Current location - Education and Training Encyclopedia - Education and training - Key points of enterprise internal control and risk management
Key points of enterprise internal control and risk management
Key points of internal control system construction under risk management

3. 1 Create a good internal control environment

Internal control environment is the fundamental environment for implementing internal control, the driving force for enterprise development, and the basis for the implementation of other risk management factors, which has great influence on the construction and implementation of internal control in enterprises. It can be said that the control environment of an enterprise directly determines the efficiency and effectiveness of internal control and risk management.

(1) Deepen the understanding of internal control and establish the concept of risk management. To deepen the understanding of internal control, we must first break through the understanding of traditional internal control and realize that internal control is not limited to the accounting level, but contains higher-level strategic objectives. In the process of transformation and development of electric power design enterprises to diversified management, general contracting and overseas projects, risk management and internal control must be carried out from a strategic perspective. Furthermore, the management and employees of an enterprise should have a sense of risk management, which should run through the production and operation of the enterprise, including business management, functional management, quality and safety management and so on. The cultivation of risk management concept can be realized through the demonstration role of enterprise leaders, relevant training and relevant rules and regulations.

(2) Establish a corporate governance structure and give full play to the responsibilities of various institutions. All levels and departments of an enterprise should have a clear division of labor, supervise and restrict each other. The company can guarantee the realization of the company's institutional responsibility through the provisions of the company's articles of association and the improvement of relevant incentive and restraint mechanisms. It is very important that the top management organization of electric power design enterprises should be responsible for the establishment and implementation of internal control. An enterprise shall set up institutions for the construction, supervision and management of internal control and risk management, and each institution shall be responsible for all aspects of work and supervise and restrict each other.

5. 1 Improve the corporate governance structure, and create a good internal control environment for the overall risk management internal control system. Establishing a sound internal control system is actually the embodiment of improving the corporate governance structure. Most electric power design enterprises have set up internal audit institutions, but most of them are under the leadership of chief financial officer or general manager. Therefore, upgrading the internal audit institution of electric power design enterprises to the part or working department of the audit committee of the company's board of directors will further clarify the main position of the internal audit institution in the internal control of electric power design enterprises.

(3) Cultivate employees' professional ethics and ability. Enterprise employees are the executors of enterprise production and business activities, and good professional ethics of employees can ensure the smooth progress of enterprise business activities and avoid the occurrence of fraud. The knowledge and skills of employees must match the abilities required by their posts, which is the basic guarantee for the effective operation of business activities and internal control activities. Therefore, enterprises should take professional ethics such as honesty as the code of conduct for employees, establish a reward and punishment mechanism, strengthen the re-education of employees, and implement a regular rotation system for key positions.

3.2 Set the strategic objectives of the enterprise

Enterprises should set strategic goals according to their own mission or vision, which is the highest goal of enterprises, and other goals serve them. According to the strategic objectives, the enterprise will be decomposed layer by layer and implemented by various departments. The formulation of strategic objectives should consider the risk tolerance of enterprises, and the risks faced by enterprises to achieve strategic objectives should be within the risk tolerance of enterprises.

3.3 Improve the risk management system

Enterprises should establish a risk-oriented internal control system, and only by implementing risk management in all aspects of enterprises can risks be controlled. To improve the enterprise risk management system, we should pay attention to the following points:

First, establish a risk early warning mechanism. Enterprises should identify the internal and external potential problems that affect the realization of enterprise goals through target analysis, process analysis and other methods, distinguish whether the potential problems are opportunities or risks, and clarify the risk early warning standards. The establishment of risk early warning mechanism is of great significance for enterprises to seize development opportunities, timely evaluate and deal with risks.

Second, establish a risk assessment system. Enterprises should further analyze and evaluate the identified risks, analyze whether the potential risks are inherent risks or residual risks, analyze the possibility and impact of risks, and pay attention to major risks. Evaluate the applicability of existing internal controls to risks and whether additional procedures are needed. Attention should be paid to the use of risk portfolio view when evaluating risks.

Third, establish a risk response mechanism. Risk response is a key step to control risks. After risk assessment, enterprises should take different measures according to the possibility of risk occurrence and different degrees of impact, among which major risks should be paid special attention. Risk response measures include avoiding, reducing, assuming and sharing risks. At the same time, risk response should consider cost and efficiency.

3.4 Establish good control activities

Enterprises should establish good control activities to ensure that the measures taken by management to deal with risks are effectively implemented. Control activities run through all departments, levels and activities of an enterprise. Control activities should include: analysis and evaluation of employee performance, self-evaluation of departments, control of information processing (including general control and application control), control of physical assets, and separation of responsibilities of incompatible posts.

