內(nèi)部審計(jì)在企業(yè)風(fēng)險(xiǎn)管理中的作用外文翻譯

1、外文文獻(xiàn)翻譯原文：internal auditings role in ermas organizations lay their enterprise risk groundwork, many auditors are taking on managements oversight responsibilities, new research finds.internal audit departments have played a variety of roles in their organizations enterprise risk management (erm) activ

2、ities since the committee of sponsoring organizations of the tread way commission (coso) released its enterprise risk management-integrated framework in september 2004. an iia position paper issued in the wake of coso erm, the role of internal auditing in enterprise-wide risk management, indicates t

3、he roles that the internal audit function should and should not play throughout the erm process, ranging from full involvement to no involvement. according to the paper, internal auditors should have a core role in five erm-related assurance activities: giving assurance on risk management processes,

4、 giving assurance that risks are evaluated correctly, evaluating risk management processes, evaluating the reporting of key risks, and reviewing the management of key risks.a recent iia research foundation study examined the extent to which internal audit functions adhere to the erm roles recommende

5、d in the iia paper. during october 2005, researchers disseminated an online survey to 7,200 iia members through the institutes global auditing information network. the survey generated 361 responses from a mix of large, mid-sized, and small organizations in a variety of industries, including busines

6、ses, government agencies, and not for profit organizations. nearly 60 percent of respondents identified themselves as a chief audit executive or audit director, 23 percent were audit managers, and 7.8 percent were staff or senior auditors. approximately 90 percent were from the united states and can

7、ada.respondents organizations are at different stages of implementing erm, as defined by coso. more than 11 percent say their organizations erm infrastructure is mature or relatively mature, and 37 percent have recently adopted or are in the process of implementing erm. among all organizations surve

8、yed, the internal audit function is primarily responsible for erm-related activities in 36 percent of respondents organizations, while 27 percent say the primary responsibility belongs to a chief risk officer (cro) who is not part of the audit function. nearly one-third of respondents say another ex

9、ecutive or function oversees erm.the hours and dollars internal audit functions spend on erm-related activities are minimal for many respondents. nearly half say their audit department spent 10 percent or less of its hourly and financial budgets on erm-related activities during fiscal year 2004. mor

10、e than one-third of audit departments spent ii percent to 50 percent of their time on erm, and 28 percent spent n percent to 50 percent of their financial budgets, while less than 10 percent of departments spent more than 50 percent of their time and money.the iia position paper categorizes 18 erm-r

11、elated activities according to the appropriate level of responsibility for the internal audit function. survey respondents reported their current and ideal level of responsibility for these activities: no responsibility, limited responsibility, moderate responsibility, substantial responsibility, an

12、d total responsibility.core activitiesdifferences between respondents current and ideal responsibilities are greatest for the five core erm assurance activities identified in the iia paper. respondents indicated that their current responsibility for each of the core erm related activities is moderat

13、e, but they say they should have a substantial level of responsibility. these views agree with the iia guidance. additionally, roughly half of internal audit functions surveyed currently have substantial or full responsibility for at least one core activity, and more than two-thirds say they should

14、have till or substantial responsibility for at least one core activity.within the core category, the audit functions two highest levels of current responsibility involve reviewing management of key risks and evaluating the risk management process. evaluating the risk management process and giving as

15、surance on risk management processes are the highest-rated ideal responsibilities. conversely, giving assurance that risks are evaluated correctly is the lowest-rated current and ideal responsibility.the following respondent comments offer some insight into why audit departments are not currently in

16、volved in core erm-related activities at the level they deem appropriate; we have just recently begun implementing erm activities in our company. we do not yet have complete understanding of the process and buy-in from management.the audit committee and management are not aware of what erm is. the i

17、nternal audit function has just initiated an awareness campaign among the audit committee members.these comments suggest that educating management and the audit committee on erm issues can be critical to ensuring that the audit function takes on an appropriate level of responsibility for erm. legiti

18、mate activitiesthe iia paper prescribes seven legitimate erm-related activities for which internal committee audit functions may be responsible as long as safeguards are in place: facilitating the identification and evaluation of risks, coaching management in responding to risks, coordinating erm-re

19、lated activities, consolidating the reporting on risks, maintaining and developing the erm framework, championing establishment of erm, and developing risk management strategy for board approval. these activities are described as consulting activities. although respondents current responsibility for

