模式,即由权威学者带领的特别委员会针对公司治理中的某一问题进行调查、取证、讨论、分析和研究,最后出具报告并监督执行的过程。

按照这一模式,继 Cadbury 报告(1992之后,英国先后出台了一系列研究报告,包括关于薪酬制度的 Greenbury报告(1995、对Cadbury报告和Greenbury报告的实施情况进行回顾和调查的Hampel 报告(1998, 并在以上三个报告基础上于 1998年出台了“联合法案” ; 随后又针对某些具体问题展开调查,包括关于内部控制问题的Turnbull报告(1999、关于机构投资者作用的Myners 报告(2001。

英国公司治理和内部控制具有自身特点和有效性，因此，深入研究英国内部控制标准及其运行机制，对我国企业内部控制标准建设具有重大的借鉴意义。

一、英国内部控制标准的主要特点1.与公司治理准则紧密结合。

在英国，内部控制是公司治理的主要组成部分。

尽管内部控制有着悠久的历史，但是内部控制标准制定的时间并不长，其与公司治理准则建设密不可分。

1992年的卡伯利报告从财务角度研究公司治理，将内部控制置于公司治理框架之下；1998年的哈姆佩尔报告将内部控制作为公司治理的原则之一；1998年、2003年和2006年的三个版本的公司治理综合准则，均将内部控制作为公司治理的组成部分，对董事会如何履行内部控制系统方面的职责进行了规范。

例如，在《公司治理综合准则2003》C.2“内部控制”中规定：“董事会应当维护一个健全、可靠的内部控制系统，以保护股东投资和公司资产。

”C.2.1规定：“董事应当至少每年一次，执行集团内部控制系统有效性的复核，并应当向股东报告他们已经这样做了。

这种复核应当覆盖所有的控制，包括财务、经营和遵循性控制以及风险管理系统。

”《公司治理综合准则2006》保持了这样的规定。

这种制度安排，能够使公司董事会从公司治理的高度来认识和重视公司内部控制系统的建设和维护，便于伦敦股票交易所（LSE）将其列为上市规则以提高其权威性，赋予上市公司建立、维护和披露内部控制方面的义务，同时也为相关职业组织建立内部控制标准提供了较权威的支持。

2.强调责任分明。

在建立内部控制系统方面，公司治理综合准则将建立和维护健全、有效的内部控制系统的职责赋予了公司董事会。

在内部控制指南中，再次强调了董事会的这一责任：公司董事会对公司内部控制系统承担终极责任，董事会指派管理层执行设计、运行和监督内部控制系统的任务，员工集体来建立、运行和监督公司内部控制系统。

在复核内部控制有效性方面，公司治理综合准则规定，董事会至少每年对内部控制有效性进行一次复核，审计委员会复核公司内部财务控制、公司内部控制和风险管理系统以及内部控制的有效性。

英文内部控制报告Internal Control ReportIntroduction:The purpose of this report is to evaluate and assess the internal control system of our organization. Internal control refers to the policies, procedures, and practices implemented by management to safeguard assets, ensure accuracy of financial records, and promote operational efficiency.1. Control Environment:The control environment consists of the overall attitude, awareness, and actions of management regarding the importance of internal control. It sets the tone for the organization and influences the control consciousness of its employees. In our organization, the management has established a strong control environment by promoting ethical behavior, providing clear expectations, and encouraging open communication.2. Risk Assessment:Risk assessment involves the identification and analysis of potential risks that may impact the achievement of organizational objectives. Our organization has a comprehensive risk assessment process in place, which includesregular evaluation of internal and external factors that may affect our operations. Risks are assessed based on their likelihood and potential impact, and appropriate controls are implemented to mitigate identified risks.3. Control Activities:Control activities are the specific actions taken by management to address the risks identified during the risk assessment process. These activities include the segregation of duties, authorization and approval procedures, physical controls, and IT controls. In our organization, we have implemented various control activities to ensure the accuracy and reliability of financial reporting, safeguard assets, and promote operational efficiency.4. Information and Communication:Information and communication play a vital role in the effectiveness of internal control. Accurate and timely information is necessary for management to make informed decisions and monitor the organization's performance. Our organization has implemented a robust information system that ensures the availability, integrity, and confidentiality of information. Additionally, effective communication channels are established to ensure the flow of information throughoutthe organization.5. Monitoring:Monitoring is an ongoing process to assess the effectiveness of internal control over time. It involves regular reviews, evaluations, and testing of controls to identify any deficiencies or areas for improvement. Our organization has established a comprehensive monitoring program, including internal audits and management reviews, to ensure that controls are operating effectively and to address any identified weaknesses.总结:综上所述，我们的组织已经建立了一个有效的内部控制体系，以保障资产安全、确保财务记录的准确性，并提高运营效率。

英国公司内部控制指引报告引言：内部控制是指公司为实现经营目标，保护公司资产，确保财务报告的真实性和准确性，以及遵守适用法律法规和规定而采取的一系列措施和制度。

作为英国公司的一份重要文件，公司内部控制指引旨在鼓励公司建立和维护有效的内部控制体系，以保障公司和股东的利益。

本报告旨在评估英国公司的内部控制体系并提出改进建议。

一、内部控制的定义和重要性内部控制是公司治理的核心内容之一，它涉及公司管理层和员工在管理和运营过程中对风险的识别、评估、控制和监控，以保障公司目标的实现。

内部控制的重要性体现在以下几个方面：1.预防和发现错误和失误：内部控制机制能够帮助公司识别和纠正错误和失误，减少对公司经营的不利影响。

2.保护资产：内部控制能够帮助公司保护公司的资产，防止资产遭受盗窃、损坏、滥用或浪费。

3.提高财务报告的可靠性：内部控制能够确保财务报告的真实性和准确性，从而为公司提供可靠的财务信息用于决策。

4.遵守法律法规和规定：内部控制能够帮助公司遵守适用的法律法规和规定，减少公司因违反相关规定而面临的潜在风险。

二、内部控制指引的要求和实施情况英国公司内部控制指引要求公司建立和维护有效的内部控制体系，以保障公司和股东的利益。

根据指引的要求，该公司已经建立了内部控制体系，并制定了相关的控制和程序。

公司通过设置风险管理委员会，明确了风险识别、评估和控制的责任和程序。

此外，公司还建立了内部审计部门，负责对公司内部控制的有效性进行独立的内部审计和报告。

公司的内部控制执行情况良好，能够满足指引的基本要求。

三、内部控制存在的问题和建议改进尽管该公司的内部控制执行情况良好，但仍存在以下问题：1.控制目标不明确：公司的内部控制目标和风险管理目标需要更加明确和明确地定义，以确保有效的控制和监控。

