Internal Control Components: The Control Environment

The control environment is the foundation for effective internal control, providing discipline and structure for the entity.

It sets the tone of an organisation, influencing its people’s control consciousness or awareness.

The control environment addresses the governance and management functions. It also addresses the attitudes, awareness, and actions of those charged with governance and management concerning the entity’s internal control and importance.

Note: Control-environment controls are generally pervasive in nature.

They will not directly prevent or detect and correct a material misstatement. Instead, they form an important foundation upon which all other controls will be built.

内部控制要素是指内部控制制度的构成要素。内部控制要素包括控制环境、风险评估、控制活动、信息与沟通和监控。

控制环境是有效内部控制的基础，去为实体提供纪律和结构。

控制环境包括治理职能和管理职能，以及治理层和管理层对内部控制及其重要性的态度、认识和措施。控制环境设定了被审计单位的内部控制基调，影响员工对内部控制的认识和态度。良好的控制环境是实施有效内部控制的基础。

注意：控制-环境控制通常具有普遍性。

它们不会直接防止或发现并纠正重大错报。

相反，它们构成了一个重要的基础，所有其他控制都将建立在这个基础上。

Exhibit 5.3-1 outlines the various elements of the control environment that need to be considered. Note that the importance and order (priority) of these elements will inevitably vary from entity to entity.

附表5.3-1概述了需要考虑的控制环境的各种要素。请注意，这些要素的重要性和顺序（优先级）将不可避免地因实体而异。

Control environment controls will influence the auditor’s evaluation of the effectiveness of other control activities that may address specific areas such as sales and purchase transactions.

For example, suppose management has a negative attitude toward control in general. In that case, this will undermine the effectiveness of other controls (such as sales, etc.) no matter how well they were designed.

The auditor’s evaluation of the design of the entity’s control environment would include the elements set out below.

控制环境控制将影响审计师对其他控制活动有效性的评价，这些控制活动可能涉及销售和采购交易等具体领域。

例如，假设管理层对一般的控制抱有消极态度。在这种情况下，这将破坏其他控制（如销售等）的有效性，无论它们的设计有多好。

审计师对该实体控制环境设计的评价将包括以下内容。

Key Elements to Address | 需要解决的关键因素

Communication and Enforcement of Integrity and Other Ethical Values

Integrity and ethical values are essential (foundational) elements which influence the effectiveness of the design, administration, and monitoring of other controls.

诚信和其他道德价值观的沟通和执行

诚信和道德价值观是影响其他控制措施的设计、管理和监测的有效性的基本（基础）要素。

Commitment to Competence

Management’s consideration of the competence levels for particular jobs and how those levels translate into requisite skills and knowledge.

对能力的承诺

管理层对特定工作的能力水平以及这些水平如何转化为必要的技能和知识的考虑。

Participation by Those Charged with Governance

Attributes of those charged with governance, such as

• Their independence from management;
• Their experience and stature;
• The extent of their involvement and the information they receive, the scrutiny of activities; and
• The appropriateness of their actions, including the degree to which difficult questions are raised and pursued with management, and their interaction with internal and external auditors.

负责管理的人的参与

负责管理的人的属性，例如

• 他们独立于管理层；
• 他们的经验和地位；
• 他们的参与程度和他们收到的信息，对活动的审查；以及
• 他们行动的适当性，包括向管理层提出和追究困难问题的程度，以及他们与内部和外部审计人员的互动。

Management’s Philosophy and Operating Style

Management’s approach to taking and managing business risks and management’s attitudes and actions toward financial reporting, information processing, accounting functions, and personnel.

管理层的理念和操作风格

管理层承担和管理商业风险的方法，以及管理层对财务报告、信息处理、会计职能和人员的态度和行动。

Organisational Structure

The framework within which an entity’s activities for achieving its objectives are planned, executed, controlled, and reviewed.

组织结构

一个实体实现其目标的活动被计划、执行、控制和审查的框架。

Assignment of Authority and Responsibility

How authority and responsibility for operating activities are assigned, and how reporting relationships and authorisation hierarchies are established.

权力和责任的分配

如何分配经营活动的权力和责任，以及如何建立报告关系和授权等级。

Human Resources Policies and Practices

Recruitment, orientation, training, evaluating, counselling, promoting, compensating, and remedial actions.

