The social development trend of informationization makes the focus of internal control of enterprises shift to informationization and timeliness, especially enterprise risk management has been promoted to the strategic level of enterprises, which plays a decisive role in the development and survival of enterprises. However, enterprise internal control and risk management are both related and different, and cannot be simply equated. This paper will analyze and discuss the relationship between them and their application in enterprises, and put forward corresponding improvement strategies in order to provide more theoretical reference for internal control and risk management of Chinese enterprises.
Keywords: internal control; risk management
The "Internal Control-Overall Framework" issued by COSO Committee 1992 put forward for the first time that internal control and risk management * * * act on the transaction process, and then affect the whole financial management process, which indicates that the correlation between internal control and risk management of enterprises has begun to be formally concerned. With the development of economy, the relationship between enterprise internal control and risk management is constantly strengthened, and then the similarity between them is further clarified under the new COSO framework based on internal control theory, which means that foreign internal control is changing to the stage of enterprise risk management. Although the present situation of enterprise risk management-oriented internal control in China is still insufficient to a great extent, the development trend of risk management-oriented internal control is inevitable.
First, the connotation of enterprise internal control and risk management
The main objectives of enterprise internal control include risk management, prevention and control. It is a standard management model based on enterprise professional management system and strategy, adopting all-round and multi-level supervision mode, and establishing core control points, process monitoring and process supervision from multiple perspectives. On the one hand, the important functions of enterprise internal control include establishing a subsidiary system of risk management; On the other hand, enterprise internal control is also the focus of comprehensive risk management, which belongs to the key link of comprehensive implementation of enterprise risk management. The specific work of enterprise internal control mainly includes professional hierarchical monitoring of the following internal environment: internal control organization setting, internal audit, corporate culture, human resource management, corporate governance model and social responsibility. Compared with enterprise risk assessment, enterprise internal control mode requires further ensuring the rationality of goal establishment. Combined with the process and conclusion of enterprise risk assessment, the internal tolerance range of enterprise supervision is clearly defined, and then relevant management measures are formulated.
The process of enterprise risk management mainly exists in the process of enterprise board of directors and other personnel with management authority jointly formulating enterprise goals, as well as the management mode in accordance with strategic standards and other aspects derived from standards. In order to ensure the smooth realization of the overall goal of the enterprise, enterprise risk management mainly identifies and evaluates various related potential risks or analyzes possible risks according to the operating conditions of the enterprise, and timely avoids or manages risks that are not conducive to the goal process of the enterprise. In addition, as the main object of enterprise management and control process, the accuracy of information greatly affects the risk assessment of enterprises, which also determines that internal control of enterprises should attach great importance to internal information guidance to ensure the effective transmission of information in all aspects of enterprises and the timeliness and stability of information dissemination. In the process of enterprise internal management and monitoring, risk assessment and control should also be combined with the actual situation of enterprises, and relevant internal supervision measures should be formulated from two aspects: daily supervision and special inspection. If the internal control defects are found in the enterprise's decision-making and measures, and the risk factors such as qualitative change or quantitative change in the enterprise's internal control process are found in the risk assessment part, they must be dealt with and improved in time during the verification process.
Second, the internal structure of enterprise internal control and risk management
(A) the enterprise's goal is the foundation of its development, which provides it with sufficient motivation, but on the other hand, it is also the main reason for enterprise risks. Enterprise goals mainly cause related enterprise risks through the following mechanisms: First, there is a certain contradiction between people's subjective initiative and the objective environment. In enterprise management, the contradiction between people's subjective initiative and objective activities may rise to uncertain factors, which may lead to risks. In addition, the establishment of goals is often based on higher-level standards. Influenced by the highly structured trend of enterprise development, the realization of any sub-goal depends on the development of its affiliated goals, which requires the overlapping and exclusive mode arrangement between sub-goals, so any related gap in the arrangement may produce risk factors. Finally, when the internal and external objectives of the enterprise complement each other according to importance, there are hidden dangers in integration, and the resulting integration gap can easily lead to risky phenomena.