建议：公司应重新评估和定义内部控制目标，并与风险管理目标相一致。

2.内部控制政策和程序存在漏洞：公司的内部控制政策和程序中存在一些漏洞，无法全面覆盖所有关键的风险领域。

公司治理下的内部控制与审计［提要］本文回顾分析了英国公司治理和内部控制发展历史上三个具有里程碑意义的文献--卡德伯利报告、哈姆佩尔报告和特恩布尔报告，揭示了英国内部控制发展的四大趋势，并结合我国内部控制研究和发展的现状，借鉴英国的经验，对当前我国内部控制理论研究的定位、上市公司内部控制有效性的披露以及内部审计的发展方向等问题提出了若干建议。

公司治理和内部控制发展史上的三大报告历史上看，英国内部控制的发展离不开公司治理研究的推动。

20世纪80-90年代，英国的公司治理像今天的美国一样，面临着巨大的信任危机。

面对创造性会计(creative accounting)的泛滥、公司经营的失败和连续不断的丑闻、董事薪酬激增以及企业短期行为主义猖獗等一系列公司治理问题，社会公众、监管机构的不满情绪日益升温。

这一阶段也就成为英国公司治理问题研究的一个高峰期，各种专门委员会纷纷成立，并发布了各自的研究报告，其中比较著名的有卡德伯利报告(Cadbury Report，1992)、拉特曼报告(Rutterman Report，1994)、格林伯利报告(Creenbury Report，1995)和哈姆佩尔报告(Hampel Report，1998)。

在吸收这些研究成果的基础上，1998年最终形成了公司治理委员会综合准则(Combined Code of the committee on Corporate Governance)。

综合准则很快就被伦敦证券交易所认可，成为交易所上市规则的补充，要求所有英国上市公司强制性遵守。

这些研究成果从理论和实践两个方面，极大地推动了英国公司治理和内部控制的发展，尤其是卡德伯利报告、哈姆佩尔报告，以及作为综合准则指南的特恩布尔报告(Turnbull Report，1999)，堪称英国公司治理和内部控制研究历史上的三大里程牌。

一、卡德伯利报告卡德伯利报告从财务角度研究公司治理，同时将内部控制置于公司治理的框架之下。

国外企业内部控制研究的最新进展综述到20世纪70年代中期，与内部控制相关的活动的优势已经出现在系统设置、审计等领域，主要集中在改善内部控制系统方式以及如何在审计中更好地考虑内部控制的方式上。

然而，受到1973－1976年“水门事件”调查的影响，政府立法机构和规章制定部门开始密切关注内部控制。

“水门事件”特别检举办公室和SEC分别进行了几个独立的调查，调查结果揭露出一个事实，即许多主要的美国公司对国外政府官员进行非法的政治援助、可疑或非法的支付，包括贿赂。

作为对这些调查的反应，国会委员会举行了听证会，来听取大众关于美国公司对国外政府官员的不适当支付的意见。

议案提交后，最终获得通过，并颁布了1977年国外行贿法案（Foreign Corrupt Practices Act of 1977，简称FCPA）。

除了反贿赂条款，FCPA还包括了一些属于会计和内部控制的条款。

FCPA要求公司对外报告的披露者，设计一个内部会计控制系统，并维持其有效性，以期为下列目标提供合理的保证：（1）交易在管理当局的一般授权或特殊授权下执行；（2）交易按需被记录，以使资产在账面上得到反映；（3）只有在得到管理当局的一般授权或特殊授权后，资产的接近权才得到允许；（4）将账面资产和实存资产在合理的间期内进行核对，并对产生的任何差异均采取适当的措施。

