Briefly describe the elements of internal control system and the principles to be followed in its design and implementation. 1. System integrity principle. Internal control is an all-round whole, which permeates the whole process of business activities and runs through the whole business activities. The principle of system integrity requires: in the design content, we must break through the limitations of accounting control, build internal control in a broader perspective, and combine governance and management to ensure that management can effectively pay for management activities and effectively use enterprise resources, employees can effectively engage in specific business activities, and information users can obtain relevant and reliable enterprise information. On the design object, the internal control system should include the constraints and incentives to people and the control of various business activities. In the design process, we should not only consider the risk control points in each process, but also consider the correlation between each control element and the control process, so that the sub-control system of each business cycle or department can organically form a scientific and reasonable management system of the enterprise and ensure that the business activities of the enterprise are carried out on the predetermined track. When designing the internal control system, we should also pay attention to the rigor and perfection of the system, pay attention to the actual control effect, grasp the control points, and comprehensively and accurately control the whole process of enterprise management. Second, the principle of cost-effectiveness The principle of cost-effectiveness refers to the comparison between the cost spent for control and the losses suffered without control. When the benefits of control are greater than the cost, the control measures are feasible, otherwise it is not feasible. Control costs include direct costs that are convenient for attribution measurement and indirect costs that are not convenient for attribution measurement. Control benefits include short-term benefits, long-term benefits, enterprise's own benefits and social benefits. In practice, it is difficult to express the income of some jobs in money, but the implementation of this control is conducive to the realization of various control objectives of enterprises, such as the cultivation of employees' professional ethics, the audit procedures of economic projects, the feedback of information and so on. It is required to implement the principle of cost-effectiveness: when constructing the internal control system, we should not only consider the design cost, implementation cost and revision cost, but also consider the improvement of the overall efficiency and benefit of the enterprise according to the characteristics, scale and specific management of the enterprise. We should not only put all the economic activities of enterprises under economic monitoring, but also focus on the important aspects and links of operation and management, and strive to achieve the maximum control effect with the minimum control cost. Third, the goal-oriented principle The goal is the starting point and destination of control, and the highest purpose of control is to achieve the predetermined goal. The ultimate goal of enterprise internal control system is to ensure the overall effectiveness of enterprise system. The goal-oriented principle means that enterprises should design internal control processes according to control objectives. The internal control goal based on the overall efficiency of the enterprise is divided into two levels: the internal governance control goal of the enterprise-to ensure the role of the board of directors in the company and its fiduciary responsibility to the company and shareholders; The goal of management control is to improve the efficiency and benefit of enterprise management. In order to achieve the goal of governance control, the shareholders' meeting and the board of supervisors mainly adopt the supervision and control mechanism for the board of directors and the general manager; Incentive mechanism of wage contract and income distribution contract to trustee. Management control objectives are mainly achieved through the decomposition of high-level strategic objectives and the control of management process. In other words, under the guidance of strategic objectives, enterprises should formulate secondary objectives such as financial objectives, business objectives, investment objectives and research and development objectives in the near future; Under each sub-objective, the specific control sub-objective is determined. In the process of target implementation, it is necessary to conduct regular inspection and evaluation, analyze the reasons why the implementation results deviate from the plan, and put forward suggestions for improving control to relevant departments, so as to further improve the level of internal control and better realize the internal control objectives. Four. Principle of effective risk control Risk refers to the possibility that the target cannot be achieved due to loss, injury, disadvantage or destruction. The risks faced by enterprises include external risks and strategic risks from politics, economy, culture and nature, operational risks and financial risks, and specific operational risks. The principle of effective risk control means that when building an internal control system, enterprises should pay close attention to all kinds of risks in the process of implementing the main mission and specific objectives, and design internal control measures in a targeted manner to reduce the risks to a reasonable level that enterprises can bear. The principle of effective risk control requires that the management authorities should adopt appropriate procedures to set the objectives supporting the main mission, identify