Internal-control-and-risk-management內(nèi)部控制與風(fēng)險(xiǎn)管理-外文翻譯

PAGE15InternalcontrolandriskmanagementInternalcontrol--,standardandlegislationIn1985,theUnitedStatesinordertocurbthegrowingbusinessofaccountingfraudactivities,formedacommitteeagainstfinancialfraudTreadwaycommittee),(accountingfraudactivitiesinvestigationledtoreasonandproposedsolutions.Theschemeemphasizedtheimportanceofinternalcontrol,requestsandSuggestionsofalllistedcompaniesshouldprovideintheannalsofinternalcontrolreports.Thereportshallincludeadmitmanagementauthoritiesoffinancialreportingandinternalcontrolisresponsible,anddiscusstheimplementationoftheseresponsibilities.InTheendThemissionTreadwayCommitteeafterThefive,ThecommissionlaunchedorganizationjointlyestablishedanewCommittee-TheCom-mitteeCOSO(SponsoringOrganizationsofTheTreadwayofordinary),namelyTheorganizingCommitteeTreadwayCommitteelaunched.ItconsistsoftheAmericanpublicinstituteofcertifiedpublicaccountants(AICPA),Americanaccountingassociation(AAA),internationalfinancialmanagementassociation(FEI),internalauditorsassociation(typeIIA),internationalaccountingassociation(NAAwould)(amanagerialaccountingassociationjointlysponsoredIMApredecessor).COSOcontinuetostudyandin1992itissuedaprogrammaticdocumentabouttheInternalControl,namely"InternalControl-theoverallframework"(InternalControl-IntegratedFramework).ThereportsareputforwardtheCOSOU.S.federalreserve,theUnitedStatessecuritiesandexchangecommission,theBaselcommitteeregulatorsorinternationalorganizationssuchastherecognitionandadopted,manyofthesedefinitions,Suggestionsandideasabsorbedintothelegislationandregulations,worldwidehashadabroadimpact.SinceTHEendof2001,THEUnitedStatesbrokewithenron,worldcom,xeroxandothercompaniesfinancialcasesoffraudasarepresentativeofaccountingscandals,hitU.S.capitalmarketsandTHEeconomy,alsoconcentratedexposureforAmericancompaniesinTHEexistingproblemofinternalcontrol,thuscausingTHEUnitedStatesadoptedTHE"sashaclassnice--,THEextensionofTHElaw(SARBANESOXLEYACT)-.ThebillmadeclearcompanymanagersCEOandCFOfinancedirectorofinternalcontrol,andwillbehelddirectlyresponsibleshallundertakeeconomicandcriminalconsequences;Greatlyimprovethepunishmentofaccountingfraud;Strengtheningtheinternalaudit,externalauditandauditsupervision.Thislegislationrepresentsalargecapitalmarketsystem,alsomaketheprogressoftheimportanceofinternalcontrolpeoplehavemoredeeply.TheinternalcontrolandriskmanagementcomparisonInternalcontrolandriskmanagementhasthecloserelation.COSOinternalcontrolisthatpartoftheriskmanagement.Therefore,thecommitteeinthewholeframeworkofinternalcontrol-thebasisof,andin2003issuedanewreport--,"enterpriseriskmanagementframework".Atpresentthereportwasonlyaroughdraft,inpublic,revisedlater,isexpectedtoformallyreleasedthisyear.Theenterpriseriskmanagementframework"inheritandcontainsthewholeframeworkofinternalcontrol-themaincontentalsoexpandedthethreeelements,addedagoal,updatedsomeideasforcountriestoprovideaunifiedenterpriseriskmanagementtermsandconceptsofcomprehensiveapplicationguidesystem.COSOinternalcontrolandriskmanagementofthedefinitionandelementswere:Internalcontrol:enterpriseinternalcontrolisbytheenterpriseboardofdirectors,managers,andotherstafftoimplement,forfinancialreportingaccuracy,businessactivityofefficiencyandeffect,therelevantlawsandregulationssuchasthefollowtoachievethegoaloftheprocessandprovidereasonableassurance.Itincludesfiveelements:controlenvironment,riskassessment,controlactivities,informationandcommunication,thesurveillance.Riskmanagement:enterpriseriskmanagementisaprocessoftheboardofdirectors,themanagementofenterprisesandotherpersonneltoimplement,appliedinstrategyformulationandenterprisealllevelsofactivity,aimstoidentifypossibleinfluenceenterprisevariouspotentialevents,andaccordingtoenterprise'sriskpreferenceforenterprisestomanagerisk,toachievethegoalofprovidingreasonableassurance.Ithaseightelements:theinternalenvironment,goalsetting,eventriskidentification,riskassessment,countermeasures,controlactivities,informationandcommunication,thesurveillance.ThetworeportsfromtheCOSOperspective,theenterpriseriskmanagementandinternalcontrolhasthefollowingsimilarordifferentplaces:First,theyaremadeby"enterpriseboard,managementandotherpersonneltoimplement",emphasizethepoint,saystheparticipationpartiesontheinternalcontrolandriskmanagementhasacorrespondingrolesandresponsibilities.Second,theyareallclearlyisa"process",notasastaticthing,suchassystemfiles,technicalmodelandsoon,alsonotbealoneorextraactivities,suchasinspection,evaluationisbestplacedinsideenterprisedailymanagementprocess,asakindofroutineoperationmechanismtoconstruction.Third,theyarefortherealizationofthegoalofenterpriseprovidereasonableassurance.Riskmanagementobjectivesarefourcategories,includingthreecategoriesandinternalcontrolcollocated,namelyreporttargets,businesstargetsandfollowthetargets.Butthereporttargetshaveexpanded,itnotonlyincludefinancialreport,alsorequiresalltheaccuracyofinternalandexternalnon-financialclassreportissuedbytheaccurateandreliable.Inaddition,riskmanagementincreasedthestrategictarget,namelyandenterprisevisionormissionrelatedhigh-levelobjectives.Thismeansthatriskmanagementisnotonlyensuremanagementefficiencyandeffect,andinterventionintheenterprisestrategy(includingbusinessobjectives)formulationprocess.Fourth,riskmanagementandinternalcontrolelementshavefiveaspects,i.e.(overlapiscontrolorinternal)environment,riskassessment,controlactivities,informationandcommunication,thesurveillance.Thesecoincidemostoftheirgoalsandrealizationmechanismcoincideofsimilardecision.Riskmanagementincreasedgoalsetting,eventidentificationandriskcountermeasuresthreefactors.Coincideelements,connotation,forexample,hasbeenextendedinternalcontrolenvironmentincludinghonestcharacterandmoralvalues,staffqualityandability,theboardofdirectorsandtheauditcommittee,managementphilosophyandmanagementstyle,theorganizationalstructure,thepowerandtheallocationofresponsibility,humanresourcepoliciesandpracticessevenaspects.Riskmanagement"internalenvironment"inadditiontoincludethesesevenaspectsoutside,stillincluderiskmanagementphilosophy,riskpreference(appetite)andrisksassociatedculturalthreenewcontent.Intheriskassessmentelements,riskmanagementrequirestheconsiderationoftheinherentriskandresidualrisk,withexpectations,worstcasevaluesorprobabilitydistributionmeasureriskandtoconsidertimepreferencesandriskassociationbetweentherole.Ininformationandcommunication,riskmanagementemphasizedthepast,presentandfutureoftherelevantdataaboutobtainingandanalysis,providesinformationofthedepthandtimeliness,etc.Fifth,riskmanagementproposesriskportfolioandtheoverallriskmanagement(integratedmanagement)-arenewidea.Theenterpriseriskmanagementframework"inthetheoryofmodernfinancialborrowingportfoliorisktheory,thispaperputsforwardtheconceptofcombinationandoverallmanagementfromenterpriselevel,demandingdispersedintheoverallgraspalllevelsanddepartmentsofenterprise,theriskexposurewithoverallconsiderationriskcountermeasures,preventdispersedconsiderandcopingbydepartment,suchaswillrisktheriskintechnology,financial,separatedbyinformationtechnology,environment,safety,quality,auditingdepartments,andconsideringtheinteractionbetweenriskevents,preventtwotendencies:oneisthedepartment'sriskinriskpreferencecanwithstandability,butwithintheoveralleffectmaybebeyondsustaininglimit,becauseindividualriskinfluenceisnotalwaysadd,maybemultiplied;Secondistheriskofindividualdepartmentsoveritslimits,butexposuretotheoverallrisklevelhaven'tbeyondsustainingrange,becausesometimeshasoffsettheeffectsoftheeventoftheeffect.Atthistime,andfurther,striveforhigherreturnriskwithroomtogrow.Accordingtoriskportfolioandtheoverallmanagementpointofview,needunificationconsiderationriskeventsasriskcountermeasuresbetweeninteractionbetween,overallriskmanagementplanformulated.3.InternalcontrolandriskmanagementinnerlinkEnterprisesystemevolutionandriskassociatedwiththedevelopment.Theestablishmentofalimitedliabilitysystemisrunningorpartnershipenterpriseorganizationfromthekeyturningintoamodernshares,itenablesshareholdersstepspossessionsandenterprisepropertyandenterpriseeconomicresponsibilityindependent,shareholdertransformationwillnolongeraffecttheenterprisecreditcapacityforequitytransactions,expandedrangeandincreasedliquidity,whichreducestheriskofinvestmentandpromotingenterprisefinancing,contributedtotodayagiantcorporation.Inordertomakeequitytradingandtheshareholderstransformbusinesscontinuity,influenceandtomakecapitalandmanagementabilityrealizemoreoptimalcombinationofownershipandmanagement,enterpriseinthemodernenterpriseofaltitude,whichalsoseparatebringsnewrisks,namelyprofessionaloperatorsmightnotperformitsaccountabilityandshareholders'expense.Inaddition,limitedliabilitymayalsolureenterpriseengagedinhighriskanddamagetheproject'screditors.Becauseinlimitedliability,thepotentialrevenuemainlybytheenterprise(shareholders)toobtain,andtheriskoffailure,themajorthatbankruptcyisbornebytheobligee.Theriskisnotmarketization,themarketcompetitionspontaneousconstraintsormarkettransactions,suchasprovidingahedgeproductqualityornaturaldisasters,butmechanism,belongstotheorganizationortradeinagencyissues,needtoregulaterulesandsystem.Thesesystemsincludecorporategovernanceintheliabilitysystem,suchasfinancialreport,aninternalcontrolandaudit,etc.Internalcontrolandriskmanagementisthefundamentalrolemaintenance,securityenterpriseassetinvestorinterest,andcreatenewvalue.Fama&Jensen(1983)analyzedundertheboardofdirectorsofownershipandseparationoftheinternalcontrolfunctions;Jensen(1993)furtheranalyzedtheAmericanboardofdirectorsininternalcontrolwithreasonsforthefailureofperformance.Theoretically,theenterpriseinternalcontrolistheenterprisesystemcomponent,isintheenterprisemanagementandownershipoftheseparationofinvestorbenefitundertheconditionoftheprotectionmechanism.Itspurposeistoensuretheaccuracyandreliabilityoftheaccountinginformationmanagement,preventmanipulationofstatementsandfraudandprotectthecompany'spropertysecurity,complywiththelawinordertomaintainthecompany'sreputationandavoidincurpecuniaryloss,etc.Thehistoricaloriginofinternalcontrol,therequirementstoearliermorebasic,easierorappropriaterisetolegislativelevel.Enterpriseriskmanagementisinthenewtechnologyandthemarketconditionsofnaturalextensionofinternalcontrol.COSOintheenterpriseriskmanagementframeworkofriskmanagementofsignificanceaboutwhenthisisthecasediscussion:"enterpriseriskmanagementstrategyandorganizationusedinthevariouslevelsactivities.Itenablesmanagersinthefaceofuncertaintycanidentify,evaluateandmanagerisk,playtheroleofcreationandmaintainvalue.Riskmanagementcanmakeriskpreferenceandstrategickeepsconsistent,willriskandgrowthandreturnoverallconsideration,promotethedecisionagainstrisksandreducetheriskandlosses,identifybusinessmanagementandenterprisecrossoverrisk,forvariousriskstoprovideoverallcountermeasures,captureopportunitiesandmakecapitalrationalization."COCOinexplainingthegeneralizedcontrolandriskdiscussesway:"'leadership'inthefaceofuncertaintyincludechoice."risk"referstoindividualsororganizationsaremakingchoicesadverseconsequencesafterthepossibilityofsuffering.Theriskisopportunitycounterparts."Obviously,thesediscussionshaverealizedthatenterpriseexistsforshareholdersorstakeholders(fornonprofitorganization,etc.),andcreatevaluevaluecreationisnotonlypassiveassetssecurity,itshouldalsoincludetheuseofopportunity.Moreover,thethreatofshareholdervaluecomesnotfromtheoperatorinternalfactorssuchasaccountingfrauds,includingfromthemarketrisk,etc.Technologyandmarketconditions,promotethenewprogressofinternalcontroltoriskmanagement.Inadvancedinformationtechnologyconditions,accountingrecordsrealizedtheelectroniccontrol,real-timeupdate,maketraditionalerror-detectionandpreventdisadvantagesaccountingcontrolseemsoutdated.However,theriskisoftencausedbytradingororganizationinnovation,theseinnovationcomesfromemergingmarketpractice,suchasenronwillenergytradinglargedevelopedintosimilarfinancialderivativestrading.Ontheotherhand,environmentalprotectionandtheenforcementofprotectionofconsumerrights,strengthenedthesocialresponsibilityoftheenterprise,ifanenterprisemayhaveinadvertently,sufferfromcommoditymarketorcapitalmarketfortheenterprise,andpunishtheperformancebrandvalue,orthecapitalmarketcapitalisationput-downs.Therefore,theenterpriseneedadailyoperationfunctionandstructuretoguardagainstrisks,includingabidebylawsandregulations,andensurethetrustofinvestorsandensurefinancialinformationmanagementefficiency,etc.Therefore,frommaintenanceandpromotethisbasicfunctionvaluecreationstandpoint,riskmanagementandinternalcontroltargetisconsistent,justinnewtechnologyandthemarketconditions,inordertoeffectivelyprotecttheinterestsofinvestorsneedinthebasisofthedevelopmentofinternalcontrolmoreactiveandmorecomprehensiveriskmanagement.4.FrominternalcontroltoriskmanagementThereisadebatethatriskmanagementincludeinternalcontrol,orinternalcontrolcontainsriskmanagement.Theauthorthinksthatwhatkindofconclusionthatisnotveryimportant,themostimportantistoclearriskmanagementandinternalcontroloftherelationbetweenthesuperpositionplace.Who'swider,maybewithtime,technology,marketconditions,legalandregulatorypracticeanddifferent,forexample,intheearlydevelopmentofinternalcontrol,marketriskmanagementtoolsandtechnologyconditionsarenotfully(suchascomputersystems,statisticstheory,quantitymodel,hedgetoolsandinsuranceetc.),thentheinternalcontrolcontains(alternative)riskmanagementfunctionisverynatural.Eveninthesameera,differentindustrytheiremphasismayalsodifferent,forexample,inthefinancialindustryregulatorystrictorinvolvingthepeople'slivesandhealthpharmacyandmedicalindustry,theurgencyofriskmanagement,enterprisestrongerwithriskmanagementleadinginternalcontrolmaybemoreconvenient.Andinsomeotherenterprise,inordertocomplywithinformationdisclosurerequirementsofinternalcontrolreportswiththeinternalcontrolsystem,enterpriseforleading,giveattentiontotwoormorethingsriskmanagementmaybemoresuitable.Becauseoftheinternalcontrolandriskmanagementistheintrinsicrelation,countrieswithdifferentwaysweregraduallyintegrateinternalcontrolandriskmanagementconnected.January8,2004,China'srelevantaspectsheldthe"commercialbankriskmanagementandinternalcontrolBBS",thisshowsthatourbankingalsobegantointernalcontrolandriskmanagementconnected.TheBaselcommittee"issuedbythebankinggroupofinternalcontrolsystemframeworksaid:"theboardofdirectorsapprovedandregularlychecktheoverallstrategy,andimportantsystem,understandthemainrisk,thebankfortheseriskssettingacceptablelevel,ensuremanagementtotakenecessarystepstoidentifying,measuring,supervisionandcontroltheserisks..."Here,theriskmanagementisobviouslythecontentintotheinternalcontrolframework.IntheUKtheFSAcomprehensivestandards(TheCombinedCode)abouttheinternalcontrolregulation,itisfirstinofficialdocumentscontainingdefinitelyinriskmanagementininternalundercontrol.Thiscodeisthattheboardshouldkeepsoundinternalcontrolsystemtoprotectshareholdersinvestmentandenterpriseassets(principled.2).Theboardofdirectorsatleastonceayear,andchecktheeffectivenessofenterpriseinternalcontrolsystems,andtoshareholdersandreport.Reportsshouldincludeallthecontrol,suchasfinancial,management,followcontrolandriskmanagement(d.2.1).ThisruleislistedontheLondonstockexchangeenterprisemustabideby.Canadianassociationofcertifiedaccountantscontrolstandardscommittee(COCO)think"controlshouldincluderiskidentificationandreducetheriskof",inwhichnotonlyincludetheriskofachievingspecificgoalsrelated,butalsoincludegeneral,ifcan'tidentifyandtookadvantageoftheopportunity,cannotmakeenterpriseinthefaceofnotanticipateeventsanduncertaininformationwhilemaintainingflexibilityorresilient.In1992theCOSOinternalcontrol-inthewholeframeworkwillriskassessmentoftheinternalcontrolasoneofthefiveelements,inthelatestontheintroductionofthe"enterpriseriskmanagementframework"andfurtherintegrateinternalcontrolexpandedtoriskmanagement,clearlyputriskmanagementincludeinternalcontrol.Theauthorbelievesthatintheactualbusinessprocess,riskmanagementandinternalcontrolisinseparableinruleorlegislativeprocess,considerationscopeandcontrolstrength,therequirements,thegreaterthecontrolrangewillbeweaker.Foritscoreproblems,suchasfinancialreportingaccurateandreliable,themostsuitableforlegislationtoformtoconstraint,andothermorebroadcontentmaybemoresuitableforrulesandguidelines.Thedifferentlevelsoftheenterpriseinternalriskmanagementandinternalcontrol,theleadingrelativeordercanalsobedifferent,forexample,fromtheenterprisestrategicriskinturntothemanagementrisk,financialrisk,andfinallytothefinancialreport,riskmanagementandinternalcontroltherelativeimportanceshouldvary.Instrategicrisk,theriskmanagementshouldplayaleadingroleplaycomplexationandinternalcontrol.Thisrolereversaltofinancialreport,graduallylevel,shouldplayaleadingroleistheinternalcontrol,riskmanagementplaycomplexation.Despitetheriskmanagementandinternalcontrolaninnerlink,buttherealityoforonbehalfofthecurrentapplicationlevelofinternalcontrolandriskmanagementandlotsofgap.Thetypicalriskmanagementattentioninparticularbusinesswithstrategicchoiceorbusinessdecisionsrelatedtocomparethebenefitsandrisksof,forexample,bankingcreditmanagementormarket(price)riskmanagementsuchasexchangerate,interestraterisk,etc.Thetypicalinternalcontrolreferstoaccountingcontrol,auditactivities,aregenerallyconfinedtofinancialrelateddepartment.Whattheyallhaveincommonislowlevel,smallrange,confinedtoafewfunctionaldepartments,andnopenetrationorappliedinenterprisemanagementprocessandthewholemanagementsystem,therefore,sometimeslooksriskmanagementandinternalcontrolorindependentofeachothertwothings.Alongwiththeinternalcontrolandriskmanagementconstantlyimproveandbecomemorecomprehensive,theyinevitablyoverlappingandfusionbetweenuntilunity.內(nèi)部控制與風(fēng)險(xiǎn)管理周兆生1、內(nèi)部控制———標(biāo)準(zhǔn)與立法1985年美國為了遏制日益猖獗的會(huì)計(jì)舞弊活動(dòng),成立了一個(gè)反財(cái)務(wù)舞弊委員會(huì)(Treadway委員會(huì)),調(diào)查導(dǎo)致會(huì)計(jì)舞弊活動(dòng)的原因,并提出了解決方案。該方案強(qiáng)調(diào)了內(nèi)部控制的重要性,建議要求所有的上市公司都應(yīng)該在其年報(bào)中提供內(nèi)部控制報(bào)告。報(bào)告內(nèi)容包括承認(rèn)管理當(dāng)局對(duì)財(cái)務(wù)報(bào)告和內(nèi)部控制負(fù)有責(zé)任,并討論這些責(zé)任的履行情況。在Treadway委員會(huì)結(jié)束其使命之后,該委員會(huì)的五個(gè)發(fā)起組織聯(lián)合成立了一個(gè)新的委員會(huì)———COSO(TheCom-mitteeofSponsoringOrganizationsoftheTreadwayCommittee),即Treadway委員會(huì)的發(fā)起組織委員會(huì)。它由美國公共注冊會(huì)計(jì)師協(xié)會(huì)(AICPA)、美國會(huì)計(jì)協(xié)會(huì)(AAA)、國際財(cái)務(wù)管理人員協(xié)會(huì)(FEI)、內(nèi)部審計(jì)師協(xié)會(huì)(IIA)、國際會(huì)計(jì)協(xié)會(huì)(NAA)(是管理會(huì)計(jì)協(xié)會(huì)IMA的前身)聯(lián)合發(fā)起。COSO繼續(xù)研究并于1992年發(fā)布了一份關(guān)于內(nèi)部控制的綱領(lǐng)性文件,即《內(nèi)部控制-整體框架》(InternalControl-IntegratedFramework)。