Tuesday, October 19, 2010

On the subject of internal control and internal control environment


Description: control environment is the implementation of internal control is effective to control the key factors in the success of the master control environment and control subject how to overcome the limitations of internal control, so that a good implementation of the internal control environment and internal control to play for China's economic development maximum impact.


Internal Control System Guidelines states: "Internal control including the control environment, risk management, control activities, information and communication, and supervision of five elements", the five elements of the division method and the current internal controls on the international success of the latest phase of convergence, is our "Accounting Law" management system supporting measures, and it is international practice to connect with the portrayal, but also solve an important means of accounting information distortion. As the internal control their own limitations and characteristics of Chinese enterprises themselves, although the internal control for our business management play a decisive role, however, a problem which is worthy of study. Now I turn on the internal control environment, their understanding of the principal.

Five elements, the primary factor controlling the environment, criteria are defined as follows: that constitute an organization's internal control environment reflects the personnel within the organization, especially the attitude of the management of internal controls, internal control is the basis for other elements. The factors affecting the control environment management philosophy and operating style of management, board of directors and internal oversight bodies of the settings, set the internal organizational structure and division of responsibilities and authority, human resources policy and implementation, staff ethics and integrity, competence.

Analysis on the control environment of the specific factors, one is "people" of factors, including management, board of directors, staff professional ethics and integrity, competence on one side, procedural and organizational issues, Ru internal oversight bodies, internal organization and institutional settings division of duties and powers, if the company has established reasonable control policies and procedures, but the decision makers negligence, inattention, misjudgment, the functions of ultra vires, arbitrary commands on the control of the majority, it will cause a control failure will result in ineffective control model, if the executives collude collusion, the surface of internal control exist, in fact it is a failure, if the internal oversight body set up is ineffective oversight, in addition, subject to the principle of cost-effectiveness of the restrictions, most of the internal control daily routine for the economic business, and individual, incidental business, less the establishment of the corresponding control, in the event of such business, there is not that appropriate control and internal control should be varied, with different economic things happen to produce and adapt to change, rather than the simple system and framework.

Is not difficult to understand the implementation of the internal control system is based on several assumptions, controlled entities assuming, controllability assumptions, human nature, not channeling through the assumption of "people" are those who join the chain of internal control, different roles In the role of internal control are also different, specific analysis is as follows:

1. Management. Management ideology of the establishment of a highly effective internal control environment plays a key role in the absolute, that management is the basis of the internal control environment. First of all, including management's attitude to the business risks and control business risk approach, followed by knowledge of enterprise management and the importance attached to the third, of the accounting work attitude and action. If the management authority by one person or a small number of controlled, especially in our country, from state-owned enterprise into a joint stock or limited liability company of the majority, and such a company more or less the color with the SOEs, and one final solution are common occurrences, signed a collective together, a collective mandate, it is useless, Ru Asia closed bankruptcy of Guangdong International Trust and Investment are related to internal control leadership to the degree of emphasis is directly related to attitude towards, management, 鍏锋湁 of scientific, objective, sex is always the truth, the manager's attitude and understanding of the problem is with a high degree of subjectivity. How to avoid the blindness in our decision-making, management science and normative, top management attitude towards the implementation of internal control and understanding of the role is implied, and they have demonstrated this kind of attitude, has a deeper reason: interest-driven, according to the survey shows that the board members of listed companies within 100% of the directors of the company accounted for 22.1% of valid samples, 50% of the directors of the company's internal accounting for 78.2% of the effective number of samples, chairman and general manager, who serve as the company's accounting 47.7% of the total sample, we can see, we must improve the corporate governance structure, the establishment of true corporate governance structure, so managers away from "personal interests", the exercise of an internal control manager or the implementation of the rights and obligations.

