top of page
  • CCS

Internal Control: Manual versus Automated Controls


The internal control system will consist of manual and automated controls for most entities.


The risks and benefits associated with the different types of control are outlined below.


对于大多数实体来说,内部控制系统将由人工和自动控制的混合体组成。


不同类型的控制所带来的风险和好处概述如下。


Benefits | 优点

Manual Controls

  • Used to monitor the effectiveness of automated controls.

  • Suited to areas where judgment and discretion are required over large, unusual, or non-recurring transactions.

  • Beneficial when errors are difficult to define, anticipate, or predict.

  • Changing circumstances may require a control response outside the scope of an existing automated control.

人工控制

  • 用于监测自动控制的有效性。

  • 适用于需要对大型、不寻常或非经常性的交易进行判断和斟酌的领域。

  • 当错误难以定义、预期或预测的时候,有好处。

  • 不断变化的情况可能需要在现有的自动控制范围之外做出控制反应。

Automated Controls

  • Consistently apply predefined business rules and perform complex calculations in processing large volumes of transactions or data.

  • Enhance the timeliness, availability, and accuracy of information.

  • Facilitate the additional analysis of information.

  • Enhance the ability to monitor the performance of the entity’s activities and its policies and procedures.

  • Reduce the risk that internal control will be circumvented.

  • Enhance the ability to effectively segregate duties by implementing appropriate system access restrictions in applications, databases, and operating systems.

自动控制

  • 在处理大量的交易或数据时,一致地应用预定义的业务规则并进行复杂的计算。

  • 加强信息的及时性、可用性和准确性。

  • 促进对信息的额外分析。

  • 加强监测实体活动的表现及其政策和程序的能力。

  • 减少内部控制被规避的风险。

  • 通过在应用程序、数据库和操作系统中实施适当的系统访问限制,提高有效隔离职责的能力。

Risks | 风险

Manual Controls

  • Less reliable than automated controls, as performed by people.

  • More easily bypassed, ignored, or overridden.

  • Prone to simple errors and mistakes.

  • Consistency of application cannot be assumed.

  • Less suitable for high volume or recurring transactions where automated controls would be more efficient.

  • Less suitable for activities where specific ways to perform the control can be adequately designed and automated.

人工控制

  • 比自动控制更不可靠,因为是由人执行。

  • 更容易被绕过、忽视或推翻。

  • 容易出现简单的错误和失误。

  • 不能假定应用的一致性。

  • 不太适合大批量或重复性的交易,自动控制会更有效。

  • 不太适合于那些可以充分设计和自动执行控制的具体方法的活动。

Automated Controls

  • Reliance can be placed on systems or programs that are inaccurately processing data, processing inaccurate data, or both.

  • Unauthorised access to data may destroy data or make improper changes to data, including the recording of unauthorised or non-existent transactions or inaccurate recording of transactions (particular risks may arise where multiple users access a common database).

  • IT personnel may gain access privileges beyond those necessary to perform their assigned duties, thereby breaking down the segregation of duties.

  • Unauthorised changes to data in master files.

  • Unauthorised changes to systems or programs.

  • Failure to make necessary changes to systems or programs.

  • Inappropriate manual intervention.

  • Potential loss of data or inability to access data as required.

自动控制

  • 可以依靠系统或程序不准确地处理数据,处理不准确的数据,或两者都是。

  • 未经授权的数据访问可能会破坏数据或对数据进行不适当的修改,包括记录未经授权或不存在的交易或不准确的交易记录(当多个用户访问一个共同的数据库时可能会产生特别的风险)。

  • 信息技术人员可能获得超出履行其指定职责所需的访问权限,从而破坏了职责分离。

  • 对主文件中的数据进行未经授权的更改。

  • 对系统或程序进行未经授权的更改。

  • 未能对系统或程序进行必要的修改。

  • 不适当的人工干预。

  • 潜在的数据丢失或无法按要求访问数据。

CONSIDER POINT

When the entity has a mix of manual and automated controls, always identify who is responsible for the operation of each control.


For example, suppose a warehouse manager is responsible for shipping goods.


The warehouse manager manually inputs the data into a sales system with application control to match the shipment to the original order.


If something goes wrong in the matching process, is it the responsibility of the warehouse manager, the IT department, or the accounting department?


Unless one person is assigned responsibility for the entire process, people will inevitably blame each other when errors are made.


Where responsibility has not been assigned, consider:

  • The likelihood and magnitude of potential misstatements that could occur in the financial statements;

  • The appropriate audit response; and

  • Whether the matter should be reported to management

考虑的要点

当实体有混合的人工和自动控制时,一定要确定谁负责每个控制的操作。


例如,假设一个仓库经理负责运送货物。


仓库经理手工将数据输入销售系统,并通过应用控制将货物与原始订单进行匹配。


如果在匹配过程中出了问题,是由仓库经理、IT部门还是会计部门负责?


除非指定一个人对整个过程负责,否则当出现错误时,人们将不可避免地互相指责。


在没有分配责任的地方,要考虑。

  • 财务报表中可能出现的潜在错报的可能性和程度。

  • 适当的审计反应;以及

  • 是否应向管理层报告该事项


Our website's articles, templates, and material are solely for you to look over. Although we make every effort to keep the information up to date and accurate, we make no representations or warranties of any kind, either express or implied, regarding the website or the information, articles, templates, or related graphics that are contained on the website in terms of its completeness, accuracy, reliability, suitability, or availability. Therefore, any reliance on such information is strictly at your own risk.

Keep in touch with us so that you can receive timely updates |

要获得即时更新,请与我们保持联系

1. Website ✍️