Abstract:
It is specified within Appendix C of Business risk Management - Integrated Framework issued by COSO in 2004, that “Internal Control is involved in, and is an inseparable part of business risk management.” Meanwhile, it is emphasized that “Risk management framework is, indeed, not a substitute for internal control framework.” (COSO, 2004). Such descriptions leave the academic circle with a question which is how to accurately define the relation between internal control and risk management? In this article, effects of risk management level on internal control are theoretically analyzed by using mathematic tools, such analysis is conductive to figure out relation between internal control and risk management; assist policy-makers to scientifically define range of policies, and avoid omission and overlap; reduce cost of internal control and risk management, and increase efficiency and benefit of internal control and risk management.