2. The specific implementation of the internal control system are: internal control processes as the operator, in the control chain is involved in the dual role which, for the next part is the controller, the last link is that the controlled, if there is a good control procedures and organization, a clear upper management, then the specific impact of the effect of internal control is to control the implementation of those. At this point, accounting plays a more important role, because the accounting system is the primary means of internal control. Their professional ethics and quality of the decision of this chain a smooth and fluent rotation and how to tap the potential of which maximize the effectiveness of internal control, I believe that there are two, one, to meet human needs. People have a desire to succeed psychological needs, and welfare and the treatment is its embodiment of the principle of considering the premise of cost-effectiveness, authority and management of prices linked to the implementation of the hard work of those who find and lose the will to lose The generous financial resources, management practices to reduce short-term workers to "love" with business. The second is to strengthen professional training of workers, especially the late accounting education, our national accounting standards followed by the pace of international accounting standards, has issued guidelines that guide the work of our accounting people, if not in time to learn the rules at home and abroad, not only like a battlefield The defeated, was the reality out more corporate losses.

Management, implementation of the internal control environment are the main form, not only independent but complementary, if the internal control environment in the upper management of the control to create a good atmosphere and the beginning of the implementation of those conscientiously perform internal control functions, then, a good internal control environment, and hang the national laws and regulations in the units of implementation, security and integrity of the assets, management information, financial and accounting information of the true, complete, to avoid or reduce risks, improve management efficiency and realization of management's management policy and goals?






相关链接:



WMV to MPEG



First Financial Weekly: Direct Supply In The Shadow Of Digital China



remove drm from itunes music m4p m4a PROTECTED aac



for you Flash Tools



Review Fax Tools



WINGATE FAQ



Spring scene photos using Photoshop will be processed into autumn SCENERY



Utilize all practical use of small floating window all captures Thunder 5.9



ASF to MPG



Negative comments: the right decision, "patron saint"



AVI to 3GP



BenQ compete in, with a hope that the Road



World Cup Counterparts: Illustrator Drawing Three Cases Of Football



Monday, October 11, 2010

Fraud warning: Fishing the latest plot and potential threats



As consumers and businesses can create a potential threat of cyber crimes, fishing in the past few years to the spread, the deceptive tricks are endless. The current downturn in the economic form, but also provides a breeding ground for fish, there has been the use of new social engineering to fraud without the knowledge of the phenomenon of consumers and business users.

First, fishing without boundaries

Fishing - to lure computer users to provide sensitive information, identity theft and business data - on both businesses and consumers a very real threat. In the past 10 the next year, the infiltration fishing, fishing in the daily attacks around the world, about 8 million times.




Anti-Phishing Working Group (APWG) reported that, in the second quarter of 2008, light phishing attacks rose by 13%, more than 28,000 times. It also reported that, in the same period, the infected computers to steal the password code, can be used to spread malicious software has been broken on the website 9500 - compared with the same period in 2007, an increase of 258%. Figure 1 shows the fishing - spear phishing in the 16 months of growth.

Second, beware of the latest phishing scheme

* Spear phishing (spear phishing)

Spear phishing attacks only against specific targets, usually the object lock is not a general person, but to a specific company, organization members, such as well-known banks, financial companies and their executives and so on.

Consumers are not the only spear phishing attack target. More and more employees are cunning criminals eyeing. Their goal is to obtain bank information, customer data and other information to support criminal acts of their network.

According to VeriSign iDefense, spear phishing attacks in April 2008 to May during the company launched the attack, reached unprecedented levels. The aim of these attacks is the company's senior management and other important figures. In 15 months, the number of victims of corporate users as much as a staggering 15,000. These victims include Fortune 500 companies, government agencies, financial institutions and law firms.

* Business Services phishing

In addition to spear phishing, the fishing new plot also targeted phishing attacks on commercial services. For example, the use of Yahoo! Introduced relations and Google's AdWords for fishing. According to PhishTank report, AdWords customers will be an e-mail to remind them of accounts need to be updated. , The user will be asked to visit the AdWords interface and a fake credit card information. As many SMEs rely on online advertising to provide site traffic, marketing managers who are vulnerable to anglers eye on.

* The use of economic intimidation launch phishing attacks

Gloomy economic situation, as the criminals phishing attacks launched to provide the facilities. For example, e-mail posing as financial institutions need to obtain from a victim of bank cards, deposits and loans and other financial information, to help deal with bankruptcy or mergers, acquisitions and other matters. A large number of mergers and acquisitions information, so that consumers are confused. To make matters worse, the lack of unified communications, even for those who have nothing to fear of fraud.

