Internal Control Components: Information System and Communication

Management (and those charged with governance) requires reliable information to:

• Manage the entity (such as planning, budgeting, monitoring performance, allocating resources, pricing, and preparing financial statements for reporting purposes);
• Achieve objectives; and
• Identify, assess, and respond to risk factors.

This requires pertinent information to be identified, captured and communicated/distributed timely to personnel (at all levels of the entity) who need it for decision-making.

管理层（和负责管理的人）需要可靠的信息来：

• 管理实体（如规划、预算、监测业绩、分配资源、定价以及为报告目的编制财务报表）。
• 实现目标；以及
• 识别、评估和应对风险因素。

这就要求相关的信息能够被识别、获取并及时传达/分发到需要决策的人员（在实体的各个层面）。

An information system consists of infrastructure (physical and hardware components), software, people, procedures, and data.

Many information systems make extensive use of information technology (IT).

They identify, capture, process, and distribute information supporting the achievement of financial reporting (including disclosures) and internal control objectives.

An information system relevant to financial reporting objectives includes the entity’s business processes and accounting system, as set out below.

Business Processes (Sales, Purchases, Payroll, etc.): Business processes are structured activities designed to produce a specified output. They result in transactions being recorded, processed, and reported by the information system.

Accounting Systems: These include accounting software, electronic spreadsheets, relevant information from other sources and the policies and procedures used to prepare periodic financial reports and period-end financial statements, including disclosures.

Other Information Sources: Preparing some financial statement amounts and disclosures may require using information from within or outside the general and subsidiary ledgers.

一个信息系统由基础设施（物理和硬件组件）、软件、人员、程序和数据组成。许多信息系统广泛使用了信息技术（IT）。

它们识别、捕获、处理和分发信息，以支持实现财务报告（包括披露）和内部控制目标。与财务报告目标相关的信息系统包括实体的业务流程和会计系统，如下所述：

业务流程（销售、采购、工资等）：业务流程是一组结构化的活动，旨在产生一个特定的产出。它们导致交易被记录、处理，并由信息系统报告。

会计系统：这包括会计软件、电子表格、来自其他来源的相关信息以及用于编制定期财务报告和期末财务报表的政策和程序，包括披露信息。

其他信息来源：一些财务报表金额和披露的编制可能需要使用总账和辅助账内部或外部的信息。

Sources of information | 信息的来源

Financial statements and disclosures may contain information not generated by the entity’s general ledger system.

This information (Nature of Information) is often obtained from outside of the general and subsidiary ledgers and may include examples such as:

Contractual Agreements: Information obtained from lease agreements may be disclosed in the financial statements, such as renewal options or future lease payments.

Non-compliance: Information that would identify actual or suspected non-compliance with relevant laws and regulations.

财务报表和披露可能包含不由实体的总分类账系统产生的信息。

这种信息（信息的性质）往往是从总账和辅助账簿之外获得的，可能包括以下例子:

合同协议：从租赁协议中获得的信息可能会在财务报表中披露，如续约选项或未来的租赁付款。

不合规行为：可以确定实际或涉嫌不遵守相关法律和法规的信息。

Fair Value Information Information: that may be produced by management’s experts and disclosed in the financial statements.

Risk Assessments: Information disclosed in the financial statements produced by an entity’s risk management system. For example, the financial reporting framework may require disclosure of certain matters related to the entity’s risk management system.

公允价值信息： 信息可能由管理层的专家制作并在财务报表中披露。

风险评估：在财务报表中披露的信息，由一个实体的风险管理系统产生。例如，财务报告框架可能要求披露与实体的风险管理系统有关的某些事项。

Assumptions and Data Used to Prepare Estimates: Information obtained from models or other calculations is used to develop estimates recognised or disclosed in the financial statements.

This would include information relating to the underlying data and assumptions used in those models, such as:

• Assumptions developed internally that may affect an asset’s useful life; or
• Data, such as interest rates, that are affected by factors outside the control of the entity.

用于编制估算的假设和数据：从模型或其他计算中获得的信息被用来制定在财务报表中确认或披露的估计。

这将包括与这些模型中使用的基础数据和假设有关的信息，例如：

• 内部制定的、可能影响资产使用寿命的假设；或
• 数据，如利率，受实体控制之外的因素影响。

Sensitivity Analysis: Information disclosed in the financial statements about sensitivity analysis derived from financial models, which could be used to demonstrate that management has considered alternative assumptions.

Tax Returns and Similar Records: Information recognised or disclosed in the financial statements that have been obtained from an entity’s tax returns and records.

Going Concern Information: Information obtained from analyses prepared to support management’s assessment of the entity’s ability to continue as a going concern. For example, disclosures, if any, related to events or conditions identified that might cast significant doubt on the entity’s ability to continue as a going concern.