3.5 Adequate information and communication

In the process of operation, enterprises should establish information transmission and communication to ensure that employees understand internal control and clarify their responsibilities. At the same time, through the understanding and mastery of external market information, policy information, customer information and competitor information, and through communication with all parties, it is beneficial for enterprises to cope with risks in time, seize opportunities and achieve better development. Enterprises can achieve this through employee manuals and the establishment of information collection and processing systems.

3.6 the establishment of internal control supervision and evaluation mechanism

The supervision and evaluation of internal control is an important means to ensure the effective implementation of the internal control system. At the same time, it is conducive to the management of enterprises to know the problems existing in internal control in time, provide suggestions for the improvement of internal control, and help enterprises to control various risks. The establishment of internal control supervision and evaluation mechanism mainly includes internal and external aspects:

First of all, enterprises should establish independent and authoritative internal audit institutions. The establishment of internal audit institutions should be separated from other functional departments. Internal audit institutions should have the right to implement audit decisions and audit conclusions, and can establish independent and authoritative internal audit institutions led by the board of directors or the board of supervisors. Internal audit should not be limited to the audit of financial statements, but should comprehensively supervise and evaluate the internal control system of enterprise qualifications, including auditing and evaluating the financial information, business activities and control activities of enterprises. At the same time, it is necessary to improve the professional ethics and quality of internal auditors and form a mechanism for mutual inspection and supervision between different positions.

Second, improve external supervision and evaluation. Because the internal audit is mainly responsible to the enterprise leaders, it has inherent limitations, which may lead to some control defects being covered up under the intervention of power, which is not conducive to the improvement of enterprise internal control. Therefore, an independent third party is usually needed to participate in the supervision and evaluation of enterprises in order to realize the supervision function. First of all, it is necessary to improve the internal control information disclosure system so that enterprises can accept the extensive supervision of the government and society. Furthermore, third-party auditing power can be used. The most common way is to hire certified public accountants to audit and evaluate the design and implementation of internal control of enterprises on a regular basis, and issue evaluation reports. This is also conducive to supervising the construction and implementation of enterprise internal control, and is also conducive to discovering the problems existing in enterprise internal control in time.

(2) Risk assessment

According to the development goals of the enterprise, all departments collect comprehensive information to determine the risk tolerance of the enterprise, establish a risk assessment and control system based on internal control according to the internal and external risks that the enterprise may face, and conduct a comprehensive risk assessment on the key links that have a significant impact on the realization of the enterprise goals. Develop internal control procedures for risks and responsibilities faced by various departments. According to the internal audit results and problems found in the management process, Sinopec constantly revised the internal control manual, and all branches (subsidiaries) also constantly revised the implementation rules. Dynamic risk assessment and response provide a guarantee for enterprises to achieve their goals.

(3) Control activities

China Petrochemical's control measures include: incompatible job separation control, authorization approval control (centered on authorization guidance), accounting system control (unified financial management information system has been established), fund payment control, property protection control, information technology control (controlled by advanced ERP management information system), planning control, budget control (comprehensive budget control), contract management control, business analysis control and scientific performance appraisal control. Combine manual control with automatic control, and combine preventive control with discovery control to establish a major risk early warning mechanism and an emergency response mechanism. The business objectives, risks, responsible units, incompatible positions, records and documents of each control point are defined through the business control matrix to provide guidance for the implementation of internal control responsibilities. The risk description reflects the internal control requirements of comprehensive risk management.

The internal control manual of China Petrochemical Company ensures the internal control activities. The internal control manual includes procurement, assets, information management, internal audit and so on 18, with 59 business processes, covering all aspects of enterprise management activities.

(4) Information and communication

China Petrochemical adopts advanced ERP management information system, accounting system, centralized fund management system, comprehensive budget management system and various business management systems, and implements centralized management of financial information system. The system allows the business operations of all business department personnel to be unified on the ERP system. After the enterprise enters the business data, the production and sales links will generate relevant information according to the corresponding business processes and send it to the database of the company headquarters for monitoring and analysis. China Petrochemical Company has formulated relevant management methods and business processes to standardize and control the information system from two aspects: general control and application control. Enterprises constantly improve the information collection mechanism and information communication platform, and the internal control manual also has corresponding provisions to ensure smooth communication between departments, departments and branches or subsidiaries, and management and the outside world. China Petroleum regularly discloses information in accordance with relevant laws and regulations, and external information disclosure is audited by the Board of Directors and the President's Office.

