Summary of enterprise internal control standard system
A brief explanation of the basic norms of enterprise internal control
Characteristics, limitations and objectives of internal control norms
I. Overview of enterprise internal control system
A, China enterprise internal control standard system diagram.
June 28th, 2008 and April 26th, 20 10 (18+2 guidelines came into effect. Flv), Ministry of Finance and other five ministries and commissions jointly promulgated Basic Standards for Enterprise Internal Control, 18 Guidelines for the Application of Enterprise Internal Control, Guidelines for the Evaluation of Enterprise Internal Control and. This marks the basic formation of our internal control system.
China enterprise internal control standard system diagram
Second, the supporting guidelines for internal control of enterprises are applied at different levels.
Application Guide (published 18): It covers all aspects and links of enterprise management from corporate governance, internal environment, process, control points and control means.
18/26, corresponding to the hierarchy of accounting standards system.
It is divided into three categories: A internal environment category 5: organizational structure, development strategy, human resources, corporate culture and social responsibility. Class A standards regulate relevant control measures at the enterprise level; B control activity category 9: 9 items including fund activities, procurement business and asset management; C control means category iv: comprehensive budget, contract management, etc. Class BC guideline is to sort out the process, find out the risk points and weak links, and put forward control measures.
These 18 guides are easy to understand, simple and easy to operate, and have strong operability.
In the leading position, it provides guidance for enterprises to establish and improve the internal control system.
Ⅱ. A Brief Explanation of "Basic Standards for Enterprise Internal Control"
I. Basic normative framework
Chapter VII, Article 50 of the Basic Norms.
Including: general principles, internal environment, risk assessment, control measures, information and communication, supervision and inspection and supplementary provisions.
To sum up, there are five fives:
Five ministries and commissions jointly issued: Ministry of Finance, China Securities Regulatory Commission, National Audit Office, China Banking Regulatory Commission and China Insurance Regulatory Commission.
Five goals: reasonably ensure the legality and compliance of enterprise management, asset safety, authenticity and integrity of financial reports and related information, improve operating efficiency and benefit, and promote the realization of enterprise development strategy.
Five principles: comprehensiveness, importance, balance, adaptability and economy.
Five elements: internal environment, risk assessment, control activities, information and communication, and internal supervision.
Five core chapters and 50 articles
Second, the purpose and basis of formulating the guidelines
"Article 1 (Purpose) In order to strengthen and standardize the internal control of enterprises, improve the management level and risk prevention ability of enterprises, promote the sustainable development of enterprises, and safeguard the order of socialist market economy and public interests, according to the Company Law of People's Republic of China (PRC), the Securities Law of People's Republic of China (PRC), the Accounting Law of People's Republic of China (PRC) and other relevant laws and regulations,
Three. Scope of application of the code
Article 2 These Standards are applicable to large and medium-sized enterprises established in People's Republic of China (PRC). Small enterprises and other units may establish and implement internal control with reference to this Code. The criteria for the division of large and medium-sized enterprises and small enterprises shall be implemented in accordance with the relevant provisions of the state.
Four, the five objectives of internal control
1. The concept of internal control
Article 3 The term "internal control" as mentioned in the first paragraph of these Standards refers to the process implemented by the board of directors, the board of supervisors, the managers and all employees of an enterprise to achieve control objectives.
(1) Internal control is the process and means to achieve the goal, not the result itself; Pay attention to the process and achieve the best results.
(2) Internal control is influenced by people at all levels in the organization, rather than just formulating a system manual or rules; All levels, all departments and all employees have the same thing.
(3) For the management or the board of directors, internal control only provides reasonable assurance, not absolute assurance; Objective and force majeure factors.
(4) The purpose of internal control is to achieve one or several goals of the enterprise, but these goals may be repeated and crossed.
Internal seal
Objective To check and correct fraud and ensure the safety of assets.
A. Internal containment includes three elements: division of responsibilities (separation of incompatible responsibilities); Accounting records; Personnel rotation
B. The two concepts of internal control are:
Two or more people or departments are unlikely to make the same mistake unconsciously; j
The possibility of two or more people or departments consciously conspiring to falsify is much lower than that of a single person or department.
C. The four functions of the internal seal are:
(1) Physical containment: It means that two or more people * * * are responsible for the necessary physical tools, while * * * can only complete some procedures of containment.