这些条款要求公司的管理当局设置账簿、记录和账户，以期精确并适当地放映公司资产的交易和处置，并要求管理当局保证内部会计控制系统的充分性，以期达到相关目标。

因此，该法案暗含的一个关键主题，就是适当的内部控制应该能有效地阻止对国外政府官员的非法支付。

很快，随着FCPA的颁布生效，有关内部控制的活动就如洪峰大水一样猛然爆发了。

许多公众公司将它们的内部审计职能部门的规模和职责大大地加大了，并更加密切地关注它们的内部控制系统。

同时，不少组织，包括职业团体和监管机构，从各个不同的角度对内部控制进行研究，并发布了许多内控建议和指南。

中文4225字外文翻译外文出处 Auditing: A Journal of Practice & Theory, 2006, 25(2): 25-39外文作者Scott N.Bronson，Joseph V.Carcello，K.Raghunandan原文：Firm Characteristics and Voluntary Management Reports on Internal Control SUMMARY:This study provides evidence on the nature of voluntary management reports on internal control MRIC , and on the characteristics of firms issuing suchreports, before internal control reports were mandated under Section 404 of theSarbanes-Oxley Act. We examine the association between firm characteristics and the voluntary inclusion of an MRIC in the firm‟s annual report.Our analysis of 397 midsizedfirms in 1998 indicates that a voluntary MRIC is more likely for firms that are larger, have an audit committee that meets more often, have a greater level of institutional ownership, and have more rapid income growth. We find that a voluntary MRIC is less likely for companies with more rapid sales growth. Slightly more than one-third of our sample issues an MRIC. None of the voluntary MRICs mention any material weaknesses; no reports include an auditor attestation;less than half 41 percent of the reports include a statement that controls were effective;and only three of these reports include the criteria used to assess control effectiveness.Keywords:management reports on internal control; firm characteristics; corporate Governance.INTRODUCTIONSection 404 of the Sarbanes-Oxley Act of 2002 SOX requires Securities and Exchange Commission SEC registrants to include in their annual report a management report on the effectiveness of internal control over financial reporting 404 Report and auditor attestation on this management report. Section 404 has become arguably the most controversial element of SOX.Many SEC registrants and business associations have complained about the costs associated with the internal control reporting requirement and have called for the revision if not repeal of Section 404 e.g., American Electronics Association [AEA] 2005; Advisory Committee on Smaller Public Companies 2006 .While SOX made 404 Reports mandatory, management reports on internal control MRIC were voluntarily included in corporate annual reports prior to SOX. Since includingan MRIC in the annual report potentially increased m anagement‟s liability exposure under both Rules 10b-5 and 14a-9 of the securities laws, MRICs were presumably included to signal differences in internal control quality across companies. In this paper, we examine the relation between firm characteristics and the voluntary inclusion of an MRIC in 1998 annual reports.Prior literature suggests that a high proportion of Fortune 100 companies report on controls in their annual reports Raghunandan and Rama 1994 , while a low proportion of smaller companies report on controls McMullen et al. 1996 . Hence, we examine the relation between firm characteristics and the inclusion of a voluntary MRIC for mid-sized companies because we are looking for a sample that will provide us with reasonable variation with respect to internal control reporting. We also provide descriptive information about the nature and content of these voluntary reports, and we compare and contrast them with the 404 reports.Our analysis includes 397 annual reports ?led by ?rms with total assets between $250 million and $5 billion. We ?nd that 36 percent of mid-sized companies include an MRIC in their 1998 annual report, and that the likelihood of an MRIC 1 increases with ?rm size, audit committee meeting frequency, institutional ownership, and income growth, and 2 decreases with sales growth. None of the reports mention any reportable conditions or material weaknesses; no reports include an auditor attestation; less than half 41 percent of the reports include a statement that controls were effective; and only three of these reports include the criteria used to assess control effectiveness. Our results illustrate the nature of internal control reporting that was provided under a voluntary system along with the ?rm characteristics associated with this reporting.The rest of the paper is organized as follows. The next section discusses the institutional background and develops the hypotheses. Our research design and sample selection process follow. Results are then presented, followed by a summary and conclusions.INSTITUTIONAL BACKGROUND AND HYPOTHESESSection 404 of SOX requires all public companies to include an internal control report indicating management‟s responsibility for establishing and maintaining an adequate internal control structure, and management‟s assessment as to the effectiveness of the entity‟s internal control over financial reporting. Although mandatory internal control reporting for all public companies is new, many public companies had voluntarily included an MRIC in their annualreports prior to SOX. For example, McMullen et al. 1996 report that the annual reports for approximately one-third of companies listed on National Automated Accounting Research System NAARS in 1993 included an MRIC.Benefits and Costs Associated with MRICsA firm might include an MRIC for a number of reasons―to explicitly state management‟s responsibility for internal control,to state the objectives of the company‟s internal control system including describing various components of that system e.g., an independent audit committee, an internal audit function, etc. , and/or to indicate that management believes that internal controls are effective. All of these reasons are designed to reduce financial statement users‟ uncertainty as to the quality of the company‟s financial reporting. Prior research indicates that financial statement users view voluntary MRICs as improving internal controls, enhancing the oversight of controls, and adding information for decision making Hermanson 2000 .Although firms expect to benefit by issuing an MRIC, there are costs associated with this disclosure. Under Rule 10b-5 it is unlawful“to make any untrue statement of a material fact…in order to make the statements made, in light of the circumstances under which they were made, not misleading” SEC 2005a . In addition, since the MRICs examined were included in annual reports distributed to shareholders, the statements made in these reports are subject to the SEC‟s proxy disclosure rules. Under Rule 14a-9 it is unlawful to make"any statement which ... is false or misleading with respect to a material fact" SEC 2005b . In comparison to Rule 10b-5, the applicability of Rule 14a-9 relating to the issuance of an MRIC is interesting because a plaintiff must only prove that the issuer was negligent in its disclosure under Rule 14a-9, whereas a plaintiff must prove scienter under Rule 10b-5 Brown and Detore 1989 . A statement by management that internal controls are effective when they are not would expose management and the entity to additional legal liability; even the inclusion of an MRIC without an explicit effectiveness statement increases the firm‟s exposure to legal liability. For example, MRICs without an effectiveness statement often contained a statement that the……corporation maintai ns a system of internal accounting controls designed to provide reasonable assurance that financial records are reliable for purposes of preparing financial statements.”If management knew or should have known that the entity did not maintain such controls, or there was no reasonable basis for management to believe that the controls wouldresult in reliable financial statements,its exposure to legal liability would have increased.Hypothesis DevelopmentWe examine firm characteristics associated with the decision to voluntarily include an MRIC. We rely on the work of Healy and Palepu 2001 who argue that the demand for disclosure arises from information asymmetry and agency costs between firm managers and outside investors. A naturally occurring research question arising from this theoretical framework involves examining the factors affecting management‟s disclosure choices. V oluntary disclosures are likely to be related to economic and governance characteristics of firms Healy and Palepu 2001 . In this study, we examine the relation between voluntary inclusion of an MRIC in the annual report and firm economic and governance characteristics.Firm CharacteristicsFirm size is positively related to lawsuits alleging financial reporting and disclosure problems e.g., Carcello and Palmrose 1994; Palmrose and Scholz 2004 . Since the potential litigation-related exposure from issuing a misleading MRIC is greater for larger firms, the issuance of an MRIC for larger firms is a more credible signal. We therefore expect a positive relation between firm size and an MRIC.Prior research finds that fraudulent financial reporting is more likely when controls are weak Beasley 1996; Beasley et al. 1999 . An MRIC provides a means by which firms with strong internal control, but with other firm characteristics that are associated with a higher incidence of fraud, can signal to external parties their financial reporting quality. Firms with greater leverage and firms that issue securities are more likely to commit fraud Dechow et al. 1996 . Thus, including an MRIC provides companies with such characteristics a way to communicate information about the reliability of their financial information. We therefore expect a positive relation between firm leverage and the issuance of securities and an MRIC.There is increasing evidence that audit committee characteristics are related to better financial reporting and auditing quality e.g., Carcello and Neal 2000; Klein 2002; Abbott et al. 2004 . Since strong internal controls are expected to improve the reliability of financial reporting Public Oversight Board [POB] 1993; Nicolaisen 2004 , better governed firms are likely to have better internal controls and these firms may seek to signal this fact to the capital markets by voluntarily issuing an MRIC. We measure audit committee independence,financial expertise, and diligence, and we expect independent audit committees, audit committees withhigher proportions of financial experts, and audit committees that meet more frequently to be more co ncerned about the quality of the firm‟s internal control system.As a result, we expect a positive relation between these three governance factors and the inclusion of an MRIC.SAMPLEOur sample is from the period preceding both SOX and the Report of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees BRC 1999 . The BRC Report spurred a heightened interest in corporate governance and might have precipitated companies to include an MRIC in their annual reports due to external pressures. The reaction of registrants to SEC and other quasi-regulatory initiatives is interesting but differs from the focus of this paper. We are interested in the relation between firm characteristics and voluntary disclosure that existed before the issuance of the BRC Report.We select our sample from the population of firms with 1998 fiscal year-end data included on the July 1999 Compact D/SEC disc. There are approximately 11,900 companies included on this disc that have a 1998 year-end. We exclude companies with over $5 billion in total assets because prior research indicates that a substantial majority of very large companies include an MRIC in their annual report Raghunandan and Rama 1994 . We also exclude companies with less than $250 million in assets as prior research indicates that very small companies rarely include an MRIC McMullen et al. 1996 . We are seeking a sample with reasonable variation in whether or not an MRIC is included in the annual report; very large and small companies do not offer this reasonable variation. Finally, we exclude financial institutions and foreign companies because of their unique characteristics.Our adjusted population includes 1,771 companies.SUMMARY AND CONCLUSIONSThis paper examines firm characteristics associated with an internal control related disclosure―whether management voluntarily chose to issue an MRIC―before such reports were made mandatory by SOX. We add to the growing literature that examines the relation between economic and governance characteristics of firms and voluntary corporate disclosures.Our sample is from 1998 when such reports were issued on a voluntary basis. Slightly more than one-third of our mid-sized sample firms issued MRICs. We document a positive relation between the likelihood of an MRIC and firm size, the number of audit committee meetings, the percentage of institutional shareholders, and income growth; inaddition, we find that MRICs are negatively related to sales growth. None of the voluntary MRICs disclose any control weaknesses and none have auditor attestation. An important caveat is that we do not provide evidence on whether MRIC disclosures are informative or useful to financial statement users.The primary contribution of this paper is that we provide evidence on the type of internal control disclosure provided pre-SOX. The empirical evidence in this paper provides a baseline for mid-sized companies of the type and nature of internal control disclosures under the voluntary system, and can thus aid policy-makers in future debate about voluntary versus mandatory internal control reporting. Furthermore, our study provides some insight into the nature of firms that provide any internal control related disclosures. The results also suggest that under a voluntary regime, a substantial proportion of firms in the midsized range of listed firms will not provide internal control disclosures, while those firms that do make disclosures will not say anything about the effectiveness of internal controls―information that can be useful to financial statement users.SOX itself and the ensuing SEC rule both permit considerable flexibility with respect to the contents of the 404 Report. The factors that are shown in this paper to be associated with the voluntary issuance of an MRIC may also be associated with the contents of the 404 Report, but this is an empirical issue to be tested in the future.Source: Scott N. Bronson;Joseph V. Carcello;K. Raghunandan. Firm Characteristics and V oluntary Management Reports on Internal Control [J]. Auditing, 2006,NO.2 V ol.25:25-39.译文：公司特征与自愿性内部控制管理报告摘要：这项研究关于公司提供内部控制管理报告 MRIC 的自愿性，在内部控制报告被强制实行萨班斯法案404条款之前，就发行了有关公司特征的报告声明。

