aclearlookatinternalcontrolstheoryandconcepts-外文文献(编辑修改稿)

aclearlookatinternalcontrolstheoryandconcepts-外文文献(编辑修改稿)内容摘要：

65. Monitoringprocesses used to assess the quality of internal control performance over time. The COSO definition relates to the aggregate control system of the organization, which is posed of many individual control procedures. Discrete control procedures or controls are defined by the SEC as: ...a specific set of policies, procedures, and activities designed to meet an objective. A control may exist within a designated function or activity in a process. A control’s impact...may be entitywide or specific to an account balance, class of transactions or application. Controls have unique characteristics – for example, they can be: automated or manual。 reconciliations。 segregation of duties。 review and approval authorizations。 safeguarding and accountability of assets。 preventing or detecting error or fraud. Controls within a process may consist of financial reporting controls and operational controls (that is, those designed to achieve operational objectives). 3. Type of internal controlMost internal controls can be classified as preventive or detective.Preventive controls are designed to discourage errors or irregularities.  A puter application which checks validity prevents the entry of an invalid account number. Reading and understanding business Human Resource policies, such as Work Hours [for PA Staff], helps prevent violations of the Federal Fair Labor Standards Act. [Human Resources Professional Staff Policy ] A manager39。 s review of purchases for propriety and validity prior to approval prevents inappropriate expenditures.Detective controls are designed to identify an error or irregularity after it has occurred.  An exception report detects and lists incorrect or invalid entries or transactions. A parison of validated Cash Receipt Vouchers to monthly financial statements will detect deposits posted to erroneous accounts. The manager39。 s review of long distance telephone charges will detect improper or personal calls that should not have been charged to the account.SSRN, USA 2020 A Clear Look at Internal Control: Theory and ConceptsTop 10 Paper, First Quarterly 2020 7Through careful design, the system of internal controls can help our unit operate more efficiently and effectively and provide a reasonable level of assurance that the processes and products for which you are responsible are adequately protected. Maintaining written procedures for manual processing will ensure that operations can continue in the event of puter failure.4. The factors of internal controls Internal control consists of five interrelated ponents as follows: Control (or Operating) environment Risk assessment Control activities Information and munication Monitoring All five internal control ponents must be present to conclude that internal control is effective. A. Control Environment The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other ponents of internal control, providing discipline and structure. According to AU section 309, Control environment factors include the following:a. Integrity and ethical valuesb. Commitment to petencec. Board of directors or audit mittee participationd. Management39。 s philosophy and operating stylee. Organizational structuref. Assignment of authority and responsibilityg. Human resource policies and practices The auditor should obtain sufficient knowledge of the control environment to understand management39。 s and the board of directors39。 attitude, awareness, and actions concerning the control environment, SSRN, USA 2020 A Clear Look at Internal Control: Theory and ConceptsTop 10 Paper, First Quarterly 2020 8considering both the substance of controls and their collective effect.The auditor should concentrate on the substance of controls rather than their form, because controls may be established but not acted upon. For example, management may establish a formal code of conduct but act in a manner that condones violations of that code. When obtaining an understanding of the control environment, the auditor considers the collective effect on the control environment of strengths and weaknesses in various control environment factors. Management39。 s strengths and weaknesses may have a pervasive effect on internal control. For example, ownermanager controls may mitigate a lack of segregation of duties in a small business, or an active and independent board of directors may influence the philosophy and operating style of senior management in larger entities. Alternatively, management’s failure to mit sufficient resources to address security risks presented by IT may adversely affect internal control by allowing improper changes to be made to puter programs or to data, or by allowing unauthorized transactions to be processed. Similarly, human resource policies and practices directed toward hiring petent financial, accounting, and IT personnel may not mitigate a strong bias by top management to overstate earnings.B. Risk Assessment An entity39。 s risk assessment for financial reporting purposes is its identification, analysis, and management of risks relevant to the preparation of financial statements that are fairly presented in conformity with generally accepted accounting principles. For example, risk assessment may address how the entity considers the possibility of unrecorded transactions or identifies and analyzes significant estimates recorded in the financial statements. Risks relevant to reliable financial reporting also relate to specific events or trans。