外文翻譯-如何監(jiān)測內(nèi)部控制

1、<p><b>　　中文3466字</b></p><p>　　畢業(yè)設(shè)計（論文）外文文獻翻譯</p><p>　翻譯題目如何監(jiān)測內(nèi)部控制</p><p>　學(xué) 院會計系</p><p>　專 業(yè)會計學(xué)</p><p><b>　　如何監(jiān)測內(nèi)部控制</b>

2、</p><p>　　引言：內(nèi)部控制對于任何一個組織的有效運作都是至關(guān)重要的。若有一個有效的控制系統(tǒng)在合適的地方運用,你的風(fēng)險可降至最小化。但是你應(yīng)該如何監(jiān)測控制,以確保其質(zhì)量和效用呢?</p><p>　　內(nèi)部控制是任何組織有效運行的關(guān)鍵,。董事會、執(zhí)行長和內(nèi)部審計人員都為實現(xiàn)這個企業(yè)的目標(biāo)而工作;該內(nèi)部控制系統(tǒng)是使這些團體確保那些目標(biāo)的達成的一種手段?？刂茙椭粋€企業(yè)有效率地運轉(zhuǎn)。此外

3、,運用一種有效的風(fēng)險系統(tǒng),風(fēng)險可被降低到最小。同時,控制促進經(jīng)營和與經(jīng)營有關(guān)的信息的可靠性。</p><p><b>　　發(fā)表的有關(guān)文件</b></p><p>　　全美反舞弊性財務(wù)報告委員會發(fā)起組織(COSO;1992) 在它發(fā)布的具有開創(chuàng)性的文件《內(nèi)部控制整合框架》中,將內(nèi)部控制定義為: 企業(yè)風(fēng)險管理是一個過程，受企業(yè)董事會、管理層和其他員工的影響，包括內(nèi)部控制及

4、其在戰(zhàn)略和整個公司的應(yīng)用，旨在為實現(xiàn)經(jīng)營的效率和效果、財務(wù)報告的可靠性以及法規(guī)的遵循提供合理保證。</p><p>　　該委員會還指出,一個的內(nèi)部控制的系統(tǒng)包括五個要素。</p><p><b>　　它們是：</b></p><p><b>　　?控制環(huán)境</b></p><p><b>

5、　　?風(fēng)險評估</b></p><p><b>　　?信息和溝通</b></p><p><b>　　?控制活動</b></p><p><b>　　?監(jiān)控</b></p><p>　　COSO的定義及五個要素已被證明確實對不同的團體,如董事會和首席執(zhí)行官起到作用。

6、這些群體對內(nèi)部控制系統(tǒng)的監(jiān)管以及系統(tǒng)設(shè)計與運行有責(zé)任。而且,內(nèi)部審計人員已經(jīng)發(fā)現(xiàn)COSO的指導(dǎo)是有用的。這群人員可能會被董事會或管理層要求去測試控制。</p><p>　　COSO最近發(fā)布的一份討論文件，指出五個要素監(jiān)控,其中的五個要素的確定在1992framework COSO原本。中國發(fā)展簡報的題為《內(nèi)部控制-整合框架：內(nèi)部控制體系監(jiān)督指南》 (COSO，2007)。在文件中,COSO強調(diào)監(jiān)控的重要性，以及這

7、些信息常常被沒有充分利用。</p><p>　　因為董事會、執(zhí)行長,和內(nèi)部審計人員都在一個公司的內(nèi)部控制中扮演著重要角色，內(nèi)部控制的各要素,包括監(jiān)測,都對所有的團體有著非常重要的意義。同時,外審計人員對監(jiān)測有興趣。《薩班斯-奧克斯利法案》（2002）為外部審計師創(chuàng)建了一個新的監(jiān)督體制。所有的五個要素,包括監(jiān)測,必須加以考慮。另外,內(nèi)部控制審計必須結(jié)合對財務(wù)報告的檢查。</p><p>　　