人力资源政策和实践

招聘、指导、培训、评估、咨询、晋升、补偿和补救行动。

The controls outlined above are pervasive to the entire entity and are often more subjective to evaluate than the traditional control activities (such as segregation of duties).

Therefore, the auditor will exercise professional judgment in this evaluation. Control-environment strengths can compensate for or even replace weak transactional controls in some situations.

However, control-environment weaknesses can undermine and even negate good design in other components of internal control.

For example, if a culture of honesty and ethical behaviour did not exist, the auditor would have to consider carefully what types of (additional) audit procedures would be effective in finding material misstatements in the financial statements.

In some cases, the auditor may conclude that internal control has broken down to such an extent that the only option is to withdraw.

上述控制对整个实体来说是普遍存在的，与传统的控制活动（如职责分离）相比，评价起来往往更加主观。

因此，审计师将在这一评估中行使专业判断。控制-环境的优势在某些情况下可以弥补甚至取代薄弱的交易控制。

然而，控制环境的弱点可以破坏甚至否定内部控制其他组成部分的良好设计。

例如，如果不存在诚实和道德行为的文化，审计师就必须仔细考虑哪些类型的（额外的）审计程序能有效发现财务报表中的重大错报。

在某些情况下，审计师可能会得出结论，认为内部控制已经瓦解到如此程度，唯一的选择就是辞职。

The Control Environment in Smaller Entities | 小型实体的控制环境

The control environment within small entities will differ from larger entities but is just as important.

This is particularly true when the entity does not have the staff or resources to implement traditional control activities such as the segregation of duties.

In smaller entities, the active involvement of a competent owner-manager (a control-environment strength) may reduce the need for other control activities, such as the segregation of duties.

Consequently, control environment strengths can serve to prevent or detect and correct certain types of misstatement indirectly.

小型实体的控制环境与大型实体不同，但也同样重要。

当实体没有人员或资源来实施传统的控制活动（如职责分离）时，情况尤其如此。

在小型实体中，有能力的所有者-管理者的积极 （控制环境的优势）可能会减少对其他控制活动的需求，如职责分离。

因此，控制环境的优势可以间接地起到防止或发现并纠正某些类型的错报。

For example, when the owner-manager reviews and approves individual transactions before they are completed, it may serve to prevent or detect and correct certain specific errors or fraud.

However, this control environment strength would not mitigate other risks, such as management override of controls.

Smaller entities will typically have less documentation available to support control environment controls.

Consequently, management’s attitudes, awareness, and actions (such as owner-managers) will often form the basis for evaluating control design and implementation.

For example, larger entities will likely provide staff with a code of conduct that outlines acceptable behaviours and consequences for violating codes or rules.

Smaller entities may communicate similar values and acceptable behaviour through oral communications and by management example.

The auditor will prepare a memorandum for the file if there is no supporting documentation for a particular control.

For example, in addressing whether there is communication and enforcement of integrity and ethical values, the auditor could:

• Identify the entity’s values, acceptable behaviours, and enforcement actions through discussions with management. The auditor would then assess whether they sufficiently address the control design.
• Ask one or two employees what they believe are the entity’s values, acceptable behaviours, and enforcement actions. These interviews would address whether management’s values and acceptable behaviours have been communicated and enforced. This would address control implementation.

例如，当所有者-管理者在个别交易完成前进行审查和批准时，可能会起到防止或发现并纠正某些特定错误或欺诈的作用。

然而，这种控制环境的优势不会减轻其他风险，如管理层对控制的凌驾。

较小的实体通常会有较少的文件来支持控制环境控制。

因此，管理层的态度、意识和行动（如所有者-管理者）往往会构成评价控制设计和实施的基础。

例如，较大的实体可能会向员工提供行为准则，概述可接受的行为和违反准则或规则的后果。

规模较小的实体可能通过口头交流和管理层的榜样来传达类似的价值观和可接受的行为。

如果某项控制没有支持性文件，审计师将为该文件准备一份备忘录。

例如，在处理是否有诚信和道德价值观的沟通和执行时，审计师可以:

• 通过与管理层讨论，确定该实体的价值观、可接受的行为和执行行动。然后，审计师将评估它们是否充分涉及控制设计。
• 询问一到两名员工，他们认为实体的价值观、可接受的行为和执行行动是什么。这些访谈将涉及管理层的价值观和可接受的行为是否被传达和执行。这将涉及到控制的实施。

CONSIDER POINT
Small entities are often reluctant to document internal controls which operate informally. However, management can often benefit from taking the time to document some of the more important policies and procedures. Such policies and procedures could be provided to staff joining the entity, and audit time may be saved versus making inquiries each period. In the example cited above, even the smallest entity could prepare a simple statement of values and acceptable behaviours that could be provided to employees and then referred to when an issue arises.

