广东工业大学
华立学院
本科毕业设计(论文)
外文参考文献译文及原文
系 部 会计学部
专 业 会计
年 级 2008级
班级名称 08会计5班
学 号 14010805054
学生姓名 钟涛
指导教师 肖鲜艳
2012 年 5 月 14日
目 录
1 外文文献译文 1
2 外文文献原文 HYPERLINK \l "_Toc294128839" 5
对内部审计的分析
内部审计是一项独立的,客观的保证和咨询活动,旨在增加价值和改善组织的运营。它帮助组织实现其目标的一种系统,有纪律的方法来评价和改进风险管理,控制,和治理过程。内部审计是一种催化剂,提高组织的有效性和效率,提供的见解和建议的基础上分析和评估的数据和业务流程。与完整的承诺和问责制,内部审计提供价值的理事机构和高级管理作为一个客观的独立意见。专业人士称为“内部审计人员受雇于组织执行内部审计活动。
内部审计的范围内组织是广泛的,可能涉及的话题等功效,财务报告的可靠性,防止和调查欺诈,保护资产,并遵守法律和规章。
内部审计往往涉及测量遵守公司的政策和程序。然而,内部审计员不负责执行公司的活动;他们建议管理层和董事会董事(或类似的监督机构)有关如何更好地执行他们的职责。由于其广泛的参与范围,内部审计人员可以有各种各样的高等教育和专业背景。
上市公司通常有一个内部审计部门,由首席审计官(“两院”)通常报告给审计委员会的董事局报告,行政总裁。
职业是不受管制的,虽然有一些国际标准制定机构(国际投资协定,iaasb,美国…参段标准设置下)。
1、其他定义
上述定义在本质上是国际投资协定的定义。类似的定义已由政府采取的审计和会计职业。这是610和国家审计准则的标准(“issai”)1003确定内部审计职能为“评估活动建立或作为一个提供服务的实体。其功能包括,除其他外,审查,评估和监测的适当和有效的内部控制。”
2、内部审计史
内部审计行业的稳步发展与管理科学的进步是二战后。这是概念在许多方面类似的财务审计的会计师事务所,质量保证和银行的合规性活动。许多理论的基本内部审计是从管理咨询和会计专业。与美国实现了萨班斯法案2002,专业的加速增长,许多内部审计人员具备所需的技能,帮助企业满足法律的要求。
3、在风险管理的角色
内部审计的专业标准要求的功能监测和评价的有效性机构的风险管理过程。风险管理涉及组织如何设定目标,然后确定,分析,并响应这些风险可能影响其能力实现其目标。
论下的企业风险管理(风险管理)的框架下,风险战略,业务,财务报告,法律/管理类。管理执行风险评估活动的一部分,正常经营过程中,在每一个类别。例子包括:战略规划,市场营销策划,投资规划,预算,套期保值,刺激性支出结构,和信贷和贷款的做法。萨班斯-奥克斯利法案规定还需要广泛的风险评估财务报告过程。公司法律顾问经常准备全面评估现有的和潜在的诉讼,公司面临的。内部审计人员可以评估每项活动,或侧重于过程所使用的管理报告和监测风险识别。例如,内部审计人员可以建议有关报告前瞻的经营措施,董事会,以帮助确定新出现的风险。
在大型组织的重大战略举措,是实现目标和驱动器的变化。作为一名高层管理人员,首席审计官(工程)可能参与状态更新这些重大举措。这地方在位置报告的许多重大风险组织面临的审计委员会,或保证管理报告,目的是有效的。
内部审计人员可以帮助企业建立和保持企业风险管理过程。内部审计人员也发挥了重要作用,帮助企业实行红袜404自上而下的风险评估。后者在这些地区,内部审计人员一般是一部分风险评估小组中发挥咨询作用。
4、在公司治理中的作用
内部审计活动,它涉及公司治理一般是非正式的,主要是通过参与会议和讨论的董事会成员。公司治理是一个组合的过程和组织结构由董事局的通知,直接,管理,监测和组织资源,战略和政策对实现组织的目标。内部审计师通常被认为是一个“四大支柱”的企业管理,其他支柱在董事会,管理,和外部审计师。
一个主要重点领域的内部审计与公司治理是帮助董事会审计委员会(或同等学历)有效地履行其职责。这可能包括报告重要的内部控制问题,通知委员会私下对能力的关键管理人员,提出问题或主题为审计委员会的会议议程,并仔细协调与外部审计师和管理确保委员会收到的有效信息。
5、性质的内部审计活动