For example, the key is held by more than two people.
(2) Physical containment
Procedural constraints are mainly adopted, and established standards or business processes are used to control various departments, posts or personnel.
For example, if the door of a bank is improperly operated, it will call the police (computer control).
(3) Decentralization and containment
Through organizational planning and structural design, all business activities are divided into different departments or personnel according to their operation links, and the division of labor is implemented to prevent mistakes and omissions. That is, each business is carried out by different people or departments.
For example, the separation of authorized examination and approval personnel and business managers.
(4) bookkeeping.
Refers to organizing bookkeeping, which uses the double-entry bookkeeping principle and the cross-checking relationship between account books to restrict, supervise and contain each other.
For example, the subsidiary ledger is regularly checked with the general ledger.
COSO-General Framework of Internal Control (version 1992)
Coso-Overall Framework of Total Risk Management (2004 Edition)
Four, the five objectives of internal control
Article 3, paragraph 2: The goal of internal control is to reasonably ensure the legality and compliance of enterprise management, the safety of assets, the truthfulness and completeness of financial reports and related information, improve operating efficiency and effectiveness, and promote the enterprise to realize its development strategy.
1. Compliance objective: to promote the legal compliance of unit management.
Law-abiding integrity is the cornerstone of the healthy development of the unit, and the short-term development beyond the law will eventually pay a heavy price. The internal control system requires units to put their own development under the basic framework permitted by national laws and realize their own development on the basis of abiding by the law.
2. Security objective: to promote the maintenance of asset security.
Asset security is a major issue that investors, creditors and other stakeholders are generally concerned about, and it is the material basis for the sustainable development of the unit. Good internal control should provide a solid institutional guarantee for asset safety.
3. Reporting objective: to improve the quality of information reporting.
Reliable information report can provide accurate and complete information suitable for the established purpose for the management of the unit, and can support the management's decision-making and monitoring of business activities and performance; At the same time, it can ensure the truthfulness and completeness of the information report disclosed to the outside world, which is conducive to enhancing the integrity and credibility of the unit and maintaining its good reputation and image.
4. Business objective: to promote the improvement of business efficiency and effectiveness.
In order to improve the operating efficiency of enterprises, enterprises are objectively required to establish a management mechanism with self-control and self-adjustment functions, including organizational structure and business processes:
First of all, enterprises should set different positions for incompatible positions to form mutual containment;
Secondly, enterprises need to establish an internal control system in which decision-making mechanism and execution mechanism cooperate with each other;
Finally, according to the requirements of modern enterprise system, establish a corporate governance structure with unified and coordinated decision-making power, execution power and supervision power to ensure asset safety and operational efficiency.
It requires enterprises to improve the profitability and management efficiency of their business activities through sound and effective internal control in combination with their own business and economic environment.
5. Strategic objective: to promote enterprises to realize their development strategy.
This is the ultimate goal of internal control. It requires the unit to combine short-term interests with long-term interests, and strive to make strategic choices that meet the strategic requirements, help improve the ability of sustainable development and create long-term value for the unit's operation.
Five principles of internal control
Article 4 An enterprise shall follow the following principles when establishing and implementing internal control:
(1) Comprehensive principle. Internal control should run through the whole process of decision-making, implementation and supervision, covering all businesses and matters of the enterprise and its subordinate units.
(2) the principle of importance. Internal control should focus on important business matters and high-risk areas on the basis of comprehensive control.
(3) the principle of checks and balances. Internal control should restrict and supervise each other in governance structure, organization setting, power and responsibility distribution and business process. , taking into account operational efficiency.
(4) the principle of adaptability. Internal control should be adapted to the business scale, business scope, competition and risk level of the enterprise, and be adjusted in time with the changes of the situation.
(5) The principle of cost-effectiveness. Internal control should weigh the implementation cost and expected income to achieve effective control at an appropriate cost.
Six, the five elements of internal control
Internal environmental risk assessment and control activities information and communication internal supervision
First, the internal environment
1. Internal environment: stipulating the discipline and structure of the unit, affecting the formulation of business management objectives, shaping the culture of the unit and affecting the control consciousness of employees is the basis for implementing internal control.
