审计学内部控制中英文对照外文翻译文献

A Clear Look at Internal Controls: Theory and ConceptsHammed Arad (Philae)Department of accounting, Islamic Azad University, Hamadan, IranBarak Jamshedy-NavidFaculty Member of Islamic Azad University, Kerman-shah, IranAbstract: internal control is an accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error. Internal Control is a major part of managing an organization. It comprises the plans, methods, and procedures used to meet missions, goals, and objectives and, in doing so, support performance-based management. Internal Control which is equal with management control helps managers achieve desired results through effective stewardship of resources. Internal controls should reduce the risks associated with undetected errors or irregularities, but designing and establishing effective internal controls is not a simple task and cannot be accomplished through a short set of quick fixes. In this paper the concepts of internal controls and different aspects of internal controls are discussed. Keywords: Internal Control, management controls, Control Environment, Control Activities, Monitoring1. IntroductionThe necessity of control in new variable business environment is not latent for any person and management as a response factor for stockholders and another should implement a great control over his/her organization. Control is the activity of managing or exerting control over something. he emergence and development of systematic thoughts in recent decade required a new attention to business resource and control over this wealth. One of the hot topic a bout controls over business resource is analyzing the cost-benefit of each control.Internal Controls serve as the first line of defense in safeguarding assets and preventing and detecting errors and fraud. We can say Internal control is a whole system of controls financial and otherwise, established by the management for the smooth running of business; it includes internal cheek, internal audit and other forms of controls.COSO describe Internal Control as follow. Internal controls are the methods employed to help ensure the achievement of an objective. In accounting and organizational theory, Internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks). At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations. At the specific transaction level, internal control refers to the actions taken to achieve a specific objective (e.g., how to ensure the organization's payments to third parties are for valid services rendered.) Internal controlprocedures reduce process variation, leading to more predictable outcomes. Internal controls within business entities are called also business controls. They are tools used by manager's everyday.* Writing procedures to encourage compliance, locking your office to discourage theft, and reviewing your monthly statement of account to verify transactions are common internal controls employed to achieve specific objectives.All managers use internal controls to help assure that their units operate according to plan, and the methods they use--policies, procedures, organizational design, and physical barriers-constitute. Internal control is a combination of the following：1. Financial controls, and2. Other controlsAccording to the institute of chartered accountants of India internal control is the plan of organization and all the methods and procedures adopted by the management of an entity to assist in achieving management objective of ensuring as far as possible the orderly and efficient conduct of its business including adherence to management policies, the safe guarding of assets prevention and detection of frauds and error the accuracy and completeness of the accounting records and timely preparation of reliable financial information, the system of internal control extends beyond those matters which relate to the function of accounting system. In other words internal control system of controls lay down by the management for the smooth running of the business for the accomplishment of its objects. These controls can be divided in two parts i.e. financial control and other controls.Financial controls:- Controls for recording accounting transactions properly.- Controls for proper safe guarding company assets like cash stock bank debtor etc- Early detection and prevention of errors and frauds.- Properly and timely preparation of financial records I e balance sheet and profit and loss account.- To maximize profit and minimize cost.Other controls: Other controls include the following:Quality controls.Control over raw materials.Control over finished products.Marketing control, etc6. Parties responsible for and affected by internal controlWhile all of an organization's people are an integral part of internal control, certain parties merit special mention. These include management, the board of directors (including the audit commit tee), internal auditors, and external auditors.The primary responsibility for the development and maintenance of internal control rests with an organization's management. With increased significance placed on the control environment, the focus of internal control has changed from policies and procedures to an overriding philosophy and operating style within the organization. Emphasis on these intangible aspects highlights the importance of top management's involvement in the internal control system. If internal control is not a priority for management, then it will not be one for people within the organization either.As an indication of management's responsibility, top management at a publicly owned organization will include in the organization's annual financial report to the shareholders a statement indicating that management has established a system of internal control that management believes is effective. The statement may also provide specific details about the organization's internal control system.Internal control must be evaluated in order to provide management with some assurance regarding its effectiveness. Internal control evaluation involves everything management does to control the organization in the effort to achieve its objectives. Internal control would be judged as effective if its components are present and function effectively for operations, financial reporting, and compliance. he boards of directors and its audit committee have responsibility for making sure the internal control system within the organization is adequate. This responsibility includes determining the extent to which internal controls are evaluated. Two parties involved in the evaluation of internal control are the organization's internal auditors and their external auditors.Internal auditors' responsibilities typically include ensuring the adequacy of the system of internal control, the reliability of data, and the efficient use of the organization's resources. Internal auditors identify control problems and develop solutions for improving and strengthening internal controls. Internal auditors are concerned with the entire range of an organization's internal controls, including operational, financial, and compliance controls.Internal control will also be evaluated by the external auditors. External auditors assess the effectiveness of internal control within an organization to plan the financial statement audit. In contrast to internal auditors, external auditors focus primarily on controls that affect financial reporting. External auditors have a responsibility to report internal control weaknesses (as well as reportable conditions about internal control) to the audit committee of the board of directors.8. Limitations of an Entity's Internal ControlInternal control, no matter how well designed and operated, can provide only reasonable assurance of achieving an entity's control objectives. The likelihood of achievement is affected by limitations inherent to internal control. These include the realities that human judgment in decision-making can be faulty and that breakdowns in internal control can occur because of human failures such as simple errors or mistakes. For example, errors may occur in designing,Maintaining, or monitoring automated controls. If an entity’s IT personnel do not completely understand how an order entry system processes sales transactions, they may erroneously design changes to the system to process sales for a new line of products. On the other hand, such changes may be correctly designed but misunderstood by individuals who translate the design into program code. Errors also may occur in the use of information produced by IT. For example, automated controls may be designed to report transactions over a specified dollar limit for management review, but individuals responsible for conducting the review may not understand the purpose of such reports and, accordingly, may fail to review them or investigate unusual items.Additionally, controls, whether manual or automated, can be circumvented by the collusion of two or more people or inappropriate management override of internal control. For example, management may enter into side agreements with customers that alter the terms and conditions of the entity’s standard sales con tract in ways that would preclude revenuerecognition. Also, edit routines in a software program that are designed to identify and report transactions that exceed specified credit limits may be overridden or disabled.Internal control is influenced by the quantitative and qualitative estimates and judgments made by management in evaluating the cost-benefit relationship of an entity’s internal control. The cost of an entity's internal control should not exceed the benefits that are expected to be derived. Although the cost-benefit relationship is a primary criterion that should be considered in designing internal control, the precise measurement of costs and benefits usually is not possible.Custom, culture, and the corporate governance system may inhibit fraud, but they are not absolute deterrents. An effective control environment, too, may help reduce the risk of fraud. For example, an effective board of directors, audit committee, and internal audit function may constrain improper conduct by management. Alternatively, the control environment may reduce the effectiveness of other components. For example, when the nature of management incentives increases the risk of material misstatement of financial statements, the effectiveness of control activities may be reduced.9. Balancing Risk and ControlRisk is the probability that an event or action will adversely affect the organization. The primary categories of risk are errors, omissions, delay and fraud In order to achieve goals and objectives, management needs to effectively balance risks and controls. Therefore, control procedures need to be developed so that they decrease risk to a level where management can accept the exposure to that risk. By performing this balancing act "reasonable assurance” can be attained. As it relates to financial and compliance goals, being out of balance can causebe proactive, value-added, and cost-effective and address exposure to risk.11. ConclusionThe concept of internal control and its aspects in any organization is so important, therefore understanding the components and standards of internal controls should be attend by management. Internal Control is a major part of managing an organization. Internal control is an accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error. According to custom definition, Internal Control is a process affected by an entity's board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories namely. The major factors of internal control are Control environment, Risk assessment, Control activities, Information and communication, Monitoring. This article reviews the main standards and principles of internal control and described the relevant concepts of internal control for all type of company.内部控制透视：理论与概念哈米德阿拉德（Philae）会计系，伊斯兰阿扎德大学，哈马丹，伊朗巴克Joshed -纳维德哈尼学院会员伊斯兰阿扎德大学，克尔曼伊朗国王，伊朗摘要：内部控制是会计程序或控制系统，旨在促进效率或保证一个执行政策或保护资产或避免欺诈和错误。