20、 each of these legitimate activities ranges from limited to moderate, they say their ideal level should be moderate, which is consistent with the guidance.within the legitimate category, the highest level of current internal audit responsibility involves facilitating the identification and evaluatio

21、n of risks the top-rated erm-related activity, including core activities. this activity is also the highest-rated ideal activity among legitimate activities, suggesting that auditors consider it a core responsibility. this finding is not surprising. because risk detection and evaluation are traditio

22、nal considerations in developing annual audit plans. the lowest-rated current and ideal activity is developing a risk management strategy for board approval, which is an activity that might best be handled by management.the iia guidance cautions that when internal auditors undertake these legitimate

23、 consulting activities, safeguards should be in place to ensure that they do not take on management responsibility for actually managing risks. one possible preventive measure would include documenting the auditors erm responsibilities in an audit committee-approved audit charter. further, if audito

24、rs take on any erm-related activities that fall within this consulting role, they should treat these engagements as consulting engagements and apply the relevant iia standards to help ensure their independence and objectivity.inappropriate activitiesaccording to the iia position paper. it is inappro

25、priate for internal auditors to be responsible for six erm-related activities: setting the risk appetite, imposing risk management processes, providing management assurance on risks, making decisions on risk responses, implementing risk responses on managements behalf, and having accountability for

26、risk management. overall, audit functions in the survey have greater responsibility for these activities than the iia paper recommends. however, auditors say they should have some limited responsibility for the inappropriate activities.within the inappropriate category, internal auditors highest lev

27、el of current and ideal responsibility is providing management assurance on risks, while their lowest level of responsibility is for setting the risk appetite. respondents comments suggest that auditors currently have greater responsibilities in these areas because the audit function is playing a le

28、ading role during the early stages of erm development.organizational characteristicsthe perceived current and ideal frm roles for the internal audit function may vary across organizations, depending on the organizations industry, size, and audit department size, as well as the firms need to comply w

29、ith the u.s. sarbanes-oxley act of 2002.industry respondents work in a variety of sectors, including financial services, manufacturing, transportation, communications, utilities, health care, retail and wholesale, government, and education. researchers compared responses from the two largest industr

30、y groups: financial services and manufacturing. on average, financial service industry audit departments have greater current responsibility for core activities than those from manufacturing. with respect to inappropriate activities, manufacturing audit departments tend to say their ideal involvemen

31、t should be higher than their current responsibility, while financial service industry audit departments rate their current and ideal responsibilities at the same level.organization size approximately half of respondents work in organizations that had 2004 revenues between us $500 million and us $5

32、billion. nearly 25 percent of respondents work in organizations that had revenues under us $500 million in 2004, while a similar number of respondents work in organizations that had more than us $5 billion in revenue that year. researchers compared responses from organizations with revenues of less

33、than us $1 billion with organizations with revenues greater than us $1 billion. on average, auditors from both types of organizations have relatively equal levels of responsibility for current core activities. however, smaller organizations rated their ideal involvement for these core activities hig

34、her than large organizations. smaller organizations have a slightly higher current level of responsibility for inappropriate activities than larger organizations and say their ideal involvement in these areas should be higher.audit staff size more than half of respondents work in audit departments w

35、ith 10 or fewer auditors, slightly more than one-quarter work in departments with between 11 and 50 auditors, and approximately one-tenth of respondents work in departments with more than 50 auditors. internal audit functions with more than 10 auditors currently have somewhat more responsibility for

36、 core activities than audit departments with 10 or fewer auditors. both large and small audit functions have roughly equal levels of responsibility for all other erm-related activities. however, unlike large audit organizations, respondents from small audit departments want to have more responsibili

37、ty for activities in the inappropriate category.sarbanes-oxley most respondents organizations are required to comply with sarbanes-oxley section 404. researchers found few differences between those organizations and respondents from organizations that do not have to comply with the act. the primary

38、difference related to core activities, where compliers report a higher level of current responsibility than non-compliers.although the iia guidance is equally applicable to all organizations, the research indicates that smaller internal audit departments and those from smaller organizations tend to

39、take on erm responsibilities that would be more appropriate for management. in these cases, internal auditing should work to develop an erm implementation and maintenance plan that includes a stratcgy and timeline for migrating responsibilities for these activities to managementthe auditors rolealth

40、ough the survey results suggest that the current levels of responsibility audit departments have may differ somewhat from that levels recommended by the iias position paper, the respondents comments offer some evidence that auditors understand the underlying concepts of the guidance:there needs to b