内部控制报告英文版Internal Control Report.Introduction.Internal control is a system of policies and procedures that are designed to provide reasonable assurance that an organization's objectives are being achieved. These objectives can be categorized into four main areas:Effectiveness and efficiency of operations.Reliability of financial reporting.Compliance with applicable laws and regulations.Safeguarding of assets.Internal controls are essential for any organization, regardless of its size or industry. They help to ensurethat the organization is operating in a manner that is consistent with its goals and objectives.Components of Internal Control.The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has developed a framework for internal control that identifies five key components:Control environment.Risk assessment.Control activities.Information and communication.Monitoring.Control Environment.The control environment is the foundation for internalcontrol. It sets the tone for the organization and influences the way that employees behave. The control environment includes the following elements:Integrity and ethical values.Board of directors and audit committee.Management's philosophy and operating style.Organizational structure.Assignment of authority and responsibility.Risk Assessment.Risk assessment is the process of identifying and evaluating the risks that could prevent an organization from achieving its objectives. The risk assessment process includes the following steps:Identifying risks.Assessing the likelihood and impact of risks.Prioritizing risks.Developing risk response strategies.Control Activities.Control activities are the policies and procedures that are implemented to mitigate the risks that have been identified. Control activities can be classified into three types:Preventive controls.Detective controls.Corrective controls.Information and Communication.Information and communication are essential for effective internal control. The organization must have a system in place to collect, process, and communicate information about its activities. This system must be designed to ensure that the information is accurate, reliable, and timely.Monitoring.Monitoring is the process of evaluating the effectiveness of internal control. The monitoring process includes the following steps:Establishing monitoring procedures.Performing ongoing monitoring activities.Evaluating the results of monitoring activities.Taking corrective action as necessary.Importance of Internal Control.Internal control is essential for any organization, regardless of its size or industry. It helps to ensure that the organization is operating in a manner that isconsistent with its goals and objectives. Internal control also helps to protect the organization's assets, prevent fraud, and ensure compliance with applicable laws and regulations.Conclusion.Internal control is a complex and ever-changing process. However, it is essential for any organization that wants to achieve its goals and objectives. By implementing a strong internal control system, organizations can help to ensure that they are operating in a manner that is consistent with their values and that they are protected from the risksthat they face.。