外文文献及原稿原稿IntroductionInt ernal a ud it ef fe ctive n e s s, t h e ext e nt t o whic h an inte r nal a udit offic e me e ts i ts ra ison d'êt re, i s a r guably a result o f the i n t e rpla y a mong four fa c tors: in t erna l audi tq uali t y; management support; or gani z at i onal sett i ng; and attributes of the audi t or.An i nt ern al audit func t ion's capabil i ty to provi de us eful a udi t findi ngs and re commendations w oul d help ra isemanagement'sintere s ti n it s re c omm e ndation s.T he m a na gementsupportw i thresourcesandc om mi t me nt to i mplement t heinternal a udi t reco m me nd ationsi s essenti a l in attainingaudit e ffec t ive ne s s.A l s o,the o rganizati o nals et ting i n w hi c h i ntern a laudit ope rat e s,i.e.t he or ga nizatio na ls t at us ofth eof fi ce,i t si nt erna lor ganizatio n andthepoli c ie s andpr oc edure s applyi ng t o eachaudi t o r, sho ul d enable smooth audi t s t ha t l ea d to reaching us e f ul a udi tfindings.Furth e r,thecapab i li t y,at t itudesandl e velofcoopera t ionoftheaudi t or i mpacton t heeffec t ive ne ss ofaud i ts.T herefore, internal audit ef fe ct i veness s houl d be vie w e d as a dynamicprocessthat is c ontinuously s ha ped by t h e interac t ions among t he fo ur factors me ntionedabove.Thi s s t udy e xami n ed,u singcasestudyan a lysis,t heint e rnala udi ts e rvic eof ala rgepublicsectororganization.Thepaperisstructuredasfollows.Thenextsectionpresents a review of the related literature; introduces a model for analyzingauditeffectiveness; and provides the research question. The third section presentstheresearch methodology; fourth section provides empirical analysis based on acasestudy; and fifth section presents a summary of the findings. The paperthensummarizes the conclusions, noting limitations of the study and suggesting avenuesfor futureresearch. InternalauditeffectivenessThe Instituteof Internal Auditors (IIA, 1999a) defined internal auditing as:an independent, objective assurance and consulting activity designed to add valueandimprove an organization's operations. It helps an organization accomplish itsobjectives by bringing a systematic, disciplined approach to evaluate and improvetheeffectiveness of risk management, control, and governanceprocesses.This definition signifies that internal audit has undergone a paradigmshift froman emphasis on accountability about the past to improving future outcomes tohelpauditors operate more effectively and efficiently (Nagy and Canker, 2002; Stern,1994;Goodwin, 2004). Since, the definition equally serves both the private and thepublicsectors (Goodwin, 2004), it is used in this study as a basis to analyze publicsectorinternal auditeffectiveness.Internal audit is effective if it meets the intended outcome it is supposed tobringabout.Sawyer(1995)states,“…internalauditor'sjobisnotdoneuntildefectsarecorrecte d and remain corrected.”Van Hansberger (2005) explains that internalauditeffectiveness in the public sector should be evaluated by the extent to whichitcontributes to the demonstration of effective and efficient service delivery, asthisdrives the demand for improved internal audit services. Based on the results ofaconsultative forum that focused on improving public sector internal audit [1],VanHansberger (2005) identified perceptionsandownership; organizationandgovernance framework; legislation; improved professionalism; conceptualframework;and also resources as factors influencing internal audit effectiveness.Effectiveinternal audit undertakes an independent evaluation of financial andoperatinginformation and of systems and procedures, to provide useful recommendationsfor improvements asnecessary.The effectiveness of internal audit greatly contributes to the effectiveness ofeachauditor in particular andthe organization at large (Dittenhofer, 2001).Dittenhofer(2001) has also observed that if internal audit quality is maintained, it will contributeto the appropriateness of procedures and operations of the auditor, and therebyinternal audit contributes to effectiveness of the auditor and the organization asawhole. Using agency theory, Dingdong (1997) explained the role that internalauditplays in an economy and points out that internal audit has an advantage over externalauditin obtaining information quickly and finding problems at an earlier stage; and Sparkman (1997), applying the theory of transaction cost economics, demonstratedhow internal audit recommendations are important to the management ofgovernmentorganizations.Priorliteraturerelatingtointernalauditeffectivenesshaseitherfocusedontheinternal audit's ability to plan, execute and objectively communicate usefulfindings(Dingdong, 1997 Sparkman, 1997;Dittenhofer, 2001); or taken a broader viewandincluded factors that transcend the boundary of a single organization (VanHansberger,2005). This paper attempts to introduce a new perspective for evaluation of internalaudit effectiveness by identifying factors within an organization that impact onauditeffectiveness. A model, which assumes that there is a common interest to achieveorganizational goals for auditor management, top management and internal audit,isused for analysis of this case study. Since, audit effectiveness fosters theachievementof a common goal; there would be a natural incentive in an organization to improveit.The model considers four potential factors –internal audit quality,managementsupport, organizational setting, and auditor attributes to explain audit effectiveness,and shows how the interaction of these factors improves audit effectiveness.Internal audit quality, which is determined by the internal audit department'scapability to provide useful findings and recommendations, is central toauditeffectiveness. Internal audit has to prove that it is of value to the organization and earna reputation in the organization (Sawyer, 1995). Internal audit has to evaluateitsperformance and continually improve its service .audit quality is a function ofthelevelofstaffexpertise,thescopeofservicesprovidedandtheextenttowhichaudits areprope rlyplanned,executedandcommunicated.Audit findings and recommendations would not serve much purposeunlessmanagement is committed to implement them. Adams (1994) used agency theorytoexplain that it is in the interest of management to maintain a strong internalauditdepartment. Implementation of audit recommendations is highly relevant toauditeffectiveness (Van Hansberger, 2005) and the management of an organization isviewed as the customer receiving internal audit services. As a result,management'scommitment to useaudit recommendations and its support in strengthening internalauditis vital to audit effectiveness (Sawyer,1995).Organizational setting refers to the organizational profile, internal organizationand budgetary status of the internal audit office; and also the organizationalpoliciesand procedures that guide operation of auditors. It provides the context inwhichinternal audit operates. Thus, organizational setting can exert influence on the levelofeffectiveness that internal audit could achieve. The auditor attributes relate tothecapability of the auditor to meet its intended objectives. Auditor attributeswithimplications on audit effectiveness include the auditors' proficiency to efficientlyandeffectively meet organizational sub-goals; their attitude towards internal audit; andthelevel of cooperation provided to the auditor .Since, the four factors discussed aboveare intricately linked, audit effectiveness is a dynamic process that results fromtheeffect of each factor and the interplay among all. audit quality andmanagementsupport strongly affects audit effectiveness. Better audit effectiveness, in turn, hasapositivebearingonthesetwofactors.Ifinternalaudit enhancesqualitytotheextent itelicits management's interest, management support would be a natural quid proquobecause the management would realize the contribution of internal audit totheachievement of organizational goals. This would positively reflecton auditqualityand enhance audit effectiveness. The management's commitment to implementauditrecommendations improves the operation of the auditor, as a result of whichtheauditor attributes would improve to the benefit of audit effectiveness.Further,management retains the authority to improve the organizational setting andinfluencethe auditor towards a positive effect on audit effectiveness, whichin turn,benefitsauditquality.ConcludingcommentsThis study investigated the internal audit service of a large public sectorhighereducational institution, to identify factors influencing internal audit effectiveness,using a model developed for the analysis. The model consisted of fourinterrelatedfactors: internal audit quality; management support; the organizational setting;andattributes of theauditors.The findings of the study reveal that the internal audit office of theorganizationstudied needs to enhance the technical proficiency of the internal audit staffandminimizestaff turnover so as to foster audit effectiveness. The organizational statusand internal organization of the internal audit office are fairly rated, butinternalaudit'slackofauthorityonbudgetsreducesitscontrolofresourceacquisitionandutil ization.The scope of internal audit services is limited to regular activities. Extendingthescopeofservicesbywideningtherangeofsystemsandactivitiesaudited,withappropr iateriskanalysis,wouldimprove auditeffectiveness. Management'scommitment in providing greater attention to internalaudit recommendations andstaffingtheofficewithwell-qualifiedemployeesdeservesattentioninthisstudy.Theinternalauditors,undertheimpressionthat theirreportsarenotsufficientlyutilizedbythe management, may not be encouraged to exert the maximum possible effort in their engagements. In addition, the lack of attention by management may send awrongsignal about the importance of internal audit services to the audited, which in turnadversely affects the auditedattributes.The study has shown that internal audit of the organization studiedneedsimprovement in the areas of audit planning, documentation of audit work,auditcommunications and follow-up of recommendations. Audit effectiveness couldbeenhanced by ensuring consistency in documenting audit work to enableimprovedreview of audit work; proper follow-up of the status of audit findingsandrecommendations; increased distribution of audit reports; and further improvementinthe quality ofreporting.The limitation of this study is readily apparent. As in all case studies,thegeneralisabilityof the findings and the conclusions drawn is limited, althoughthestudy does provide evidence of the problems internal auditors face in providinganeffective service to management. Further, research could be welcome tofullyunderstand the level of internal audit effectiveness in the Ethiopian public sectorvis-à-vis its private sector, with a view to highlighting differences, if any,andconclusively defining the variables affecting internal audit effectiveness inEthiopia.译文简介内部审计的有效性，在何种程度上满足了内部审计处其存在的理由，可以说是一个四因素之间的相互作用的结果：内部审计质量，管理支持，组织设臵，以及受审核方属性。

