【正文】 nication between internal auditors, management, and external auditors. The first year of SOX implementation for accelerated filers resulted in less than ideal munications with external auditors, according to the SEC April 2005 Roundtable on Internal Control Reporting Provisions. Recent remendations from the SEC and the PCAOB have clarified expectations regarding external auditor munications, with the specific goal of improving the quality of testing, documentation, and remediation in the control environment, thus adding business value. Information overload is prevalent throughout business. In the “information economy,” management is frequently overwhelmed by the quantity of data available, often resulting in a failure to convert important business information into knowledge to support their petitive advantage in the marketplace. Leading panies have recognized that effective reporting of exceptions and an “executive dashboard” approach are the best ways to focus attention on important information, and they can avoid placing management adrift in a sea of meaningless data from endless sources.5。風(fēng)險(xiǎn)評(píng)估Risk AssessmentLeading panies take a riskbased approach to SOX internal controls pliance as a key step in achieving a correct balance between costs and benefits. Recent guidance from the Public Company Accounting Oversight Board (PCAOB) supports this approach with specific remendations, including the use of a riskbased method to determine which key controls are tested each year. The PCAOB also remends that the viability of a pany’s business model is an important consideration when evaluating risks. Companies that focus on these larger problems and risks will better meet the needs of all their stakeholders, including investors and analysts.Market leaders with respect to internal controls expand the risk focus started under internal pliance efforts to a broader venue. One popular concept that often precedes a mature enterprise risk management initiative is the formation of a risk council. This council is generally posed of management representatives from different areas of the business. Some of the early objectives of risk council meetings are as follows: Use of a mon terminology for risk discussions throughout the organization。s resources. Financial reporting goals: The construct gives guidance on the consistent production of reliable financial reports. Compliance goals: The guidance creates a topology of the pany’s pliance requirements as they relate to industry regulations or legal requirements for public entities. coso內(nèi)部控制框架提出三大目標(biāo)，即運(yùn)營的效率和效果,財(cái)務(wù)報(bào)告的可靠性,以及遵守適用的法律和規(guī)章五大要素1。 The