外文翻译Internal control and its disclosureMaterial Source:Laura F. Spira Author: Michael In this paper we explore the use of disclosure as a regulatory tool, using as an illustration the current UK requirements regarding the disclosure of informationabout internal control. After discussing the broad concept of regulation by disclosure, we trace the evolution of concepts of internal control and its reporting, describing the background to the Turnbull guidance for directors on internal control reporting, the basis of current UK requirements. We then examine recent examples of internal control disclosures, identifying the range of ways in which they address the disclosure requirements and considering the possible impact of the disclosure requirements on corporate behaviour and on the audiences for disclosure. We conclude with some reflections on the disclosure life cycle. The paper contributes to the literature on disclosure by specifically considering the role of disclosure as a regulatory tool and by examining the nature of specific disclosures in an area of continuing interest, that of internal control.In his analysis of the development of the role of audit, Power observes that internal control has become increasingly important as part of a system of regulation which relies on making internal mechanisms visible through forms of self-validation and disclosure. Corporate governance requirements have frequently been couched in the form of codes of practice on the principle of ‘comply or explain’ rather than prescriptive legislation. The monitoring role of the board of directors, which forms the apex of the internal control system of an organisation, has been emphasised. The influence of particular interest groups has been important in the negotiation of these developments. Auditors, both internal and external, can claim expertise in internal control, advancing their organisational position in the case of internal auditors (Spira and Page 2003) and increasing the potential for sales of specialised services in the case of external auditors. Regulators and legislators have focused on internal control issues as a policy response to crises (Cunningham 2004).The use of internal control as a corporate governance device reflects a subtle but signifi cant change in its conception, moving from the original ‘‘supportive’’notion that internal control systems were an integral part of the structure of an organisation which enabled its goals to be achieved, to the more recent view of internal control as a s ubstantially ‘‘preventive’’ system, designed to minimise obstructions to goal achievement and carrying significantly greater expectations of the effectiveness of such systems. As Page and Spira (2004) note, companies have also increasingly taken ‘risk-base d’ approaches to internal control because of the increased pace of organisational change—control systems change too fast to be rigidly documented and companies may not even have full documentation relating to some of their IT based systems. For these reasons there has been an increase in ‘delegation’ of control downwards in the organisation and there is likely to be no central record of control systems.The emergence of risk-based approaches to internal control has resulted in a confluence of internal control and risk management to the point that an influentialpublication (Jones and Sutherland 1999) issued at the same time as the Turnbull guidance referred frequently to ‘‘internal control and risk management’’ as a single concept in providing practical assistance for boards in complying with the Turnbull disclosure requirements.The demonstration of ‘‘good’’ corporate governance is a challenge for boards of directors but describing structural mechanisms such as internal control processes may be one way of meeting demands for transparency. Thus, what was once an internal interest becomes a means of demonstrating regulatory compliance.Concerns about internal control in the US and the UK arose initially from a desire to establish the boundaries of external auditor responsibility. The difficulties of defining internal control are illustrated in the earliest US experience, as summarised in a lecture by Mautz (1980). He quotes the 1949 AICPA definition: Internal control comprises the plan of organization and all of the coordinate methods and measures adopted within a business to safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed managerial policies.and describes the c oncern of firms’ legal counsel about the broadness of this definition. This concern led to a new definition issued in 1958 which split the four parts of the original definition between ‘‘accounting control’’ (safeguarding assets and checking reliability an d accuracy of accounting data) and ‘‘administrative control’’ (promotion of operational efficiency and encouragement of adherence to prescribed management policies) and defined auditors’ responsibility as reviewingaccounting controls only. A further narrowing took place in 1972 when the US auditing profession limited the two components of ‘‘accounting control’’ even more.Up to this point, the definition was really only of concern to companies and their auditors but the passing of the Foreign Corrupt Practices Act in 1977 changed this. The Act was passed in response to bribery scandals and for the first time envisaged the use of internal control as regulation. It was based on a narrow conception of internal control newly described as ‘‘internal accounting control’’. It also changed the focus of internal control: whereas the concerns of ‘‘accounting control’’ had been at low organisational levels and clerical procedures, the Act now shifted attention to controls at board level for the first time.Further concern about inadequacies in financial reporting led to a private sector initiative which established the Treadway Commission on Fraudulent Financial Reporting in 1987. Its recommendations included a call for a review of the varying concepts of internal control to develop a consistent approach. The Committee of Sponsoring Organizations (COSO 1992) subsequently produced an integrated framework for internal control in 1992, defining internal control as:A process … designed to provide reasonable assurance regar ding theachievement of objectives in the following categories:• Effectiveness and efficiency of operations.• Reliability of financial reporting.• Compliance with applicable laws and regulations (COSO 1992, p. 9) However, the Sarbanes Oxley legislation of 2002 introduced a further definition: ‘‘internal control over financial reporting’’3 which suggests that consistency has not yet been achieved and ambiguity still exists.In the UK, internal control first entered the corporate governance agenda when the Cadbury Committee, reporting in 1992 on the financial aspects of corporate governance, adopted the view that directors’ responsibilities with regard to internal control should be clarified. They recommended that directors should report on the effectiveness of internal control systems and that auditors should report on that statement but passed responsibility for implementing this to the accountancy profession.In 1994 the Rutteman working party defined internal control using the US definition of 1958 and also replaced the Cadbury recommendation that directors should report on the effectiveness of internal controls with the suggestion that they may wish to do so. In 1998 the Hampel review of the Cadbury Code weakened thisrecommendation even further but, for the first time, suggested that internal control and risk management were related.This link was built on by the internal control working party chaired by Nigel Turnbull which was charged with producing guidance for directors in interpreting the Code’s req uirements for reporting on internal control, finally grasping the nettle avoided by Cadbury, Rutteman and Hampel. Using a broad definition of internal control, the Turnbull guidance views it as a key component of risk management. In terms of the apparent satisfaction of disclosers and their audiences, the guidance consultation initiated by the Financial Reporting Council Turnbull Review Group in 2005. The guidance has also been widely adopted in the public sector.The study reported in this paper uses disclosures required by the Turnbull guidance to illustrate aspects of the use of disclosure as a regulatory tool. Having outlined the background to current concerns about internal control disclosure, the next section considers theories of disclosure.译文内部控制及其披露资料来源:施普格林作者：迈克尔本文选取英国当前对于内部控制信息披露的规定作为案例，探讨了披露这项监管工具的使用。