8、在一體化審計之前，在首席執(zhí)行官的領(lǐng)導(dǎo)下，也許也在內(nèi)部審計活動的支持下的管理，評估了內(nèi)控制體系的有效性。隨后外部審計人員對控制出具意見。起監(jiān)督角色的董事會，將閱讀內(nèi)部審計、管理層和首席執(zhí)行官出具的報告。文件關(guān)于監(jiān)測對每一個團體的指導(dǎo)起了幫助,因為他們分別為各自的角色而勞動。</p><p><b>　　什么是監(jiān)測？</b></p><p>　　監(jiān)測的組成可評估內(nèi)部控制系

9、統(tǒng)在過去一段時間發(fā)揮效用的質(zhì)量。其對控制功能的評估有助于企業(yè)確定其控制在有效地運作中。</p><p>　　監(jiān)測是內(nèi)部控制的一部分</p><p>　　在執(zhí)行監(jiān)測活動時，相關(guān)人員參與審查系統(tǒng)的設(shè)計及其運行效果。這種檢查必須進行及時,目的是為了提供給企業(yè)最大的利益。管理層負責(zé)做出適當(dāng)?shù)男袆右曰貞?yīng)這些結(jié)果。當(dāng)事人對內(nèi)部控制有興趣,可以充分依賴這個內(nèi)部控制系統(tǒng),如果合適的監(jiān)測活動被有效管理且管理

10、層根據(jù)結(jié)果采取行動。當(dāng)一個高度的依賴可以連接到內(nèi)部控制的監(jiān)控方面，和系統(tǒng)的其它方面的測試,特別是控制活動,可以適當(dāng)被降低。</p><p><b>　　即時控制</b></p><p>　　一些監(jiān)測活動將開始執(zhí)行并且持續(xù)。也就是說,他們被造進系統(tǒng)，沿著正常經(jīng)營活動執(zhí)行。典型地,連續(xù)的監(jiān)測活動都是自動化的。這個系統(tǒng)隨之產(chǎn)生被管理層審查的異常報告,然后適當(dāng)?shù)男袆涌梢员徊扇?/p>

11、。</p><p><b>　　不連續(xù)控制</b></p><p>　　除了用即時連續(xù)的監(jiān)測技術(shù)外,企業(yè)也可以選擇分開的監(jiān)測活動。這些需要管理層或內(nèi)部審計人員的截然不同的監(jiān)控。不連續(xù)控制可能會成為收集的即時連續(xù)活動的信息的結(jié)果,或是從正在進行的,或?qū)μ囟L(fēng)險的回應(yīng)。</p><p><b>　　設(shè)計監(jiān)測</b></p

12、><p>　　作為管理者設(shè)計內(nèi)部控制系統(tǒng),他們會識別企業(yè)要達成經(jīng)營目標(biāo)的風(fēng)險。這些風(fēng)險應(yīng)被優(yōu)先處理，且通過資源配置以分散風(fēng)險。正如管理部門設(shè)計內(nèi)部控制系統(tǒng),會考慮誰將參與這些監(jiān)測活動，何時且多久執(zhí)行活動，和對這些元素的監(jiān)測。監(jiān)測環(huán)節(jié)設(shè)計的每一個方面會在下文討論，詳見附表1。</p><p>　　附表1：設(shè)計內(nèi)部控制的監(jiān)測環(huán)節(jié)</p><p>　　?識別風(fēng)險并優(yōu)先考慮&l

13、t;/p><p>　　?確定誰將會參與監(jiān)測活動</p><p>　　?考慮監(jiān)測活動的時間</p><p>　　?決定監(jiān)測活動執(zhí)行的頻率</p><p><b>　　風(fēng)險,優(yōu)先權(quán),資源</b></p><p>　　為了適當(dāng)?shù)卦O(shè)計內(nèi)部控制系統(tǒng)，管理部門首先會評估企業(yè)正面臨的不能達到經(jīng)營目標(biāo)的風(fēng)險。隨后，一

