摘要: | 依美國科索委員會(COSO)與國際內部稽核協會(IIA)共同發表的風險管理框架相關指引,內部控制的三道防線,明確和分配與內部控制相關的職責定位。稽核人員為內控制度的第三道防線,不參與企業或機構的營運,監督營運,以確保營運中三大目標的達成(法令規章遵循、營運的效果與效率、報導的可靠性、及時性、透明性)。稽核的範圍,包含營運中的研發、銷售、採購、生產、薪工、不動產廠房設備、投資、融資、資通安全共九大循環,尚有其他控制作業如:印鑑管理、關係人交易、或有事項、法令規章等等,合計十大循環。稽核人員執行工作時所需知識廣泛,培訓能力不易,再公開發行以上的公司強制設立稽核人員,超過50%以上的公司稽核人員僅一位。稽核人員的交流學習管道不多。而因近年舞弊案件頻傳及公司治理議題的興起,董事會和公司對稽核人員的期望由防弊轉向興利,亦因企業或機構普遍使用ERP 系統記錄營運交易資料,稽核人員由傳統的紙本抽核轉向ERP電子資料的稽核。
本研究結合品保QC新舊手法的運用,在稽核的過程中,利用統計和分析圖表的方式,全面性評估稽核風險項目,使稽核範圍擴大、將時間和資源分配於重要或高風險的項目,並以圖示方式呈現結果,以使受查單位或利害關係人易懂易看,以全面母体稽核為目標,降低稽核風險。
使用的7大手法,在免費的軟體和EXCEL的基礎上即可使用,方便且成本低易,使稽核不受資源不足的限制。介紹7大手法的特性和稽核適用的時機及注意事項,並佐以案例輔助,以接近稽核工作的模式,使稽核人員容易了解。
稽核是不斷精進的工作,過去傳統的書面抽樣,至目前常用的數據分析,或持續性監控的風險管理,越來越接近營運步調的策略稽核,都顯示了利害關係人對稽核功能的不斷提升和稽核人員的能力。 ;According to the risk management framework guidelines jointly issued by COSO and IIA, the three lines of defense of internal control define and assign responsibilities related to internal control. Auditors are the third line of defense in the internal control system. They do not participate in the operation of the enterprise or organization, but supervise the operation to ensure the achievement of the three objectives in the operation (compliance with laws and regulations, effectiveness and efficiency of the operation, reliability, timeliness and transparency of the reporting). The scope of audit includes ten cycles of operational. Auditors need extensive knowledge to perform their work, and it is not easy to train them. Over 50% of Companies only have one auditing staff. Auditors have few communication and learning channels. However, due to frequent fraud cases and the rise of corporate governance issues in recent years, the board of directors and the company′s expectation of auditors has shifted from fraud investigation to promoting benefit. Also, due to the widespread use of ERP system to record operating transaction data, auditors have shifted from traditional paper-based auditing to ERP auditing.
This study combined with qa QC is the use of the old and new technique, in the process of audit, the method of statistics and analysis chart, a comprehensive evaluation of audit risk of project, make the audit scope, time and resource allocation in important or risky projects, and in this way the results, in order to make the unit or the interested party to understand easy to see, aiming at comprehensive maternal audit, reduce the audit risk.
The 7 techniques are available on the basis of free software and EXCEL. They are easy to use and cost effective. This paper introduces the characteristics of the 7 techniques and the timing and precautions for the application of the audit, supplemented by cases, so as to approach the audit mode and make it easy for auditors to understand.
Audit is a work of continuous improvement. The traditional written sampling in the past, the data analysis commonly used now, or the risk management of continuous monitoring, and the strategic audit closer and closer to the operating pace all show the continuous improvement of the audit function of stakeholders and the capability of auditors. |