公司治理、内部控制及道德的重要性研究一、引言现代企业由于所有权和经营权的分离，所有者与经营者之间一般存在着委托代理关系，股东和管理层之间最为典型。

除此之外，其他利益相关群体，例如经营者与管理人员、管理人员与基层员工之间均存在委托代理关系。

以委托代理理论分析，委托代理除了需要付出明确的监控成本和管束成本，还需应对相应的代理问题和代理成本，为此，现代企业在积极优化公司治理体系并不断完善公司内部控制系统的同时，还应关注道德约束机制所发挥的治理效能。

二、公司治理及其重要性经济合作与发展组织（OECD）将公司治理定义为一种据以对工商业公司进行管理和控制的体系，它明确规定了董事会、经理层、股东等公司参与者的责任和权力分布，并明晰了决策公司事务时所应遵循的规则和程序。

同时，它还提供了设置公司目标的一种结构以及实现这些目标和监控运营的手段。

根据OECD对公司治理的经典定义，将其应用到公司治理的实践当中时，我们可以概括出公司治理最重要的三大内容：（1）平衡董事会权力；（2）注重内部控制系统；（3）及时、透明地作出披露。

首先，在平衡董事会权利方面，根据英国公司治理联合准则（Combined Code，2003）当中的卡德伯利报告（Cadbury Report，1992），引入独立非执行董事（NED）是对董事会权力进行有效制衡的一个重要举措。

董事会决定着公司的重大决策并肩负监督管理层的职责，而独立非执行董事则独立于公司大股东、经营者等公司利益相关者，其最重要的职责便是确保公司利益得到充分保障，在参与公司决策时真正做到公正无私，而不是优先考虑某一派别或集团的利益。

其次，注重内部控制系统才能最有效和直接帮助解决股东真正关心的股东利益问题。

我国的公司内部控制环境并不理想，尤其是大多数国有上市公司，股权过度集中造成相应的所有权缺位、经营权越位等现象，这在极大程度上影响了公司会计信息的正确真实性。

拥有良好有效的内部控制系统，切实加强公司内部控制制度的执行力度，才能让公司资产得到安全保障，才能确保公司会计信息资料的正确可靠，才能让公司的经营方针得到落实、经营活动实现经济和高效运行。

英国和法国企业内部控制考察报告财政部会计司考察团摘要 本文介绍了英国和法国内部控制建设的基本情况,详细阐述了英国和法国内部控制框架的产生背景、具体内容及执行情况等。

对欧盟及欧洲主要国家的内控框架规定进行了比较分析,并结合培训考察体会对我国的内部控制建设提出了建议。

关键词 英国 法国 内部控制为加快推进我国企业内部控制制度建设步伐,财政部会计司派出 英、法企业内部控制考察团 ,于2007年2月1日至2月10日对英、法两国企业内部控制建设情况进行了考察。

考察团先后访问了英国特许会计师公会、德勤会计师事务所、摩根斯坦利投资银行、法国金融市场管理局、法国电信、法国电力集团、法国安永会计师事务所、法国甫瀚咨询公司等单位。

对这两个国家的企业内部控制建设情况有了一定的了解和认识。

一、英国企业内部控制建设基本情况(一)英国 内部控制框架报告 产生的背景英国关于企业内部控制的要求在法律、法规中都有体现。

普通法 (co mm on la w)规定董事长负有保护单位资产的责任,要以单位利益为出发点行使权力; 公司法 (the Co m pan iesA ct)认为会计记录和财务报告是内部控制的重要方面,规定要建立健全内部财务控制,董事长要负责披露真实和公允的财务信息,并接受外部审计。

如果公司没有遵循相关要求,公司董事会和管理层都会受到相应处罚。

以上法律的规定基本上从财务角度提出了内部控制的要求。

近年来,英国政府和一些组织致力于结合完善公司治理,加强对内部控制的研究。

英国财务报告理事会(FRC)、伦敦股票交易所、英国工业联合会、公司董事协会、会计团体咨询委员会、全英养老金协会、英国保险学会等组织联合发起成立了公司治理委员会,并发布了一系列关于公司治理的报告。

在这些报告的基础上,伦敦股票交易所1998年1月发布了一部旨在规范公司治理的法则,即 联合准则 (the co m b i n ed code),其中有三条涉及到公司内部控制(i n ter nal contro l):一是公司董事会负责建立、健全一套完整的企业内部控制制度,以保护投资者的投资和公司的资产;二是董事会负责每年检查和评价一次内部控制制度的有效性,并向股东报告;并要求内部控制的检查范围应涵盖所有控制,包括财务、运营、合规、风险等方面;三是没有设立内部审计职能的公司应随时评估公司各方面对内部审计工作的需求。

西方商业银行内部控制现状及启示（共5篇）第一篇：西方商业银行内部控制现状及启示1、西方商业银行内部控制制度现状及启示商业银行作为一国重要的金融基础，在国民经济发展中的作用是非常巨大的，因此，商业银行的内部控制受到各国的重视，西方发达国家的内部控制管理机制和管理制度经过多年的发展日臻成熟，按照《巴塞尔协议》的要求，结合本国的实际情况，形成了具有不同特色的内部控制体系。