(2) The establishment of enterprise goals is based on the development requirements of enterprises, and the correlation between enterprise internal control and risk management is also produced in the process of realizing enterprise goals. Therefore, the important factors affecting various risks in internal control management are: strengthening internal management activities of enterprises, striving to unify the diversified development goals of enterprises, and maintaining various risks in the process of enterprise development at the level that enterprises can supervise accordingly.
Three, the division of enterprise internal control and risk identification
(A) the overall repeatability of enterprise internal control and risk identification. The content of risk identification mainly includes implicit risk and explicit risk of target. Therefore, enterprises should realize that risk identification is not a simple one-time job, and it needs to be revised repeatedly in combination with planning. At the same time, the requirements of risk identification should be analyzed in detail and should not be influenced by any previous empirical thinking and patterned thinking. From the internal factors of enterprise development, certain overlapping incentives will put forward new requirements for enterprise internal control. However, the external factors of an enterprise determine the overall principles of internal control and risk. The main factors include sudden natural disasters, reform of new policies, unified emergency modes and measures in the industry, changes in customer demand, and scientific and technological progress. In addition, the rising price of raw materials directly affects the transformation of business philosophy and strategy, and the unstable market price is the main reason for the overall rise of market risk. In the understanding of risk integrity, the internal level of the enterprise is the main factor leading to enterprise risk. For the hierarchical risk problem in the process of combing risk integrity, the overall control and governance should be carried out after merging similar projects.
(2) Enterprises should not only correctly identify and analyze the different factors that lead to risks, but also distinguish the risks from different levels of internal control at different stages and different types of risks derived from hierarchical operation, mainly including risks in production, technology and marketing, risks caused by R&D process, and risks caused by artificial or non-artificial factors in the functional departments and business units where the research object is located. Because of its complexity and variability, some holistic and hierarchical risk problems found in internal control and management of enterprises cannot be quantified simply based on risk assessment and result analysis, and enterprises should formulate targeted measures according to specific risk factors. However, the general assessment involves the following contents: the possibility of risks, the complexity and frequency of risks, the source and severity of risks, and the risks brought by the regulatory model. And directly promote the risk analysis and measurement from different aspects. In addition, in order to avoid risks reasonably in management, enterprises often selectively solve different types of risks and minimize the resources consumed by eliminating risks.
Fourthly, measures to improve the internal control and risk management of Chinese enterprises.
(A) to cultivate the concept of internal control and improve the risk management mechanism
It is necessary to strengthen the internal control and risk management of enterprises from the concept of enterprises and put them into practice. First of all, enterprises should set up special risk management and internal control departments to give full play to their functions and effectively carry out risk identification, risk assessment and risk response; Secondly, enterprises should regularly carry out education and training to cultivate the risk management concept of employees at all levels and deepen the application of the concept; Finally, in order to improve the attention of enterprises to internal control and risk management, we should apply for CPA to intervene and evaluate the risk management ability of enterprises in the process of enterprise audit. In addition, enterprise risk management is a continuous dynamic process, and all links are closely linked and inseparable. Risk identification is the basis of risk management, which can effectively guarantee the follow-up work; Comprehensive risk assessment ensures the implementation of subsequent procedures under this premise; Finally, risk response is the key to the effectiveness of risk management. Therefore, the enterprise risk management system should run through all aspects of enterprise risk identification, risk assessment and risk response. In addition, it can also give full play to the role of evaluation institutions, provide reasonable opinions for enterprise risk management, and promote the scientific and rational development of enterprises.
(B) Improve the corporate governance structure and strengthen the internal supervision mechanism.