2, including content
(1) corporate governance structure, such as the division of labor and checks and balances between the board of directors, the board of supervisors and the management, their responsibilities and powers in internal control, and the function of the audit committee;
(2) Although there is no unified model for the internal organizational structure and the distribution of powers and responsibilities, the organizational structure adopted should be conducive to improving management efficiency and ensuring the smooth flow of information;
(3) Internal audit mechanism, including the establishment of internal audit institutions, staffing, work development and the guarantee of its independence;
1) Audit Committee
Conditional enterprises should set up an audit committee under the board of directors, and ensure the independence of the audit committee and its members.
2) Internal audit institutions
(4) the human resources policies of the unit, such as the compulsory leave system for employees in key positions, the regular rotation system, and the restrictive provisions on the resignation of employees who have mastered state secrets or important business secrets;
(5) unit culture, including the overall risk awareness and risk management concept of the unit, the integrity and moral values of the board of directors and managers, and the legal concept of all employees of the unit.
Generally speaking, the board of directors and the person in charge of the unit play a key role in shaping a good internal environment.
Overall corporate values. Senior managers have the responsibility to cultivate positive overall values, cultivate social awareness and law-abiding awareness, and advocate the spirit of dedication, enterprising innovation, teamwork and law-abiding.
Management concept and style of top managers. Senior managers should strengthen their risk awareness and avoid the adverse effects and losses that may be brought to enterprises due to personal risk preference.
Second, risk assessment.
1. Risk: refers to the impact of potential events on the realization of objectives;
2. Risk assessment: it is an important link for the unit to identify and scientifically analyze the risks related to the realization of control objectives in business activities and reasonably determine the risk response strategies;
3. Risk assessment mainly includes: target setting, risk identification, risk analysis and risk response;
4. Risks are associated with control objectives that may be affected. Units must set targets related to production, sales, finance and other businesses, and establish a mechanism to identify, analyze and manage related risks, so as to understand various internal and external risks faced by units;
5. Risk factors: Risks are usually manifested in various potential matters and factors, including external factors such as economic factors, natural environmental factors, legal factors, social factors and scientific and technological factors, as well as internal factors such as human resources, management, independent innovation, finance, safety and environmental protection.
Internal risk factors:
–Personnel quality factors such as professional ethics of senior managers, professional ability and team spirit of employees;
–Management factors such as business model, asset management, business process design, preparation of financial report and information disclosure;
–Basic advantages such as financial status, operating results and cash flow;
-technological factors such as research and development, technology investment and application of information technology;
–Safety and environmental protection factors, such as operational safety, employee health and environmental pollution.
External risk factors:
Economic factors such as economic situation, industrial policy, resource supply, interest rate adjustment, exchange rate change, financing environment and market competition;
Legal factors, such as laws, regulations and regulatory requirements;
Social factors such as cultural tradition, social credit, educational foundation and consumption behavior;
-Technical factors such as technological progress, process improvement and e-commerce;
-Natural disasters, environmental conditions and other natural environmental factors.
6. Risk identification method
Enterprises can identify relevant risk factors through discussion, questionnaire survey, case analysis and consulting professional institutions.
Special attention should be paid to summing up and absorbing the past experience and lessons of enterprises and the experience and lessons of the same industry, and paying more attention to high-risk and multi-risk factors.
7. Risk analysis:
Risk analysis refers to the analysis and identification of possible risks in the process of achieving related goals, thus forming the basis for determining how to manage risks.
Risk analysis standard. Enterprises should analyze the identified risk factors from two aspects: the possibility of risk occurrence and the degree of influence, and determine scientific and reasonable qualitative and quantitative analysis standards.
Risk ranking. Enterprises should rank risks according to the results of risk analysis, the importance of risks and professional judgment, and determine the important risks that should be paid attention to.
8. Common risk coping strategies Risk coping means that the management of an enterprise chooses a series of measures to make the remaining risks within the expected risk tolerance after evaluating the possibility, consequences and cost-effectiveness of related risks. Risk coping methods: avoid risks. Enterprises should avoid risks that exceed the overall risk tolerance or the acceptable risk level at a specific business level. ? Adventure. If the enterprise has no intention to take further control measures for the risks within the overall risk tolerance and the acceptable risk level at the specific business level, it may take risks. ? Reduce risks. If enterprises are willing to take further control measures to reduce risks, improve profits or reduce losses after weighing costs and benefits, they can implement risk reduction. ? Share the risks. If the enterprise is willing to take further control measures, including subcontracting and purchasing insurance, after weighing the costs and benefits, so as to reduce risks, improve profits or reduce losses within the overall risk tolerance and the acceptable risk level at the specific business level, it may share risks.
