The traditional evaluation method of internal control mechanism is mainly to describe and analyze the appropriateness and effectiveness of internal control mechanism, as well as the implementation effect when completing the assigned duties. The logical sequence of testing and evaluating internal control is "control → risk → evaluating whether the control purpose is realized", which shows that it is more of an after-the-fact feedback, which provides information to help management strengthen and improve internal control after confirming the weak links of internal control. This kind of after-the-fact evaluation is a lagging method, not a preventive method. These methods can't examine the risks according to the enterprise objectives, nor can they arrange corresponding measures to control the risks according to the risks, so they can't meet the needs of modern management more and more.
(B) Modern internal control evaluation method based on risk management
The logical sequence of modern internal control testing and evaluation is "goal → risk → control". At the same time, the audit strategy will be adjusted according to the enterprise risk assessment, the audit focus will be determined, and high-risk areas will be paid close attention to, so as to provide more relevant information that meets the needs of the management and the board of directors, thus ensuring the interests of the investors. Based on this, the following introduces several risk-oriented evaluation methods of modern internal control mechanism.
1. Benchmark comparison method
The benchmark is to compare the activities of this enterprise with the people engaged in this activity, so as to put forward the action methods to make up for their own shortcomings. (ALLTEL Company of the United States uses this method for internal control) It is generally divided into the following two steps:
First of all, enterprises need to establish or confirm the a 1 convention in their own industries.
Secondly, understand the actual situation of the overall framework of enterprise risk management and compare it with a 1 practice, and evaluate the gap through quantitative or qualitative methods.
2. Risk control matrix
Risk and Control Matrix (RCM) is a worksheet established by auditors according to the business objectives of the enterprise and the relationship between risk and control, so as to ensure that audit recommendations can solve important risks, as shown in Table 2.
Risk control matrix is the key document in the process of gap analysis and audit. RCM provides a control example for the risks related to the company, the control to be achieved and the current control status.
3. Control self-evaluation methods
Control self-evaluation is a new internal control evaluation method, which embodies the new concept of internal control evaluation. Canada Gulf Resources Limited adopted the control self-evaluation method for the first time in 1987. It is a new method to check and evaluate the effectiveness of internal control, and it is a process in which members of an organization evaluate the risks and control of organizational activities with the help of internal audit institutions.
CSA emphasizes that the internal control system is neither the responsibility of internal audit nor the concern of senior management. On the contrary, it should be regarded as the responsibility of all employees. Control self-assessment reflects that people who participate in the risk assessment process and implement the whole control process should be asked. The continuous improvement it contains is very consistent with the concept of modern total quality management, and has similarities with the concept of overall cooperation and the mode of group learning, so it has great potential in today's commercial society.
The research and practice of internal control theory have developed so far, and the national government's regulations on internal control management are constantly improving, which has obvious guiding significance. In practice, various evaluation methods of enterprise internal control mechanism are constantly improving and updating, so as to promote the development of enterprises to a greater extent and ensure the economic interests of main input factors. The development and renewal of internal control will better strengthen the internal management of China enterprises and the interests of effective factor investors, and better evaluate the effectiveness and management level of operators.