At present, many enterprises have passed the certification of ISO900 1, ISO 1400 1, OHS 1800 1, and China has also enforced the basic norms of enterprise internal control since July 2009. So what is the relationship between the two? I. Basic and background introduction (1) The latest international version or standard. At present, the most authoritative definition standard of internal control in the world should be the sponsorship committee under the United States Anti-False Financial Reporting Committee (Sponsoring Committee of the National Fraud Commission). Financial report) (COSO Committee for short) released the internal control integration framework in September, 1992, and supplemented it in June, 1994. At present, the latest version of the integrated management system includes ISO 900/KOOC-0/:2008: 2008 quality management system requirements, ISO/KOOC-0/400/KOOC-0/:2004+0: 2004 environmental management system specifications and usage guide, OHSAS/KOOC-0/800/KOOC-0. (2) The issuer is different. 1, an international publisher, Internal Control Integration Framework was published by the Committee under the Anti-False Financial Reporting Committee jointly established by American Institute of Certified Accountants (AICPA), American Accounting Association (AAA), Financial Managers Association (FEI), Institute of Internal Auditors () and Institute of Management Accountants (). The three systems in the integrated system are basically from the International Organization for Standardization. 2. Institutions issued or formulated by China At present, the institutions that formally define internal control standards in China include the Ministry of Finance, the China Securities Regulatory Commission, the National Audit Office, the China Banking Regulatory Commission, and the China Insurance Regulatory Commission. The integrated system was issued by People's Republic of China (PRC), General Administration of Quality Supervision, Inspection and Quarantine and China National Standardization Administration. (three) the background or purpose of the system is different. 1. COSO Report on Internal Control System was born at a "crisis" moment when financial risks in the United States increased, financial fraud rose, and all sectors of society placed high hopes on internal control and independent auditors. Five professional accounting groups United and studied hard for nearly four years. The basic goal of internal control is to help enterprises run towards business objectives, complete their missions and reduce risks in the process of operation. COSO also divides internal control into three specific objectives: operational efficiency and effectiveness, reliable financial reporting and compliance with the law. The three systems of the integrated system have different specific uses. The quality management system first appeared in the integrated system, and its main purpose is to prove that the organization has the ability to provide products that meet the requirements of customers and applicable laws and regulations, with the aim of improving customer satisfaction. Then, with the development of global trade, whether enterprises can survive, compete and develop in global economic and trade activities, quality (Q), environment (E) and occupational safety and health (OSH) have become unavoidable globalization issues. How to ensure product quality and put forward requirements for the global environment and employees' occupational health and safety. Therefore, the purpose of formulating ISO 14000 environmental management series standards is to standardize the environmental behavior of activities, products and services of global enterprises and various organizations, save resources, reduce environmental pollution, improve environmental quality and ensure the sustainable development of the economy. OHSMS 18000(SMS) occupational health standard is formulated by enterprises in order to improve their social image and control the losses caused by occupational injuries. Two. Contents of internal control and integration (I) Internal control 1, five elements of internal control include five elements, namely, control environment, risk assessment, control activities, communication and exchange of information and internal monitoring. According to COSO's definition, the control environment refers to the ideological requirements of enterprises (organizations based on western viewpoints), such as the ethics of employees, management philosophy and management style. It is the basis of the other four elements. Risk assessment is an enterprise's evaluation of internal and external environment. Any enterprise is not an independent entity, but exists in certain laws, environments, industries and policies, and there are various risks in this process, so enterprises need to identify and evaluate the risks first. Control activities are based on identifying and evaluating the harmfulness and importance of risks, managing and controlling risks, and arranging enterprise resources to control risks. Control activities will inevitably form a certain report, which can also be said to form a certain amount of information, including internal and external information, which can be written or oral, so the judgment and utilization of information requires certain communication and exchange. Any system is not perfect and needs to change with the change of the situation, so internal control is to supervise and inspect the implementation of internal control, evaluate the effectiveness of internal control, so as to find the defects of internal control and improve it in time. 2. Five Principles to Follow Enterprises should follow the following principles when establishing and implementing internal control: comprehensiveness, cost-effectiveness, checks and balances, adaptability and importance. (2) integration system 1, flow chart required for integration (PDCA) The process required for integration management can be summarized as PDCA, which refers to four stages: planning, implementation (do), inspection and action. The planning stage is similar to the risk assessment element of internal control, the implementation stage (do) is similar to the control activity element of internal control, and the inspection and action stage is equivalent to the communication and exchange of internal control information and internal monitoring elements. 2. Integrated resource management Integrated resource management includes: resource provision, human resources, infrastructure, working environment, information, relationship with suppliers (including partners) and supporting documents. Comparing the content of resource management with the control environment elements of internal control, we feel that resource management is more inclined to the micro level and a certain level of the enterprise, while the control environment requires clear governance structure and humanity. Three. System, system perfection and certification, verification and certification effect At present, the internal control system is not perfect, and there is no complete internal control system officially published in China. The requirements for internal control are scattered, such as Specific Standards for Internal Audit No.5-Internal Control Audit, Basic Standards for Enterprise Internal Control, etc. There are no mandatory or voluntary certification guidelines for the actual implementation of enterprise internal control, but there is a "Guidelines for the Verification of Enterprise Internal Control (Draft for Comment)" for listed companies, which was implemented on July, 2009 1, requiring accounting firms to verify the internal control of listed companies. In contrast, integration is much more perfect. There are always different versions, and there are also official versions suitable for China enterprises. There are also mandatory certification requirements or voluntary certification guidelines for some enterprises at the legal level. Compared with the requirement that internal control can only be carried out by qualified accounting firms, the requirements of certification institutions are more relaxed. Enterprises have different understanding of the two and requirements for voluntary certification and verification. General enterprises will voluntarily carry out integrated certification, and generally issue certification certificates after certification, which proves that enterprises have reached a certain international level in product quality assurance, environment, occupational health and safety, etc. However, the internal verification is generally only the internal control verification report issued by the accounting firm, and it will not prove what level the enterprise has reached in internal control. Fourth, the limitations of internal control integration After years of revision, there is now a more advanced and perfect version, but internal control still has many limitations. First of all, the criteria for evaluating the effectiveness of internal control are too subjective. According to COSO report, the effectiveness of internal control depends on the realization of three objectives or five control elements of internal control. But the evaluation criteria are basically subjective judgments. In fact, whether the internal control of an enterprise is effective can be completely reflected by its objective market performance, such as the market value of the enterprise, customer satisfaction, and the growth of sustainable profitability. Secondly, in the internal control system, accounting and auditing are too heavy, and there are many things that consider the existing and micro enterprises or avoid risks, which have little to do with business platform and business development, and risk prevention is passive and lacks initiative. Therefore, there are still many companies that believe that internal control is only a matter for financial directors and accountants. V. Summary To sum up, the author believes that although there are many imperfections in internal control, from its purpose, the internal control and integrated system are comprehensive and partial, and the integrated system is a good implementation tool to achieve the operational efficiency and effectiveness of the three specific objectives of internal control (operational efficiency and effectiveness, reliable financial reporting and law-abiding).