当前对商业银行内部控制体系的监管已成为西方国家监管当局考核商业银行市场准入的一项重要准则。

学习西方国家商业银行的内控制度，对于我国商业银行内控体系的完善具有很大的借鉴意义。

其中最具有代表性的是德国典型全能银行制下的内控制度和美国分业监管下的内控制度。

1．1德国典型全能银行制下的内控制度在战后欧洲的金融发展中，德国堪称稳健发展的典范，而德国的金融监管更是独领风骚，其金融监管最主要的特点，主要表现在两个方面： 1．1．1分工明确和互相协作的金融监管组织体系德国的银行业虽然实行全能银行制，银行除了经营传统的业务外，还兼营保险、证券、投资等其他非银行业务。

然而，银行的兼营业务与银行业务是分开进行单独核算的，所以政府对其监管也分别由不同的部门进行。

如对保险业和证券业的日常监管，由联邦保险监管局和联邦证券监管委员会来实行，而联邦金融监管局，则负责对银行和其他非银行金融机构(保险、证券除外)实施监管。

它们均隶属于财政部。

此外，德意志联邦银行(中央银行)、州中央银行协助联邦金融监管局实行行业监管。

联邦金融监管局、联邦保险监管局、联邦证券监管委员会和中央银行既明确分工，又互相配合，构成了德国完备和多层次的金融监管体系。

1．1．2健全完善的金融机构内部控制制度长期以来，德国非常重视银行内控机制的建立，为了防范经营风险，各银行均建立健全了内部控制体系和有关制度，主要是建立内部审计机构、风险管理机构和证券监管机构。

第一、内部审计机构。

各银行一般均设有内部审计部，通过内部稽核，及时发现问题。

3国外内部控制范例1. 引言外部控制是组织机构用来管理和监督其内部运作的一套工具和程序。

一个有效的内部控制机制能够帮助公司提高效率、降低风险以及防止欺诈行为。

本文将讨论三个国家的外部控制范例，分别是美国的萨班斯-奥克利法案（Sarbanes-Oxley Act）、英国的公司法（Companies Act）以及中国的证券法。

通过比较和分析这些范例，我们可以得出一些有关构建和改进内部控制的宝贵经验。

2. 美国的萨班斯-奥克利法案萨班斯-奥克利法案是美国国会于2002年通过的一项法案，旨在响应恶名昭彰的安然公司（Enron）和世界通信（WorldCom）等巨型企业的丑闻，以加强对上市公司的监管和内部控制。

该法案引入了一系列改革措施，包括加强会计准则、加强独立审计、加强内部控制评估，以及增加对高管责任和惩罚力度等。

3. 英国的公司法英国的公司法为公司提供了一套合理的内部控制要求和程序。

根据该法律，公司董事有义务维护公司的财务稳定和利益最大化。

为了达到这一目标，公司需要建立一套适当的内部控制机制，包括会计准则的遵循、独立审计、内部审计、风险管理和内部报告等。

4. 中国的证券法中国的证券法是针对证券市场制定的法律法规，旨在维护市场秩序、保护投资者权益以及促进市场健康发展。

该法律要求上市公司建立健全的内部控制机制，包括内部控制制度的建立和执行、内部控制信息披露、内部控制评估和内部审计等。

此外，证券法还对董事、高级管理人员和监事会的责任和义务作了明确规定。

5. 总结和启示通过比较三国的外部控制范例，我们可以得出一些总结和启示。

首先，一个有效的内部控制机制需要有透明、全面的信息披露。

其次，公司董事和高级管理团队需履行其职责和义务，承担起内部控制的责任。

此外，独立审计和内部审计在保证内部控制有效性和合规性方面起着重要作用。

最后，外部控制需要不断改进和完善，以应对不断变化的市场环境和风险形势。

6. 结论一个良好的内部控制机制对于任何组织的成功和长期发展至关重要。

行业发展研究资料（No.2010－6）英国财务报告理事会和英格兰及威尔士特许会计师协会联合发布会计师事务所治理守则────────────────────────────────────────针对英国大型审计市场被“四大”会计公司控制的现状，财务报告理事会（FRC）和英格兰及威尔士特许会计师协会（ICAEW）于2010年1月联合发布了“会计师事务所治理守则”，以降低某个事务所退出大型审计市场带来的风险，保护上市公司股东的利益，并帮助促进对上市公司审计持续的信心。

该守则旨在为会计师事务所良好的内部治理实务提供一个正式基准，由20个原则和31项条款组成，内容包括领导层、价值理念、独立非执行董事的参与、运营机制、报告政策，以及相关方对话等几个方面。

负责起草该守则的小组建议于2010年6月1日起适用于审计超过20家上市公司的会计师事务所。

现经ICAEW同意，将该守则全文编译，供参考。

─────────────────────────────────────────中国注册会计师协会编二0一0年十月二日英格兰及威尔士特许会计师协会（ICAEW）根据皇家特许状成立并运营，致力于维护公众利益。

其对会员的监管，尤其是对审计师的监管，受到财务报告理事会（FRC）的监督。

作为世界领先的职业会计团体，ICAEW为来自超过165个国家的132,000多名会员提供领导和实务方面的支持，与政府、监管机构和工商业界合作，以确保维护最高水平的准则。

ICAEW是全球会计联盟的创始成员组织，该联盟在全球范围内拥有775,000多名会员。

©ICAEW 版权所有2010年，所有权利属于ICAEW。

本文中所涉及到的法律法规截至2009年11月。

如有任何人因本文中任何材料采取或避免采取任何行动，ICAEW或会计师事务所治理工作组不承担任何责任。

2010年1月会计师事务所治理守则英国财务报告理事会项目会计师事务所治理工作组主席：诺曼·玛瑞2010年1月目录引言 (5)A领导层 (10)B价值 (11)C独立非执行董事 (11)D运营 (13)E报告 (15)F对话 (17)附录1：独立非执行董事的参与 (18)附录2：关于独立性的考虑 (20)附录3：工作小组成员和工作大纲 (22)引言会计师事务所治理守则（以下简称守则）旨在帮助提升对上市公司审计的持续信心和增加市场中上市公司审计的选择，它与每一位认为审计在市场经济中发挥重要作用的人士息息相关。