中英文对照外文翻译文献(文档含英文原文和中文翻译)原文：Internal auditing's role in ERMAs organizations lay their enterprise risk groundwork, many auditors are taking on management's oversight responsibilities, new research finds.Internal audit departments have played a variety of roles in their organization's enterprise risk management (ERM) activities since The Committee of Sponsoring Organizations of the Tread way Commission (COSO) released its Enterprise Risk Management-Integrated Framework in September 2004. An IIA position paper issued in the wake of COSO ERM, "The Role of Internal Auditing in Enterprise-wide Risk Management," indicates the roles that the internal audit function should and should not play throughout the ERM process, ranging from full involvement to no involvement. According to the paper, internal auditors should have a core role in five ERM-related assurance activities: giving assurance on risk management processes, giving assurance that risks are evaluated correctly, evaluating risk managementprocesses, evaluating the reporting of key risks, and reviewing the management of key risks.A recent IIA Research Foundation study examined the extent to which internal audit functions adhere to the ERM roles recommended in the IIA paper. During October 2005, researchers disseminated an online survey to 7,200 IIA members through The Institute's Global Auditing Information Network. The survey generated 361 responses from a mix of large, mid-sized, and small organizations in a variety of industries, including businesses, government agencies, and not for profit organizations. Nearly 60 percent of respondents identified themselves as a chief audit executive or audit director, 23 percent were audit managers, and 7.8 percent were staff or senior auditors. Approximately 90 percent were from the United States and Canada.Respondents' organizations are at different stages of implementing ERM, as defined by COSO. More than 11 percent say their organization's ERM infrastructure is mature or relatively mature, and 37 percent have recently adopted or are in the process of implementing ERM. Among all organizations surveyed, the internal audit function is primarily responsible for ERM-related activities in 36 percent of respondents' organizations, while 27 percent say the primary responsibility belongs to a chief risk officer (CRO) who is not part of the audit function. Nearly one-third of respondents say another executive or function oversees ERM..The hours and dollars internal audit functions spend on ERM-related activities are minimal for many respondents. Nearly half say their audit department spent 10 percent or less of its hourly and financial budgets on ERM-related activities during fiscal year 2004. More than one-third of audit departments spent II percent to 50 percent of their time on ERM, and 28 percent spent n percent to 50 percent of their financial budgets, while less than 10 percent of departments Spent more than 50 percent of their time and money.The IIA position paper categorizes 18 ERM-related activities according to the appropriate level of responsibility for the internal audit function. Survey respondents reported their current and ideal level of responsibility for these activities: no responsibility, limited responsibility, moderate responsibility, substantialresponsibility, and total responsibility.CORE ACTIVITIESDifferences between respondents' current and ideal responsibilities are greatest for the five core ERM assurance activities identified In the IIA paper. Respondents Indicated that their current responsibility for each of the core ERM related activities is moderate, but they say they should have a substantial level of responsibility. These views agree with the IIA guidance. Additionally, roughly half of internal audit functions surveyed currently have substantial or full responsibility for at least one core activity, and more than two-thirds say they should have till or substantial responsibility for at least one core activity.Within the core category, the audit function's two highest levels of current responsibility involve reviewing management of key risks and evaluating the risk management process. Evaluating the risk management process and giving assurance on risk management processes are the highest-rated ideal responsibilities. Conversely, giving assurance that risks are evaluated correctly is the lowest-rated current and ideal responsibility.The following respondent comments offer some insight into why audit departments are not currently involved in core ERM-related activities at the level they deem appropriate;"We have just recently begun implementing ERM activities in our company. We do not yet have complete understanding of the process and buy-in from management.""The audit committee and management are not aware of what ERM is.""The internal audit function has just initiated an awareness campaign among the audit committee members."These comments suggest that educating management and the audit committee on ERM issues can be critical to ensuring that the audit function takes on an appropriate level of responsibility for ERM.LEGITIMATE ACTIVITIESThe IIA paper prescribes seven legitimate ERM-related activities for which internal committee audit functions may be responsible as long as safeguards are inplace: facilitating the identification and evaluation of risks, coaching management in responding to risks, coordinating ERM-related activities, consolidating the reporting on risks, maintaining and developing the ERM framework, championing establishment of ERM, and developing risk management strategy for board approval. These activities are described as "consulting" activities. Although respondents' current responsibility for each of these legitimate activities ranges from limited to moderate, they say their ideal level should be moderate, which is consistent with the guidance.Within the legitimate category, the highest level of current internal audit responsibility involves facilitating the identification and evaluation of risks —the top-rated ERM-related activity, including core activities. This activity is also the highest-rated ideal activity among legitimate activities, suggesting that auditors consider it a core responsibility. This finding is not surprising. because risk detection and evaluation are traditional considerations in developing annual audit plans. The lowest-rated current and ideal activity is developing a risk management strategy for board approval, which is an activity that might best be handled by management.The IIA guidance cautions that when internal auditors undertake these legitimate consulting activities, safeguards should be in place to ensure that they do not take on management responsibility for actually managing risks. One possible preventive measure would include documenting the auditors' ERM responsibilities in an audit committee-approved audit charter. Further, if auditors take on any ERM-related activities that fall within this consulting role, they should treat these engagements as consulting engagements and apply the relevant IIA standards to help ensure their independence and objectivity.INAPPROPRIATE ACTIVITIESAccording to the IIA position paper. It is inappropriate for internal auditors to be responsible for six ERM-related activities: setting the risk appetite, imposing risk management processes, providing management assurance on risks, making decisions on risk responses, implementing risk responses on management's behalf, and having accountability for risk management. Overall, audit functions in the survey have greater responsibility for these activities than the IIA paper recommends. However,auditors say they should have some limited responsibility for the inappropriate activities.Within the inappropriate category, internal auditors' highest level of current and ideal responsibility is providing management assurance on risks, while their lowest level of responsibility is for setting the risk appetite. Respondents' comments suggest that auditors currently have greater responsibilities in these areas because the audit function is playing a leading role during the early stages of ERM development.ORGANIZATIONAL CHARACTERISTICSThe perceived current and ideal FRM roles for the internal audit function may vary across organizations, depending on the organization's industry, size, and audit department size, as well as the firm's need to comply with the U.S. Sarbanes-Oxley Act of 2002.INDUSTRY Respondents work in a variety of sectors, including financial services, manufacturing, transportation, communications, utilities, health care, retail and wholesale, government, and education. Researchers compared responses from the two largest industry groups: financial services and manufacturing. On average, financial service industry audit departments have greater current responsibility for core activities than those from manufacturing. With respect to inappropriate activities, manufacturing audit departments tend to say their ideal involvement should be higher than their current responsibility, while financial service industry audit departments rate their current and ideal responsibilities at the same level.ORGANIZATION SIZE Approximately half of respondents work in organizations that had 2004 revenues between US $500 million and US $5 billion. Nearly 25 percent of respondents work in organizations that had revenues under US $500 million in 2004, while a similar number of respondents work in organizations that had more than US $5 billion in revenue that year. Researchers compared responses from organizations with revenues of less than US $1 billion with organizations with revenues greater than US $1 billion. On average, auditors from both types of organizations have relatively equal levels of responsibility for current core activities. However, smaller organizations rated their ideal involvement for thesecore activities higher than large organizations. Smaller organizations have a slightly higher current level of responsibility for inappropriate activities than larger organizations and say their ideal involvement in these areas should be higher.AUDIT STAFF SIZE More than half of respondents work in audit departments with 10 or fewer auditors, slightly more than one-quarter work in departments with between 11 and 50 auditors, and approximately one-tenth of respondents work in departments with more than 50 auditors. Internal audit functions with more than 10 auditors currently have somewhat more responsibility for core activities than audit departments with 10 or fewer auditors. Both large and small audit functions have roughly equal levels of responsibility for all other ERM-related activities. However, unlike large audit organizations, respondents from small audit departments want to have more responsibility for activities in the inappropriate category.SARBANES-OXLEY Most respondents' organizations are required to comply with Sarbanes-Oxley Section 404. Researchers found few differences between those organizations and respondents from organizations that do not have to comply with the act. The primary difference related to core activities, where compliers report a higher level of current responsibility than non-compliers.Although the IIA guidance is equally applicable to all organizations, the research indicates that smaller internal audit departments and those from smaller organizations tend to take on