14、個內(nèi)部控制系統(tǒng),包括監(jiān)測環(huán)節(jié),會根據(jù)這些風(fēng)險來設(shè)計。為了最有效地利用監(jiān)測活動,它們應(yīng)該被優(yōu)先。也就是說,攜帶較大風(fēng)險的交易和事項比較危險，應(yīng)該增加監(jiān)測活動。這些活動可能會執(zhí)行得更加頻繁。另一種可能是每次檢查之間有較大范圍的覆蓋。舉個例子,如果一個制造商的銷售回報有所增加,但產(chǎn)品質(zhì)量差,公司可能會選擇檢查更多的即將裝運的產(chǎn)品，或者將檢查的時間定在每日，而不是每周。</p><p>　　用于監(jiān)測活動的資源必須充分。通

15、過指定合適的資金等級，管理部門就監(jiān)測活動如何重要發(fā)出了一個有力的信息。</p><p>　　除了監(jiān)測外，另一個內(nèi)部控制系統(tǒng)設(shè)計的重要方面涉及到控制環(huán)境?？刂骗h(huán)境是指組織的最高層。當(dāng)董事會和首席執(zhí)行官強調(diào)系統(tǒng)的監(jiān)測環(huán)節(jié)的重要性，他們會發(fā)出強有力的訊息。</p><p>　　一種在最高層實施的方法是建立一個有利于增強控制的組織結(jié)構(gòu)。接著，才可雇傭合格的、專業(yè)的人員來實施和運作這個系統(tǒng)。<

16、/p><p>　　作為內(nèi)部控制的監(jiān)控環(huán)節(jié)，應(yīng)該建立與那些有權(quán)采取行動的人員的正式的溝通渠道。監(jiān)測活動的結(jié)果應(yīng)很快在權(quán)威且有權(quán)力做出反應(yīng)的個體中傳開。及時糾正的措施幫助組織實現(xiàn)其目標(biāo)有效地、有效率地進行。</p><p><b>　　誰負責(zé)實施監(jiān)測？</b></p><p>　　為使監(jiān)測有效，必須有合適的人員實施這項活動。個人可將參與監(jiān)測作為工作的一

17、個方面。而另一些人,如核查人員,質(zhì)量控制人員,以及內(nèi)部審計人員，監(jiān)測則是他們工作的重點。</p><p>　　管理部門必須設(shè)計內(nèi)部控制系統(tǒng)，來監(jiān)測發(fā)生并且適時的由熟練的員工指揮。只有這樣監(jiān)測結(jié)果才能進行處理。企業(yè)人員必須清楚明白何種信息可以對收到結(jié)果的個體起作用,以及何種信息應(yīng)轉(zhuǎn)到下一水平。同時, 在系統(tǒng)監(jiān)測方面的個人的工作應(yīng)該能夠被總結(jié)和過濾信息,以便它對那些利用它來完善組織機構(gòu)的人有用。</p>

18、<p>　　管理是對內(nèi)部控制系統(tǒng)最終負責(zé)的,包括監(jiān)測，而管理層的人員沒有被授權(quán)執(zhí)行監(jiān)測活動。內(nèi)部審計人員可以被要求介入。另一種選擇是把此功能外包出去。這兩種選擇都可能是有效的。同時,利用專業(yè)的內(nèi)部審計人員或第三方提供商，管理層的人員就可騰出時間進行其他活動。</p><p>　　何時監(jiān)測？監(jiān)測的頻率？</p><p>　　當(dāng)考慮監(jiān)測活動的時間,管理層必須考慮多種因素。例如,這個

19、行業(yè),特定的企業(yè),和有資格的人員執(zhí)行監(jiān)測職責(zé)都對決定內(nèi)部控制監(jiān)測的時間和頻率有重要作用。</p><p><b>　　監(jiān)測元素</b></p><p>　　管理層負責(zé)整個的內(nèi)部控制系統(tǒng)的設(shè)計與操作,包括監(jiān)測環(huán)節(jié)。另一個環(huán)節(jié), 環(huán)境控制,與監(jiān)測是相關(guān)聯(lián)的。</p><p>　　控制環(huán)境包括最高層的組織。董事會負責(zé)為企業(yè)營造氛圍。董事會若堅持有效控