41、e a shift in the doing of the erm to being an internal audit function that relies on and evaluates the erm process. erm should be in sync with the audit universe and plan,in the past i8 months, the corporation has appointed a cro to provide oversight and guidance to evolving erm processes. during th

42、is period, much of internal auditings previous erm roles have migrated to this officer. more importantly, respondents identified significant barriers in their organizations to following the guidance:these erm responsibilities and processes are not well defined in many organizations and should be mor

43、e clearly articulated by senior management. there is not enough emphasis from the top that risk management is important and must be done effectively. management is still trying to hide things from internal auditing. its not them against us, were all in it together. most auditors and enterprise manag

44、ers lack clarity on the distinction between responsibility for risk assurance implementation versus responsibility for risk assurance compliance and monitoring.these comments stress that a key element to establishing a successful erm program is education on the importance of erm and the appropriate

45、roles management and internal auditing have in the process. internal auditors can play a key role in providing this education. the audit department, management, hoard of directors, and audit committee need to be clear about which erm related activities internal auditors should perform and which acti

46、vities should always be performed by management. relevant training should highlight that internal auditing could serve in a monitoring or consulting role throughout much of the erm process, but the formal decision-making authority must reside with management if the audit department is to maintain it

47、s independence and objectivity.auditors should take steps to ensure that the board and audit committee are aware of the coso erm framework and are actively engaged in overseeing the erm process. additionally, auditors should consider training senior management, the board, and others throughout their

48、 organization on coso erm and related guidance.responses to the survey provide useful insights into additional steps that the internal audit profession should take. auditors whose organizations are in the early stages of adopting erm or will be implementing erm in the future have many opportunities

49、to ensure that the process is effective and efficient. for example, audit departments that currendy perform erm-related activities that should be managements responsibility can take proactive steps to open up the lines of communication between internal auditing and management, the board and audit co

50、mmittee, and external auditors about the risks of this situation. such communication should encourage management to take on appropriate erm responsibilities. one approach audit departments could take is to develop a business plan describing how management can assume responsibility for erm related ac

51、tivities for which they should be accountable. however, internal auditors should recognize that completing this plan and convincing management to accept these erm responsibilities might not occur quickly.with appropriate planning, communication, and education, internal auditors, management, the boar

52、d, and external auditors should be ready to work together to achieve the many benefits of erm. ideally, this coordination will result in performing erm-related activities at appropriate places within the organization, management accepting its responsibility for erm, and that audit function playing a

53、 role that is consistent with appropriate professional guidance.source:audrey.a.gramling.internal auditings role in erm.2004:2-4.譯文：內(nèi)部審計(jì)在企業(yè)風(fēng)險(xiǎn)管理中的作用新的研究發(fā)現(xiàn)：隨著企業(yè)以組織風(fēng)險(xiǎn)為基礎(chǔ)，許多審計(jì)人員對(duì)管理層采取職責(zé)監(jiān)督措施。自2004年9月coso組織發(fā)布的企業(yè)風(fēng)險(xiǎn)管理的集成框架起，內(nèi)部審計(jì)部門在組織的企業(yè)風(fēng)險(xiǎn)管理中扮演管理的角色。在coso發(fā)布企業(yè)風(fēng)險(xiǎn)管理文件之后，國際投資協(xié)定發(fā)布：內(nèi)部審計(jì)在企業(yè)風(fēng)險(xiǎn)管理中的作用。表明內(nèi)部審計(jì)的職能應(yīng)該在整個(gè)管理

54、過程中發(fā)揮，從沒有充分參與到充分參與的過程。根據(jù)該文件，內(nèi)部審計(jì)人員應(yīng)該從五個(gè)參與風(fēng)險(xiǎn)管理有關(guān)的活動(dòng)中保證其核心作用：提供有關(guān)風(fēng)險(xiǎn)管理流程保證；使正確評(píng)估風(fēng)險(xiǎn)保證；評(píng)估風(fēng)險(xiǎn)管理流程；評(píng)估報(bào)告的主要風(fēng)險(xiǎn)；以及檢討管理的主要風(fēng)險(xiǎn)。在iia研究基金會(huì)最新的一項(xiàng)研究報(bào)告審查中得出，有關(guān)內(nèi)部審計(jì)職能，堅(jiān)持以國際投資協(xié)議文件中的定義，以企業(yè)風(fēng)險(xiǎn)管理為主要職能。2005年10月期間，研究人員通過該研究所的全球?qū)徲?jì)信息網(wǎng)絡(luò)，對(duì)7200位國際投資協(xié)定的成員作了一個(gè)在線調(diào)查。調(diào)查發(fā)現(xiàn)：來自361個(gè)大型、大中型混合及部分小型營利組織（包括企業(yè)和政府機(jī)構(gòu)）做出了積極的響應(yīng)。近60%的受訪者為首席審計(jì)執(zhí)行官或者是審計(jì)署