ERM responsibilities that would be more appropriate for management. In these cases, internal auditing should work to develop an ERM implementation and maintenance plan that includes a stratcgy and timeline for migrating responsibilities for these activities to managementTHE AUDITOR'S ROLEAlthough the survey results suggest that the current levels of responsibility audit departments have may differ somewhat from that levels recommended by The IIA'S position paper, the respondents' comments offer some evidence that auditors understand the underlying concepts of the guidance:"There needs to be a shift in the 'doing' of the ERM to being an internal audit function that relies on and evaluates the ERM process. ERM should be in sync withthe audit universe and plan,""In the past i8 months, the corporation has appointed a CRO to provide oversight and guidance to evolving ERM processes. During this period, much of internal auditing's previous ERM roles have migrated to this officer." More importantly, respondents identified significant barriers in their organizations to following the guidance:"These ERM responsibilities and processes are not well defined in many organizations and should be more clearly articulated by senior management."'There is not enough emphasis from the top that risk management is important and must be done effectively. Management is still trying to hide things from internal auditing. It's not them against us, we're all in it together.""Most auditors and enterprise managers lack clarity on the distinction between responsibility for risk assurance implementation versus responsibility for risk assurance compliance and monitoring."These comments stress that a key element to establishing a successful ERM program is education on the importance of ERM and the appropriate roles management and internal auditing have in the process. Internal auditors can play a key role in providing this education. The audit department, management, hoard of directors, and audit committee need to be clear about which ERM related activities internal auditors should perform and which activities should always be performed by management. Relevant training should highlight that internal auditing could serve in a monitoring or consulting role throughout much of the ERM process, but the formal decision-making authority must reside with management if the audit department is to maintain its independence and objectivity.Auditors should take steps to ensure that the board and audit committee are aware of the COSO ERM framework and are actively engaged in overseeing the ERM process. Additionally, auditors should consider training senior management, the board, and others throughout their organization on COSO ERM and related guidance.Responses to the survey provide useful insights into additional steps that the internal audit profession should take. Auditors whose organizations are in the earlystages of adopting ERM or will be implementing ERM in the future have many opportunities to ensure that the process is effective and efficient. For example, audit departments that currendy perform ERM-related activities that should be management's responsibility can take proactive steps to open up the lines of communication between internal auditing and management, the board and audit committee, and external auditors about the risks of this situation. Such communication should encourage management to take on appropriate ERM responsibilities. One approach audit departments could take is to develop a business plan describing how management can assume responsibility for ERM related activities for which they should be accountable. However, internal auditors should recognize that completing this plan and convincing management to accept these ERM responsibilities might not occur quickly.With appropriate planning, communication, and education, internal auditors, management, the board, and external auditors should be ready to work together to achieve the many benefits of ERM. Ideally, this coordination will result in performing ERM-related activities at appropriate places within the organization, management accepting its responsibility for ERM, and that audit function playing a role that is consistent with appropriate professional guidance.译文：内部审计在企业风险管理中的作用新的研究发现：随着企业以组织风险为基础，许多审计人员对管理层采取职责监督措施。

A Clear Look at Internal Controls: Theory and ConceptsHammed Arad (Philae)Department of accounting, Islamic Azad University, Hamadan, IranBarak Jamshedy-NavidFaculty Member of Islamic Azad University, Kerman-shah, IranAbstract: internal control is an accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error. Internal Control is a major part of managing an organization. It comprises the plans, methods, and procedures used to meet missions, goals, and objectives and, in doing so, support performance-based management. Internal Control which is equal with management control helps managers achieve desired results through effective stewardship of resources. Internal controls should reduce the risks associated with undetected errors or irregularities, but designing and establishing effective internal controls is not a simple task and cannot be accomplished through a short set of quick fixes. In this paper the concepts of internal controls and different aspects of internal controls are discussed. Keywords: Internal Control, management controls, Control Environment, Control Activities, Monitoring1. IntroductionThe necessity of control in new variable business environment is not latent for any person and management as a response factor for stockholders and another should implement a great control over his/her organization. Control is the activity of managing or exerting control over something. he emergence and development of systematic thoughts in recent decade required a new attention to business resource and control over this wealth. One of the hot topic a bout controls over business resource is analyzing the cost-benefit of each control.Internal Controls serve as the first line of defense in safeguarding assets and preventing and detecting errors and fraud. We can say Internal control is a whole system of controls financial and otherwise, established by the management for the smooth running of business; it includes internal cheek, internal audit and other forms of controls.COSO describe Internal Control as follow. Internal controls are the methods employed to help ensure the achievement of an objective. In accounting and organizational theory, Internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks). At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations. At the specific transaction level, internal control refers to the actions taken to achieve a specific objective (e.g., how to ensure the organization's payments to third parties are for valid services rendered.) Internal controlprocedures reduce process variation, leading to more predictable outcomes. Internal controls within business entities are called also business controls. They are tools used by manager's everyday.* Writing procedures to encourage compliance, locking your office to discourage theft, and reviewing your monthly statement of account to verify transactions are common internal controls employed to achieve specific objectives.All managers use internal controls to help assure that their units operate according to plan, and the methods they use--policies, procedures, organizational design, and physical barriers-constitute. Internal control is a combination of the following：1. Financial controls, and2. Other controlsAccording to the institute of chartered accountants of India internal control is the plan of organization and all the methods and procedures adopted by the management of an entity to assist in achieving management objective of ensuring as far as possible the orderly and efficient conduct of its business including adherence to management policies, the safe guarding of assets prevention and detection of frauds and error the accuracy and completeness of the accounting records and timely preparation of reliable financial information, the system of internal control extends beyond those matters which relate to the function of accounting system. In other words internal control system of controls lay down by the management for the smooth running of the business for the accomplishment of its objects. These controls can be divided in two parts i.e. financial control and other controls.Financial controls:- Controls for recording accounting transactions properly.- Controls for proper safe guarding company assets like cash stock bank debtor etc- Early detection and prevention of errors and frauds.- Properly and timely preparation of financial records I e balance sheet and profit and loss account.- To maximize profit and minimize cost.Other controls: Other controls include the following:Quality controls.Control over raw materials.Control over finished products.Marketing control, etc6. Parties responsible for and affected by internal controlWhile all of an organization's people are an integral part of internal control, certain parties merit special mention. These include management, the board of directors (including the audit commit tee), internal auditors, and external auditors.The primary responsibility for the development and maintenance of internal control rests with an organization's management. With increased significance placed on the control environment, the focus of internal control has changed from policies and procedures to an overriding philosophy and operating style within the organization. Emphasis on these intangible aspects highlights the importance of top management's involvement in the internal control system. If internal control is not a priority for management, then it will not be one for people within the organization either.As an indication of management's responsibility, top management at a publicly owned organization will include in the organization's annual financial report to the shareholders a statement indicating that management has established a system of internal control that management believes is effective. The statement may also provide specific details about the organization's internal control system.Internal control must be evaluated in order to provide management with some assurance regarding its effectiveness. Internal control evaluation involves everything management does to control the organization in the effort to achieve its objectives. Internal control would be judged as effective if its components are present and function effectively for operations, financial reporting, and compliance. he boards of directors and its audit committee have responsibility for making sure the internal control system within the organization is adequate. This responsibility includes determining the extent to which internal controls are evaluated. Two parties involved in the evaluation of internal control are the organization's internal auditors and their external auditors.Internal auditors' responsibilities typically include ensuring the adequacy of the system of internal control, the reliability of data, and the efficient use of the organization's resources. Internal auditors identify control problems and develop solutions for improving and strengthening internal controls. Internal auditors are concerned with the entire range of an organization's internal controls, including operational, financial, and compliance controls.Internal control will also be evaluated by the external auditors. External auditors