基于风险评估的组织,内部审计,管理和监督委员会确定内部审计工作重点(重点优先次序是年度/多年审计计划;通常,审计计划的提出是由首席内部审计(有时有几个选项或选择)的批准,审核委员会或董事)。内部审计活动通常是作为一个或多个离散赋值。一个典型的内部审计任务包括下列步骤:
建立和沟通的范围和目标的审计的适当的管理。
建立一个理解的业务领域进行审查。这包括目标,测量,和关键的交易类型。这包括审查文件和采访。流程图和说明可创造必要时。
描述关键面临风险的业务活动范围内的审计。
确定控制程序,用于确保每个关键风险和交易类型是适当的控制和监测。
制定并执行风险为基础的抽样和试验方法,确定是否按预期运行控制是最重要的。
报告发现的问题和谈判行动计划与管理解决的问题。
后续报告的结果在适当的间隔。内部审计部门保持后续数据库为此。
审计任务长度变化的基础上复杂的活动被审计和内部审计资源。许多上述步骤是迭代和可能不会发生在所有序列表示。
通过分析和介绍业务改进的关键领域,帮助组织实现其目标的审计。除了评估业务流程,专家称为信息技术(它)审阅信息技术控制。
6、内部审计报告
内部审计人员一般问题的报告在每个审计,总结他们的调查结果,建议,和任何反应或行动计划管理。审计报告可能有一个执行摘要;一个机构,包括的具体问题或结果确定和相关建议或行动计划;和附录等信息,详细的图表和图表或过程的信息。每个审计发现的身体内的报告可能包含五方面内容,有时被称为“5”:
条件:有什么特别的问题?
标准:标准是什么不满足吗?该标准可能是一个公司或其他基准。
原因:为什么问题会发生?
后果:什么是风险的负面结果(或机会)因为发现?
纠正措施:要管理的发现?他们都同意做和什么时候?
建议在内部审计报告的目的是帮助组织实现其目标,这可能与运营,财务报告和法律/法规。它们可能与有效性(即,无论目标是达到或符合标准的实现)、效率(即,输出是否产生最小输入)。
审计结果和建议也涉及特定的说法的交易,如交易是否审计是有效的或授权,完全处理,准确值,在正确的时间段,并适当地披露财务业务报告,除其他因素。
7、发展计划的活动
内部审计标准要求发展计划的审计业务(作业)的基础上进行风险评估,至少每年更新。输入的高级管理层和董事会是通常包括在这个过程中。许多部门更新他们的计划的机会,今年的风险或组织的优先次序的变化。
这些努力有助于确保审计活动与组织的目标,通过回答2个关键问题:第一,什么是组织试图完成的期限即将到来?其次,如何能在内部审计部门协助组织在实现这些目标?
内部审计师经常进行一系列的采访的高级管理人员确定潜在的约会。人的变化,过程,或系统经常产生审计项目的想法。各种文件进行审查,如战略计划,财务报告,咨询研究,等等此外,结果之前的审核和解决问题的考虑。例如,自动程序,如梅亚柔顺中心可以收集的反应,产生和写规范符合性报告组织寻求或遵守规则。即使一个商业区是重要的,以前的审计工作的性质和地位问题可能导致不必要的进一步审计工作。如果组织正式的企业风险管理(风险管理)的程序,确定的风险,其中帮助限制数量的独立的风险评估进行内部审计。
初步计划的活动记录和优先。审计资源和专业知识,然后考虑,最后计划是向高级管理层和审计委员会。介绍根据不同的项目干系人的需求和可能包括以下:
简要的关键目标,风险和相应的专业审计,说明调整;
分析审计的努力以及各种尺寸(例如,按业务,使客观范畴,它,萨班斯法案,与前一年,等)以及有关的评注的变化;
简要说明关键潜在审计业务确定;
审计业务请求但没有计划执行的优先次序和资源;
我们需要努力,通常在需要专门知识或高峰期间;
协调与其他风险的功能,如法律,遵守或保险,确保覆盖的关键组织风险;
更新审计人员编制水平,经验和认证;
附录材料,如规划方法,假设(例如,天每审计师和人员编制)和简要说明计划审计和相关的优先次序。
Analysis on internal audit
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance auditing is a catalyst for improving an organization’s effectiveness and efficiency by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.