* Hybrid Fishing / malware threats

In order to increase the success rate, number of phishing attacks with malicious software, combined manner. For example, a potential victim received phishing e-cards sent by mail, by clicking on the card, the user will not know the conditions in a fake Web site to enter, and the infection site to automatically download over the Trojans . In addition, victims may see a message before viewing the cards need to download the updated software (eg Flash). When the user of the software, when in fact it is a keylogger.

Fishing-based keylogger will track each user access record, and monitor them useful information, such as online shopping, bank card accounts and passwords and other sensitive information.

Another allow phishers to capture sensitive information, Trojans, it is redirected. Redirect the user to enter not make its intended site. At present, based on fishing, keyloggers and redirection are pandemic.

* Middleman SSL penetration attacks

In 2008, the emergence of a new encrypted session enables criminals to deceive the malicious software. This variant of the standard middle attack that allows criminals access to the network transmission unprotected passwords and other sensitive information.

* SMS and phone phishing scams

Phishers may use SMS instead of email to impersonate a financial institution and obtain confidential account information. Known as smishing (short message through phishing attacks), is a typical cellular phone fraud, it will notify the user bank account has been compromised or bank card is disabled, and requested a telephone call to restore banking services. Once cell phone users visit the Web site or through automatic telephone system, will be disclosed fraudulent financial information and bank PIN number.

Third, the impact of fishing on the business

While the financial industry has always been a major target for phishing attacks, but it is not the sole objective of being phishing attacks. Online payment, donation sites, retail and social networking sites often become prey to anglers. Anti-Phishing Working Group (APWG) reported that cell phone providers and manufacturers against phishing attacks also showed a significant growth trend. In other words, no industry or field to escape danger from attack.

Posing as a company's official website phishing attacks, would seriously damage the company's brand image and hurt the confidence of users, allows users to not dare to visit the official website. In addition, the company will be subject to the following effect:

* The impact of customer trust, online revenue and click-through rate will decline

* Once the customer data was leaked, the company should pay compensation

Phishing attacks also cause the user can not easily conduct online transactions, especially for those who do not trust them.

Fourth, to prevent phishing attacks

Although there is no way to deal once and for all phishing attacks, but can still use some techniques to protect your users and your interests.褰撳墠鐨勯挀楸兼妧鏈紝涓昏杩樻槸渚濊禆浜庤浣跨敤鎴风櫥闄嗕吉閫犵綉绔欒幏鍙栫敤鎴蜂俊鎭?璇稿SSL銆丒VSSL绛夋妧鏈湪闃茶寖閽撻奔鍜屽叾浠栧舰寮忕殑缃戠粶鐘姜鏂归潰锛岃繕鏄捣鐫?嚦鍏抽噸瑕佺殑浣滅敤銆?br />
銆??瀹炵幇瀹夊叏鐨勬渶浣冲仛娉曞氨鏄紝寮?惎鏈?珮绾у埆鐨勫姞瀵嗗拰璁よ瘉鎺柦銆係SL锛學eb瀹夊叏鐨勪笘鐣岀骇鏍囧噯锛屽畠鍙互瀵瑰埄鐢℉TTS鍗忚浼犺緭淇℃伅杩涜鍔犲瘑淇濇姢銆傚綋鍓嶇殑缁濆ぇ閮ㄥ垎鎿嶄綔绯荤粺銆乄eb娴忚鍣ㄣ?Internet搴旂敤绋嬪簭鍜屾湇鍔″櫒纭欢閮藉唴缃湁瀵筍SL鐨勬敮鎸併?

銆??涓轰簡甯姪鏈夋晥闃叉閽撻奔鏀诲嚮锛屽苟澧炲己鐢ㄦ埛淇′换锛屽叕鍙镐篃闇?涓?鍙互鍚戠敤鎴疯瘉鏄庡叾涓哄悎娉曠綉绔欑殑鏂规硶銆侲V SSL璇佷功鍙互甯姪浼佷笟瀹炵幇杩欎竴鐩殑銆傚畠鏄叏鐞冮鍏堢殑鏁板瓧璇佷功棰佸彂鏈烘瀯鍜屼富娴佺殑娴忚鍣ㄥ紑鍙戝晢鍏卞悓鍒跺畾鐨勪竴涓柊鐨凷SL璇佷功涓ユ牸韬唤楠岃瘉鏍囧噯锛岃鏂颁竴浠e畨鍏ㄦ祻瑙堝櫒(濡傦細IE7)鑳借瘑鍒嚭 EV SSL 鑰屽湪鍦板潃鏍忔樉绀轰负缁胯壊锛岃鏅?娑堣垂鑰呰兘纭俊姝e湪璁块棶鐨勭綉绔欏氨鏄?杩囨潈濞佺涓夋柟涓ユ牸韬唤楠岃瘉鐨勭幇瀹炰笘鐣岀殑鐪熷疄瀹炰綋锛屼粠鑰屽寮烘秷璐硅?淇″績锛屼績鎴愭洿澶氬湪绾夸氦鏄撱?