COSO提出的報(bào)告得到了美國聯(lián)邦儲(chǔ)備局、美國證券交易委員會(huì)、巴塞爾委員會(huì)等監(jiān)管機(jī)構(gòu)或國際組織的認(rèn)可與采納,其中的許多定義、建議及思想被吸收到立法與規(guī)則制定中,在全世界范圍內(nèi)產(chǎn)生了廣泛的影響。2001年年底以來,美國爆發(fā)了以安然、世通、施樂等公司財(cái)務(wù)舞弊案為代表的會(huì)計(jì)丑聞,重創(chuàng)了美國資本市場及經(jīng)濟(jì),同時(shí)也集中暴露了美國公司在內(nèi)部控制上存在的問題,由此導(dǎo)致美國通過了《薩班尼斯———奧克斯利法》(THESARBANES-OXLEYACT)。該法案明確了公司管理者CEO及財(cái)務(wù)主管CFO對(duì)內(nèi)部控制負(fù)直接責(zé)任,并將承擔(dān)經(jīng)濟(jì)與刑事后果;大幅度提高了對(duì)會(huì)計(jì)舞弊的處罰力度;強(qiáng)化了內(nèi)部審計(jì)、外部審計(jì)及審計(jì)監(jiān)管。此次立法代表著資本市場制度的一次大的進(jìn)步,也使人們對(duì)內(nèi)部控制的重要性有了更深刻的認(rèn)識(shí)。值得強(qiáng)調(diào)的是,美國證券交易委員會(huì)(SEC)規(guī)定企業(yè)管理層評(píng)價(jià)其內(nèi)部控制的標(biāo)準(zhǔn)必須符合以下條件:制定過程嚴(yán)謹(jǐn)適當(dāng),經(jīng)過廣泛散發(fā)和公眾評(píng)議;非盈利而無偏見;能一致性地定性或定量分析內(nèi)部控制;全面包括所有影響內(nèi)部控制的因素;與企業(yè)財(cái)務(wù)報(bào)告中的內(nèi)部控制相關(guān)等。最終,SEC認(rèn)為COSO的《內(nèi)部控制-整體框架》報(bào)告是符合上述規(guī)定的,同時(shí)指出未來符合上述要求的相關(guān)文件也都認(rèn)可。還有相關(guān)國家的權(quán)威文件,如加拿大的COCO或英國的Turnbull的相關(guān)規(guī)定都是認(rèn)可的(二者都是以美國COSO的報(bào)告為藍(lán)本)。2、內(nèi)部控制與風(fēng)險(xiǎn)管理的比較內(nèi)部控制與風(fēng)險(xiǎn)管理有著密切的聯(lián)系。COSO認(rèn)為,內(nèi)部控制是風(fēng)險(xiǎn)管理的一部分。因此,該委員會(huì)在《內(nèi)部控制-整體框架》的基礎(chǔ)上,又于2003年出臺(tái)了最新報(bào)告———《企業(yè)風(fēng)險(xiǎn)管理框架》。目前這個(gè)報(bào)告還僅是個(gè)草稿,在公示、修訂之后,預(yù)計(jì)將于今年正式發(fā)布。《企業(yè)風(fēng)險(xiǎn)管理框架》繼承并包含了《內(nèi)部控制-整體框架》的主體內(nèi)容,同時(shí)擴(kuò)展了三個(gè)要素,增加了一個(gè)目標(biāo),更新了一些觀念,旨在為各國的企業(yè)風(fēng)險(xiǎn)管理提供一個(gè)統(tǒng)一術(shù)語與概念體系的全面的應(yīng)用指南。COSO對(duì)內(nèi)部控制與風(fēng)險(xiǎn)管理的定義及其組成要素分別是:內(nèi)部控制:企業(yè)內(nèi)部控制是由企業(yè)董事會(huì)、經(jīng)理層以及其他員工共同實(shí)施的,為財(cái)務(wù)報(bào)告的準(zhǔn)確性、經(jīng)營活動(dòng)的效率與效果、相關(guān)法律法規(guī)的遵循等目標(biāo)的實(shí)現(xiàn)而提供合理保證的過程。它包括五個(gè)方面的組成要素:控制環(huán)境、風(fēng)險(xiǎn)評(píng)估、控制活動(dòng)、信息與溝通、監(jiān)督。風(fēng)險(xiǎn)管理:企業(yè)風(fēng)險(xiǎn)管理是一個(gè)過程,是由企業(yè)的董事會(huì)、管理層以及其他人員共同實(shí)施的,應(yīng)用于戰(zhàn)略制定及企業(yè)各個(gè)層次的活動(dòng),旨在識(shí)別可能影響企業(yè)的各種潛在事件,并按照企業(yè)的風(fēng)險(xiǎn)偏好管理風(fēng)險(xiǎn),為企業(yè)目標(biāo)的實(shí)現(xiàn)提供合理的保證。它有八個(gè)組成要素:內(nèi)部環(huán)境、目標(biāo)設(shè)定、事件識(shí)別、風(fēng)險(xiǎn)評(píng)估、風(fēng)險(xiǎn)對(duì)策、控制活動(dòng)、信息與溝通、監(jiān)督。從COSO的兩份報(bào)告來看,企業(yè)風(fēng)險(xiǎn)管理與內(nèi)部控制有以下相似或不同之處:第一,它們都是由“企業(yè)董事會(huì)、管理層以及其他人員共同實(shí)施的”,強(qiáng)調(diào)了全員參與的觀點(diǎn),指出各方在內(nèi)部控制或風(fēng)險(xiǎn)管理中都有相應(yīng)的角色與職責(zé)。第二,它們都明確是一個(gè)“過程”,不能當(dāng)作某種靜態(tài)的東西,如制度文件、技術(shù)模型等,也不是單獨(dú)或額外的活動(dòng),如檢查評(píng)估等,最好是內(nèi)置于企業(yè)日常管理過程中,作為一種常規(guī)運(yùn)行的機(jī)制來建設(shè)。第三,它們都是為企業(yè)目標(biāo)的實(shí)現(xiàn)提供合理的保證。風(fēng)險(xiǎn)管理的目標(biāo)有四類,其中三類與內(nèi)部控制相重合,即報(bào)告類目標(biāo)、經(jīng)營類目標(biāo)和遵循類目標(biāo)。但報(bào)告類目標(biāo)有所擴(kuò)展,它不僅包括財(cái)務(wù)報(bào)告的準(zhǔn)確性,還要求所有對(duì)內(nèi)對(duì)外發(fā)布的非財(cái)務(wù)類報(bào)告準(zhǔn)確可靠。另外,風(fēng)險(xiǎn)管理增加了戰(zhàn)略目標(biāo),即與企業(yè)的遠(yuǎn)景或使命相關(guān)的高層次目標(biāo)。這意味著風(fēng)險(xiǎn)管理不僅僅是確保經(jīng)營的效率與效果,而且介入了企業(yè)戰(zhàn)略(包括經(jīng)營目標(biāo))制定過程。第四,風(fēng)險(xiǎn)管理與內(nèi)部控制的組成要素有五個(gè)方面是重合的,即(控制或內(nèi)部)環(huán)境、風(fēng)險(xiǎn)評(píng)估、控制活動(dòng)、信息與溝通、監(jiān)督。這些重合是由它們目標(biāo)的多數(shù)重合及實(shí)現(xiàn)機(jī)制相似決定的。風(fēng)險(xiǎn)管理增加了目標(biāo)設(shè)定、事件識(shí)別和風(fēng)險(xiǎn)對(duì)策三個(gè)要素。重合的要素中,內(nèi)涵也有所擴(kuò)展,例如,內(nèi)部控制環(huán)境包括誠實(shí)正直品格及道德價(jià)值觀、員工素質(zhì)與能力、董事會(huì)與審計(jì)委員會(huì)、管理哲學(xué)與經(jīng)營風(fēng)格、組織結(jié)構(gòu)、權(quán)力與責(zé)任的分配、人力資源政策和實(shí)踐等七個(gè)方面。風(fēng)險(xiǎn)管理的“內(nèi)部環(huán)境”除包括上述七個(gè)方面外,還包括風(fēng)險(xiǎn)管理哲學(xué)、風(fēng)險(xiǎn)偏好(riskappetite)和風(fēng)險(xiǎn)文化三個(gè)新內(nèi)容。在風(fēng)險(xiǎn)評(píng)估要素中,風(fēng)險(xiǎn)管理要求考慮內(nèi)在風(fēng)險(xiǎn)與剩余風(fēng)險(xiǎn),以期望值、最壞情形值或概率分布度量風(fēng)險(xiǎn),考慮時(shí)間偏好以及風(fēng)險(xiǎn)之間的關(guān)聯(lián)作用。在信息與溝通方面,風(fēng)險(xiǎn)管理強(qiáng)調(diào)了過去、現(xiàn)在以及關(guān)于未來的相關(guān)數(shù)據(jù)的獲取與分析處理,規(guī)定了信息的深度與及時(shí)性等。