SOA与内部审计新规则【外文翻译】.docVIP

本科毕业论文（设计） 外 文 翻 译 外文题目 Sarbanes-Oxley and the New Internal Auditing Rules 外文出处 JWiley Sons 外文作者 John Robert Moeller 原文： Sarbanes-Oxley and the New Internal Auditing Rules COSO Control Environment in Perspective Exhibit 5.9 showed the components of internal control as a pyramid, with the control environment as the lowest or foundation component. This concept of the control environment acting as the foundation is very appropriate in today’s SOA world. Just as a strong foundation is necessary for a multistory building, the control environment provides the foundation for the other components of internal control. An organization that is building a strong internal control structure should give special attention to placing solid foundation bricks in this control environment foundation. Internal auditors always should be aware of the control environment components in place when performing reviews. In many instances, internal audit may find internal control exceptions that are attributable to the lack of a strong control environment foundation. For example, they may find that employees in a given unit are violating some travel expense rule that is defined in a company policy statement. The excuse by local management may be that the rule does not apply to them or that “everyone” is doing what the auditors found. Depending on the nature of the issue, internal audit may have to talk with appropriate persons in senior management and point out the control environment problem. COSO Internal Control Elements: Risk Assessment The next level in the COSO pyramid is risk assessment. An organization’s ability to achieve its objectives can be at risk due to a variety of internal and external factors. As part of its overall control structure, an organization should have a process in place to evaluate the potential risks that may impact attainment