The scope of internal auditing within an organization is broad and may involve topics such as the efficacy of operations, the reliability of financial reporting, deterring and investigating fraud, safeguarding assets, and compliance with laws and regulations.
Internal auditing frequently involves measuring compliance with the entity's policies and procedures. However, internal auditors are not responsible for the execution of company activities; they advise management and the Board of Directors (or similar oversight body) regarding how to better execute their responsibilities. As a result of their broad scope of involvement, internal auditors may have a variety of higher educational and professional backgrounds.
Publicly-traded corporations typically have an internal auditing department, led by a Chief Audit Executive ("CAE") who generally reports to the Audit Committee of the Board of Directors, with administrative reporting to the Chief Executive Officer.
The profession is unregulated, though there are a number of international standard setting bodies (IIA, IAASB, ISACA... Cf. paragraph standard setting below).
1、Other definitions
The definition above (first sentence of this page) is in essence the IIA's similar definition has been developed by the accounting profession and adopted by government auditors. The ISA 610 and the INTOSAI’s standard ("ISSAI") 1003 define the internal audit function as "An appraisal activity established or provided as a service to an entity. Its functions include, among other things, examining, evaluating and monitoring the adequacy and effectiveness of internal control."
2、History of internal auditing
The Internal Auditing profession evolved steadily with the progress of management science after World War II. It is conceptually similar in many ways to financial auditing by public accounting firms, quality assurance and banking compliance activities. Much of the theory underlying internal auditing is derived from management consulting and public accounting professions. With the implementation in the United States of the Sarbanes-Oxley Act of 2002, the profession's growth accelerated, as many internal auditors possess the skills required to help companies meet the requirements of the law.
3、Role in risk management
Internal auditing professional standards require the function to monitor and evaluate the effectiveness of the organization's Risk management processes. Risk management relates to how an organization sets objectives, then identifies, analyzes, and responds to those risks that could potentially impact its ability to realize its objectives.
Under the COSO enterprise risk management (ERM) Framework, risks fall under strategic, operational, financial reporting, and legal/regulatory categories. Management performs risk assessment activities as part of the ordinary course of business in each of these categories. Examples include: strategic planning, marketing planning, capital planning, budgeting, hedging, incentive payout structure, and credit/lending practices. Sarbanes-Oxley regulations also require extensive risk assessment of financial reporting processes. Corporate legal counsel often prepares comprehensive assessments of the current and potential litigation a company faces. Internal auditors may evaluate each of these activities, or focus on the processes used by management to report and monitor the risks identified. For example, internal auditors can advise management regarding the reporting of forward-looking operating measures to the Board, to help identify emerging risks.
In larger organizations, major strategic initiatives are implemented to achieve objectives and drive changes. As a member of senior management, the Chief Audit Executive (CAE) may participate in status updates on these major initiatives. This places the CAE in the position to report on many of the major risks the organization faces to the Audit Committee, or ensure management's reporting is effective for that purpose.
Internal auditors may help companies establish and maintain Enterprise Risk Management processes. Internal auditors also play an important role in helping companies execute a SOX 404 top-down risk assessment. In these latter two areas, internal auditors typically are part of the risk assessment team in an advisory role.
4、Role in corporate governance
Internal auditing activity as it relates to corporate governance is generally informal, accomplished primarily through participation in meetings and discussions with members of the Board of Directors. Corporate governance is a combination of processes and organizational structures implemented by the Board of Directors to inform, direct, manage, and monitor the organization's resources, strategies and policies towards the achievement of the organizations objectives. The internal auditor is often considered one of the "four pillars" of corporate governance, the other pillars being the Board of Directors, management, and the external auditor.
A primary focus area of internal auditing as it relates to corporate governance is helping the Audit Committee of the Board of Directors (or equivalent) perform its responsibilities effectively. This may include reporting critical internal control problems, informing the Committee privately on the capabilities of key managers, suggesting questions or topics for the Audit Committee's meeting agendas, and coordinating carefully with the external auditor and management to ensure the Committee receives effective information.