Corporate governance involves the relationship among managers, board of directors, shareholders and other stakeholders, which restrict each other and operate in harmony. To improve the corporate governance structure, we should fully grasp the role of independent directors, and ensure that their functions and powers can be effectively exerted from the proportion of independent directors in the company and the quality of their actual performance. In addition, the internal supervision mechanism of enterprises should be further strengthened. First of all, in order to prevent fraud or mistakes, improve the overall operating efficiency of enterprises and increase the value of enterprises, the risk-oriented audit system should be implemented within enterprises. At the same time, we should seize all kinds of talents with risk management knowledge and expand the team of internal auditors; Secondly, we should fully guarantee the independence of the internal audit department and avoid the interference of other factors in the audit process. Finally, the enterprise internal audit department should be directly responsible for leading the enterprise internal audit work, give full play to its functional role, and effectively serve the enterprise internal control and risk management.
References:
Meng Qingxiang. Integration of enterprise internal control and risk management [J]. Management Engineering, 20 12(06).
[2] Bai Hua. Internal Control, Corporate Governance and Risk Management ―― A Functional Perspective [J]. Economist, 20 12(03).
[3] Li Li On the risk management mechanism of enterprise internal control [J]. Enterprise Economy, 20 12(03).
Internal Control and Risk Management Part II "Internal Control and Risk Management of Banks"
The implementation of internal control is to enable commercial banks to achieve business objectives, effectively supervise, control, prevent and correct risks, and thus establish some mechanisms. In the process of continuous social practice, internal control and risk management are gradually developed and constantly improved. Effective internal control can not only improve the core competitiveness of banks and ensure the healthy and stable operation of the banking system, but also guard against various financial risks, thus reducing the possible impact of risks.
Keywords: internal control, risk control, internal control measures
I. Internal control mechanism of commercial banks
(A) the concept of internal control
Internal control is widely used in various enterprise management. Generally speaking, enterprises achieve the expected results through internal self-adjustment. In commercial banks, it is mainly for banks to guard against risks and reduce the impact of risks.
Generally speaking, the establishment and improvement of internal control is a means of self-management of commercial banks and a basic guarantee for their sustainable development. Obviously, controlling and resolving risks is the main goal of internal control, so in order to achieve this goal, commercial banks need to adopt some control methods to clarify the responsibilities and authority of internal departments, so as to improve management quality and work efficiency and ensure property safety.
(B) internal control principles
In the construction of internal control, commercial banks need to strictly follow some principles. Here we will understand these principles one by one:
(1) comprehensive principle. The so-called comprehensive principle means that internal control must be comprehensive. No matter which operation link or business process, not only all employees are required to participate, but also written records are required for future filing.
(2) the principle of independence, the principle of independence is that the internal control inspection is independent, its evaluation department is established independently, and its executive department, operators and controllers also exist independently.
(3) the principle of effectiveness, the principle of effectiveness is that no one can override the internal control system and everyone should strictly abide by it. It has the highest authority, and no one can violate it.
(4) Prudence principle, any system must be carefully established in internal control, and the establishment and improvement of the system will directly affect risk prediction.
(5) the principle of efficiency, the establishment of the system should try to achieve the purpose of control with less cost. The purpose of establishing internal control is to reduce risks and bring maximum benefits to banks.
(C) elements of internal control of commercial banks
According to the actual needs and China's current national conditions, this paper focuses on the understanding of internal control. The internal control system consists of five elements, which are interrelated and mutually restricted. These five elements are control environment, risk identification and evaluation, internal control measures, information exchange and feedback, and supervision, evaluation and correction mechanism.
(1) As the foundation of the whole internal system, the control environment mainly shows a series of controls on culture and atmosphere, which is objective and can be changed artificially. It can directly affect other internal controls of banks.
(2) Risk identification and assessment, which is a process and the basis of risk activities.
(3) Internal control measures are the core of the bank's internal control system, which refers to the implementation process of internal control.
