【正文】 它們的共同點(diǎn)都是低水平、小 范圍 ,只局限于少數(shù)職能部門 ,并沒(méi)有滲透或應(yīng)用于企業(yè)管理過(guò)程和整個(gè)經(jīng)營(yíng)系統(tǒng) ,因此 ,有時(shí)看上去風(fēng)險(xiǎn)管理與內(nèi)部控制還是相互獨(dú)立的兩件事。這一角色逐步逆轉(zhuǎn) ,到財(cái)務(wù)報(bào)告層次 ,應(yīng)該是內(nèi)部控制發(fā)揮主導(dǎo)作用 ,風(fēng)險(xiǎn)管理起到配合作用。 筆者認(rèn)為 ,在實(shí)際的經(jīng)營(yíng)過(guò)程中 ,風(fēng)險(xiǎn)管理與內(nèi)部控制是密不可分的 在規(guī)則制定或立法過(guò)程中 ,需要考慮的是范圍與管制的強(qiáng)度 ,范圍越大 ,管制的要求就會(huì)越弱。報(bào)告應(yīng)該包括所有的控制 ,如財(cái)務(wù)的、經(jīng)營(yíng)的、遵從的控制以及風(fēng)險(xiǎn)管理 ()。 巴塞爾委員會(huì)發(fā)布的《銀行業(yè)組織內(nèi)部控制系統(tǒng)框架》中指出 :“董事會(huì)負(fù)責(zé)批準(zhǔn)并定期檢查銀行整體戰(zhàn)略及重要制度 ,了解銀行的主要風(fēng)險(xiǎn) ,為這些風(fēng)險(xiǎn)設(shè)定可接受的水平 ,確保管理層采取必要的步驟去識(shí)別、計(jì)量、監(jiān)督以 及控制這些風(fēng)險(xiǎn)?? ” ,這里顯然是把風(fēng)險(xiǎn)管理的內(nèi)容納入到內(nèi)部控制框架中。即使在同一個(gè)時(shí)代 ,不同的行業(yè)各自的側(cè)重點(diǎn)也可能不相同 ,例如 ,在監(jiān)管嚴(yán)格的金融業(yè)或涉及人民生命健康的 13 制藥與醫(yī)療行業(yè) ,風(fēng)險(xiǎn)管理的迫切性更強(qiáng) ,企業(yè)以風(fēng)險(xiǎn)管理主導(dǎo)內(nèi)部控制可能更方便。因此 ,從維護(hù)與促進(jìn)價(jià)值創(chuàng)造這一根本功能來(lái)看 ,風(fēng)險(xiǎn)管理 與企業(yè)內(nèi)部控制的目標(biāo)是一致的 ,只是在新的技術(shù)與市場(chǎng)條件下 ,為了更有效地保護(hù)投資者利益 ,需要在內(nèi)部控制的基礎(chǔ)上發(fā)展更主動(dòng)、更全面的風(fēng)險(xiǎn)管理。在先進(jìn)的信息技術(shù)條件下 ,會(huì)計(jì)記錄實(shí)現(xiàn)了電 子控制、實(shí)時(shí)更新 ,使傳統(tǒng)的查錯(cuò)與防弊的會(huì)計(jì)控制顯得過(guò)時(shí)。風(fēng)險(xiǎn)正是機(jī)會(huì)的對(duì)應(yīng)物。它使管理者在面對(duì)不確定性時(shí)能夠識(shí)別、評(píng)估和管理風(fēng)險(xiǎn) ,發(fā)揮創(chuàng)造與保持價(jià)值的作用。其目的就是保證會(huì)計(jì)信息的準(zhǔn)確可靠 ,防止經(jīng)營(yíng)層操縱報(bào)表與欺詐 ,保護(hù)公司的財(cái)產(chǎn)安全 ,遵守法律以維護(hù) 公司的名譽(yù)以及避免招致經(jīng)濟(jì)損失等。 Famaamp。因?yàn)樵谟邢挢?zé)任下 ,潛在的收益主要由企業(yè) (股東 )獲得 ,而失敗即破產(chǎn)的風(fēng)險(xiǎn)則主要由債權(quán)人承擔(dān)。 內(nèi)部控制與風(fēng)險(xiǎn)管理的內(nèi)在聯(lián)系 企業(yè)制度的發(fā)展演進(jìn)與風(fēng)險(xiǎn)相關(guān)。《企業(yè)風(fēng)險(xiǎn)管理框架》借用現(xiàn)代金融理論中的資產(chǎn)組合理論 ,提出了風(fēng)險(xiǎn)組合與整體管理的觀念 ,要求從企業(yè)層面上總體把握分散于企業(yè)各層次及各部門的風(fēng)險(xiǎn)暴露 ,以統(tǒng)籌考慮風(fēng)險(xiǎn)對(duì)策 ,防止分部門分散考慮與應(yīng) 對(duì)風(fēng)險(xiǎn) ,如將風(fēng)險(xiǎn)割裂在技術(shù)、財(cái)務(wù)、信息科技、環(huán)境、安全、質(zhì)量、審計(jì)等部門 ,并考慮到風(fēng)險(xiǎn)事件之間的交互影響 ,防止兩種傾向 :一是部門的風(fēng)險(xiǎn)處于風(fēng)險(xiǎn)偏好可承受能力之內(nèi) ,但總體效果可能超出企業(yè)的承受限度 ,因?yàn)閭€(gè)別風(fēng)險(xiǎn)的影響并不總是相加的 ,有可能是相乘的 。風(fēng)險(xiǎn)管理的“內(nèi)部環(huán)境”除包括上述七個(gè)方面外 ,還包括風(fēng)險(xiǎn)管理哲學(xué)、風(fēng)險(xiǎn)偏好 (risk appetite) 11 和風(fēng)險(xiǎn)文化三個(gè)新內(nèi)容。 第四 ,風(fēng)險(xiǎn)管理與內(nèi)部控制的組成要素有五個(gè)方面是重合 的 ,即 (控制或內(nèi)部 )環(huán)境、風(fēng)險(xiǎn)評(píng)估、控制活動(dòng)、信息與溝通、監(jiān)督。風(fēng)險(xiǎn)管理的目標(biāo)有四類 ,其中三類與內(nèi)部控制相重合 ,即報(bào)告類目標(biāo)、經(jīng)營(yíng)類目標(biāo)和遵循類目標(biāo)。它有八個(gè)組成要素 :內(nèi)部環(huán)境、目標(biāo)設(shè)定、事件識(shí)別、風(fēng)險(xiǎn)評(píng)估、風(fēng)險(xiǎn)對(duì)策、控制活動(dòng)、信息與溝通、監(jiān)督?！镀髽I(yè)風(fēng)險(xiǎn)管理框架》繼承并包含了《內(nèi)部控制整體框架》的主體內(nèi)容 ,同時(shí)擴(kuò)展了三個(gè)要素 ,增加 了一個(gè)目標(biāo) ,更新了一些觀念 ,旨在為各國(guó)的企業(yè)風(fēng)險(xiǎn)管理提供一個(gè)統(tǒng)一術(shù)語(yǔ)與概念體系的全面的應(yīng)用指南。 內(nèi)部控制與風(fēng)險(xiǎn)管理的比較 內(nèi)部控制與風(fēng)險(xiǎn)管理有著密切的聯(lián)系。全面包括所有影響內(nèi)部控制的因素 。此次立法代表著資本市場(chǎng)制度的一次大的進(jìn)步 ,也使人們對(duì)內(nèi)部控制的重要性有了更深刻的認(rèn)識(shí)。 2020年年底以來(lái) ,美國(guó)爆發(fā)了以安然、世通、施樂(lè)等公司財(cái)務(wù)舞弊案為代表的會(huì)計(jì)丑聞 ,重創(chuàng)了美國(guó)資本市場(chǎng)及經(jīng)濟(jì) ,同時(shí)也集中暴露了美國(guó)公司在內(nèi)部控制上存在的問(wèn)題 ,由此導(dǎo)致美國(guó)通過(guò)了《薩班尼斯 ——— 奧克斯利法》 (THE SARBANESOXLEY ACT)。在 Treadway委員會(huì)結(jié)束其使命之后 ,該委員會(huì)的五個(gè)發(fā)起組織聯(lián)合成立了一個(gè)新的委員會(huì) ——— COSO(The Committee of Sponsoring Organizations of the Treadway Committee),即 Treadway委員會(huì)的發(fā)起組織委員會(huì)。