Third, control activities.
1. Control activity: refers to the corresponding control measures taken by the management of the unit according to the results of risk assessment, which is a concrete way to implement internal control.
Enterprises shall, according to the results of risk assessment, take corresponding control measures to control risks within an acceptable range.
2. Common control measures
Division of responsibilities control
Overall control requirements
According to the objectives and functional tasks of the enterprise, according to the principles of science, simplification and high efficiency, the functional departments and posts are reasonably set up, and the responsibilities and powers of each department and post are clearly defined, so as to form a working mechanism that performs its own duties, is convenient for assessment and restricts each other.
Incompatible work separation system. An enterprise shall, according to the process and characteristics of various economic businesses and events, systematically and completely analyze and sort out the incompatible posts involved in the implementation of such economic businesses and events, and take separation measures in combination with the division of responsibilities. Incompatible duties usually include: authorization, examination and approval, business handling, accounting records, property custody, audit inspection, etc. ? Key post rotation system. Enterprises should combine the characteristics and importance of the post, clarify the time limit and related requirements for the rotation of employees in key positions such as accounting, establish a standardized post rotation system, and implement a compulsory vacation system for employees in key positions to ensure that the post rotation is carried out within five years at the longest.
For example, material procurement business.
Approving the purchase and directly handling the purchase are incompatible responsibilities. If these two responsibilities are undertaken by one person, it means that employees have the right to decide what and how much to purchase, as well as the purchase price and time. Without the supervision and restriction of other posts or personnel, fraud is easy to occur.
Authorization control
Overall control requirements
Enterprises shall, according to the division of responsibilities, clarify the scope of authority, examination and approval procedures and corresponding responsibilities of various departments and posts in handling economic business and matters. Managers at all levels within the enterprise must perform their duties within the scope of authorization, and enterprise managers must handle business within the scope of authorization.
(1) General authorization control. Conventional authorization refers to the authorization carried out by an enterprise in accordance with established responsibilities and procedures in its daily operation and management activities. Enterprises can compile authority guidelines according to the conventional authorization and publish them in an appropriate form, so as to improve the transparency of authority and strengthen the supervision and management of the exercise of authority.
(2) Temporary authorization control. Temporary authorization refers to the emergency authorization of enterprises under special circumstances and specific conditions. Enterprises should strengthen the management of temporary authorization and standardize the scope, authority, procedures, responsibilities and related recording measures of temporary authorization. Conditional enterprises can gradually reduce temporary authorization through telecommuting.
(3) Collective deliberation or joint signature system. Enterprises should implement the system of collective decision-making approval or joint signing for economic business and matters with large amount, high importance, strong technology and wide influence. No individual may make decisions independently or change the collective decision-making opinions without authorization.
Audit approval control
All departments and posts of an enterprise shall, in accordance with the prescribed authorization and procedures and with the completeness of relevant information, examine and verify the facts, regulations and rationality of relevant economic business and matters, sign opinions, sign or sign on behalf of them, and make a decision on approval, disapproval or other treatment.
budgetary control
Enterprises should strengthen budget preparation, implementation, analysis and assessment management, clarify budget items, establish budget standards, standardize budget preparation, approval, release and implementation procedures, timely analyze and control budget differences, and take improvement measures to ensure budget implementation.
Property protection control
Enterprises should restrict unauthorized personnel from directly contacting and disposing of property, and take measures such as property recording, physical storage, periodic inventory, reconciliation and property insurance to ensure the safety and integrity of property.
Accounting control system
An enterprise shall, in accordance with the Accounting Law of People's Republic of China (PRC) and the unified national accounting system, formulate an accounting system suitable for the enterprise, clarify the procedures for the disclosure of accounting vouchers, accounting books, financial reports and related information, standardize the selection criteria and examination and approval procedures of accounting policies, establish and improve the methods for the custody of accounting files and the handover of accounting work, implement the post responsibility system for accounting personnel, give full play to the supervision function of accounting, and ensure the truthfulness, reliability and completeness of enterprise financial reports.
★ Accounting system control
★ Requirements for the establishment of enterprise accounting system
Accounting institutions shall be established according to law and equipped with accounting personnel.