(4) Information exchange and feedback, information exchange and feedback is mainly to better communicate all elements, constantly improve the deficiencies of all elements, and provide good information support for control objectives.
(D) How to improve the effectiveness of internal control
The effectiveness of internal control refers to the degree or level of assurance provided by internal control for the realization of control-related objectives, so how to improve the effectiveness of internal control? We have made improvements in the following aspects:
Optimize the control environment and improve the control effect; Strengthen the meaning of risk and improve the level of risk management; Strengthen internal control and improve execution; Strengthen information communication; Improve the supervision system and strengthen internal and external supervision.
Two. Risk assessment of commercial banks
In the course of commercial banks' operation, it is impossible to predict in advance that some adverse factors will make the actual income of banks deviate from the previous expected income, so that they will not reach the expected value, and the economic benefits will be damaged or increased additionally.
In order to control risks, we need to quantify them. Risk quantification is to better judge the risk of banks, but it cannot be used as its absolute standard. So how to quantify the risk? First of all, we need to make some assumptions, imagine what risks there will be, and the countermeasures; Secondly, we should make qualitative judgments, such as the background of applying for loans and lenders, whether there is a breach of contract, whether there is the ability to repay debts, and so on. But these risks are uncertain and difficult to quantify, which requires us to analyze their risks with probability analysis. Therefore, when controlling risks, we should not only quantify risks, but also evaluate and judge risks to minimize risk losses.
In recent years, according to the development trend of China's commercial banks, the focus of risk management is gradually approaching the focus of internal control, and the two tend to be consistent, but there are also subtle differences. Although their countermeasures are inconsistent, their ultimate goals are generally the same. Internal control pays attention to the establishment and perfection of management system, while risk management is to rebuild management system on the basis of internal control. As far as risk management is concerned, the balance of payments of banks is basically achieved by re-establishing and perfecting management policies and technical systems.
Three. Effective measures for internal control of banks
To ensure the effective implementation of bank internal control. The measures we need to take are:
(1) A bank organizational structure with perfect corporate governance structure should be established. In order to rationally allocate various powers, the shareholders' meeting, the board of directors and the board of supervisors should be established and improved through property rights reform and shareholding system reform. At the same time, there are also checks and balances and accountability mechanisms to change the problems existing in China's banking governance structure. Secondly, strengthen the first-level legal person system and clarify the roles of various departments. The third is to improve the authorization credit system and effectively supervise differentiated authorization. The fourth is to improve the decision-making risk restraint mechanism and the responsible person system. The fifth is to reform the existing banking organization and appropriately shrink the branches.
(2) In order to promote the standardization of internal control system, we must guard against risks in an all-round way. First of all, it is necessary to realize the transition from controlling and managing credit business risks to comprehensively controlling and managing various risks, and from system risk prevention to procedural risk prevention and technical risk prevention, so as to realize the continuity and integrity of risk assessment activities. Secondly, we should promote the standardization of internal control system.
(3) Establish an effective bank management information system and business information system. The establishment of bank management information system and business information system can not only realize the enjoyment of information resources, but also give internal control rich information resources and final decision support.
(4) Strengthen the construction of internal management culture. The construction of internal control management culture can mobilize the enthusiasm of employees, and implement the management concept and code of conduct at the grassroots level through internal training, which can promote the improvement of the internal control system of banks.
Four. Concluding remarks
The above are some measures taken to solve the problems existing in the internal control construction of domestic banks. With the continuous development of commercial banks, the content of internal control is constantly changing, so we should keep pace with the times in the operation process.
References:
[1] Zhou Huiru. On the Internal Control of Commercial Banks [J]. Modern Industrial Economy and Informatization, 20114.
[2] Xia Hailing. On internal control and risk management of banks [J]. Modern Marketing, 20112.
[3] Dong. On the risk internal control management of small and medium-sized commercial banks [J]. Modern Economic Information, 20 13 19.