考虑要点
小型实体往往不愿意记录非正式运作的内部控制。然而，管理层往往可以从花时间记录一些更重要的政策和程序中受益。这些政策和程序可以提供给加入该实体的员工，与每期的查询相比，可以节省审计时间。在上面的例子中，即使是最小的实体也可以编写一份简单的价值观和可接受行为的声明，提供给员工，然后在出现问题时加以参考。

In smaller entities, some key areas to address in assessing the control environment are outlined in the exhibit below.

在较小的实体中，在评估控制环境时需要解决的一些关键领域在下面的展览中有所概述。

1. Control Element: Communication and Enforcement of Integrity and Ethical Values

The Key Question: What management actions serve to eliminate or mitigate incentives or temptations that might prompt personnel to engage in dishonest, illegal, or unethical acts?

Possible Controls:

• Management continually demonstrates a commitment to high ethical standards through words and actions.
• Management removes or reduces incentives or temptations that might cause personnel to engage in dishonest or unethical acts.
• A code of conduct or equivalent exists that sets out expected standards of ethical and moral behaviour.
• Employees clearly understand acceptable and unacceptable behaviour and know what to do when encountering improper behaviour.
• Enforcement actions are taken when needed.

控制要素：诚信和道德价值观的沟通和执行

关键问题：哪些管理行动有助于消除或减轻可能促使员工从事不诚实、非法或不道德行为的激励或诱惑？

可能的控制措施：

• 通过语言和行动，管理层不断展示对高道德标准的承诺。
• 管理层消除或减少可能导致员工从事不诚实或不道德行为的激励或诱惑。
• 有一套行为准则或类似的准则，规定了预期的伦理和道德行为标
• 员工清楚地了解可接受和不可接受的行为，并知道在遇到不正当行为时该如何处理。
• 必要时采取强制措施。

2. Control Element: Commitment to Competence

The Key Question: Do personnel have the knowledge and skills necessary to accomplish their tasks?

Possible Controls:

• Management takes the necessary steps to ensure that personnel have the requisite knowledge and skills required for their jobs.
• Job descriptions exist and are effectively used.
• Management provides personnel with access to training programs on relevant topics.
• Initial and ongoing matching of staff skills to their job descriptions

控制要素：对能力的承诺

关键问题：人员是否具备完成任务所需的知识和技能？

可能的控制措施：

• 管理层采取必要的措施，确保员工具备其工作所需的必要知识和技能。
• 存在工作描述并得到有效利用。
• 管理层为员工提供相关主题的培训项目。
• 初步和持续地将工作人员的技能与他们的工作描述相匹配

Control Element: Participation by Those Charged With Governance (TCWG) (Other than Where Management is TCWG)

The Key Question: How effective is the governance (if any) being provided over entity operations?

Possible Controls:

• A majority of TCWGs are independent of management.
• TCWG have the appropriate experience, stature, and financial expertise.
• Significant issues and financial results are communicated to TCWG promptly.
• TCWG provide effective oversight over management’s activities. This includes raising difficult questions and pursuing answers.
• TCWG meet regularly, and minutes of meetings are circulated on a timely basis.

控制要素：负责治理的人（TCWG）的参与（管理层是TCWG的情况除外）

关键问题：对实体运作提供的治理（如果有的话）的有效性如何？

可能的控制措施：

• 大多数负责治理的人是独立于管理层的。
• 负责治理的人具有适当的经验、地位和财务专业知识。
• 重大问题和财务结果会及时通报给负责治理的人。
• 负责治理的人对管理层的活动进行有效监督。这包括提出困难问题并寻求答案。
• 负责治理的人定期开会，并及时分发会议记录。

Control Element: Management’s Philosophy and Operating Style

The Key Question: What are management’s attitudes and actions toward financial reporting?

Possible Controls:

• Management demonstrates positive attitudes and actions toward:
  • Sound internal control over financial reporting (including management override and other fraud),
  • Appropriate selection/application of accounting policies,
  • Information-processing controls, and
  • The treatment of accounting personnel.
• Management has established procedures to prevent unauthorised access to or destruction of assets, documents, and records.
• Management analyses business risks and takes appropriate action.