The person in charge of an accounting institution shall have the professional and technical qualifications of an accountant or above.
Large and medium-sized central enterprises should have a chief accountant, not a deputy with overlapping positions.
★ Three elements of internal accounting control
Internal reporting control
Enterprises should establish and improve the internal reporting system, clarify the procedures for the collection, analysis, reporting and processing of relevant information, provide important information in business processes in a timely manner, fully reflect economic activities, and enhance the timeliness and pertinence of internal management.
Internal reporting methods usually include regular reports, real-time reports, special reports and comprehensive reports.
Analysis and control of economic activities
Enterprises should comprehensively use the information of production, purchase and sale, investment, finance and other aspects, and use the methods of comparative analysis, ratio analysis, factor analysis and trend analysis to regularly analyze the business management activities of enterprises, find out the existing problems, find out the reasons, and put forward suggestions and countermeasures for improvement.
Performance evaluation and control
Enterprises should scientifically set up a performance evaluation index system, compare performance indicators such as budget indicators, profit levels, return on investment, and safety production targets, assess and evaluate the current performance of various departments and employees, honor rewards and punishments, and strengthen incentives and constraints for all departments and employees.
Information technology control
Enterprises should combine the actual situation and the application degree of computer information technology, establish an information control process suitable for their own business management, improve business processing efficiency, reduce and eliminate human manipulation factors, and at the same time strengthen the control of computer information system development and maintenance, access and change, data input and output, file storage and custody, network security, etc. To ensure the safe and effective use of information systems.
Fourthly, information and communication.
1. Information and communication: timely and accurate collection and transmission of information related to internal control to ensure effective communication between the unit and the outside is an important condition of the unit.
2. The main links of information and communication are: confirming, measuring and recording effective economic business; Appropriate disclosure of financial status, operating results and cash flow in financial reports; Ensure smooth communication between management and internal and external units, including communication with stakeholders, regulatory agencies, certified public accountants, suppliers, etc.
3. Authenticity, timeliness and usefulness: The ways of information and communication are flexible and diverse, but no matter which way, the authenticity, timeliness and usefulness of information must be guaranteed.
Information collection mechanism
(1) internal information
Internal information content. It mainly includes: accounting information, production and operation information, capital operation information, personnel change information, technological innovation information, comprehensive management information, etc.
Internal information collection methods. Enterprises can obtain the required internal information through accounting materials, business management materials, investigation and research reports, meeting minutes, special information feedback, internal newspaper networks and other channels and ways.
(2) External information
External information content. It mainly includes: policies and regulations information, economic situation information, regulatory requirements information, market competition information, dynamic information, customer credit information, social and cultural information, scientific and technological progress information, etc.
Methods of collecting external information. Enterprises can obtain the required external information through legislative supervision departments, social intermediary organizations, industry associations, business units, market research, external letters and visits, news media and other channels and methods.
Information exchange mechanism
(1) internal communication
Enterprises should use the Internet, e-mail, telephone fax, information express, regular meeting, special report, investigation and study, employee handbook, education and training, internal publications and other ways to achieve accurate and timely transmission and * * * sharing of internal and external information within the enterprise, and ensure effective communication between the board of directors, management and employees of the enterprise.
(2) Foreign communication
–Communicate with investors and creditors. An enterprise shall, in accordance with the Company Law of People's Republic of China (PRC), the Securities Law of People's Republic of China (PRC) and other laws and regulations and the articles of association of the enterprise, timely report to investors the strategic planning, business policy, investment and financing plan, annual budget, operating results, financial status, profit distribution plan, major guarantee, merger and division, assets, etc. Through shareholders' meetings and investors' meetings.
–Communicate with customers. Enterprises can regularly listen to customers' opinions and suggestions on consumption preferences, sales policies, product quality, after-sales service and payment settlement. , collect customers' needs and opinions, and properly solve possible improper control problems.
–Communicate with suppliers. Enterprises can communicate with suppliers on supply channels, product quality, technical performance, transaction price, credit policy, settlement methods and other issues through supply and demand meetings, order meetings, business meetings, etc., and find out possible improper control problems in time.
–Communicate with regulators. Enterprises should know the requirements of policies and regulations and their changes from the regulatory agencies in a timely manner, and improve their own management system accordingly; At the same time, carefully understand their own problems, actively reflect their demands and suggestions, and strive to strengthen coordination with regulatory agencies.
