观海 内部控制定义（下）（INTOSAI GOV 9100）（中英对照）

纯正知识是实践的总结和指引。...

提供合理保证

如论设计和运行的有多好，内部控制是始终无法向管理层提供实现整体目标的绝对保证。相反，指引承认仅是“合理”层面的保证是可行的。

合理保证意味着在充分考虑成本、受益和风险等既定条件后获得满意的信任度。确定多少保证属于合理需要判断。在行使判断时，管理层应当识别运营中的固有风险，以及在不同环境中风险的容忍度，对风险做出定性和定量的评估。

合理保证还反映了对未来不确定性和风险的观念，毕竟没有人能准确地预测。此外，超出控制或者组织影响以外的因素也能妨碍实现目标的能力。限制条件还包括以下方面：决策失误；因单个因素错误造成崩溃；控制可能由多人串通规避；管理层凌驾于内部控制之上。此外，内部控制的妥协还反映了控制的成本。上述限定条件阻碍了管理层实现目标的绝对保证。

合理保证承认内部控制的成本不能超过收益。对风险响应和内部控制的决策都需要考虑成本和收益的比较。成本意味着以财务和经济的观点去衡量，在实现某个特定目标时各种资源的消耗和一些机会的丧失，比如，某些业务的延期，某些服务和生产的延后，甚至是对员工士气的影响。收益是某些实现阶段性目标的风险被有效化解了。比如，提高了减少舞弊、浪费、滥用或者错误的可能性，避免了一些不准确的活动，增强了规范的遵从度。

在设计内部控制时，一边消耗成本一边降低风险到可接受水平，这需要管理层非常了解要实现的整体目标。否则，政府管理层在某个操作领域涉及过度的控制系统，反而对其他操作造成不利。例如，雇员可能试图绕过繁重的程序，效率低下的业务可能导致延误，过度的程序可能会扼杀雇员的创造力和解决问题，或损害提供服务的及时性、成本或质量。因此，一个领域过度控制所带来的好处可能会被其他活动增加的成本所抵消。

然而，有时也应该考虑定性的问题。

例如，对高风险/低货币单位交易，比如，工资、差旅和住院费用进行适当控制可能是很重要的。对于这些货币金额的适当成本控制相对相对整体的政府支出似乎有些过度，但却是公众保持对政府和相关组织信心的关键。

Provides reasonable assurance

No matter how well designed and operated, internal control cannot provide management absolute assurance regarding the achievement of the general objectives. Instead, the guidelines acknowledge that only a “reasonable” level of assurance is attainable.

Reasonable assurance equates to a satisfactory level of confidence under given considerations of costs, benefits, and risks. Determining how much assurance is reasonable requires judgment. In exercising that judg-ment, managers should identify the risks inherent in their operations and the acceptable levels of risk under varying circumstances, and assess risk both quantitatively and qualitatively.

Reasonable assurance reflects the notion that uncertainty and risk relate to the future, which no one can predict with certainty. Also factors outside the control or influence of the organisation can affect the ability to achieve its objectives. Limitations also result from the following realities: human judgment in decision making can be faulty; breakdowns can occur because of simple errors or mistakes; controls can be circumvented by collusion of two or more people; or management can override the internal control system. In addition, compromises in the internal control system reflect the fact that controls have a cost. These limitations preclude management from having absolute assurance that objectives will be achieved.

Reasonable assurance recognizes that the cost of internal control should not exceed the benefit derived. Decisions on risk responses and establishing controls need to consider the relative costs and benefits. Cost refers to the financial measure of resources consumed in accomplishing a specified purpose and to the economic measure of a lost opportunity, such as a delay in operations, a decline in service levels or productivity,or low employee morale. A benefit is measured by the degree to which the risk of failing to achieve a stated objective is reduced. Examples include increasing the probability of detecting fraud, waste, abuse, or error; preventing an improper activity; or enhancing regulatory compliance。

Designing internal controls that are cost beneficial while reducing risk to an acceptable level requires that managers clearly understand the overall objectives to be achieved. Otherwise, government managers may design systems with excessive controls in one area of their operations that adversely affect other operations. For example, employees may try to circumvent burdensome procedures, inefficient operations may cause delays, excessive procedures may stifle employee creativity and problem solving or impair the timeliness, cost or quality of services provided to beneficiaries. Thus, benefits derived from excessive controls in one area may be outweighed by increased costs in other activities.

However qualitative considerations should also be made.

For example, it may be important to have proper controls over high risk/low monetary unit transactions such as salaries, travel and hospital-ity expenses. The costs of appropriate controls might seem excessive for the amounts of money involved relative to overall government expendi-tures, but they may be critical to maintaining public confidence in gov-ernments and related organization.