20、制對企業(yè)的運行是必不可少的，則這種態(tài)度將滲透在整個企業(yè)。此外,如果董事會成員強調(diào)監(jiān)測元素的重要性,并要求查看監(jiān)測活動的結(jié)果,管理層則可明確監(jiān)測元素對該企業(yè)的總體目標(biāo)是如何重要。</p><p>　　舉一個監(jiān)督監(jiān)測結(jié)果的例子，董事會的成員可能會要求監(jiān)測活動每月有一個總結(jié)報告。各種各樣的管理者就可被問及針對結(jié)果所采取的措施。然后,他們將很快了解監(jiān)測元素對企業(yè)的治理有多么重要。</p><p>

21、　　對監(jiān)測結(jié)果的報告和采取的措施</p><p>　　監(jiān)測元素有效,內(nèi)部控制中存在的弱點則必須傳達給組織內(nèi)適當(dāng)?shù)娜藛T。每一個弱點跡象的指出應(yīng)附帶著對它的描述。除了報告弱點和其內(nèi)部重要性, 關(guān)于內(nèi)部控制的外部溝通由法律或規(guī)章規(guī)定。</p><p>　　無論接受者對于企業(yè)是內(nèi)部或外部的,及時的溝通是非常重要的。裝備了及時的信息，個體負責(zé)仔細操作，就可以選擇合適的行動方案。隨之,企業(yè)的外部決策者

22、就可以做出正確的選擇。</p><p>　　報告的步驟及對監(jiān)測結(jié)果采取的措施都顯示在附表2中。</p><p>　　附表2：步驟和措施：監(jiān)測結(jié)果</p><p>　　?發(fā)展的可能性及重要性排名</p><p>　　?內(nèi)部的內(nèi)部控制報告</p><p>　　?外部的內(nèi)部控制報告</p><p>　

23、　排名—可能性及重要性</p><p>　　為幫助那些負責(zé)考查監(jiān)測活動結(jié)果的人,可以使用控制缺陷的排名系統(tǒng)。這樣的一個系統(tǒng)可以顯示出最需要被優(yōu)先處理的不足或缺陷?？梢远亢饬?，也可以定性衡量。</p><p>　　不論使用定性還是定量的方法，該事件發(fā)生的可能性及其重要性都應(yīng)納入這項措施?？赡苄源砹丝刂撇荒芊乐够驒z測到一個特定風(fēng)險的發(fā)生的可能。意義是對組織假定風(fēng)險發(fā)生的潛在的影響。<

24、/p><p>　　對特定風(fēng)險的可能性和重要性的排名的專業(yè)判斷是主觀的。盡管如此,這些數(shù)值提供了一種有價值的工具來總結(jié)關(guān)于信息等有關(guān)風(fēng)險的可能性和重要性的資料,。那些負責(zé)處理風(fēng)險的人可以運用這些數(shù)值評估更清晰地了解需優(yōu)先處理的問題，快速及時地分配現(xiàn)有資源。</p><p>　　The Journal of Corporate Accounting & Finance / May/June

25、 2008</p><p>　　How to Monitor Internal Controls</p><p>　　Jan Colbert</p><p>　　Introduction ：</p><p>　　Internal controls are critical for any organization to function ef

26、fectively. And with an effective system of controls in place, you minimize risk. But how should you monitor controls to ensure their quality and performance?</p><p>　　Internal control is critical to the effe

27、ctive functioning of any organization. Boards of directors, CEOs, and internal auditors all work to attain the entity’s objectives; the system of internal control is the means by which these parties help to ensure that t

28、hose objectives are met. Controls help an entity to operate efficiently. In addition, with an effective system of controls in place, risk is minimized. Also, controls serve to promote the reliability of both operations a

29、nd information that </p><p>　　DISCUSSION DOCUMENT ISSUED </p><p>　　In its seminal document “Internal Control—Integrated Framework,” the Committee of Sponsoring Organizations of the Treadway Comm