5、Nature of the internal audit activity
Based on a risk assessment of the organization, internal auditors, management and oversight Boards determine where to focus internal auditing efforts (the focus prioritization is part of the annual/multi-year audit planning; usually, the audit plan is proposed by the Chief Internal Audit (sometimes with several options or alternatives) to the approval of the Audit Committee or Board of Directors). Internal auditing activity is generally conducted as one or more discrete assignments. A typical internal audit assignment involves the following steps:
Establish and communicate the scope and objectives for the audit to appropriate management.
Develop an understanding of the business area under review. This includes objectives, measurements, and key transaction types. This involves review of documents and interviews. Flowcharts and narratives may be created if necessary.
Describe the key risks facing the business activities within the scope of the audit.
Identify control procedures used to ensure each key risk and transaction type is properly controlled and monitored.
Develop and execute a risk-based sampling and testing approach to determine whether the most important controls are operating as intended.
Report problems identified and negotiate action plans with management to address the problems.
Follow-up on reported findings at appropriate intervals. Internal audit departments maintain a follow-up database for this purpose.
Audit assignment length varies based on the complexity of the activity being audited and Internal Audit resources available. Many of the above steps are iterative and may not all occur in the sequence indicated.
By analyzing and recommending business improvements in critical areas, auditors help the organization meet its objectives. In addition to assessing business processes, specialists called Information Technology (IT) Auditors review information technology controls.
6、Internal audit reports
Internal auditors typically issue reports at the end of each audit that summarize their findings, recommendations, and any responses or action plans from management. An audit report may have an executive summary; a body that includes the specific issues or findings identified and related recommendations or action plans; and appendix information such as detailed graphs and charts or process information. Each audit finding within the body of the report may contain five elements, sometimes called the "5 C's":
Condition: What is the particular problem identified?
Criteria: What is the standard that was not met? The standard may be a company policy or other benchmark.
Cause: Why did the problem occur?
Consequence: What is the risk/negative outcome (or opportunity foregone) because of the finding?
Corrective action: What should management do about the finding? What have they agreed to do and by when?
The recommendations in an internal audit report are designed to help the organization achieve its goals, which may relate to operations, financial reporting or legal/regulatory compliance. They may relate to effectiveness (., whether goals were met or compliance with standards was achieved) or efficiency (., whether the outputs were generated with minimum inputs).
Audit findings and recommendations also relate to particular assertions about transactions, such as whether the transactions audited were valid or authorized, completely processed, accurately valued, processed in the correct time period, and properly disclosed in financial or operational reporting, among other elements.
7、Developing the plan of engagements
Internal auditing standards require the development of a plan of audit engagements (assignments) based on a risk assessment, updated at least annually. The input of senior management and the Board is typically included in this process. Many departments update their plan of engagements throughout the year as risks or organizational priorities change.
This effort helps ensure the audit activity is aligned with the organization’s objectives, by answering two key questions: First, what goals is the organization trying to accomplish in the upcoming period? Second, how can the Internal Audit Department assist the organization in achieving these goals?
Internal auditors often conduct a series of interviews of senior management to identify potential engagements. Changes in people, processes, or systems often generate audit project ideas. Various documents are reviewed, such as strategic plans, financial reports, consulting studies, etc. Further, the results of prior audits and resolution of open issues are considered. For example, automated programs such as NEMEA Compliance Center can collect responses, produce and write standardized compliance reports for an organization seeking or issuing compliance rules. Even if a business area is important, prior audit work and the nature and status of open issues may render further audit effort unnecessary. If the organization has a formal enterprise risk management (ERM) program, the risks identified therein help limit the amount of separate risk assessment performed by Internal Audit.
The preliminary plan of engagements is documented and prioritized. Audit resources and expertise are then considered and a final plan is presented to senior management and the Audit Committee. The presentations vary based on the needs of the stakeholders and may include the following:
Summary of key goals, risks and corresponding major audits, to illustrate alignment;
Analysis of audit effort along a variety of dimensions (., by business segment, COSO objective category, IT, Sarbanes-Oxley, vs. prior year, etc.) along with commentary regarding changes;
Brief description of critical potential audit engagements identified;
Audit engagements requested but not planned for execution due to prioritization and resources;
Required co-sourcing effort, typically where outside expertise is required or during peak periods;
Coordination with other risk functions, such as legal, compliance or insurance, to ensure coverage of key organizational risks;
Update on audit staffing levels, experience and certification;
Appendix materials, such as planning approach, assumptions (., days per auditor and staffing level) and brief descriptions of all planned audits and related prioritization.
PAGE
PAGE 1