敏感性分析：财务报表中披露的关于从财务模型中得出的敏感性分析的信息，可以用来证明管理层已经考虑了其他假设。

报税表和类似记录：在财务报表中确认或披露的信息，这些信息来自一个实体的纳税申报和记录。

持续经营信息：从为支持管理层对实体持续经营能力的评估而准备的分析中获得的信息。例如，披露（如果有的话）与所发现的可能对该实体持续经营能力产生重大疑问的事件或条件有关的信息。

The extent of understanding required about the information system related to financial reporting is a matter of the auditor’s professional judgment. Factors to consider include:

• Sources of information used, both internal and external;
• The reliability of the financial reports used for decision-making;
• The underlying accounting records and supporting information;
• How the information system captures events and conditions, other than transactions, that are significant to the financial statements;
• The financial reporting process includes the preparation of estimates, controls over journal entries, and controls over the use of spreadsheets; and
• Communications between management or those charged with governance and external parties such as banks and regulatory authorities.

对与财务报告有关的信息系统的了解程度是审计员的专业判断问题。需要考虑的因素包括：

• 使用的信息来源，包括内部和外部信息。
• 用于决策的财务报告的可靠性。
• 基础会计记录和支持信息。
• 信息系统如何捕捉对财务报表有重要意义的事件和条件，而不是交易。
• 财务报告程序包括估算的编制、对分录的控制以及对电子表格使用的控制；以及
• 管理层或负责管理的人与外部各方，如银行和监管机构之间的沟通。

An information system has procedures, policies, and records (manual and automated) designed to address the matters below.

一个信息系统拥有旨在解决以下事项的程序、政策和记录（手动和自动）。

In larger companies, information systems can be complex, automated, and highly integrated. Smaller companies will often rely on manual or stand-alone information technology applications.

在大公司，信息系统可以是复杂的、自动化的和高度集成的。较小的公司往往会依赖人工或独立的信息技术应用。

CONSIDER POINT 
Many mainstream accounting software packages (even smaller ones) come with various built-in application controls that could be used to improve control over financial reporting. These controls include automated reconciliations, reporting exceptions for management review, and ensuring general consistency over financial reporting.

考虑的要点 
许多主流的会计软件包（甚至是较小的软件包）都有各种内置的应用控制，可以用来改善对财务报告的控制。这些控制包括自动对账，报告例外情况供管理层审查，以及确保财务报告的总体一致性。

In obtaining an understanding of the information system (including business processes), the auditor would address (in addition to the exhibit above):

• Business processes; and
• Relevant aspects of the systems relating to the information included in the financial statements including disclosures. This may be obtained from within or outside the general and subsidiary ledgers.

The extent of understanding required is a matter of the auditor’s professional judgment. Matters to consider include the:

• Control activities related to information included in the financial statements, including disclosures. However, the auditor is not required to understand all control activities, only those that are relevant to financial reporting.
• The extent of management’s active involvement in financial reporting. Small entities may not need extensive descriptions of accounting procedures, sophisticated accounting records, or written policies.
• The extent of information necessary for the audit and financial statement disclosures that management has obtained from outside the entity’s general and subsidiary ledgers.

在获得对信息系统（包括业务流程）的理解时，审计师将处理（除了上面的展览外）:

• 业务流程；以及
• 与包括披露在内的财务报表中的信息有关的系统的相关方面。这可以从总账和辅助账内部或外部获得。

需要了解的程度是审计师的专业判断问题。需要考虑的事项包括 :

• 与包含在财务报表中的信息有关的控制活动，包括披露的信息。 然而，审计师不需要了解所有的控制活动，只需要了解那些与财务报告相关的控制活动。
• 管理层对财务报告的积极参与程度。小型实体可能不需要对会计程序、复杂的会计记录或书面政策进行广泛描述。
• 管理层从实体的总分类账和辅助分类账之外获得的审计和财务报表披露所需信息的程度。

The scope of understanding required would include the matters outlined below | 所需的理解范围将包括以下事项

Identify: Sources of Information Used

Address:

• What classes of transactions are significant to the financial statements?
• How do transactions and disclosures originate within the entity’s business processes?
• What accounting records (electronic or manual) exist?
• How does the accounting system relevant to financial reporting capture events and conditions (other than classes of transactions) that are significant to the financial statements?
• This is particularly important where information included in the financial statements is obtained from outside of the general and subsidiary ledgers.