–Communicate with external auditors. Enterprises should meet with external auditors regularly and listen to their suggestions on the audit of financial statements and internal control to ensure the effective operation of internal control and the coordination of work.
–Communicate with lawyers. Enterprises may, according to legal requirements and actual needs, hire lawyers to participate in the handling of major business, projects and legal disputes, and maintain effective communication with lawyers.
Anti-fraud mechanism
Anti-fraud content. Anti-fraud work in enterprises should at least pay attention to:
(1) Fraud in financial reporting and information disclosure.
(2) Exceeding authority, abusing power or occupying or misappropriating enterprise assets in other illegal ways.
(3) illegal use of enterprise assets to seek illegitimate interests in business activities.
(4) The fraud of senior managers may have a great impact on the internal control and management of enterprises.
⑤ Employees commit fraud alone or in collusion, causing losses to the enterprise.
Improve the complaint reporting management system. Enterprises can set up a fraud hotline, clarify the procedures, time limits and requirements for handling complaints and reports, and ensure that complaints and reports become an important way for enterprises to fight fraud and strengthen internal control.
Fifth, internal supervision.
Supervision and inspection is a process in which an enterprise supervises, inspects and evaluates the soundness, rationality and effectiveness of its internal control, forms a written report and makes corresponding treatment, which is an important guarantee for the implementation of internal control.
Supervision and inspection mainly includes continuous supervision and inspection of the overall situation of establishing and implementing internal control, special supervision and inspection of one aspect or several aspects of internal control, submission of corresponding inspection reports, and proposed targeted improvement measures.
The way of supervision and inspection
(1) continuous supervision and inspection
Continuous supervision and inspection refers to the continuous, comprehensive, systematic and dynamic supervision and inspection of the overall situation of the establishment and implementation of internal control by enterprises.
(2) Special supervision and inspection
Special supervision and inspection refers to the irregular and targeted supervision and inspection carried out by enterprises on one aspect or some aspects of the establishment and implementation of internal control.
Supervision and inspection organization
The audit committee under the board of directors of an enterprise, the internal audit institution or other relevant institutions that actually perform the duties of internal control supervision shall, according to the requirements of national laws and regulations and the authorization of the enterprise, adopt appropriate procedures and methods to supervise and inspect the establishment and implementation of internal control, form an inspection conclusion and issue a written inspection report.
Responsibility handling of supervision and inspection
For violations of internal control regulations found in supervision and inspection, timely notification and feedback should be given, and the responsibility of relevant responsible persons should be strictly investigated to maintain the seriousness and authority of internal control.
Internal control defect
(1) The concept of internal control defects. Internal control defect refers to the situation that internal control is found to have design loopholes in the process of supervision and inspection, which cannot effectively prevent errors and fraud, or that internal control has weaknesses and deviations, which cannot be found and corrected in time. Major defects refer to internal control defects that have been discovered and may seriously affect the authenticity and reliability of financial reports and the safety and integrity of assets.
(2) Internal control defect report. The enterprise shall timely report the internal control defects found in the process of supervision and inspection in an appropriate form. Major defects or major risks found in supervision and inspection shall be reported to the board of directors, the audit Committee and the general manager in a timely manner.
(3) Improvement of internal control defects. Enterprises should analyze the causes of internal control defects, put forward and implement improvement plans.
COSO internal control system theory
COSO model describes the role of five interrelated control factors, such as environmental control, risk estimation, control activities, information and communication and monitoring, in controlling the operation and management of enterprises. In COSO's report, internal control procedures are defined as processes influenced by directors, management and others in the organization to reasonably ensure the following objectives:
1, effectiveness and efficiency of operation;
2. Reliability of financial reports;
3. Abide by laws and regulations.
It constitutes the management atmosphere of the enterprise and is the basis of other internal control elements.
Professional ethics, integrity and ability of employees;
Management philosophy and management style;
The establishment of the board of directors and internal supervision institutions;
The setting of internal organizational structure and the division of powers and responsibilities;
Human resources policy and implementation, etc.
Control activities are policies and procedures to ensure the implementation of management decisions and instructions.
Control activities include: approval, authorization, verification, adjustment, business performance review, asset security and division of labor.
Supervision is the process of evaluating the design and operation of internal control by appropriate personnel.