实现目标

内部控制面向实现一个独立而有彼此联系的整体目标。这些整体目标的实现有赖于众多子目标、功能、流程和活动。

这些整体目标包括：

——实施有序、正直、经济、效率和有效的运行

实体运行应当有序、正直、经济、效率和有效，他们必须遵循组织使命。

有序即是有条不紊。

正直与道德原则相关。自90年代以来，公共部门的道德行为，欺诈、腐败行为的预防和侦查，都日益重要。民众期待，公务员应当实施公平的公共服务和正确管理公共资源。公民应当在合法和公正的基础上得到公平的对待。因此，公共道德是建立和巩固公众信任的先决条件，是善政的基石。

经济性意味着避免浪费和杜绝奢侈。它意味着以最低的成本获得适当高质的资源，并能够在适当的时间和地点交付。

效率是指用于资源消耗与目标产出之间的关系。它意味着使用最小资源投入达到既定数量和质量的产出，或是既定数量、质量的资源投入实现最大产出。

有效是指达到目标或实现某一活动的结果与该活动的预期目标或效果相匹配的程度。

——尽职履责

问责是公共服务组织及其内部人员对其决定和行动负责的过程，包括公共资金的管理、公平以及所有方面的绩效。

通常的实现途径是通过开发、维护和提供可靠的财务及非财务信息，并通过公平地向内部和外部利益相关者及时披露这些信息。

这些非财务信息可能与政策和业绩的经济、效率以及内部控制的有效相关。

——遵从现行的法律和规范

组织必须遵守许多法律法规。公共组织必须依法实施公共资金筹集、支出和各项业务的运行。比如，预算法、国际条约、行政法、会计法/准则、环境保护法、民法、所得税条例、反欺诈腐败法等。

——节约资源，反对浪费、滥用和损失

虽然第四个目标可以当作第一个目标的内容之一，但是，对于公共组织而言，节约资源具有不同的重要意义。这是因为公共部门资源一般体现为公共资金，公共部门使用资料一般需要特别节约。此外，以现金为基础的预算会计在公共部门仍然很普遍，但没有提供有关资源的获取、使用和处置的充分保证。因此，公共部门的组织并不总是有最新记录的所有资产，这使它们更易受攻击。因此，应该将控制嵌入到管理实体资源从收购到处置的每一项活动中。为此，公共部门不可能总是如愿地更新资产记录。所以，对从购入到处置的资产控制都必须嵌入公共部门的每一项活动中。

其他资源，如信息、文件和会计记录是实现政府运作的透明度和问责的关键，并应当保存。然而，它们也有被窃取、误用或毁坏的风险。自从计算机系统出现以后，保护某些资源和记录变得越来越重要。如果不加以保护的话，存储在计算机介质上的敏感信息可能被销毁、复制、分发和滥用。

Achievement of objectives

Internal control is geared to the achievement of a separate but interreated series of general objectives. These general objectives are implemented through numerous specific sub-objectives, functions, processes, and activities.

The general objectives are:

•executing orderly, ethical, economical, efficient and effective operations

The entity’s operations should be orderly, ethical, economical, efficient and effective. They have to be consistent with the organisation’s mission.

Orderly means in a well-organised way, methodical.

Ethical relates to moral principles. The importance of ethical behaviour and prevention and detection of fraud and corruption in the public sector has become more emphasized since the nineties. General expectations are that public servants should serve the public interest with fairness and manage public resources properly. Citizens should receive impartial treatment on the basis of legality and justice. Therefore public ethics are a prerequisite to, and underpin public trust and are a keystone of good governance.

Economical means not wasteful or extravagant. It means getting the right amount of resources, of the right quality, delivered at the right time and place, at the lowest cost.

Efficient refers to the relationship between the resources used and the outputs produced to achieve the objectives. It means the minimum resource inputs to achieve a given quantity and quality of output, or a maximum output with a given quantity and quality of resource inputs.

Effective refers to the accomplishment of objectives or to the extent to which the outcomes of an activity match the objective or the intended effects of that activity.

• fulfilling accountability obligations

Accountability is the process whereby public service organisations and individuals within them are held responsible for their decisions and actions, including their stewardship of public funds, fairness, and all aspects of performance.

This will be realized by developing, maintaining and making available reliable and relevant financial and non-financial information and by means of a fair disclosure of that information in timely reports to inter-nal as well as external stakeholders.

Non-financial information may relate to the economy, efficiency and effectiveness of policies and operations (performance information), and to internal control and its effectiveness.

• complying with laws and regulations

Organisations are required to follow many laws and regulations. In public organisations laws and regulations mandate the collection and spending of public money and the way of operating. Examples include the Budget Act, international treaties, laws on proper administration,accounting law/standards, environmental protection and civil rights law, income tax regulations and anti-fraud and corruption acts.

•safeguarding resources against loss, misuse and damage due to waste, abuse, mismanagement, errors, fraud and irregularities

Although the fourth general objective can be viewed as a subcategory of the first one (orderly, ethical, economical, efficient and effective opera-tions), the significance of safeguarding resources in the public sector needs to be stressed. This is due to the fact that resources in the public sector generally embody public money and their use in the public inter-est generally requires special care. Moreover budgetary accounting on a cash basis, which is still widespread in the public sector, does not pro-vide sufficient assurance related to the acquisition, use, and disposition of the resources. As a result, organisations in the public sector do not always have an up-to-date record of all their assets, which makes them more vulnerable. Therefore, controls should be embedded in each of the activities related to managing the entity’s resources from acquisition to disposal.

Other resources such as information, source documents and accounting records are the key to achieving transparency and accountability of gov-ernment operations, and should be preserved. However they are also in danger of being stolen, misused or destroyed.

Safeguarding certain resources and records has even become increas-ingly important since the arrival of computer systems. Sensitive infor-mation stored on computer media can be destroyed or copied, distributed and abused, if care is not taken to protect it.

    关注 衮绣税研