30、ission (COSO; 1992) defines internal control as: A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in

31、 the following categories: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regula</p><p>　　The Committee went on to explain that a syst

32、em of internal control includes five components. They are:</p><p>　　? control environment,</p><p>　　? risk assessment,</p><p>　　? information and communication,</p><p>

33、　　? control activities, and</p><p>　　? monitoring. </p><p>　　COSO’s definition and the five components have proven useful to a variety of groups, including boards of directors and CEOs. Respecti

34、vely, these groups have responsibilities for oversight of a system of internal control and for the design and operation of the system. Further, internal auditors have found COSO’s guidance useful. This group may be asked

35、 by the board or management to test controls. </p><p>　　COSO recently published a Discussion Document that addresses monitoring, one of the five components originally identified in COSO’s 1992framework. The

36、publication is entitled “Internal Control— Integrated Framework: Guidance on Monitoring Internal Control Systems” (COSO, 2007). In the document, COSO stresses the significance of monitoring, a control component entities

37、often underutilize. </p><p>　　Because boards of directors, CEOs, and internal auditors all play valuable roles with respect to an entity’s internal control, each component of internal control, including moni

38、toring, is significant to all of these groups. Also, external auditors have an interest in monitoring. The independent audit firm is mandated by the Sarbanes-Oxley Act of 2002 to examine the client’s system of internal c

39、ontrol. All five components, including monitoring, must be considered. Further, the internal control au</p><p>　　Prior to the integrated audit, management, led by the CEO and perhaps with the support of the

40、internal audit activity, assesses the effectiveness of the system of internal control. The external auditor then opines on the controls. The board of directors, in its oversight role, will peruse the reports produced by

41、internal audit and by management and the CEO. The guidance in the Discussion Document regarding monitoring serves as an aid to each of these groups as they labor in their respective role</p><p>　　WHAT IS MON

42、ITORING? </p><p>　　Monitoring constitutes assessing the quality of the performance of the system of internal control over time. Such assessments of the functioning of controls help the entity to ascertain th

43、at controls are operating effectively. </p><p>　　Monitoring as Part of Internal Control </p><p>　　In performing monitoring activities, appropriate personnel take part in examining both the desig

44、n of the system and its operation. Such examinations must be performed in a timely manner in order to provide the maximum benefit to the entity. Management is then responsible for taking appropriate action in response to

45、 findings. Parties with an interest in internal control can place significant reliance on the system of internal control if both appropriate monitoring activities are conducted and man</p><p>　　Ongoing, Cont

46、inuous Monitoring </p><p>　　Some monitoring activities will be ongoing and continuous. That is, they are built into the system and are executed along with the normal activities of operations. Typically, cont

47、inuous monitoring activities are automated. The system then produces exception reports that are reviewed by management, and appropriate actions can be taken. </p><p>　　Separate Monitoring</p><p>

48、;　　Besides employing ongoing, continuous monitoring techniques, the entity might also choose to utilize separate monitoring activities. These entail distinct monitoring by management or perhaps by the internal auditors.

49、Separate monitoring may take place as a result of the information gathered from ongoing, continuous activities or in response to specified risks. </p><p>　　DESIGNING MONITORING</p><p>　　As manag

50、ers design the system of internal control, they will identify risks to the entity of achieving its objectives. These risks should be prioritized and resources allocated to address the risks. As management designs its sys

51、tem of internal control, consideration will be given to who will be participating in the monitoring activities, when and how often they will be performed, and to the elements of monitoring. Each of these aspects of the d

52、esign of the monitoring component is discussed below</p><p><b>　　Exhibit 1</b></p><p>　　Designing the Monitoring Component of Internal Control</p><p>　　? Identify risks

53、and prioritize.</p><p>　　? Determine who will perform the monitoring activities.</p><p>　　? Consider the timing of monitoring activities.</p><p>　　? Decide how often monitoring acti

54、vities will occur.</p><p>　　Risks, Priorities, Resources</p><p>　　To appropriately design the system of internal control, management begins by assessing the risks the organization faces of not a