55、署長，23%為審計(jì)經(jīng)理，7.8%為工作人員或者高級(jí)審核員。大約90%來自美國和加拿大。受訪者在不同階段對(duì)組織實(shí)施企業(yè)風(fēng)險(xiǎn)管理，結(jié)果類似于coso中描述的一樣。11%以上的人認(rèn)為，他們組織的企業(yè)風(fēng)險(xiǎn)管理基礎(chǔ)設(shè)施成熟或者相對(duì)成熟，有37%左右的人認(rèn)為，組織的erm最近通過并在執(zhí)行中。在所有調(diào)查的組織中，有36%受訪者負(fù)責(zé)的企業(yè)反應(yīng)內(nèi)部審計(jì)職能主要是負(fù)責(zé)組織的風(fēng)險(xiǎn)管理，而27%的人認(rèn)為，主要的責(zé)任是屬于首席執(zhí)行官（cro）的，他不屬于國家審計(jì)職能的一部分；將近三分之一的人反應(yīng)，認(rèn)為應(yīng)該由另一行政領(lǐng)導(dǎo)或職能部門監(jiān)督企業(yè)風(fēng)險(xiǎn)管理。大部分受訪者反應(yīng)：對(duì)于時(shí)間和金錢，內(nèi)部審計(jì)職能風(fēng)險(xiǎn)管理活動(dòng)花費(fèi)是最少的。將

56、近一半的人說，2004年他們花了審計(jì)部門在每小時(shí)企業(yè)風(fēng)險(xiǎn)管理和財(cái)政預(yù)算中的百分之十，甚至更少。三分之一的人員反映審計(jì)部門花費(fèi)僅20%50%的企業(yè)風(fēng)險(xiǎn)管理時(shí)間，花了28%50%的財(cái)政預(yù)算；少于10%部門金錢和時(shí)間花費(fèi)超過50%。國際內(nèi)部審計(jì)師協(xié)會(huì)的立場文件歸類中18號(hào)文件指出，根據(jù)內(nèi)部審計(jì)職能的適當(dāng)水平明確企業(yè)風(fēng)險(xiǎn)管理有關(guān)活動(dòng)的責(zé)任。核心活動(dòng)：目前受訪者之間的差異和理想的職責(zé)最顯著的是：在國際內(nèi)部審計(jì)師協(xié)會(huì)文件中，保證企業(yè)風(fēng)險(xiǎn)管理中的五個(gè)核心活動(dòng)是最大的。受訪者表示，根據(jù)國稅，他們對(duì)當(dāng)前每一個(gè)erm核心活動(dòng)的責(zé)任是溫和的，但他們也表示，他們應(yīng)該有一個(gè)責(zé)任重大的水平。這些意見是同意國際內(nèi)部審計(jì)師協(xié)

57、會(huì)的指導(dǎo)的。此外，大約一半的人認(rèn)為，內(nèi)部審計(jì)職能目前調(diào)查的全部活動(dòng)或有重大責(zé)任，至少有一個(gè)核心，并且超過三分之二認(rèn)為他們應(yīng)該有全部或重大活動(dòng)的責(zé)任，至少有一個(gè)核心。在這一核心范疇，對(duì)審計(jì)職能的兩個(gè)最高級(jí)別的現(xiàn)時(shí)義務(wù)主要包括審查風(fēng)險(xiǎn)管理和評(píng)價(jià)風(fēng)險(xiǎn)管理過程。評(píng)估風(fēng)險(xiǎn)管理過程，并給予保證過程的風(fēng)險(xiǎn)管理是最高的理想責(zé)任。相反，給予保證，正確評(píng)估風(fēng)險(xiǎn)是最低要求的理想責(zé)任。以下是申請(qǐng)人提供的一些說法，他們認(rèn)為目前審計(jì)部門在適當(dāng)?shù)幕顒?dòng)所涉及的洞察力，為什么沒有核心企業(yè)風(fēng)險(xiǎn)管理相關(guān)的水平：“我們最近剛剛開始實(shí)施我們公司的企業(yè)風(fēng)險(xiǎn)管理活動(dòng)。我們還沒有完全理解和掌握風(fēng)險(xiǎn)過程中的管理。”“審計(jì)委員會(huì)和管理是不知道什