第五,風(fēng)險(xiǎn)管理提出了風(fēng)險(xiǎn)組合與整體風(fēng)險(xiǎn)管理(in-tegratedriskmanagement)的新觀念?！镀髽I(yè)風(fēng)險(xiǎn)管理框架》借用現(xiàn)代金融理論中的資產(chǎn)組合理論,提出了風(fēng)險(xiǎn)組合與整體管理的觀念,要求從企業(yè)層面上總體把握分散于企業(yè)各層次及各部門的風(fēng)險(xiǎn)暴露,以統(tǒng)籌考慮風(fēng)險(xiǎn)對(duì)策,防止分部門分散考慮與應(yīng)對(duì)風(fēng)險(xiǎn),如將風(fēng)險(xiǎn)割裂在技術(shù)、財(cái)務(wù)、信息科技、環(huán)境、安全、質(zhì)量、審計(jì)等部門,并考慮到風(fēng)險(xiǎn)事件之間的交互影響,防止兩種傾向:一是部門的風(fēng)險(xiǎn)處于風(fēng)險(xiǎn)偏好可承受能力之內(nèi),但總體效果可能超出企業(yè)的承受限度,因?yàn)閭€(gè)別風(fēng)險(xiǎn)的影響并不總是相加的,有可能是相乘的;二是個(gè)別部門的風(fēng)險(xiǎn)暴露超過其限度,但總體風(fēng)險(xiǎn)水平還沒超出企業(yè)的承受范圍,因?yàn)槭录挠绊懹袝r(shí)有抵消的效果。此時(shí),還有進(jìn)一步承受風(fēng)險(xiǎn),爭取更高回報(bào)與成長的空間。按照風(fēng)險(xiǎn)組合與整體管理的觀點(diǎn),需要統(tǒng)一考慮風(fēng)險(xiǎn)事件之間以及風(fēng)險(xiǎn)對(duì)策之間的交互影響,統(tǒng)籌制定風(fēng)險(xiǎn)管理方案。3、內(nèi)部控制與風(fēng)險(xiǎn)管理的內(nèi)在聯(lián)系企業(yè)制度的發(fā)展演進(jìn)與風(fēng)險(xiǎn)相關(guān)。有限責(zé)任制度的確立是企業(yè)組織從業(yè)主制或合伙制走向現(xiàn)代股份公司制的關(guān)鍵步驟,它使股東的家產(chǎn)與企業(yè)的財(cái)產(chǎn)及企業(yè)的經(jīng)濟(jì)責(zé)任相互獨(dú)立,股東的變換不再影響企業(yè)的信用能力,為股權(quán)交易擴(kuò)大了范圍并增加了流動(dòng)性,從而降低了投資風(fēng)險(xiǎn)并促進(jìn)了企業(yè)融資,造就了今天巨型的股份公司。為了使股權(quán)交易與股東變換不影響企業(yè)經(jīng)營的連續(xù)性,也為了使資本與經(jīng)營能力實(shí)現(xiàn)更優(yōu)的組合,企業(yè)的所有權(quán)與經(jīng)營權(quán)在現(xiàn)代企業(yè)中高度分離開來,由此也帶來了新的風(fēng)險(xiǎn),即職業(yè)經(jīng)營者有可能不履行其受托責(zé)任而損害股東的利益。另外,有限責(zé)任也有可能誘使企業(yè)從事風(fēng)險(xiǎn)過高的項(xiàng)目而損害債權(quán)人利益。因?yàn)樵谟邢挢?zé)任下,潛在的收益主要由企業(yè)(股東)獲得,而失敗即破產(chǎn)的風(fēng)險(xiǎn)則主要由債權(quán)人承擔(dān)。上述風(fēng)險(xiǎn)不是市場化的,可以由市場競爭自發(fā)約束或市場交易提供避險(xiǎn),如產(chǎn)品質(zhì)量或自然災(zāi)害等,而是機(jī)制問題,屬于組織或交易中的代理問題,需要規(guī)則與制度進(jìn)行規(guī)范。這些制度包括企業(yè)治理中的責(zé)任制度,如財(cái)務(wù)報(bào)告、內(nèi)部控制及審計(jì)等。內(nèi)部控制或風(fēng)險(xiǎn)管理的根本作用都是維護(hù)投資者利益、保全企業(yè)資產(chǎn),并創(chuàng)造新的價(jià)值。Fama&Jensen(1983)分析了所有權(quán)與經(jīng)營權(quán)分離下董事會(huì)的內(nèi)部控制職能;Jensen(1993)進(jìn)一步分析了美國公司董事會(huì)在內(nèi)部控制方面失效的表現(xiàn)與原因。從理論上說,企業(yè)的內(nèi)部控制是企業(yè)制度的組成部分,是在企業(yè)經(jīng)營權(quán)與所有權(quán)分離的條件下對(duì)投資者利益的保護(hù)機(jī)制。其目的就是保證會(huì)計(jì)信息的準(zhǔn)確可靠,防止經(jīng)營層操縱報(bào)表與欺詐,保護(hù)公司的財(cái)產(chǎn)安全,遵守法律以維護(hù)公司的名譽(yù)以及避免招致經(jīng)濟(jì)損失等。內(nèi)部控制的歷史起源更早,其要求更為基本,更容易或適合上升到立法層次。企業(yè)風(fēng)險(xiǎn)管理則是在新的技術(shù)與市場條件下對(duì)內(nèi)部控制的自然擴(kuò)展。COSO在《企業(yè)風(fēng)險(xiǎn)管理框架》中談到風(fēng)險(xiǎn)管理的意義時(shí)是這樣論述的:“企業(yè)風(fēng)險(xiǎn)管理應(yīng)用于戰(zhàn)略制定與組織的各層次活動(dòng)中。它使管理者在面對(duì)不確定性時(shí)能夠識(shí)別、評(píng)估和管理風(fēng)險(xiǎn),發(fā)揮創(chuàng)造與保持價(jià)值的作用。風(fēng)險(xiǎn)管理能夠使風(fēng)險(xiǎn)偏好與戰(zhàn)略保持一致,將風(fēng)險(xiǎn)與增長及回報(bào)統(tǒng)籌考慮,促進(jìn)應(yīng)對(duì)風(fēng)險(xiǎn)的決策,減小經(jīng)營風(fēng)險(xiǎn)與損失,識(shí)別與管理企業(yè)交叉風(fēng)險(xiǎn),為多種風(fēng)險(xiǎn)提供整體的對(duì)策,捕捉機(jī)遇以及使資本的利用合理化。”COCO在解釋廣義的控制與風(fēng)險(xiǎn)時(shí)論述道:“‘領(lǐng)導(dǎo)’包括在面對(duì)不確定性時(shí)作出選擇。‘風(fēng)險(xiǎn)’是指個(gè)人或組織在作出選擇后遭受不利后果的可能性。風(fēng)險(xiǎn)正是機(jī)會(huì)的對(duì)應(yīng)物。”顯然,這些論述已經(jīng)認(rèn)識(shí)到企業(yè)的存在是為股東或利害相關(guān)者(針對(duì)非盈利性組織等)創(chuàng)造價(jià)值的,而價(jià)值創(chuàng)造不僅是被動(dòng)的資產(chǎn)安全等,還應(yīng)包括機(jī)會(huì)的利用。另外,對(duì)股東價(jià)值的威脅也不僅來自經(jīng)營者會(huì)計(jì)舞弊等內(nèi)部因素,還包括來自市場的風(fēng)險(xiǎn)等。技術(shù)及市場條件的新進(jìn)展,推動(dòng)了內(nèi)部控制走向風(fēng)險(xiǎn)管理。在先進(jìn)的信息技術(shù)條件下,會(huì)計(jì)記錄實(shí)現(xiàn)了電子控制、實(shí)時(shí)更新,使傳統(tǒng)的查錯(cuò)與防弊的會(huì)計(jì)控制顯得過時(shí)。然而,風(fēng)險(xiǎn)往往是由交易或組織創(chuàng)新造成的,這些創(chuàng)新來源于新興的市場實(shí)踐,如安然公司將能源交易大量發(fā)展成類似金融衍生品的交易。另一方面,環(huán)境保護(hù)及消費(fèi)者權(quán)益保護(hù)的加強(qiáng),都強(qiáng)化了企業(yè)的社會(huì)責(zé)任,若一有不慎,企業(yè)就可能遭受來自商品市場或資本市場的懲罰,表現(xiàn)為企業(yè)的品牌價(jià)值或資本市場上的市值貶損。因此,企業(yè)需要一種日常運(yùn)行的功能與結(jié)構(gòu)來防范風(fēng)險(xiǎn),包括遵守法律與法規(guī),確保投資者對(duì)財(cái)務(wù)信息的信任以及保證經(jīng)營效率等。