The Research Of The Enterprise's Risk Appraisal System Based On The COSO Framework

In July 2002,the United States Federal Government enacted the Sarbanes-Oxley Act.The section 404 of this Act required publicly registered companies to report on the effectiveness of the company's internal control over financial reporting,SEC recommended using the Committee of Sponsoring Organization's(COSO) Internal Control-Integrated Framework which is the most widely applied model in the United States as the citerion of internal control assessment for the managers and CPA,In this Framework,risk assessment was put into as a basic element,and this Framework also pointed out the conception that control is closely related to risk.Under this background,how to identify and analyze risk has become one of the main content of the internal control,so the research on risk assessment of COSO Framework has important meanings.This paper concentrates on a basic element of the internal control system-risk appraisal to progress my research.First,this paper interprets the theory about risk and risk appraisal.Then this paper analyzes the viewpoint of COSO about risk appraisal. Second,I designed a easy and practical risk appraisal system with two levels based on the theory analysis,the theory of financial management,accounting,and statistics. This system follows quantitating as possible principle and uses quantitative method combined with qualitative method.At last,in order to test the practicability of the system,this paper chooses a company as the sample enterprise to checkout.After testing,we found that this system can appraise the overall risk of the company accurately and promptly.According to the appraisal result,we can know the risk level of the company.This paper is committed to fill the blank of COSO Framework,which has no specific aspects of the operation of enterprise's risk appraisal.Enterprise's Risk Appraisal System will enhance the practicality of COSO Framework.At the same time,this two level enterprise's risk appraisal system which can be used by most enterprises is enable enterprises know their risk on entire enterprises and on operational aspects clearly and in time.It also capable of helping the enterprises find out the key points of dzay-to-day risk control.This will lay a solid foundation to enterprise's internal control.