企业全面风险管理题库.ppt

* The purpose of this slide is to illustrate our suggested framework and methodology for completing the evaluation. Walk through the methodology. We should communicate that this is a comprehensive documentation and evaluation process that results in management being in a position to include its assessment of the effectiveness of the company’s internal controls and procedures for financial reporting in its annual report. In addition, the output from the Section 404 evaluation also can provide input to the periodic evaluations and certifications required under Section 302 of the Act starting in 2004. Highlight that most of the work will be in the 4th activity. For the timeline - Discuss the need for the detailed review to be commenced sooner rather than later to allow management time to FIX problems. Point out the audit attestation is as at a point in time ( the year end date) so they will want to ensure that any high risk areas or areas where there are known problems are tackled early to allow time to sort out before the year end. This would be a good point to point out our first publication - EY publication EE0677, Preparing for Internal Control Reporting: A Guide for Management’s Assessment under Section 404 of the Sarbanes-Oxley Act. Key Points The purpose of this slide is to illustrate our suggested framework and methodology for completing the evaluation. Highlight that most of the work will be in the 4th phase. They need to be starting now. Focus on problem areas first so correcting and testing can be completed by year-end. You should adjust the timeline if they are other than a calendar year end company * 内控活动就是一些比较容易看到的实质活动，例如：编写出来的详细企业政策及守则；相信在座每一位每天都会有一大堆的文件需要看和需要批核，其实批核也是一种控制；对企业内的所有资产，都应该好好保护，作出一些保安措施，也是一种控制。可能每天或每月你们都会收到一些报表，里面的差异和指标，都能更容易的让你们控制和管理企业。资讯系统也是一种很有效的控制，但系统本身的控制必需做得好，因为很多工作都有依靠资讯系统的协助，好像刚才提过的报表都会由系统准备和打印出来的。至于权责划分，这方面刚才已经说过，所以我不再详谈了。 * * 内控活动就是一些比较容易看到的实质活动，例如：编写出来的详细企业政策及守则；相信在座每一位每天都会有一大堆的文件需要看和需要批核，其实批核也是一种控制；对企业内的所有资产，都应该好好保护，作出