55、chieving its objectives. A system of internal control, including the monitoring component, can then be designed to address those risks. To most effectively utilize monitoring activities, they should be prioritized. That

56、is, for transactions and events that carry more risk and, thus, are more critical, monitoring activities should be increased. Such activities may be per</p><p>　　greater coverage during each examination. For

57、 example, if sales returns for a manufacturer have increased due to poor quality, the company might elect to inspect more product before shipment, or inspections could take place daily rather than on a weekly cycle.</

58、p><p>　　Sufficient resources must be devoted to monitoring activities. By designating appropriate levels of funds, management sends a strong message as to how significant monitoring activities are.</p>&

59、lt;p>　　Besides monitoring, another significant aspect of the design of the system of internal control relates to the control environment. The control environment refers to the tone at the top of the organization. When

60、 the board and the CEO stress the critical nature of the monitoring component of the system, these parties send a strong message. </p><p>　　One way of operationalizing the tone at the top is to establish an

61、organizational structure conducive to the enhancement of controls. Qualified, dedicated personnel should then be hired to implement and operate the system. </p><p>　　As part of the monitoring component of in

62、ternal control, formal channels of communication with those empowered to take action should be established. The results of the monitoring activities should quickly be channeled to individuals who have the authority and t

63、he capability to react. Timely corrective actions help the organization achieve its objectives in an effective and efficient manner. </p><p>　　Who Performs Monitoring? </p><p>　　For monitoring t

64、o be effective, appropriate personnel must perform the activities. Individuals may engage in monitoring as one aspect of their work. For others, such as inspectors, quality control personnel, and internal auditors, monit

65、oring is the focus of their positions. </p><p>　　Management must design the system of internal control such that monitoring occurs and is conducted in a timely manner by knowledgeable employees. Only then ca

66、n the results of monitoring be addressed. Entity personnel must clearly understand what information can be acted upon at the level of the individual receiving the results and what should be forwarded to the next level. A

67、lso, individuals working in the monitoring aspect of the system should be able to summarize and filter information so that</p><p>　　While management is ultimately responsible for the system of internal contr

68、ol, including monitoring, members of management are not mandated themselves to perform the monitoring activities. Internal auditors may be asked to step in. Another option is to outsource the function. Either of these ch

69、oices may be cost effective. Also, by utilizing the expertise of internal auditors or third-party providers, members of management are freed up for other activities.</p><p>　　When and How Often?</p>&

70、lt;p>　　When considering the timing of monitoring activities, management must consider multiple factors. For example, the industry, the specific entity, and the qualifications of monitoring personnel performing monitor

71、ing duties all play a role in the timing and frequency of this component of internal control.</p><p>　　Elements of Monitoring </p><p>　　Management is responsible for both the design and operatio

72、n of the entire system of internal control, including the monitoring component. Another component, the control environment, interrelates with monitoring.</p><p>　　The control environment encompasses the tone

73、 at the top of the organization. The board of directors is responsible for an appropriate tone for the organization. An overall attitude by the board that effective controls are essential to the running of the organizati

74、on will permeate throughout the entire entity. Further, if Board members stress the importance of the monitoring component and ask to see the results of monitoring activities, management will grasp how critical the compo

75、nent is to the o</p><p>　　As an example of overseeing the results of monitoring, members of the board might request monthly summaries of monitoring activities. Various managers can then be queried about resu

76、lting actions taken. They will then quickly recognize how important the monitoring component is to the governance of the entity.</p><p>　　REPORTING AND ACTION ONTHE RESULTS OF MONITORING</p><p>

77、　　For the monitoring component to be effective, weaknesses in internal control must be communicated to appropriate personnel within the organization. An indication of the significance of each weakness should accompany it

78、s description. Besides reporting weaknesses and their importance internally, external communications regarding internal control may be mandated by law or regulation.</p><p>　　Regardless of whether the recipi

79、ent is internal or external to the entity, prompt communication is critical. Armed with timely information, individuals responsible for the operations scrutinized can then select appropriate courses of action. Further, d