58、么是企業(yè)風(fēng)險(xiǎn)管理。內(nèi)部審計(jì)職能在剛剛開始的審計(jì)委員會(huì)成員之間開展宣傳活動(dòng)。”這些言論表明，教育管理和風(fēng)險(xiǎn)管理問題是：審計(jì)委員會(huì)在企業(yè)風(fēng)險(xiǎn)管理問題上，可以確保審計(jì)職能在企業(yè)風(fēng)險(xiǎn)管理中發(fā)揮在一個(gè)適當(dāng)?shù)乃?。合法活?dòng)：國際內(nèi)部審計(jì)師協(xié)會(huì)規(guī)定了七個(gè)文件，有關(guān)企業(yè)風(fēng)險(xiǎn)管理的合法活動(dòng)，而內(nèi)部審計(jì)委員會(huì)可能發(fā)揮職能，需要負(fù)責(zé)的地方，需要的保障措施是：便利的識(shí)別和風(fēng)險(xiǎn)管理評(píng)價(jià)和訓(xùn)練管理者應(yīng)對(duì)風(fēng)險(xiǎn)，協(xié)調(diào)企業(yè)風(fēng)險(xiǎn)管理有關(guān)的活動(dòng)，鞏固報(bào)告的風(fēng)險(xiǎn)，維護(hù)和發(fā)展企業(yè)風(fēng)險(xiǎn)管理框架，倡導(dǎo)建立企業(yè)風(fēng)險(xiǎn)管理，并制定董事會(huì)批準(zhǔn)的風(fēng)險(xiǎn)管理策略。這些活動(dòng)被稱為“咨詢”活動(dòng)，雖然受訪者目前的責(zé)任范圍有限，從這些合法活動(dòng)中可以看到，他們說

59、自己的理想水平應(yīng)該是適度的，這是根據(jù)國際審計(jì)師協(xié)會(huì)文件指導(dǎo)意見確定的。在合法的類別的當(dāng)前內(nèi)部審計(jì)責(zé)任的最高級(jí)別涉及：促進(jìn)識(shí)別風(fēng)險(xiǎn)和風(fēng)險(xiǎn)評(píng)估，一流的erm 相關(guān)活動(dòng)，包括核心活動(dòng)。 這項(xiàng)活動(dòng)也是最高要求，建議審計(jì)人員的核心職責(zé)是合法活動(dòng)中的理想活動(dòng)。 這一結(jié)果并不令人驚訝，因?yàn)轱L(fēng)險(xiǎn)監(jiān)測和評(píng)估是在制定年度審計(jì)計(jì)劃中的傳統(tǒng)因素。最低要求和理想的活動(dòng)是得到一個(gè)董事會(huì)的批準(zhǔn)，這是一個(gè)可能由管理者處理企業(yè)風(fēng)險(xiǎn)管理活動(dòng)最好的管理策略。國際內(nèi)部審計(jì)師協(xié)會(huì)的指導(dǎo)告誡說，當(dāng)內(nèi)部審計(jì)人員進(jìn)行這些合法的咨詢活動(dòng)時(shí)，保障措施到位，確保他們?cè)诓怀袚?dān)實(shí)際管理風(fēng)險(xiǎn)的責(zé)任。一個(gè)可能的預(yù)防措施將包括記錄在審計(jì)委員會(huì)批準(zhǔn)的審計(jì)章程中，審計(jì)師對(duì)企業(yè)風(fēng)險(xiǎn)管理的責(zé)任。此外，如果審計(jì)人員承擔(dān)任何風(fēng)險(xiǎn)管理責(zé)任，是從事有關(guān)屬于這一咨詢的活動(dòng)的作用，他們應(yīng)該把這些約定的咨詢業(yè)務(wù)，應(yīng)用相關(guān)協(xié)會(huì)標(biāo)準(zhǔn)，以確保其獨(dú)立性和客觀性。不當(dāng)行為：根據(jù)國際內(nèi)部