内部控制-整体框架【外文翻译】.doc

本科毕业论文（设计） 外 文 翻 译 原文： Internal Control –Integrated Framework Risks The process of identifying and analyzing risk is an ongoing iterative process and is a critical component of an effective internal control system. Managements must focus carefully on risks at all levels of the entity and take the necessary actions to manage them. Risk Identification An entity’s performance can be at risk due to internal or external factors. These factors, in turn, can affect either stated or implied objectives. Risk increases as objectives increasingly differ from past performance. In a number of areas of performance, an entity often does not set explicit entity-wide objectives because it considers its performance to be acceptable. Although there might not be an explicit or written objective in these circumstances, there is an implied objective of “no change” or “as is.” This does not mean that an implied objective is without either internal or external risk. For example, an entity might view its service to customers as acceptable, yet, due to a change in a competitor’s practices, its service, as viewed by its customers, might deteriorate. Regardless of whether an objective is stated or implied, an entity’s risk-assessment process should consider risks that may occur. It is important that risk identification be comprehensive. It should consider all significant interactions — of goods, services and information — between an entity and relevant external parties. These external parties include potential and current suppliers, investors, creditors, shareholders, employees, customers, buyers, intermediaries and competitors, as well as public bodies and news media. Risk identification is an iterative process and often is integrated with the planning process. It also is useful to consider risk from a “clean sheet of paper” approach, and not merely relate the risk to the previous review. Entity Level. Risks at the entity-wide level can arise from external or internal factors. Examples in