80、ecision makers located outside the organization can make appropriate choices.</p><p>　　The steps in the reporting of and actions to be taken on the results of monitoring are shown in Exhibit 2.</p>&l

81、t;p><b>　　Exhibit 2</b></p><p>　　Steps and Actions: Results of Monitoring</p><p>　　? Develop likelihood and significance ranking.</p><p>　　? Report on internal control

82、 internally.</p><p>　　? Report on internal control externally.</p><p>　　Ranking—Likelihood and Significance</p><p>　　To aid those with responsibilities for considering the results o

83、f monitoring activities, a ranking system for control deficiencies might be employed. Such a system aids in prioritizing issues. A numeric scale could be used; a qualitative scale is also appropriate.</p><p>

84、;　　Regardless of whether a qualitative or numeric scale is employed, both the likelihood of the event occurring and its significance should be incorporated into the measure. The likelihood represents the probability that

85、 a control will not prevent or detect a specific risk from occurring. Significance is the potential impact to the organization assuming the risky event occurs.</p><p>　　The professional judgments incorporate

86、d into both the likelihood and the significance rankings of any particular risk are admittedly subjective. Still, scales provide a valuable tool to summarize information concerning the likelihood and significance of a ri

87、sk. Those whose responsibility it is to address risks can more readily prioritize issues to be handled and deploy resources quickly and appropriately by utilizing the estimates in the scales.</p><p>　　Report

88、ing Internally</p><p>　　As noted, management is ultimately responsible for the monitoring component of the system of internal control. However, members of management are not required to actually perform the

89、monitoring activities themselves. Managers may ask internal auditors to engage in monitoring activities or perhaps a third-party provider might be engaged to handle monitoring. A combination of managers, internal auditor

90、s, or third parties might also be utilized.</p><p>　　Internal summaries regarding the system of control will be presented to the board of directors by management. If the internal auditors have participated i

91、n monitoring, that group will also report to the governing body. Communications to the Board should set forth the results of monitoring at a high level. More detailed reports, with findings specific to each area, should

92、be presented to the managers of the departments responsible for the specific controls addressed in the testing.</p><p>　　Reporting Externally</p><p>　　Many organizations are required to report e

93、xternally on internal control. Monitoring activities aid the entity in producing data for the mandated reports. </p><p>　　The Sarbanes-Oxley Act notes that management must report on the effective operation

94、of the system of internal control. Management’s report is included in the organization’s annual filing with the Securities and Exchange Commission (SEC).Typically, the CEO and the president sign that report for the organ

95、ization. </p><p>　　For the top officers to have the confidence needed to affix their signatures to the report on controls, assurances from the various levels and units of the organization must be forthcoming

96、. The monitoring activities in each area aid the various managers in providing assurances regarding controls. These are eventually integrated and result in the report on the entire system presented by the CEO and the pre

97、sident.</p><p>　　Besides the public report on internal controls made by management, the corporation’s external auditors issue an opinion on the effectiveness of the system. In performing the audit that serve

98、s to support the opinion, the independent audit firm examines aspects of the system, including monitoring activities. While the outside firm is solely responsible for its opinion on internal controls, the external audito

99、rs are permitted, and even encouraged, to utilize tests that other parties have performed.</p><p>　　This approach results in cost effective coverage of testing the system of internal control.</p><

100、p>　　The external report on controls may be studied by a variety of users. For example, for a public company, regulatory agencies such as the SEC and the Public Company Accounting Oversight Board (PCAOB)will receive a

101、copy, as will the stock exchange on which the organization is listed. Analysts and investors will also scrutinize the information. In the case of litigation, a report on the effective system of internal control, includin

102、g the monitoring component, might be used by either the plaintiff o</p><p>　　MORE TO COME</p><p>　　COSO’s Discussion Document constitutes the first phase of a broader monitoring project. The Com

103、mittee has indicated that the second phase will include examples, case studies, and tools related to the monitoring component. Still, this initial guidance in the Discussion Document is useful to members of boards of dir