assess the effectiveness of internal control within an organization to plan the financial statement audit. In contrast to internal auditors, external auditors focus primarily on controls that affect financial reporting. External auditors have a responsibility to report internal control weaknesses (as well as reportable conditions about internal control) to the audit committee of the board of directors.8. Limitations of an Entity's Internal ControlInternal control, no matter how well designed and operated, can provide only reasonable assurance of achieving an entity's control objectives. The likelihood of achievement is affected by limitations inherent to internal control. These include the realities that human judgment in decision-making can be faulty and that breakdowns in internal control can occur because of human failures such as simple errors or mistakes. For example, errors may occur in designing,Maintaining, or monitoring automated controls. If an entity’s IT personnel do not completely understand how an order entry system processes sales transactions, they may erroneously design changes to the system to process sales for a new line of products. On the other hand, such changes may be correctly designed but misunderstood by individuals who translate the design into program code. Errors also may occur in the use of information produced by IT. For example, automated controls may be designed to report transactions over a specified dollar limit for management review, but individuals responsible for conducting the review may not understand the purpose of such reports and, accordingly, may fail to review them or investigate unusual items.Additionally, controls, whether manual or automated, can be circumvented by the collusion of two or more people or inappropriate management override of internal control. For example, management may enter into side agreements with customers that alter the terms and conditions of the entity’s standard sales con tract in ways that would preclude revenuerecognition. Also, edit routines in a software program that are designed to identify and report transactions that exceed specified credit limits may be overridden or disabled.Internal control is influenced by the quantitative and qualitative estimates and judgments made by management in evaluating the cost-benefit relationship of an entity’s internal control. The cost of an entity's internal control should not exceed the benefits that are expected to be derived. Although the cost-benefit relationship is a primary criterion that should be considered in designing internal control, the precise measurement of costs and benefits usually is not possible.Custom, culture, and the corporate governance system may inhibit fraud, but they are not absolute deterrents. An effective control environment, too, may help reduce the risk of fraud. For example, an effective board of directors, audit committee, and internal audit function may constrain improper conduct by management. Alternatively, the control environment may reduce the effectiveness of other components. For example, when the nature of management incentives increases the risk of material misstatement of financial statements, the effectiveness of control activities may be reduced.9. Balancing Risk and ControlRisk is the probability that an event or action will adversely affect the organization. The primary categories of risk are errors, omissions, delay and fraud In order to achieve goals and objectives, management needs to effectively balance risks and controls. Therefore, control procedures need to be developed so that they decrease risk to a level where management can accept the exposure to that risk. By performing this balancing act "reasonable assurance” can be attained. As it relates to financial and compliance goals, being out of balance can causebe proactive, value-added, and cost-effective and address exposure to risk.11. ConclusionThe concept of internal control and its aspects in any organization is so important, therefore understanding the components and standards of internal controls should be attend by management. Internal Control is a major part of managing an organization. Internal control is an accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error. According to custom definition, Internal Control is a process affected by an entity's board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories namely. The major factors of internal control are Control environment, Risk assessment, Control activities, Information and communication, Monitoring. This article reviews the main standards and principles of internal control and described the relevant concepts of internal control for all type of company.内部控制透视：理论与概念哈米德阿拉德（Philae）会计系，伊斯兰阿扎德大学，哈马丹，伊朗巴克Joshed -纳维德哈尼学院会员伊斯兰阿扎德大学，克尔曼伊朗国王，伊朗摘要：内部控制是会计程序或控制系统，旨在促进效率或保证一个执行政策或保护资产或避免欺诈和错误。

内部控制英文文献翻译及参考文献-英语论文内部控制英文文献翻译及参考文献目录摘要 (1)1 选题背景 (2)2内部控制理论的概述 (3)2.1 内部控制的根本性质 (3)2.2内部控制的责任 (3)3 确保内部控制的充分性 (5)4 先天的内部控制 (9)5 结论 (11)Abstract (12)1 Background Topics (13)2 Internal control theory outlined (15)2.1 The Fundamental Nature Of Intaral Control (15)2.2 Responsibillty For Internal Control (15)3 Ensuring that the internal control adequacy (17)4 Inherent limitations of internal control (22)5 Conclusion (25)参考文献[1] 陈继云.COSO报告与内部控制研究[M].上海：上海会计.2002.06.[2] 陈敏圭.论改进企业报告一美国注册会计师协会财务报告特别委员会综合报告[M].北京：中国财政经济出版社.1997.[3] 楼德华，傅黎瑛.中小企业内部控制[M].上海：上海三联书店，2005.[4] 李亚.民营企业公司治理[M].北京：机械工业出版社.2006.[5] 张厚义，候光明，明立志，梁传运.中国私营企业发展报告[M].北京：社会科学文献出版社. 2005.[6] 娆贤涛，王连娟.中国家族企业现状、问题与对策[M].北京：企业管理出版社.2005.[7] Committee of Sponsoring Organizations of the Tready Commission(COSO)[D].Enterprise RiskManagement Framework.2003.[8] 陈冠任.中国私营企业如何做大做强做优[M].北京：北京工业大学出版社.2003.[9] 中国(海南)改革发展研究院.中小企业发展—挑战与对策[M].北京：中国经济出版社.2005.[10] 欧江波，唐碧海，邓晓蕾，江彩霞，雷宣云，张赛飞.促进我国中小企业发展政策研究[M].广州：中山大学出版.2002.[11] 李国盛.内部控制的现状、成因、对策及建议[J].北京：《四川会计》第2001第2期.[12] 徐根兴，陈勇鸣.民营企业加速发展期的运行方式[M].北京：中共中央党校出版社.2005.[13] 杨加陆，范军，方青云，袁蔚，孙慧.中小企业管理[M].上海：复旦大学出版社.2004.[14] Committee on the Financial Aspects of Corporate Governance [M].The Financial Aspects of Corporate Governance， Gee Co.Ltd， London..[15] 李华刚.民营企业为何难长大[M].北京：民族与建设出版社.2004.[16] 张丽.W公司内部控制评估与设计[D].《中国优秀博硕士学位论文全文数据库》.2005年5月.[17] KPMG: Sarbanes_ Oxley section 404.management of internal control and the proposed auditing standards[S] .2002.[18] Foh，Noreen.Control Self-Assessment.A New Approach to Auditing，Ives Business Journal[J].Sep/Oct 2000.[19] 马云涛.ＸＸ民营高科技内部控制体系研究[D].［西北土业大学硕士学位论文］西安西北土业大学.2005－09.[20] 熊筱燕，罗建云，王殿龙.会计控制论[M].北京：新华出版社.2002. 1263内部控制英文文献翻译及参考文献摘要内部控制这个概念已经不是一个新概念。

本科毕业论文外文文献及译文文献、资料题目：Problems and Countermeasures on CorporateInternal Audit in China文献、资料来源：Asian Social Science文献、资料发表日期：2011.01院（部）：商学院专业：会计学班级：会计XX姓名：XXX学号：2008XXXXX指导教师：XXX翻译日期：2012.5.27外文文献：Problems and Countermeasures on Corporate Internal Audit inChinaRefers to internal control by the enterprise's board of directors, management and other personnel to impact on the following goals to provide reasonable assurance that the process of:1. The reliability of financial reporting;2. The effectiveness and efficiency of operation;3. Compliance with laws and regulations related to the situationThe definition of internal control highlighted internal control is a process, that is, a means to an end and not an end in itself. Internal control procedure is not only by policy regulations, the certificate forms and composition, but also by man-made factors. The definition of "reasonable assurance" concept, meaning that internal control in fact can not be goals for the organization to provide an absolute guarantee. Reasonable assurance that also means that the organization's internal control costs should not exceed the expected benefits received.Although the definition of internal control covers a wide range, but not all of the internal control measures associated with the audit of the financial statements. In general, audit-related and only the reliability of financial reporting and control measures, that is, those who report on the impact of external financial information prepared by control measures. However, if other control measures can affect the implementation of audit procedures auditors used by the reliability of data, these control measures may also be relevant. For example, auditors in the implementation of analytical procedures used by non-financial data (such as the production of statistical data) of the control measures associated with the audit.Internal control audit of internal control is a special form; this is an internal economic activities and management system of regulation, reasonable and effective independent rating agencies, in a sense to other internal controls to control. Internal audits in enterprises should maintain relative independence, should be independent of the other management departments, preferably by the Board or the Board under the leadership. OIA department is responsible for review of the internal control system of the implementation and results of the review board to the enterprise or the top management report to the authorities. Internal audit work more carefully, the sound internalcontrol system, the more internal controls to enhance the efficiency and reliability.Internal audit refers to an economic monitoring activity that sections or independent auditing organizations and persons inside enterprises, according to national laws, regulations and policies, apply special process and methods to audit the financial receipts and expenditures and economic activities of their own sections and enterprises, to find out their authenticity, legitimacy and validity, and to propose suggestions. The research on internal audit can promote the effectiveness and efficiency of internal audit, benefit effective running of corporate internal control system, improve the quality of accounting information, strengthen corporate internal management, increase business efficiency and effect, and ensure the security and integrity of corporate assets. Differently from western countries, China’s internal audit was established and developed under the Government’s help. However, compared to social audit and governmental audit, China’s internal audit obviously lags behind no matter on institution setup or on functional effect. Internal audit has developed for over two decades, but people still can’t be embedded inwardly, especially most of corporate directors, who think internal audit is dispensable, and has no direct relationship with corporate economic benefit. Some corporate directors consider internal audit restricts their self business rights and weakens their authority. Thus, they either do not set internal audit department, or deprive its rights even if it exists. The staffs in internal audit department are even excluded and isolated, and ca n’t play their roles as expected.With the development of market economy and embedded ness of reform, many new situations and problems have emerged continuously. However, China has no integrated internal audit laws yet so far. Present internal audit regu lation is “Audit Requirements for Internal Audit Work” which was issued in 1987 and can’t meet the requirement of current economic situation. China’s enterprises pay little attention to in ternal audit, and internal audit staff has a low quality of corporate, so it stays at low position inside enterprises. It is difficult to attract talents into internal audit team. Therefore, renewal of the team can’t be accomplish ed, which results in single knowledge structure of audit staff, especially lack of risk