銆??铏界劧缃戠粶鐘姜鍒嗗瓙姝e彉寰楄秺鏉ヨ秺浼氭ā浠垮悎娉曠綉绔欙紝浣嗙敱浜庝粬浠病鏈塃V SSL璇佷功锛屽洜姝ゅ湪鍦板潃鏍忎笂 骞朵笉鑳芥樉绀哄嚭浠栦滑鐨勫悎娉曚俊鎭?

銆??闄や簡鍒╃敤EV SSL璇佷功鎶?湳澶栵紝浼佷笟杩樺簲璇ュ鍛樺伐鍜岀敤鎴峰氨缃戠粶琛屼负鍜屽浣曢伩鍏嶆璇堣繘琛屽浼犲拰鏁欒偛銆傛暀瀵间粬浠浣曡瘑鍒豢鍐掔綉绔欙紝濡傦細鎷煎啓閿欒銆佸己鐑堣姹傜敤鎴锋彁渚涗釜浜轰俊鎭?浼?鍩熷悕鎴栬?鏈煡閾炬帴銆?br />
銆??杩樿鏁欒偛浣犵殑瀹㈡埛鍜屽憳宸ワ紝鍦ㄦ彁渚涗换浣曚釜浜轰俊鎭垨鑰呭叾浠栨晱鎰熶俊鎭箣鍓嶅浣曡瘑鍒竴涓湁鏁堢殑銆佸畨鍏ㄧ綉绔欙細

銆??*鏌ョ湅缁胯壊鍦板潃鏍?br />
銆??*纭繚URL涓篐TTPS

銆??*鏌ョ湅瀹夊叏鏁板瓧璇佷功

銆??涓轰簡娑堥櫎閽撻奔鏀诲嚮甯︽潵鐨勬亹鎯э紝鏁欏鍛樺伐鍜屽鎴锋槸鏍戠珛蹇呰鐨勪俊浠荤殑鍏抽敭缁勬垚閮ㄥ垎銆傞?杩囧府鍔╁鎴风悊瑙e浣曠‘璁や粬浠槸鍚︾櫥闄嗗悎娉曠綉绔欙紝浼佷笟鍙互鑾峰緱鏇村鐨勫湪绾夸氦鏄撳拰鐢ㄦ埛璁块棶锛屽苟鎵╁ぇ鐭ュ悕搴﹀拰鏁翠綋閿?噺銆?br />
Summary

銆??缃戠粶閽撻奔浼氱户缁紨鍙樻垚鏂扮殑鑺辨牱锛屽畠浠瘯鍥惧埄鐢ㄤ汉浠浐鏈夌殑鍚屾儏蹇冦?淇′换鎴栬?濂藉蹇冿紝鏉ュ紑灞曚竴杞張涓?疆鐨勯挀楸兼椿鍔ㄣ?鍥犳锛屼繚鎶や紒涓氬搧鐗屽拰瀹㈡埛闇?浼佷笟浠樺嚭涓嶆噲鐨勫姫鍔涖?鍒╃敤鏈?珮绾у埆鐨勫畨鍏ㄩ槻鑼冩帾鏂藉拰EV SSL璇佷功鏁欏鍜屼繚鎶や綘鐨勫鎴凤紝鍙互璁╁鎴峰浼佷笟鐨勫湪绾挎湇鍔″厖婊′俊蹇冦?







相关链接:



3GPP to WMV



XviD to iPhone



ram upgrade how much Is the best for your



TOD CONVERTER