了解不同国家或地区内控专业组织及其实践标准与指南了解不同国家或地区内控专业组织及其实践标准与指南内控是一个国家或地区内企业管理的重要组成部分。

各个国家或地区都有其内控专业组织，旨在促进企业内控实践的规范化和标准化。

本文将介绍一些国际知名的内控专业组织及其实践标准与指南。

美国内部审计协会（The Institute of Internal Auditors，IIA）美国内部审计协会是全球最大的内部审计专业组织。

成立于1941年，总部设在美国佛罗里达州奥兰多市。

该组织的使命是提高内部审计的效益及其在企业治理中的作用。

美国内部审计协会发表了《内部审计守则》（The International Standardsfor the Professional Practice of Internal Auditing，简称The Standards），为内部审计提供了全球性的专业规范。

The Standards由四个部分组成：守则—通用准则，守则—职责准则，守则—实施准则和守则—确认准则。

这些准则为内部审计师提供了在规范、职责履行、实施和确认中的指导，以提升内部审计的质量和效果。

国际防欺诈专业组织（The Association of Certified Fraud Examiners，ACFE）国际防欺诈专业组织成立于1988年，总部位于美国得兰市。

该组织是全球最大的防欺诈专业组织，致力于预防和检测欺诈行为。

国际防欺诈专业组织发表了《防欺诈标准与该行动框架》（The Fraud Examiners Manual and The Fraud Examiners Codeof Ethics），为防欺诈行为提供了指导。

该组织的标准主要包括：防欺诈专业知识、防欺诈职业行为准则、防欺诈行为的框架和防欺诈技巧等。

这些标准和指南帮助专业人员了解欺诈行为的本质、预防和检测欺诈的方法以及法律和道德原则。

国际标准化组织（The International Organization for Standardization，ISO）国际标准化组织是一个非政府组织，成立于1947年，总部位于瑞士日内瓦。

英国公司内部控制指引报告历史上看，英国内部控制的发展离不开公司治理研究的推动。

20世纪80-90年代，英国的公司治理像今天的美国一样，面临着巨大的信任危机。

面对创造性（creative accounting）的泛滥、公司经营的失败和连续不断的丑闻、董事薪酬激增以及短期行为主义猖獗等一系列公司治理问题，公众、监管机构的不满情绪日益升温。

这一阶段也就成为英国公司治理问题研究的一个高峰期，各种专门委员会纷纷成立，并发布了各自的研究报告，其中比较著名的有卡德伯利报告(Cadbury Report，1992）、拉特曼报告(Rutterman Report,1994）、格林伯利报告(Creenbury Report，1995)和哈姆佩尔报告（Hampel Report，1998)。

在吸收这些研究成果的基础上，1998年最终形成了公司治理委员会综合准则(Combined Code of the committee on Corporate Governance)。

综合准则很快就被伦敦证券交易所认可，成为交易所上市规则的补充，要求所有英国上市公司强制性遵守。

这些研究成果从理论和实践两个方面，极大地推动了英国公司治理和内部控制的发展，尤其是卡德伯利报告、哈姆佩尔报告，以及作为综合准则指南的特恩布尔报告（Turnbull Report，1999),堪称英国公司治理和内部控制研究历史上的三大里程牌。

一、卡德伯利报告卡德伯利报告从财务角度研究公司治理，同时将内部控制置于公司治理的框架之下。

其实，1985年“公司法”S。

221条款就规定，董事对公司保持充分的会计记录负责，为满足上述要求，在现实中董事必须建立公司财务管理方面的内部控制制度,包括设计程序使舞弊风险最小化。

也就是说,1985年的“公司法"已经对董事确保适当的内部控制制度提出了含蓄的要求。

卡德伯利报告进一步认为，有效的内部控制是公司有效管理的一个重要方面。

海外公司财务内部控制策略摘要：现代企业制度下，财务管理制度建设应放置于核心地位，强化权责明确的科学管理。

对海外公司而言，推行现代企业制度具有积极意义。

面对当前的经济形势与复杂环境，本文将积极探讨海外公司的财务内部控制策略，以期为企业主动调整和改善管理状况，不断优化财务管理来提升海外公司的核心竞争力提供参考借鉴。

关键词：现代企业制度；海外公司；财务内部控制；管理现代企业制度，是坚持基于市场经济理论体系研究新型企业制度，主动以法人作为制度建立和实施主体，将企业内部制度建设作为核心工作，不断推动企业内部全权革命，实现权责清晰化、管理科学化。

由于企业的建立需要财产关系基础，因此企业最终的发展定位与走向与产权结构以及内部控制优化关联紧密，只有不断强化产权交易，主动通过财务内部控制来构筑市场经济活动中的产品与服务等价等量交换换件，才能使现代企业在新形势下获得新生，赢得新的竞争局面。

随着我国企业的海外战略有序推进，海外企业所面临的环境更为复杂，机遇与挑战并存，不断强化海外公司的财务管理，打造高质量内控机制，是海外公司在现代企业制度理论支撑下获得长足发展的重要举措。

从务实管理、规避风险等方面考虑，研究海外公司财务内部控制策略刻不容缓。

1对接东道国市场，调研并融合当地财税法1.1海外公司要积极调研驻地财税政策体系。

关注与本行业相关的政策，梳理其中的特别税收优惠，掌握与我国政府是否有税务互勉协定签订事宜的落实。

在准备进驻海外市场时，应考虑注册地问题，权衡以国外企业身份进驻或在当地注册的有利性。

可适当咨询或直接由相关事务所参与机构工作，了解目标区域的财税体系框架。

1.2海外公司应依据当地财税政策组织投标。

投标前期的市场调研工作必不可少，要结合当地财税政策，整理报价影响因素，杜绝其中的盲点或风险项内容被人为利用对业务开展造成影响。

海外公司既要保持日常工作的独立性，也要加强与母公司的信息沟通，多听取母公司的决策建议，接受投标报价支持。