management knowledge and information technology knowledge.Firstly, they are lack of cultural knowledge, theoretical level and professional technique. At present, most of internal audit staffs change their profession from financial department or other departments, so their scarcity of knowledge disenable them get competent in internal audit work.Secondly, there are few full-time employees, but many part-time ones. The problems also represent as: lack of further education, unreasonable knowledge structure, shortage of systematic audit specialization knowledge and skill learning, poor mastery of modern audit means, vacancy of EDP internal audit and network information internal audit. Lastly, individual audit staffs are lack of professional ethics, influenced by unhealthy social ethos. They behave irregularly on audit and their audit style is not solid as well, which ruins their authority and image.China’s internal aud it staffs come form internal enterprises, who are guided directly by their own enterprises, so they hardly show the authority of internal audit.Being a significant characteristic, authority is as important as independence. As internal audit is lack of authority it should have had, it is hard to play monitoring roles.Modern enterprise system requires internal audit make pre-, interim, and post-monitor and evaluate. As internal audit exists inside audited organizations, its functions should be more inclined to pre-audit and interim auditing with increasing economic benefit as a target, and emphasize on accomplishing managerial functions.China’s audit means is sti ll manual audit, which greatly restricts the efficiency of internal audit monitoring. As for audit procedure, auditing risks increase due to incomplete consideration on audit scheme, imperfect audit evidence, non-detailed audit work division, non-standard operation of audit staffs, and so on.We need to make good use of efficient and effective internal audit, neither only depending on individual enterprise nor social restriction, but all efforts from the state, society and enterprises. Definitely speaking, we propose the following countermeasures.“No rules, no standards.” China is la ck of special laws and regulations on internal audit, which is the key reason why internal audit ca n’t guarantee its desired effect. Therefore, we suggest the government to fully study current economic trend on internal audit and issue feasible laws and regulations on internal audit in order to legally guarantee the necessity, work scope, authority and practice regulation of internal audit.According to the above discussion, the shortage of independence and authority is the key factor that internal audit can’t play its roles. However, if internal audit is charged by relevant staffs of audited organizations, and guided by the management of that as well, internal audit, in any case,can’t guarantee its independence and authority. If the government can qualify internal audit staffs, systematically manage qualified staffs, appoint them according to corporate practical needs, assess and monitor them and distribute salary to them by the government, and implement regular turn, the independence and authority of internal audit will be greatly promoted, at the same time, the quality of the staffs also will enormously increase.It is not enough for the state and society to regulate and define internal audit functions only. Corporate managers should change their minds, and make clear that internal audit staffs are friends but not enemies and more functions of internal audit are strengthening corporate management, therefore, they are the important force and specialists of corporate management. Only in this way, can managers play roles of internal audit forwardly, cooperate with internal audit staffs positively, eliminate interference mood, and strengthen internal audit work voluntarily.Internal audit should tra nsform from “monitoring dominant” to “service dominant”, strengthen service function, highlight the “introversion” of internal audit, base on the requirem ents of corporate management, and ensure the business target of corporate optimal value. Along with increasingly strengthening corporate internal control, gradual improvement of corporate governance structure, and continuous promotion of accounting information quality, regular audit target or beneficial audit target will be promoted to be main audit target, meanwhile, the focus of internal audit work will transfer as well. In the case of good opportunity, corporate internal audit should be adjusted on its working emphasis correspondingly. And working field also needs to be changed from financial audit to managerial audit. On the basis of effective development or proper ap pointment of external section’s engaging in financial au dit, internal audit department should focus on internal control audit, managerial (operative) audit, economic responsibility audit, contract (agreement) audit, engineering audit, environment internal audit, quality control audit, risks management audit, strategy management audit and management fraud audit.The so-called internal control, the means by the enterprises board of directors, managers and other staff implementation, in order to ensure the reliability of financial reporting, operating efficiency and effectiveness of existing laws and regulations to follow, and so provide reasonable assurance that the purpose of the course. Internal controls related to enterprise production and management of the control environment, risk assessment, supervision and decision-making,information and transfer and self-examination, from a business perspective on the whole in all aspects of production. Their effective implementation will undoubtedly promote enterprise production and management to a new level, to promote the rationalization of business processes and standardization.The construction of the internal control system and effective operation of enterprises depends on good corporate governance structure. Modern enterprise ownership and management rights of separation, on the objective need for a standardized corporate governance, strengthen internal controls to protect the owners, operators, creditors and other legitimate rights and interests. However, the current situation, most of the state-owned enterprise restructuring, although the formal establishment of the corporate governance structure, but since property rights are clear, investors are deficient, did not form an effective internal checks and balances of power, coupled with the inherent internal control Limitations, resulting in weakening the intensity of internal control.中文译文：中国企业内部审计存在的问题及对策内部控制是指受到企业的董事会、管理层和其他人员影响的，旨在对下列目标的实现提供合理保证的过程：1．财务报告的可靠性；2．经营效果和效率；3．遵守相关法律和法规的情况内部控制的定义强调了内部控制是一个程序，即达到目的的手段，而且其本身并不是目的。

外文翻译原文Audits of Internal ControlMaterial Source:/cpajournal/2005/505/essentials/p22.htmAuthor: Jack W. PaulMAY 2005 - The Sarbanes-Oxley Act of 2002 requires public accounting firms that audit public companies to register with the Public Company Accounting Oversight Board (PCAOB) and to adhere to professional standards established by the board for audits of public companies. The PCAOB’s pronouncement, Auditing Standard 2, An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements, requires auditors to issue an opinion on the effectiveness of their public company clients’ internal control.On June 5, 2003, the SEC issued Release 33-8238 to implement section 404(a) of the Sarbanes-Oxley Act (SOA), which requires management to include in the annual report to shareholders its assessment of the effectiveness of internal control. The company’s external auditors must attest to and report on management’s assessment for fiscal years beginning on or after January 15, 2006, for accelerated filers, and on or after July 15, 2006, for no accelerated filers. Standard 2 imposes many new responsibilities on public companies’ auditors and, by extension, on the public companies themselves. In it over 200 pages, Standard 2 delineates the PCAOB’s expectations for an internal control audit.Auditor’s responsibilities. Standard 2 requires the auditor to do the following: •Understand and evaluate management’s process for assessing the effectiveness of the company’s internal control over financial reporting.•Plan and conduct an audit of the company’s internal control.•Based on this audit, provide an opinion on management’s written assessment about the effectiveness of the company’s internal control.This opinion incorporates the auditor’s opinion on the effectiveness of the company’s internal control over financial reporting.These responsibilities augment those required for the financial statement audit. Included EntitiesIn general, the scope of the audit of internal control includes all entities over which management has the ability to affect internal control:•Entities acquired on or before the date of management’s assessment as of the end of the fiscal year, including consolidated entities or those proportionately consolidated; and•Those accounted for as discontinued operations at the end of the fiscal year.In some situations, such as when management does not have the ability to affect the controls of an equity method investee, the auditor’s s cope includes only the controls related to the investor’s financial reporting of its interest in the investee, rather than the controls in place at the investee. The applicable controls are those designed to ensure proper application of the equity method in reporting the company’s proportion of investee income or loss, the investment balance, adjustments, and disclosures. Variable interest entities (VIE), defined in FASB Interpretation 46, are treated in a similar fashion when management is not the primary beneficiary and does not consolidate the VIE. Importantly, the auditor must evaluate the reasonableness of management’s claims regarding its inability to affect controls at such entities.Whereas design effectiveness pertains to whether a control is properly crafted, operating effectiveness deals with use of a properly designed control to prevent, detect, or correct misstatements or irregularities on a timely basis. For example, a daily reconciliation of cash receipts is not effectively designed when the cashier performs the reconciliation. But if an independent person is designated to perform the reconciliation and the other procedures are properly documented, the control is effectively designed. The control is not operating effectively when the independent reconciler either fails to perform the reconciliation daily or does so in a perfunctory manner. Design effectiveness of this control could be tested by reviewing documentation to ensure that the procedures are satisfactory. Operating effectiveness could b e tested by examining the reconciler’s initials on the daily reconciliation sheet.A striking difference between a financial statement and an internal control audit relates to the opportunity to correct deficiencies. Whereas a company can correct material misstatements detected during a financial statement audit by accepting the auditor’s proposed adjustments, if the auditor detects a material control weakness, itmay not be possible to fix it in time. Because the auditor’s opinion is “as of” the balance sheet date, the auditor must issue an adverse opinion on internal control when material weaknesses exist, even when the company receives an unqualified opinion on the financial statements.Take as a whole. The auditor exercises judgment to ascertain