s relevant aspects held the mercial bank risk management and internal control BBS, this shows that our banking also began to internal control and risk management connected. The Basel mittee issued by the banking group of internal control system framework said: the board of directors approved and regularly check the overall strategy, and important system, understand the main risk, the bank for these risks setting acceptable level, ensure management to take necessary steps to identifying, measuring, supervision and control these risks... Here, the risk management is obviously the content into the internal control framework. In the UK the FSA prehensive standards (TheCombined Code) about the internal control regulation, it is first in official documents containing definitely in risk management in internal under control. This code is that the board should keep sound internal control system to protect shareholders investment and enterprise assets (principle d. 2). The board of directors at least once a year, and check the effectiveness of enterprise internal control systems, and to shareholders and report. Reports should include all the control, such as financial, management, follow control and risk management (d. ). This rule is listed on the London stock exchange enterprise must abide by. Canadian association of certified accountants control standards mittee (COCO) think control should include risk identification and reduce the risk of, in which not only include the risk of achieving specific goals related, but also include general, if can39。 leadership 39。Jensen (1983) analyzed under the board of directors of ownership and separation of the internal control functions。 Second is the risk of individual departments over its limits, but exposure to the overall risk level haven39。 Greatly improve the punishment of accounting fraud。 Strengthening the internal audit, external audit and audit supervision. This legislation represents a large capital market 2 system, also make the progress of the importance of internal control people have more deeply. 2. The internal control and risk management parison Internal control and risk management has the close relation. COSO internal control is that part of the risk management. Therefore, the mittee in the whole framework of internal control the basis of, and in 2020 issued a new report , enterprise risk management framework. At present the report was only a rough draft, in public, revised later, is expected to formally released this year. The enterprise risk management framework inherit and contains the whole framework of internal control the main content also expanded the three elements, added a goal, updated some ideas for countries to provide a unified enterprise risk management terms and concepts of prehensive application guide system. COSO internal control and risk management of the definition and elements were: Internal control: enterprise internal control is by the enterprise board of directors, managers, and other staff to implement, for financial reporting accuracy, business activity of efficiency and effect, the relevant laws and regulations such as the follow to achieve the goal of the process and provide reasonable assurance. It includes five elements: control environment, risk assessment, control activities, information and munication, the surveillance. Risk management: enterprise risk management is a process of the board of directors, the management of enterprises and other personnel to implement, applied in strategy for