内部控制
什么是内部控制?
在最广泛的意义上, internal controls are the methods and procedures used to provide reasonable assurance that the organization's objectives and goals will be met. 更具体地说, an overall system of internal control is an integrated collection of control systems used by an organization. It is all the methods and measures adopted to accomplish the five major objectives of a system of internal controls. 这些目标是为了确保:
- 信息的可靠性和完整性;
- 遵守政策、程序、计划、法律法规;
- 资产的保护;
- the economical and efficient use of resources; and
- 既定目标和目标的完成.
内部控制本质上是侦查、纠正或预防. Detective controls are designed to detect errors or irregularities that may have occurred. Corrective controls are designed to correct errors or irregularities that have been detected. 预防控制, 另一方面, 是为了防止错误和不规范的发生而设计的吗. 控制可以是自动的、手动的或混合的.
内部控制概念
内部控制由五个相互关联的部分组成, each of which is an integral part of the management process and plays a specific role in departmental internal control procedures.
控制环境- This sets the tone of the organization, influencing the control consciousness of its people. 它是内部控制所有其他组成部分的基础, 提供纪律和结构. 控制环境因素包括完整性, ethical values and competence of the organization's people; management's philosophy and operating style; the way management assigns authority and responsibility; how it organizes and develops its human resources; and the attention and direction provided by the 参观委员会.
风险评估
Risk assessment is the identification and analysis of the risks relevant to the achievement of the organization's objectives. 评估可能包括查看部门的日常工作, 活动, 和人员, 识别任何潜在问题. 这构成了确定如何管理风险的基础.
控制活动
These are the policies and procedures that help ensure management that management directives are implemented. Control 活动 occur at all levels of the organization and include things such as performance reviews, 功能或活动评审, 事务的评论, 对账, 处理控制, 物理控制和职责隔离. 更具体地说,每天看到的典型控制是:
Transaction Authorizations - to ensure that all transactions are approved by responsible personnel in accordance with their specific or general authority before the transaction is recorded. 所有采购订单上都应有授权签名, 旅游券, 关键请求表格, 等.; validation that the person signing the form is an authorized signee for the department.
文件-所有所需的备份文件都得到适当的维护.
Review For Completeness - to ensure that no valid transactions have been omitted from the accounting records.
准确性-确保所有有效的交易都是准确的, 与原始交易数据一致, 并及时记录信息. Examples: Comparison of book and bank balances and accounting for differences; comparison of time records to payroll payment records; monthly review of expenditures posted to the budget with expenditure documentation on hand.
Validity (fairly represents events) to ensure that all recorded transactions fairly represent the economic events that actually occurred, 本质上是合法的, 并已按照管理层的一般授权执行. Example: Determination that expenditures are allowable per University and State guidelines.
Physical Safeguards - to ensure that access to physical assets and information systems is controlled and properly restricted to authorized personnel. 办公室的门是锁着的, 当没有人在场的时候, to guard against theft of office furniture and equipment; periodic inventories are taken to confirm the existence of assets; to protect the integrity of the data, 密码不会被共享或泄露.
Error Handling - to ensure that errors detected at any stage of processing receive prompt corrective action and are reported to the appropriate level of management.
Segregation Of Duties - to ensure that duties are assigned to individuals in a manner that ensures that no one individual can control both the 记录 function and the procedures relative to processing a transaction. Examples: The petty cash custodian maintains funds and submits receipts for reimbursement; the review of receipts and approval of reimbursement is performed by someone other than the custodian; receipting, 记录, 资金的对账不应该完全由一个人控制.
A well designed process with appropriate internal controls should meet most if not all of these control objectives.
信息与通信
An information system should provide information that is accurate and relevant to the right people in a timely fashion so that they may carry out their responsibilities.
监控
这是随时间评估系统性能质量的过程. 持续监测是每日审查报告、监督和自我评估. 单位外部的单独评价是定期进行的.
内部控制的利弊
Systems of internal control are beneficial to organizations because they provide an organized means of achieving goals and objectives. They also provide a measure of security and assurance to management that policies are being followed and assets are not being misused.
在控制薄弱或不存在的组织中, 这可能导致许多问题, 如:
- 服务或产品质量下降;
- 未经授权的交易
- 不准确或不完整的信息
- 不合时宜的报告
- 资产没有得到保障
- 挪用资金.
谁对内部控制负责?
大学里的每个人都有内部控制的责任. Some employees may produce information used in the internal control system or take other actions needed to effect control. University leaders are ultimately responsible for the establishment and maintenance of a system of internal controls and must assume ownership for the internal control systems in their areas of responsibility. 大学政策编号. 3010规定了大学内部会计控制的责任.
Internal and external auditors are responsible for making periodic reviews of internal controls to determine if they are functioning as intended.
内部控制的局限性
任何内部控制制度都有其固有的局限性. 在执行控制程序时, 错误可能是由于误解指示造成的, 判断错误, 粗心大意, 或者其他个人因素. Control procedures which require a segregation of duties can be circumvented by collusion. 同样,控制程序也可以被管理层有意地规避. 在一段时间内, 随着环境的变化, 控制程序可能恶化或变得不充分.