top of page
  • CCS

Internal Control Components: Information System and Communication

Updated: Dec 30, 2022


Management (and those charged with governance) requires reliable information to:

  • Manage the entity (such as planning, budgeting, monitoring performance, allocating resources, pricing, and preparing financial statements for reporting purposes);

  • Achieve objectives; and

  • Identify, assess, and respond to risk factors.

This requires pertinent information to be identified, captured and communicated/distributed timely to personnel (at all levels of the entity) who need it for decision-making.


管理层(和负责管理的人)需要可靠的信息来:

  • 管理实体(如规划、预算、监测业绩、分配资源、定价以及为报告目的编制财务报表)。

  • 实现目标;以及

  • 识别、评估和应对风险因素。

这就要求相关的信息能够被识别、获取并及时传达/分发到需要决策的人员(在实体的各个层面)。


An information system consists of infrastructure (physical and hardware components), software, people, procedures, and data.


Many information systems make extensive use of information technology (IT).


They identify, capture, process, and distribute information supporting the achievement of financial reporting (including disclosures) and internal control objectives.


An information system relevant to financial reporting objectives includes the entity’s business processes and accounting system, as set out below.


Business Processes (Sales, Purchases, Payroll, etc.): Business processes are structured activities designed to produce a specified output. They result in transactions being recorded, processed, and reported by the information system.


Accounting Systems: These include accounting software, electronic spreadsheets, relevant information from other sources and the policies and procedures used to prepare periodic financial reports and period-end financial statements, including disclosures.


Other Information Sources: Preparing some financial statement amounts and disclosures may require using information from within or outside the general and subsidiary ledgers.


一个信息系统由基础设施(物理和硬件组件)、软件、人员、程序和数据组成。许多信息系统广泛使用了信息技术(IT)。


它们识别、捕获、处理和分发信息,以支持实现财务报告(包括披露)和内部控制目标。与财务报告目标相关的信息系统包括实体的业务流程和会计系统,如下所述:


业务流程(销售、采购、工资等):业务流程是一组结构化的活动,旨在产生一个特定的产出。它们导致交易被记录、处理,并由信息系统报告。


会计系统:这包括会计软件、电子表格、来自其他来源的相关信息以及用于编制定期财务报告和期末财务报表的政策和程序,包括披露信息。


其他信息来源:一些财务报表金额和披露的编制可能需要使用总账和辅助账内部或外部的信息。


Sources of information | 信息的来源

Financial statements and disclosures may contain information not generated by the entity’s general ledger system.

This information (Nature of Information) is often obtained from outside of the general and subsidiary ledgers and may include examples such as:


Contractual Agreements: Information obtained from lease agreements may be disclosed in the financial statements, such as renewal options or future lease payments.


Non-compliance: Information that would identify actual or suspected non-compliance with relevant laws and regulations.


财务报表和披露可能包含不由实体的总分类账系统产生的信息。


这种信息(信息的性质)往往是从总账和辅助账簿之外获得的,可能包括以下例子:


合同协议:从租赁协议中获得的信息可能会在财务报表中披露,如续约选项或未来的租赁付款。


不合规行为:可以确定实际或涉嫌不遵守相关法律和法规的信息。

Fair Value Information Information: that may be produced by management’s experts and disclosed in the financial statements.


Risk Assessments: Information disclosed in the financial statements produced by an entity’s risk management system. For example, the financial reporting framework may require disclosure of certain matters related to the entity’s risk management system.


公允价值信息: 信息可能由管理层的专家制作并在财务报表中披露。


风险评估:在财务报表中披露的信息,由一个实体的风险管理系统产生。例如,财务报告框架可能要求披露与实体的风险管理系统有关的某些事项。

Assumptions and Data Used to Prepare Estimates: Information obtained from models or other calculations is used to develop estimates recognised or disclosed in the financial statements.


This would include information relating to the underlying data and assumptions used in those models, such as:

  • Assumptions developed internally that may affect an asset’s useful life; or

  • Data, such as interest rates, that are affected by factors outside the control of the entity.

用于编制估算的假设和数据:从模型或其他计算中获得的信息被用来制定在财务报表中确认或披露的估计。


这将包括与这些模型中使用的基础数据和假设有关的信息,例如:

  • 内部制定的、可能影响资产使用寿命的假设;或

  • 数据,如利率,受实体控制之外的因素影响。

Sensitivity Analysis: Information disclosed in the financial statements about sensitivity analysis derived from financial models, which could be used to demonstrate that management has considered alternative assumptions.


Tax Returns and Similar Records: Information recognised or disclosed in the financial statements that have been obtained from an entity’s tax returns and records.


Going Concern Information: Information obtained from analyses prepared to support management’s assessment of the entity’s ability to continue as a going concern. For example, disclosures, if any, related to events or conditions identified that might cast significant doubt on the entity’s ability to continue as a going concern.


敏感性分析:财务报表中披露的关于从财务模型中得出的敏感性分析的信息,可以用来证明管理层已经考虑了其他假设。


报税表和类似记录:在财务报表中确认或披露的信息,这些信息来自一个实体的纳税申报和记录。


持续经营信息:从为支持管理层对实体持续经营能力的评估而准备的分析中获得的信息。例如,披露(如果有的话)与所发现的可能对该实体持续经营能力产生重大疑问的事件或条件有关的信息。


The extent of understanding required about the information system related to financial reporting is a matter of the auditor’s professional judgment. Factors to consider include:

  • Sources of information used, both internal and external;

  • The reliability of the financial reports used for decision-making;

  • The underlying accounting records and supporting information;

  • How the information system captures events and conditions, other than transactions, that are significant to the financial statements;

  • The financial reporting process includes the preparation of estimates, controls over journal entries, and controls over the use of spreadsheets; and

  • Communications between management or those charged with governance and external parties such as banks and regulatory authorities.


对与财务报告有关的信息系统的了解程度是审计员的专业判断问题。需要考虑的因素包括:

  • 使用的信息来源,包括内部和外部信息。

  • 用于决策的财务报告的可靠性。

  • 基础会计记录和支持信息。

  • 信息系统如何捕捉对财务报表有重要意义的事件和条件,而不是交易。

  • 财务报告程序包括估算的编制、对分录的控制以及对电子表格使用的控制;以及

  • 管理层或负责管理的人与外部各方,如银行和监管机构之间的沟通。


An information system has procedures, policies, and records (manual and automated) designed to address the matters below.


一个信息系统拥有旨在解决以下事项的程序、政策和记录(手动和自动)。