東吳大學會計學系控制
謝 永 明
Why Controls?
To ensure attainment of objectives
To lessen risks of unwanted outcomes
Heightened awareness of scandals控制
Emphasis by stockholders on corporate governance
Management’s legal responsibilities
Highly publicized management and employee fraud
企業的威脅與控制
威脅係指不利的潛在事情或情況，若實際發生時，將對企業造成傷害及損失。
控制則是指對於物件、有機體或系統的活動加以限制或引導的過程。
企業在規劃及設計相關控制之前，應先了解其所面臨的威脅，才能制定出一套有效的控制制度。
企業的威脅與控制
威脅係指不利的潛在事情或情況，若實際發生時，會對於資訊系統或組織造成傷害及損失。
控制則是指對於物件、有機體或系統的活動加以限制或引導的過程。控制
風險(risk)係指威脅實際發生的可能性，可以0到1的機率值表示。
若威脅實際發生，企業因而可能產生的損失稱為暴險度(exposure)。
Fraud and Control
Fraud: deliberate act (蓄意行為)or untruth intended to obtain unfair or unlawful gain.
Management charged with responsibility to prevent and/or disclose fraud.
Control systems enable management to do this job控制
Common Business Exposures
Erroneous recordkeeping
Unacceptable accounting
Business interruption
Erroneous management decisions
Fraud and embezzlement(盜用, 侵占)
Statutory sanctions(罰則)
Excessive costs控制
Loss or destruction of resources控制
Competitive disadvantage
Efforts to Define IC
Before mid-70s, principal definition came from AICPA (SAP 33 and before)
Principal components were to:
Safeguard assets
achieve accurate & reliable accounting data
promote operational efficiency控制
encourage adherence to prescribed managerial policies.
Later efforts to define IC
SAS 55 - 1988