控制要素：管理层的理念和运作方式

关键问题：管理层对财务报告的态度和行动是什么？

可能的控制措施：

• 管理层在以下方面表现出积极的态度和行动。
  • 健全的财务报告内部控制（包括管理层控制和其他欺诈）。
  • 适当地选择/应用会计政策。
  • 信息处理控制，以及
  • 会计人员的待遇。
• 管理层已建立程序，以防止未经授权访问或破坏资产、文件和记录。
• 管理层分析业务风险并采取适当行动。

Control Element: Organisational Structure

The Key Question: Has a relevant organisational structure been established?

Possible Controls:

• The organisational structure is appropriate to facilitate the achievement of entity objectives, operating functions, and regulatory requirements.
• Management clearly understands its responsibility and authority for business activities and possesses the requisite experience and levels of knowledge to properly execute its positions.
• The entity structure facilitates the flow of reliable and timely information to the appropriate people for planning and controlling activities.
• Incompatible duties are segregated to the extent possible.

控制要素：组织结构

关键问题：是否已经建立了相关的组织结构？

可能的控制措施：

• 组织结构是适当的，以促进实现实体目标、经营职能和监管要求。
• 管理层清楚地了解其在业务活动中的责任和权力，并拥有必要的经验和知识水平来正确执行其职务。
• 实体结构有利于可靠和及时的信息流向适当的人，以规划和控制活动。
• 不相容的职责尽可能地被分离。

Control Element: Assignment of Authority and Responsibility

The Key Question: Have key areas of authority and responsibility been appropriately assigned?

Possible Controls:

• There are policies and procedures for the authorisation and approval of transactions.
• Appropriate lines of reporting and accountability exist (appropriate to the entity’s size and the nature of its activities).
• Job descriptions include control-related responsibilities.

控制要素：权力和责任的分配

关键问题：关键的权力和责任领域是否得到了适当的分配？

可能的控制措施：

• 有授权和批准交易的政策和程序。
• 存在适当的报告和问责关系（与实体的规模和活动性质相适应）。
• 职务说明包括与控制有关的责任。

Control Element: Human Resources Policies and Practices

The Key Question: What standards are in place to ensure:

• Recruitment of the most competent and trustworthy people?
• Training is provided to ensure people can perform their jobs?
• Promotions are driven by performance appraisals?

Possible Controls:

• Management establishes/enforces standards for hiring the most qualified individuals.
• Recruiting practices include employment interviews, background checks, communication of values, expected behaviours, and management’s operating style.
• Job performance is periodically evaluated, the results reviewed with each employee, and appropriate action is taken.
• Training policies address prospective roles and responsibilities, expected levels of performance, and evolving needs.

控制要素：人力资源政策和实践

关键问题：有什么标准来确保。

招聘最有能力和最值得信赖的人？

提供培训以确保人们能够完成他们的工作？

晋升是由绩效评估驱动的？

可能的控制措施：

• 管理部门制定/执行了雇用最合格人员的标准。
• 招聘方式包括就业面试、背景调查、价值观的沟通、预期行为以及管理层的运作风格。
• 定期对工作表现进行评估，与每个员工一起审查评估结果，并采取适当的行动。
• 培训政策涉及未来的角色和责任、预期的绩效水平和不断变化的需求。

Our website's articles, templates, and material are solely for you to look over. Although we make every effort to keep the information up to date and accurate, we make no representations or warranties of any kind, either express or implied, regarding the website or the information, articles, templates, or related graphics that are contained on the website in terms of its completeness, accuracy, reliability, suitability, or availability. Therefore, any reliance on such information is strictly at your own risk.

Keep in touch with us so that you can receive timely updates |

要获得即时更新，请与我们保持联系

1. Website ✍️ https://www.ccs-co.com/ 2. Telegram ✍️ http://bit.ly/YourAuditor 3. Facebook ✍

• https://www.facebook.com/YourHRAdvisory/?ref=pages_you_manage
• https://www.facebook.com/YourAuditor/?ref=pages_you_manage

4. Blog ✍ https://lnkd.in/e-Pu8_G 5. Google ✍ https://lnkd.in/ehZE6mxy

6. LinkedIn ✍ https://www.linkedin.com/company/74734209/admin/