(V) Internal supervision

Sinopec has set up an audit committee to review the financial report and internal control, and the audit department regularly conducts independent reviews on its branches and subsidiaries. The enterprise has established a bipolar internal control daily supervision mechanism, and bipolar evaluation refers to the comprehensive inspection of the headquarters and the self-inspection and testing of branches and subsidiaries. The comprehensive inspection of the headquarters is mainly the annual comprehensive inspection of the internal control leading group, as well as the independent inspection of at least 25 branches (subsidiaries) by the audit department and the inspection of the headquarters. Self-inspection tests of branches and subsidiaries are mainly conducted by enterprises through departmental process tests and comprehensive inspection and evaluation with audit participation, as well as self-inspection and spot check evaluation of headquarters departments. In addition to daily supervision, China Petrochemical has also established supervision and inspection on some major aspects of internal control.

In addition, China Petrochemical Company formulated the Compilation of Supervision System of China Petrochemical Company, which improved the anti-fraud system of enterprises. Evaluate internal control by setting internal control execution indicators. Evaluate the design and implementation of internal control regularly every year, issue a self-evaluation report on internal control, disclose it to the outside world, accept extensive supervision from the outside world, and hire an external certified public accountant to audit the internal control of financial reporting.

4.4 China Petrochemical Internal Control Evaluation

China Petrochemical Company has formulated the Measures for Internal Control Inspection, Evaluation and Assessment and the Guidelines for Enterprise Internal Control Evaluation. And according to the internal control manual, check whether the internal control design is sound; According to the applicable content and scope of the internal control manual, check the compliance and effectiveness of the implementation of internal control. China Petrochemical Company mainly evaluates its internal control by identifying internal control defects and quantifying scores. Evaluate the internal control from the aspects of internal control elements, comprehensive inspection of business processes, and unit self-inspection, and formulate a standardized internal control self-evaluation flow chart to standardize the evaluation and ensure the fairness of the evaluation.

4.5 Effect of China Petrochemical's internal control since its implementation

Since the implementation of internal control in 2005, China Petrochemical has not only improved its management level, but also enhanced its profitability. Specifically, the institutionalized management system of China Petrochemical Company has been continuously improved, and gradually formed an institutionalized management system with the characteristics of China Petrochemical Company, which is guaranteed by internal control. It not only improves the enterprise's ability to resist risks, ensures the realization of enterprise goals, but also sets an example for other domestic enterprises to establish internal control. The management level of China Petrochemical Company has been continuously improved. China Petroleum implements unified material procurement management, standardizes enterprise material procurement, and saves material costs for enterprises. The consumption standards of raw materials and other products have been established, which makes the production, operation and management of enterprises increasingly refined. Through the establishment of IT risk control system, the risk ability of enterprises is increasing day by day. Internal control and its audit improve the efficiency and effect of audit and improve the management level of enterprises. The implementation of internal control accelerates the establishment of enterprise rules and regulations, clarifies the responsibilities and powers of enterprises, departments and posts, standardizes business operation processes, and improves the management efficiency and level of enterprises. The implementation of internal control in China Petrochemical Company meets the requirements of external supervision. As a company listed in three places at home and abroad, the implementation and disclosure of China Petrochemical's internal control meet the requirements of each listed place, and the internal control has been continuously improved since its implementation. The implementation of internal control has continuously optimized the internal environment of China Petrochemical Company. The implementation of internal control ensures the company's system reform, improves the corporate governance structure, and unifies and implements the corporate culture. The formulation of "Staff Code" not only standardizes the behavior of employees, but also makes the concept of risk management and honest management deeply rooted in people's hearts.

Related articles
  • What about the academic institution of Shandong Singapore Airlines?
  • Is there any food in Chengdu that is not spicy?
  • Does anyone know about dark horse programmers? What about their Shanghai campus?
  • Which district in Guangzhou can take the electrician certificate? How to conduct exam-oriented training?
  • Fuqing Xiangmin Construction Machinery Vocational Skills Training School?
  • Jiefangbei English training
  • 20 18 how many years is the service period of Jining three supports and one support?
  • How to learn fashion design after graduating from junior high school
  • How about Yiwu Zhongrong Beauty Makeup?
  • Xinhua News Agency reporter visited the underground makeup class. Can teachers in training institutions make up lessons?

    • copyright 2024 Education and Training Encyclopedia All rights reserved