those accounts considered “significant” or more than material. The auditor also considers qualitative characteristics. For example, investment balances not material to the overall financial statements may obscure the true nature of the relationship, especially when the investment is in partially consolidated entities or involves debt guarantees. And certain accounts that are liquid or incorporate significant estimates are riskier than others. Examples include cash, marketable securities, and warranty liabilities.Point in time. Internal control procedures can relate to either transaction flows or account balances, sometimes referred to as “stocks.” Examples of controls relating to transaction flows include approving cash disbursements; prelisting cash receipts; approving credit sales; and matching purchase orders, vendor invoices, and receiving reports when booking accounts payable. Controls over balances (stocks) include periodic reconciliation of bank accounts; reconciliation of subsidiary ledgers with control accounts; procedures for physical inventory counts; and controls governing the periodic preparation of financial statements. Overarching controls include the factors comprising the control environment. Overarching controls and those pertaining to flows operate continuously throughout the fiscal period; controls relating to balances typically operate less frequently. Thus bank accounts are reconciled monthly, whereas controls over cash flows are continuous.Timing considerations. Controls must operate for a long enough period, which need not be an entire fiscal year, to provide sufficient confidence in the auditor’s control tests. Accordingly, the auditor must make several observations of controls that operate only at a point in time. Controls that operate infrequently should be tested closer to the “as of” date. These include controls over: the periodic preparation of financial statements; individual account balances; and no routine transactions. Consider a calendar-year company that begins the procedure of reconciling the accounts-receivable subsidiary ledger to the control account only at the end of December. The auditor might conclude that one observation is not sufficient to evaluate this control’s operating effectiveness.These considerations suggest that an unqualified opinion on internal control should state: “The controls were effective for a sufficient period of time during the fiscal year to be able to support the conclusion that they were still effective at the end of the period.” Nevertheless, Standard 2 calls for expressing an opinion as of a point in time, the end of the fiscal year.PCAOB Standard 2 requires the auditor to obtain evidence of the effectiveness of controls pertaining to all relevant assertions for all significant accounts each year; each year must stand on its own. It also calls for the auditor to vary the nature, extent, and timing of testing from year to year to introduce unpredictability and to respond to changing circumstances. Examples of variations include changing the number of tests performed and adjusting the combination of testing procedures.Audit ReportsStandard 2 specifies the content of the report on internal control. Auditors should be aware of several factors:•An auditor may provide either separate or combined reports on the financial statements and internal control.•Whereas the opinion on the financial statements typically addresses multiple periods, the opinion on internal control covers only the most recent fiscal year.•When an auditor issues separate reports, the annual report must contain both.•The reports should have the same date, normally the last day of fieldwork.•An auditor’s report on management’s assessment of internal control over financial reporting includes an opinion on the company’s internal control.When the auditor issues an unqualified opinion on the financial statements but an adverse opinion on internal control, due to one or more material weaknesses, the report should indicate that the conduct of the financial statement audit took those material weaknesses into account. This information helps readers of the financial statements understand why the auditor gave an unqualified opinion on the financial statements. The auditor should include similar language when the adverse opinion on internal control affects the opinion on the financial statements.Most Likely Reasons for Opinion ModificationsAs a practical matter, opinion modifications are likely to arise from three circumstances:•Material misstatements detected by the auditor were not identified by the company. This situation could result in an adverse opinion.•Inadequate documentation. This situation is a control deficiency that may constitute a material weakness if extensive. In this case, the auditor renders an adverse opinion.•Inadequate management assessment creates a scope limitation requiring a disclaimer, a qualified opinion on internal control, or withdrawal from the engagement.Because it requires the auditor to go well beyond the review and evaluation of controls that was the norm for reporting on financial statements, Standard 2 promises to fundamentally alter the control systems in public companies and auditors’ assessment of them, thereby providing additional assurance to u sers.译文内部控制审计资料来源:http:// /cpajournal/2005/505/essentials/p22.htm作者：杰克·保罗2005年5月的萨班斯-奥克斯利法案, PCAOB发布了其第2号审计标准：“与财务报表审计相关的针对财务报告的内部控制的审计”，该标准关注对财务报告的内部控制的审计工作，以及这项工作与财务报表审计的关系问题。

文献出处:Lakis V, Giriūnas L. THE CONCEPT OF INTERNAL CONTROL SYSTEM: THEORETICAL ASPECT[J]. Ekonomika/Economics, 2012, 91(2).原文THE CONCEPT OF INTERNALCONTROLSYSTEM:THEORETICALASPECTVaclovas Lakis, Lukas Giriūnas*Vilnius University, LithuaniaIntroductionOne of the basic instruments of enterprise control, whose implementation in modern economic conditions provide conditions for achieving a competitive advantage over other enterprises is the creation of an effective internal control system. In the industry sector, the market is constantly changing, and this requires changing the attitude to internal control from treating it only in the financial aspect to the management of the control process. Internal control as such becomes an instrument and means of risk control, which helps the enterprise to achieve its goals and to perform its tasks. Only an effective internal control in the enterprise is able to help objectively assessing the potential development and tendencies of enterprise performance and thus to detect and eliminate the threats and risks in due time as well as to maintain a particular fixed level of risk and to provide for its reasonablesecurity .The increasing variety of concepts of internal control systems requires their detailed analysis. A detailed analysis of the conceptions might help find the main reasons for their increasing number. It may also help to elaborate a structural scheme of the generalized concept of internal control. Consequently, it may help decrease the number of mistakes and frauds in enterprises and to offer the precautionary means that might help to avoid mistakes and build an effective internal control system.The purpose of the study: to compile the definition of the concept of internal control system and to elaborate the structural scheme of the generalized conception for Lithuanian industrial enterprises.The object of the research: internal control.To achieve the aim, the following tasks were carried out:to examine the definitions of internal control;•to design a flowchart for the existing definitions of internal control;•to formulate a new internal control system definition;•to identify the place of the internal control system in a company’s objectives and • its management activities.Study methods: for the analysis of the conceptions of control, internal control, the concept of internal control system, systematic and comparative means of scietific methods of analysis were used.1. Research of control conceptionAccording to J. Walsh, J. Seward (1990), H. K. Chung, H. Lee Chong, H. K.Jung (1997), control may be divided into two types – internal and external controls those might help to equalize authority or concerned party‘s attitudes to some certain organization control. Internal control involves the supreme enterprise control apparatus and enterprise shareholders, whereas external control might be defined as the power in the market or branch, competitive environment or state business regulation. Such analytical division is essential when analysing industrial or other enterprises, because this attitude to control makes it more specific and properly defined.The identification of an appropriate primary theoretical base is an important task in forming the structure of knowledge about the study subject. Appropriately selected conceptions enable to elucidate the essence of the processes, to characterize them and to realize their interplays and interaction principles. Conceptions may be defined as a summation of empirical cognition which transforms practically achieved results into conceptions. The above ideas might be taken as abstractions and lead to an ungrounded conclusion, and through conceptions the reality might be lost. Operating with more than one conceptions allows to form a universal opinion about the reality. Noteworthy, when operating with conceptions an optimal agreement might be found between theory and practice: using the common point of contact –conceptions –a theorist and a practician will always find the way and understand one another.The main problem of internal control is related to the definition of control conception and the identification of the place of internal control in an organization. Constant changes of the extent, functions and roles of internal control enable to form acommon definition of internal control and to identify its place in an organization.Analysis of the concept of internal control and its interpretation are essential for assessing the internal control system, because the conception of control is widely used not only in scientific research, but also in the daily activities of an enterprise; therefore the same conception might have a lot of various meanings and interpretations. Analysis of the concept provides conditions for the further research, because it is impossible to form a model of internal control assessment if the research object is unknown. A lot of definitions and variations of control can be found in the publications by Lithuanian and foreign scientists and in public information sources. For example, in the Dictionary of International Words (2002), control is defined as: supervision, inspection of something; comparison of actual and required • conditions;an enterprise or a group of people that control the work and responsibility of other • enterprises or group s of people;maintenance of something.