Internal Control and Risk Management Part III "Analysis of Enterprise Internal Control and Risk Management"
Abstract: At present, if enterprises want to face these challenges and be in an invincible position, they must first do a good job within the enterprise, in which risk management and internal control are extremely important parts. This paper discusses the internal control of enterprises from the perspective of risk management, analyzes the existing problems of Chinese enterprises, and puts forward some countermeasures.
[Keywords:] enterprise internal control risk management analysis
China Library ClassificationNo.: TD-05 Document ID: A DocumentNo.:1009-914x (2014)10147-0/.
With the rapid development of economy, many enterprises gradually realize the importance of enterprise management. However, at present, many enterprises in our country still do not do a good job in risk management and internal control, and many enterprises can't look at internal control from the perspective of risk management, which eventually causes certain losses to enterprises. The following author analyzes and discusses the risk management and internal control of enterprises.
First, correctly understand the relationship between risk management and enterprise internal control.
(1) risk management
Any enterprise will encounter risks in its development, which may come from the internal or external environment of the enterprise. The impact of risks on enterprises can be large or small, and even serious will directly destroy enterprises. Therefore, faced with these unpredictable risks, enterprises must formulate some special management systems to deal with risks, that is, enterprise risk management. The main task of risk management is to predict, identify and measure risks, and formulate effective means and plans to avoid risks or minimize the damage of risks, thus ensuring the safety of enterprises.
internal control
Internal control is one of the components of enterprise internal management. Enterprises formulate relevant systems through internal control and implement them to promote the effective implementation of various internal management systems. So that the business and objectives of the enterprise can be realized and successfully completed, so as to effectively improve the interests of the enterprise and promote the development of the enterprise.
(C) the relationship between the two
Through the above definition, we can find that risk management belongs to enterprise internal control and is an important part of internal control. The ultimate goal of both is to make the enterprise get better development. Risk management and enterprise internal control will have great influence on each other. If an enterprise can't even do internal control well, risk management will not be so good. If there are problems in risk management, it will lead to loopholes in internal control and seriously affect the normal development of enterprises.
Second, the current enterprise risk management and internal control problems in China
(A) low risk awareness of enterprises
With the rapid development of economy, more and more risks will affect the development of enterprises, and the types of risks faced by enterprises are gradually increasing. At present, the main risks include: business risk, credit risk, market risk and legal risk. The impact and damage of these risks on enterprises is incalculable, so enterprises must first have a high sense of risk.
The actual situation of enterprises in China is that many enterprises are seriously lacking in risk awareness. Most enterprises just put most of their energy and funds into projects that can make profits for enterprises, and they don't see the potential risks, and there are no effective prevention and control measures for these risks. When the risk really happens, enterprises will naturally be at a loss and watch the risk come.
(B) the lack of risk prevention measures
There are certain risks in any business, but the benefits and risks are in direct proportion, that is to say, if an enterprise wants to obtain high profits, it must bear great risks. At present, many enterprises always focus on high returns, but they don't see the risk of standing next to high returns. If they can't see the risks, they naturally won't formulate effective risk prevention measures. However, there are few effective risk prevention measures. Once the risk really comes, the high risk behind the high profit will give the enterprise a great blow, and even cause serious phenomena such as bankruptcy and debt, which is fatal to the development of the enterprise.
(C) the internal control system is not perfect
At present, in many enterprises in our country, the management's awareness of internal control is weak, and they only pay attention to the interests of enterprises and ignore the construction of internal control. Some enterprises even think that internal control is dispensable. Some enterprises have established internal control systems, but unscientific and unreasonable internal control systems have become an important factor hindering the development of many enterprises.
In many enterprises, the internal control system of the enterprise is formulated by the management, and this formulation method will lead to the unfairness of the internal control system because the management only values its own interests. The system thus formulated does not conform to the principle of separation of powers. Although many enterprises know and see this problem, they have not paid attention to it and have not given some solutions. This internal control system will hinder the development of enterprises and seriously affect the normal development of enterprises.