and evaluate various risks that affect the realization of the objectives, and take measures to avoid, assume, reduce and share risks on the basis of the risk level that the enterprise is willing to bear and the acceptable target deviation, so as to successfully realize the enterprise objectives. In the modern society with complex and changeable economic environment and increasingly fierce competition, management authorities should establish a correct risk management concept, establish a systematic and effective risk management and control system, optimize the allocation of management and control resources, actively respond to possible risks, and maintain the healthy and sustainable development of enterprises. V. Compliance Principle Compliance principle means that when designing internal control system, enterprises must comply with relevant national laws and regulations and regulatory requirements of relevant government regulatory authorities. Compliance is the premise and binding condition for enterprises to engage in business, create value and achieve internal control objectives. The principle of compliance requires that enterprises should not only abide by general laws and regulations when building internal control system, such as company law, tax law, contract law, accounting law, accounting standards for enterprises and internal accounting control norms; According to the characteristics and nature of its own industry, it follows the internal control norms of the industry, such as the governance standards of listed companies, the internal control guidelines of securities investment fund management companies, and the internal control guidelines of commercial banks. From the perspective of system theory, internal control is a system, and there is a close relationship between the system and the surrounding environment. System adaptation to environment is the premise of system existence and development. It is very important to build an internal control system and pay attention to the internal and external environment of enterprises. The internal control environment mainly includes: enterprise values, business philosophy, business characteristics, organizational structure, personnel policies, business processes, information technology, etc. Suitable for the requirements of the principle of controlling environment: When designing the internal control system, enterprises should deeply analyze and understand the environmental factors involved. Only when the process, mechanism and atmosphere of control measures are adapted to the environment can the ideal control effect be achieved. For example, in enterprises with a low degree of informatization, the internal control system to deal with various risks basically depends on the quality and integrity of employees, containment rules, supervision and accountability mechanisms; In enterprises with a high degree of informatization, the internal control system should not only rely on the above ideas and methods, but also consider the governance risk of information system planning and construction, the instability risk of information system operation and the vulnerability risk of software internal control mechanism. Seven. Flexibility principle Flexibility principle means that different strategies should be adopted flexibly according to different control types when designing internal control. According to the regularity of events and risks, control can be divided into structured control, semi-structured control and unstructured control. The control start-up time, control method and control steps of structured control are completely determined, and technical control methods are generally adopted; Unstructured control means that due to unpredictable events and risks, it is impossible to determine the timing, methods and steps of control, and administrative control is generally adopted; Semi-structured control means that the occurrence of events and risks has a certain probability, and the timing of control cannot be determined, but the control methods and steps are determined. Generally, the method of combining technical control with management control is adopted. Marked by control sequence, it can be divided into ex ante control, in-process control and ex post control. Ex ante control refers to the internal control implemented by enterprises to prevent the deviation of manpower, material resources and financial resources in application before the behavior occurs. Most pre-control is unstructured control. Process control refers to the control of enterprises on the behaviors that occur in their business process, and process control is semi-structured control. Post-event control is generally structured control. Eight. The principle of combining responsibility and rights, that is, power and responsibility are matched, and benefits and performance are linked, means that when an enterprise constructs an internal control system, it must clarify the responsibilities of all responsible subjects (operators, managers, employees and departments), give them the necessary authority to complete their duties, and distribute benefits according to the completion of the main responsibilities. Responsibility creates pressure and makes managers and employees feel responsible; Rights enable managers to complete their duties and produce a sense of honor and responsibility; Interests generate motivation, which can mobilize the enthusiasm of managers and employees. The principle of combining responsibility with rights requires enterprises to stipulate work tasks, responsibilities and authorities, operational procedures and handling procedures for different responsible subjects, formulate corresponding scientific and strict assessment standards, and reward and punish according to the evaluation results, so as to realize the unity of constraints and incentives and promote the effective implementation of internal control systems.