因此,從維護(hù)與促進(jìn)價(jià)值創(chuàng)造這一根本功能來看,風(fēng)險(xiǎn)管理與企業(yè)內(nèi)部控制的目標(biāo)是一致的,只是在新的技術(shù)與市場條件下,為了更有效地保護(hù)投資者利益,需要在內(nèi)部控制的基礎(chǔ)上發(fā)展更主動(dòng)、更全面的風(fēng)險(xiǎn)管理。4、從內(nèi)部控制走向風(fēng)險(xiǎn)管理有一種爭論,即風(fēng)險(xiǎn)管理包含內(nèi)部控制,或內(nèi)部控制包含風(fēng)險(xiǎn)管理。筆者認(rèn)為得出什么樣的結(jié)論并不十分重要,最重要的是明確風(fēng)險(xiǎn)管理與內(nèi)部控制之間有重合與聯(lián)系的地方。誰的范圍更大,可能要隨著時(shí)間、技術(shù)、市場條件、法律以及監(jiān)管實(shí)踐的發(fā)展而不同,例如,在內(nèi)部控制發(fā)展的早期,市場上風(fēng)險(xiǎn)管理的工具與技術(shù)條件都不充分(如計(jì)算機(jī)系統(tǒng)、統(tǒng)計(jì)學(xué)理論、數(shù)量模型、對(duì)沖工具與保險(xiǎn)等),這時(shí)內(nèi)部控制包含(替代)風(fēng)險(xiǎn)管理功能是很自然的。即使在同一個(gè)時(shí)代,不同的行業(yè)各自的側(cè)重點(diǎn)也可能不相同,例如,在監(jiān)管嚴(yán)格的金融業(yè)或涉及人民生命健康的制藥與醫(yī)療行業(yè),風(fēng)險(xiǎn)管理的迫切性更強(qiáng),企業(yè)以風(fēng)險(xiǎn)管理主導(dǎo)內(nèi)部控制可能更方便。而在另一些企業(yè),為了符合信息披露中內(nèi)部控制報(bào)告的要求,企業(yè)以內(nèi)部控制系統(tǒng)為主導(dǎo)、兼顧風(fēng)險(xiǎn)管理可能更適合。正因?yàn)閮?nèi)部控制與風(fēng)險(xiǎn)管理有內(nèi)在的聯(lián)系,各國分別以不同的方式逐步將內(nèi)部控制與風(fēng)險(xiǎn)管理聯(lián)系起來。2004年1月8日,我國有關(guān)方面舉辦了“商業(yè)銀行風(fēng)險(xiǎn)管理與內(nèi)部控制論壇”,這表明我國銀行業(yè)也開始將內(nèi)部控制與風(fēng)險(xiǎn)管理聯(lián)系起來。巴塞爾委員會(huì)發(fā)布的《銀行業(yè)組織內(nèi)部控制系統(tǒng)框架》中指出:“董事會(huì)負(fù)責(zé)批準(zhǔn)并定期檢查銀行整體戰(zhàn)略及重要制度,了解銀行的主要風(fēng)險(xiǎn),為這些風(fēng)險(xiǎn)設(shè)定可接受的水平,確保管理層采取必要的步驟去識(shí)別、計(jì)量、監(jiān)督以及控制這些風(fēng)險(xiǎn)……”,這里顯然是把風(fēng)險(xiǎn)管理的內(nèi)容納入到內(nèi)部控制框架中。英國FSA在《綜合準(zhǔn)則》(TheCombinedCode)中關(guān)于內(nèi)部控制的規(guī)定,是第一次在官方文件里明確將風(fēng)險(xiǎn)管理包含在內(nèi)部控制之中。該準(zhǔn)則指出,董事會(huì)應(yīng)該保持健全的內(nèi)部控制系統(tǒng),以保護(hù)股東的投資及企業(yè)的資產(chǎn)(原則D.2)。董事會(huì)至少每年一次,檢查企業(yè)內(nèi)部控制系統(tǒng)的有效性,并向股東報(bào)告。報(bào)告應(yīng)該包括所有的控制,如財(cái)務(wù)的、經(jīng)營的、遵從的控制以及風(fēng)險(xiǎn)管理(D.2.1)。這一規(guī)則是倫敦交易所上市企業(yè)必須要遵守的。加拿大注冊會(huì)計(jì)師協(xié)會(huì)控制標(biāo)準(zhǔn)委員會(huì)(COCO)認(rèn)為“控制應(yīng)該包括風(fēng)險(xiǎn)的識(shí)別與減輕”,其中的風(fēng)險(xiǎn)不僅包括與實(shí)現(xiàn)特定目標(biāo)相關(guān)的風(fēng)險(xiǎn),而且還包括一般性的,如不能識(shí)別和利用機(jī)會(huì),不能使企業(yè)在面臨未預(yù)料到事件以及不確定信息時(shí)保持靈活性或彈性。1992年COSO在《內(nèi)部控制-整體框架》中將風(fēng)險(xiǎn)評(píng)估作為內(nèi)部控制的五個(gè)組成要素之一,在最新出臺(tái)的《企業(yè)風(fēng)險(xiǎn)管理框架》中又進(jìn)一步將內(nèi)部控制擴(kuò)展為風(fēng)險(xiǎn)管理,明確提出風(fēng)險(xiǎn)管理包含內(nèi)部控制。筆者認(rèn)為,在實(shí)際的經(jīng)營過程中,風(fēng)險(xiǎn)管理與內(nèi)部控制是密不可分的在規(guī)則制定或立法過程中,需要考慮的是范圍與管制的強(qiáng)度,范圍越大,管制的要求就會(huì)越弱。對(duì)于其核心問題,如財(cái)務(wù)報(bào)告的準(zhǔn)確可靠,最適合以立法的形式來約束,而其他更寬泛的內(nèi)容則可能更適合于規(guī)則及指南。在企業(yè)內(nèi)部的不同層次,風(fēng)險(xiǎn)管理與內(nèi)部控制的主導(dǎo)性相對(duì)次序也可能不同,例如,從企業(yè)的戰(zhàn)略風(fēng)險(xiǎn)依次到經(jīng)營風(fēng)險(xiǎn)、財(cái)務(wù)風(fēng)險(xiǎn),最后到財(cái)務(wù)報(bào)告,風(fēng)險(xiǎn)管理與內(nèi)部控制的相對(duì)重要性應(yīng)該各有不同。在戰(zhàn)略風(fēng)險(xiǎn)方面,風(fēng)險(xiǎn)管理應(yīng)該發(fā)揮主導(dǎo)作用,內(nèi)部控制起到配合作用。這一角色逐步逆轉(zhuǎn),到財(cái)務(wù)報(bào)告層次,應(yīng)該是內(nèi)部控制發(fā)揮主導(dǎo)作用,風(fēng)險(xiǎn)管理起到配合作用。盡管風(fēng)險(xiǎn)管理與內(nèi)部控制有內(nèi)在的聯(lián)系,但現(xiàn)實(shí)中的或代表目前應(yīng)用水平的內(nèi)部控制與風(fēng)險(xiǎn)管理還有不少的差距。典型的風(fēng)險(xiǎn)管理關(guān)注特定業(yè)務(wù)中與戰(zhàn)略選擇或經(jīng)營決策相關(guān)的風(fēng)險(xiǎn)與收益比較,例如,銀行業(yè)的授信管理或市場(價(jià)格)風(fēng)險(xiǎn)管理如匯率、利率風(fēng)險(xiǎn)等。典型的內(nèi)部控制是指會(huì)計(jì)控制、審計(jì)活動(dòng)等,一般局限于財(cái)務(wù)相關(guān)部門。它們的共同點(diǎn)都是低水平、小范圍,只局限于少數(shù)職能部門,并沒有滲透或應(yīng)用于企業(yè)管理過程和整個(gè)經(jīng)營系統(tǒng),因此,有時(shí)看上去風(fēng)險(xiǎn)管理與內(nèi)部控制還是相互獨(dú)立的兩件事。隨著內(nèi)部控制或風(fēng)險(xiǎn)管理的不斷完善和變得更加全面,它們之間必然相互交叉、融合,直至統(tǒng)一?；贑8051F單片機(jī)直流電動(dòng)機(jī)反饋控制系統(tǒng)的設(shè)計(jì)與研究基于單片機(jī)的嵌入式Web服務(wù)器的研究MOTOROLA單片機(jī)MC68HC（8）05PV8/A內(nèi)嵌EEPROM的工藝和制程方法及對(duì)良率的影響研究基于模糊控制的電阻釬焊單片機(jī)溫度控制系統(tǒng)的研制基于MCS-51系列單片機(jī)的通用控制模塊的研究基于單片機(jī)實(shí)現(xiàn)的供暖系統(tǒng)最佳啟停自校正（STR）調(diào)節(jié)器單片機(jī)控制的二級(jí)倒立擺系統(tǒng)的研究基于增強(qiáng)型51系列單片機(jī)的TCP/IP協(xié)議棧的實(shí)現(xiàn)基于單片機(jī)的蓄電池自動(dòng)監(jiān)測系統(tǒng)基于32位嵌入式單片機(jī)系統(tǒng)的圖像采集與處