(D) Lack of execution and effective evaluation mechanism.
From past cases, we can see that many enterprises failed to implement internal control, which eventually led to bankruptcy or lost a lot of money. For example, many enterprises have seen the disappearance of huge funds, which is the result of inadequate implementation of internal control, making the internal control system just a document and unable to play any role.
Moreover, many enterprises in China still lack an effective evaluation mechanism for internal control. Without an effective evaluation mechanism, it is impossible to know whether the internal control system of enterprises is correct or not and whether it can play an important role in a specific period.
Lack of professionals
Both risk management and internal control must be manipulated and implemented, but at present, many enterprises are not professionals who manipulate risk management and internal control, but only randomly selected personnel within enterprises. However, such employees can't make professional decisions on risk management and make correct decisions on internal control management. Therefore, as a result of selecting talents in this way, the risk management department and the internal control department eventually become ineffective.
Third, effective measures to improve the internal control of enterprises from the perspective of risk management
(A) risk-oriented internal control work, and effectively improve the risk awareness of enterprises.
To achieve risk-oriented internal control, we must first do a good job of enterprise authorization. Through previous cases at home and abroad, we can find that many enterprises have internal fraud cases because of unreasonable authorization. Therefore, when authorizing an enterprise, we must consider from several aspects, such as ensuring the effective operation of the enterprise and the effective implementation of the internal management system. Specifically, the primary responsibility should be the CEO of the enterprise, and managers at all levels play an auxiliary role, so as to ensure that the personnel of the whole enterprise can have a sense of risk and greatly promote the internal control management level of the enterprise.
(2) Strengthen risk control in all aspects and establish an effective evaluation mechanism.
For any enterprise, it is unrealistic to want to do all aspects of internal control, so enterprises should effectively control some key points and establish corresponding control systems. The key control points in an enterprise should include the risk-prone links in enterprise management and economic activities. After determining the critical control point, it is necessary to make quantitative analysis, simulate and calculate how much danger it will bring to the normal operation of the enterprise, and formulate corresponding measures according to the risk. In addition to formulating effective risk prevention measures, it is also necessary to carry out relevant training and education for employees in key links of enterprises, and implant risk awareness into the minds of employees in key links.
Finally, it is necessary to establish a standardized and scientific assessment mechanism, clarify the responsibilities of all employees and positions, assess employees through standardized and scientific assessment, and effectively strengthen their risk awareness through assessment.
(c) Creating an internal environment conducive to risk management
The internal environment of enterprises has an important influence on the implementation of enterprise risk management. It is true that only the internal supervision of enterprises can strengthen the internal control of enterprises, but this way is a passive way. Therefore, the best way for enterprises is to strengthen the quality, morality and quality of employees through education and training, turn passivity into initiative and form a good internal environment. The formation of a good internal environment will have a positive impact on the establishment of effective risk management. Only by establishing an effective risk management department can enterprises reduce their losses to the lowest point when facing risks, which is of great significance to the development of enterprises.
Four. conclusion
Any enterprise that wants to gain a foothold and develop steadily in the fierce market must do a good job in internal control and risk management. Only when enterprises carry out internal control work from the perspective of risk management can they better promote the development of enterprises and enable them to spend it safely in the face of any difficulties.
refer to
[1] Zhu Yanfang. Analysis of enterprise internal control and risk management [J]. Administrative assets and finance: Part 2, 20 1 1(02).
[2] Wang Xiaohui. On enterprise internal control and risk management [J]. Enterprise Herald, 20 1 1( 10).
Paper recommendation on internal control and risk management;
1. Internal control and risk management documents
2. Paper cases of internal control and risk management
3. Risk management papers
4. Related papers on enterprise internal control
5. Graduation thesis of enterprise internal control
6. Risk management thesis
7. An enterprise internal control paper