识别：使用的信息来源

处理：

• 哪些类别的交易对财务报表是重要的？
• 交易和披露是如何在实体的商业流程中产生的？
• 有哪些会计记录（电子或手工）？
• 与财务报告相关的会计系统是如何捕捉对财务报表有意义的事件和条件（而不是交易类别）的？
• 如果财务报表中包含的信息是从总分类账和辅助分类账之外获得的，这一点尤其重要。

Identify: How Information is Captured and Processed

Address:

What are the financial reporting processes used to:

• Initiate, record, process, and report transactions and non-standard transactions (such as related-party transactions, etc.); and
• Prepare the financial statements, including significant accounting estimates and disclosures? What procedures address:
• Risks of material misstatement associated with inappropriate override of controls, including use of standard and non-standard journal entries;
• Override or suspension of automated controls; and
• Identification of exceptions and reporting the actions that have been taken to remedy these?

识别：信息是如何被获取和处理的

处理：

用于财务报告的流程：

• 启动、记录、处理和报告交易和非标准交易（如关联方交易等）；以及
• 编制财务报表，包括重大会计估计和披露？哪些程序可以解决。
• 与不适当地覆盖控制有关的重大错报风险，包括使用标准和非标准的分录。
• 覆盖或暂停自动控制；以及
• 识别例外情况并报告为补救这些情况而采取的行动？

Identify: How the Information Produced is Used

Address:

• How does the entity communicate financial reporting roles, responsibilities, and significant matters relating to financial reporting?
• What reports are regularly produced by the information system, and how are they used to manage the entity?
• What information is provided by management to those charged with governance (if different from management) and external parties such as financial institutions and regulatory authorities?

识别：如何使用产生的信息

处理：

• 该实体如何传达财务报告的作用、责任以及与财务报告有关的重要事项？
• 信息系统定期产生哪些报告，以及如何使用这些报告来管理该实体？
• 管理层向负责管理的人（如果与管理层不同）和外部各方（如金融机构和监管机构）提供哪些信息？

Communication | 沟通

Communication is a key component of successful information systems.

Consequently, if the information is to be used in decision-making and to facilitate the functioning of internal control, it needs to be communicated on a timely basis (both internally and externally) to the appropriate people.

Effective internal communication helps the entity’s personnel clearly understand internal control objectives, business processes, and individual roles and responsibilities.

It also helps them understand the extent to which their activities relate to the work of others and the means of reporting exceptions to an appropriate higher level within the entity.

The means of communication may be informal (verbal) or formal (i.e., documented in policy and financial reporting manuals).

Internal communication between top management and employees is often easier and less formal in smaller companies due to fewer levels and smaller numbers of personnel and the greater availability and presence of senior management.

Effective external communication ensures that matters affecting the achievement of financial reporting objectives are communicated with relevant outside parties such as key stakeholders, financial institutions, regulators, and government agencies.

沟通是成功的信息系统的一个关键组成部分。

因此，如果信息要用于决策并促进内部控制的运作，就需要及时地（在内部和外部）向适当的人进行沟通。

有效的内部沟通有助于实体的人员清楚地了解内部控制目标、业务流程以及个人角色和责任。

它还有助于他们了解他们的活动与其他人的工作相关的程度，以及向实体内适当的高层报告异常情况的手段。

沟通的方式可以是非正式的（口头）或正式的（即记录在政策和财务报告手册中）。

在小型公司中，由于级别较少，人员较少，高层管理人员更多的是在现场，所以高层管理人员和员工之间的内部沟通往往更容易，也更不正式。

有效的外部沟通可以确保影响财务报告目标实现的事项与相关的外部各方，如主要利益相关者、金融机构、监管机构和政府机构进行沟通。

Lack of IT Systems Documentation | 缺少IT系统文件

Smaller entities may have less sophisticated and less thoroughly documented information and communication systems.

If management does not have extensive descriptions of accounting procedures, sophisticated accounting records, or written policies, the understanding required by the auditor will be obtained more by inquiry and observation than by documentation review.

规模较小的实体可能拥有不那么复杂和不那么彻底的信息和通信系统。

如果管理层没有对会计程序的广泛描述、复杂的会计记录或书面政策，审计师所要求的理解将更多地通过询问和观察而不是通过文件审查来获得。

Our website's articles, templates, and material are solely for you to look over. Although we make every effort to keep the information up to date and accurate, we make no representations or warranties of any kind, either express or implied, regarding the website or the information, articles, templates, or related graphics that are contained on the website in terms of its completeness, accuracy, reliability, suitability, or availability. Therefore, any reliance on such information is strictly at your own risk.

Keep in touch with us so that you can receive timely updates |

要获得即时更新，请与我们保持联系

1. Website ✍️ https://www.ccs-co.com/ 2. Telegram ✍️ http://bit.ly/YourAuditor 3. Facebook ✍

• https://www.facebook.com/YourHRAdvisory/?ref=pages_you_manage
• https://www.facebook.com/YourAuditor/?ref=pages_you_manage

4. Blog ✍ https://lnkd.in/e-Pu8_G 5. Google ✍ https://lnkd.in/ehZE6mxy

6. LinkedIn ✍ https://www.linkedin.com/company/74734209/admin/