Understanding Internal Controls了解内部控制
What Are Internal Controls? 什么是内部控制?
Internal controls are the mechanisms, rules, and procedures implemented by a company to ensure the integrity of financial and accounting information, promote accountability and prevent fraud. Besides complying with laws and regulations, and preventing employees from stealing assets or committing fraud, internal controls can help improve operational efficiency by improving the accuracy and timeliness of financial reporting. 内部控制是公司为确保财务和会计信息的完整性、促进问责制和防止欺诈而实施的机制、规则和程序。内部控制除了遵守法律法规,防止员工盗窃资产或进行欺诈外,还可以通过提高财务报告的准确性和及时性来帮助提高运营效率。
How Internal Controls Work 内部控制如何运作
Internal controls have become a key business function for every U.S. company since the accounting scandals in the early 2000s. In their wake, the Sarbanes-Oxley Act of 2002 was enacted to protect investors from fraudulent accounting activities and improve the accuracy and reliability of corporate disclosures. This has had a profound effect on corporate governance, by making managers responsible for financial reporting and creating an audit trail. Managers found guilty of not properly establishing and managing internal controls face serious criminal penalties. 自本世纪初的会计丑闻以来,内部控制已成为每家美国公司的一项重要业务职能。在他们之后,2002年通过了《萨班斯-奥克斯利法案》,以保护投资者免受欺诈性会计活动的影响,并提高了企业信息披露的准确性和可靠性。这对公司治理产生了深远的影响,让管理人员负责财务报告,并创建审计跟踪。被发现没有正确建立和管理内部控制的经理将面临严重的刑事处罚。
Importance to Auditors 对审计人员的重要性
The auditor’s opinion that accompanies financial statements is based on an audit of the procedures and records used to produce them. As part of an audit, external auditors will test a company’s accounting processes and internal controls and provide an opinion as to their effectiveness. 财务报表所附的审计意见是基于对编制财务报表的程序和记录的审计。作为审计的一部分,外部审计人员将测试公司的会计程序和内部控制,并就其有效性提供意见。
Internal audits evaluate a company’s internal controls, including its corporate governance and accounting processes. They ensure compliance with laws and regulations and accurate and timely financial reporting and data collection, as well as helping to maintain operational efficiency by identifying problems and correcting lapses before they are discovered in an external audit. Internal audits play a critical role in a company’s operations and corporate governance, now that the Sarbanes-Oxley Act of 2002 has made managers legally responsible for the accuracy of its financial statements. 内部审计评估公司的内部控制,包括公司治理和会计程序。他们确保遵守法律和法规,准确及时地进行财务报告和数据收集,并通过在外部审计发现问题之前发现问题和纠正失误,帮助维持运营效率。既然2002年通过的《萨班斯-奥克斯利法》已规定,经理人要对公司财务报表的准确性负法律责任,那么内部审计在公司的运营和公司治理中扮演着关键角色。
Operational Efficiency 运营效率
No two systems of internal controls are identical, but many core philosophies regarding financial integrity and accounting practices have become standard management practice. While internal controls can be expensive, properly implemented internal controls can help streamline operations and increase operational efficiency, in addition to preventing fraud. 没有任何两种内部控制系统是相同的,但是许多关于财务完整性和会计实践的核心理念已经成为标准的管理实践。虽然内部控制的成本可能很高,但适当实施内部控制除了可以防止欺诈外,还可以帮助简化操作和提高操作效率。
Preventative vs. Detective Controls 预防和检测控制
Internal controls are typically comprised of control activities such as authorization, documentation, reconciliation, security and the separation of duties. And they are broadly divided into preventative and detective activities. 内部控制通常包括授权、文件编制、核对、安全以及职责分离等控制活动。它们大致分为预防和检测活动。
Preventive control activities aim to deter errors or fraud from happening in the first place and include thorough documentation and authorization practices. And the separation of duties ensures that no single individual is in a position to authorize, record, and be in custody of a financial transaction and the resulting asset. Authorization of invoices and verification of expenses are internal controls. In addition, preventative internal controls include limiting physical access to equipment, inventory, cash and other assets. 预防控制活动旨在从一开始就阻止错误或欺诈的发生,并包括彻底的文件编制和授权实践。职责的分离确保了没有个人能够授权、记录和保管财务交易和由此产生的资产。发票的授权和费用的确认是内部控制。此外,预防性的内部控制包括限制对设备、库存、现金和其它资产的实际访问。
Detective controls are backup procedures that are designed to catch items or events that have been missed by the first line of defense. Here, the most important activity is reconciliation, used to compare data sets, and corrective action is taken upon material differences. Other detective controls include external audits from accounting firms and internal audits of assets such as inventory. 检测控制是一种备份过程,用于捕获被第一道防线遗漏的项或事件。在这里,最重要的活动是协调,用于比较数据集,并对重大差异采取纠正措施。其它检查控制包括来自会计师事务所的外部审计和资产(如:库存)的内部审计。
Disadvantages of Internal Controls 内部控制的弊端
Regardless of the policies and procedures established by an organization, only reasonable assurance may be provided that internal controls are effective and financial information is correct. The effectiveness of internal controls is limited by human judgment. A business will often give high-level personnel the ability to override internal controls for operational efficiency reasons, and internal controls can be circumvented through collusion. 不论组织制定的政策和程序如何,只有在内部控制有效和财务信息正确的情况下,才能提供合理的保证。内部控制的有效性受到人类判断的限制。企业通常会让高层人员出于运营效率的考虑,能够推翻内部控制,而内部控制可以通过串通来规避。