•On the other hand, in the specialized Dictionary of Economic Terms (2005), control is defined as a performance with a definite influence on the management of an enterprise, as rights based on laws and contracts that involve proprietary rights to the whole property or its part, or any other rights that enable to exert a significant influence on the management and performance of an enterprise, or state supervision. Even in common information sources the definitions of control are formulated differently, although the common meaning is quite similar. Analysis and practicalstudies of Lithuanian scientists’ works enable to state that there is no one solid concept, definition or description of control. For example, E. Bušk evičiūtė (2008) says that when control is more particularly defined, its rules and requirements are described in more detail, it becomes more effective, more specific, more psychologically suggestive, it gives more freedom limits of choice for supervisors and less possibilities of lawlessness for people under control when. Identifying the object of the research, it should be noted that different definitions of control are given in scientific studies by Sakalas, 2000; Navickas, 2011; Katkus, 1997; Buškevičiūtė, 2008; Drury, 2012; Bičiulaitis, 2001; Lee Summers, 1991; Patrick, Fardo, 2009; Spencer, Pickett, 2010; Gupta, 2010 and other Lithuanian and foreign scientists (see Fig. 1).The different conceptions and their interpretations indicate that there is no solid opinion about how to define control, and even scientists and practicians themselves do not agree upon a unified definition or description of control or the conception of internal control and its interpretations. In scientific literature, different interpretations of control conceptions are usually related to different aspects of this conception, and their meaning in different situations may be defined in different ways depending on the situation and other external factors. According to A. Katkus (1997), C. Drury (2009), R. Bičiulaitis (2001), D. R. Patrick, S. W. Fardo (2009), K. H. S. Pickett (2010), during a long-term period control is usually related to achieving the already settled goals, their improvement and insurance. In other information sources (D ictionary of International Words, 2002; Sakalas, 2000; Buškevičiūtė, 2008; Lee Summers, 1991) control is emphasized as a certain means of inspection whichprovides a possibility to regulate the planned and actual states and their performance. Despite these different opinions, control might be reasoned and revealed as a traditional function of any object of control, emphasized as one of the main self-defence means from the possible threats in the daily performance of an organization. There is also a more modern approach. For example, V. Navickas (2011) and P. Gupta (2010), presenting the concept of control, name it not only as one of the main factors that influence the organization’s performance and influences its management, but also as one of the assessment means of the taken decisions and achieved values. Such interpretation of the conception of control shows the main role of control. For example, R. Kanapickienė (2008) has analysed a big number of control definitions and says that only an effective and useful control should exist in an enterprise because each enterprise tries to implement its purposes and avoid the possible losses, i.e. mistakes and frauds. According to J.A. Pfister (2009), there are several types of control, and they can be grouped into strategic, management, and internal control. Thus, different researchers give different definitions of control, their descriptions have different goals, but different control definitions lead to numerous variations in the analysis of the conception of control. Thus, to create an effective control, the presence of its unified concept becomes a necessity and the basis for ensuring an effective control of the organization’s performance. The existence of different conceptions of control also indicates that there might be different types or kinds of control.2. The conception of internal controlHistorical development of internal control as individual enterprise system is not as broad as other management spheres in science directions. The definition of internal control was presented for the first time in 1949 by the American Institute of Certificated Accountants (AICPA). It defined internal control as a plan and other coordinated means and ways by the enterprise to keep safe its assets, check the covertness and reliability of data, to increase its effectiveness and to ensure the settled management politics. However, the presented definition of control concept has been constantly improved, and nowadays there is quite an extensive set of conceptions that indicates the system of internal control as one of the means of leadership to ensure safety of enterprise assets and its regular development. In 1992, the COSOmodel appeared; its analysis distinguished the concepts of risk and internal control. Nnow, the concept of internal control involved not only accounting mistakes and implementing means of their prevention, but also a modern attitude that might identify the spheres of control management and processes, and also a motivated development of their detailed analysis. The Worldwide known collapses of such companies as Enron, Worldcom, Ahold, Parmalat and others determined to issue in 2002 the Law of Sarbanes–Oxley in the USA, in which attention is focused on the effectiveness of the enterprise internal control system and its assessment. Such a significant law as that of Sarbanes–Oxley has dearly show that not only the internal control system must be concretized and clearly defined, but also the means of implementing the internal control system and assessing their effectiveness must be covered. The concept of internal control was further improved by such Lithuanian and foreign scientists as A.Сонин (2000), D. Robertson (1993), M.R. Simmons (1995), I. Toliatienė (2002), V. Lakis (2007), R. Bičiulaitis (2001), J. Mackevičius (2001) and the international scientific organizations COSO, INTOSAI, CICA, IT Governance Institute.A comparative analysis of the introduced concepts of internal control shows that the usage of the concept of internal control is quite broad as it is supposed to involve the performance not only of the state, but also of the private sector. Although the conception of internal control is defined in different ways emphasizing its different aspects, the essential term still remains the same in all authors’ defini tions: internal control is the inspection, observation, maintenance and regulation of the enterprise’s work (see Fig. 3.).It should be also be mentioned that the system of internal control may be defined in different ways every time. For example, R. T. Yeh and S. H. Yeh (2007) pay attention to the fact that usually such values as honesty, trust, respect, openness, skills, courage, economy, initiative, etc. are not pointed out, although they definitely can influence not only the understanding of the concept of internal control, but also its definition, because in different periods of time and in different situations it can obtain slightly different shades of meaning. Control and people, and values produced by people or their performance are tightly connected; consequently, internal control must be also oriented to the enterprise’s values, mission and vision; it does not matter how differently authors define the conception assessment limits: significant attention must be paid not to internal control itself, but to the identification of its functions and evaluation. Mostly internal control is concerned with authority management tools that help to control processes and achieve enterprise goals (COSO, 1992; Сонин, 2000; INTOSAI, 2004; CobiT, 2007; Toliatienė, 2002; Coco, 1995).C.J. Buck, J.B. Breuker (2008) declare internal control as a mistake detecting and correctingsystem; although J. Mackevičius (2001) and R. Bičiulaitis (2001a) state that internal control is defined as a summation of certain rules, norms and means, actually such definitions are identical, but internal control must be related to safety, the rational use of property and the reliability of financial accounting.Results of a comprehensive analysis of internal control enable to state that, although different authors give different definitions of internal control, there are still some general purposes of the system of internal control, aimed, to ensure reliable and comprehensive information, to protect the property and documents, to enssure an effective economic performance, observation of accounting principles and presentation of reliable financial records, obeying laws and executive acts, enterprise rules and the effective control of risk. Analysis of concept of internal control, presented in both foreign and Lithuanian literature enables to formulate its generalized definition: the system of internal control is part of enterprise management system, which ensures the implementation of its goals, effective economic and commercial performance, observance of accounting principles and an effective control of risks, which enables to minimize the number of intentional and unintentional mistakes and to avoid frauds in the process of enterprise performance, made by its authority or employees.The internal control system in a company must cover and help to properly organize and control the entire activity of the company; thus, according to majority of authors, internal control is all-inclusive activity in financial and management accounting, as well as in the strategic management of projects, operations, personneland the total quality management. However, the most important thing is that internal control should not only cover the entire activity of the company, but also take into account its objectives, goals and tasks in order to make its economic-commercial activity as effective as possible. Analysis of scientific literature in the field shows that it is important not only to predict the particular areas of internal control and interrelate them, but also to stress that the most important objective of internal control is the effective management of risk by identifying and eliminating errors and frauds inside the company. Therefore, the concept of internal control offered by the authors covers a company’s areas of activities, its tasks and objectives; also, it provides for the main goal – an effective risk management.Despite the quantitative indicators used for goal assessment, each enterprise and especially extractive industry enterprises where attention should be focused on avoiding mistakes and fraud should elaborate and introduce a really effective and optimal system of internal control and accounting so as to strengthen its position in the market and optimize profitability.ConclusionsThe analysis of control definitions has shown that rather wide variations of definitions and their interpretations prove control to be a wide concept, mainly due to the fact that control has quite many different aspects and its meaning in different situations may be also defined differently.Nevertheless, there are still some general aspects of the system of internal control, which include ensuring reliable and comprehensive information, protecting theproperty and documents, to ensure an effective economic performance, keeping to the principles of accounting and presenting reliable financial records, obeying laws and executive acts, enterprise rules and ensuring an effective control of risk.As a result of the study, the authors present an inclusive and generalizing definition of internal control: the system of internal control is part of the enterprise management system that ensures the implementation of the enterprise’s goals, its effective economic-commercial performance, observance of accounting principles and an effective control of work risks, which enables to minimize the number of intentional and unintentional mistakes, and to avoid frauds in the process of enterprise performance, made by its authority or employees.译文内部控制制度：理论研究拉基斯，卢卡斯维尔纽斯大学，立陶宛引言企业控制的基本工具之一，建立一个有效的内部控制制度，为现代经济条件下企业获得竞争优势提供了条件。