Research on The Internal Control Framework of Large State ‐ owned Enterprises Under Information ‐ based Environment

: In the information society and digital era, the information construction of the enterprise internal control framework is particularly important for enterprises to enhance their endogenous power and improve their management efficiency. In order to achieve increasingly powerful control functions and build an efficient overall enterprise internal control framework, we must rely on scientific and precise control means and efficient operation mechanisms. Under such circumstances, large state-owned enterprises should absorb and apply more advanced management concepts and actively innovate and optimize their management mode in order to improve their management level and enhance their comprehensive competitiveness and thus achieve long-term development in the fierce market competition. An important way for large state-owned enterprises to strengthen their management is to build an internal control system. The internal control system can regulate the operation of power, strengthen risk prevention and supervision of internal personnel and be a stimulus to large enterprises to reduce operating costs and increase economic efficiency.


Introduction
In recent years, domestic and foreign companies have frequently experienced business failures due to imperfect internal control, such as the bankruptcy of WorldCom in the United States and the failure of China Asia Corporation, all due to internal management failures, fraudulent financial statements, etc. Major economic losses and even bankruptcy and reorganization caused by reasons. It is precisely because of the emergence of many internal control failures that the relevant regulatory agencies in the United Kingdom and the United States and other Western countries have successively issued laws and regulations and issued internal control reports, trying to regulate the internal control system of enterprises through these, which has attracted the attention of enterprises. Influenced by Western internal control theories and forced by my country's economic development situation, my country has introduced the "Basic Standards for Enterprise Internal Control" called the "Chinese version of the SOX Act" and the subsequent "Supporting Guidelines", which are generally for Chinese enterprises. The implementation of a sound internal control system provides a unified basic framework.
With the rapid economic development and the continuous expansion of the scale of enterprises, the management functions of the corporate administrative departments are also continuously extended and expanded, and various expenses incurred have also increased rapidly. As an important component of enterprise period expenses, management expenses have attracted more and more attention from modern enterprises. How to control management expenses has also become the key task of enterprise cost and expense control. The reduction of management costs has also become the most important means for corporate shareholders and management to achieve corporate goals, which is of great significance for improving corporate profits and achieving corporate economic benefits.
In the information society and digital era, the information construction of the enterprise internal control framework is particularly important for enterprises to enhance their endogenous dynamics and improve their management efficiency. In order to achieve increasingly powerful control functions and build an overall framework for efficient internal control enterprises, it is necessary to rely on scientific and precise control tools and efficient operation mechanisms. Therefore, it is necessary to analyze the current situation of the internal control framework of the enterprise in the information environment and propose the corresponding construction process as the enterprise management plan.

The Job Fraud
Governance issues have long been one of the most important areas of corporate development, and accountability is even more important at a time when companies are increasingly worried about the occurrence of wrongdoing. A common trend in many kinds of literature is to define accountability through Principal-Agent Models.As one of the effective ways to improve the modern company system, internal control plays an important role in improving the operation and management level of listed companies and avoiding risks (Hou Baoliang, 2014). The job fraud case of Societe Generale in 2008 has sounded the alarm for all companies. The characteristics of job fraud, such as high incidence, high harm, various forms, and complex causes, require all enterprises to actively respond. This case shows that effective internal control is the key to preventing job fraud (He Yu, 2009). The loss of this kind of workplace fraud to the company is unpredictable, and it will undoubtedly bring about a sharp increase in management costs.

Corruption in Chinese Large State-owned Enterprises
China is a relational society, and the establishment of business entertainment fees is conducive to cooperation with partners and government officials. But business entertainment may also produce a kind of agency cost that is opposite to production and worthless output.Chen Donghua et al. (2010) pointed out that if the on-the-job consumption, including business entertainment expenses, is not well controlled, the agent may overspend in pursuit of private income, which will lead to high agency costs. Regarding the impact of internal control on business expenses of enterprises, some scholars have put forward supplementary studies on the nature of the enterprise and the power of executives. High-quality internal control significantly reduces the extent of excessive inservice consumption of listed companies, and the inhibitory effect of internal control on excessive in-service consumption in state-owned listed companies is more obvious (Mou Shaohong, Li Qihang, Chen Hanwen, 2016). The research shows that internal control is negatively related to the hidden corruption of executives. As the internal management mechanism of state-owned enterprises, internal control can supervise the hidden corruption of executives (Fu Chao.2018). In addition, existing empirical studies have also found that the greater the power of management, the more serious they use their extravagant on-the-job consumption to implement power rent-seeking (Lu Rui et al., 2008).

Internal Control
The impact of internal control on R&D scholars at home and abroad hold two different views. Some scholars believe that internal control will have a positive effect on corporate R&D investment. Simons (1995) was the first to put forward the "internal control promotion theory", and believed that sound internal control has "pioneering and innovative thinking". The reason is that the introduction of an internal control system can clearly position the innovation investment goals and the planning structure process, thereby having a positive impact on innovation investment (Verona, 1999). Internal control takes the form of a system to suppress the short-sighted behavior of executives in investment decisionmaking through risk assessment and executive incentive systems (Li Wanfu et al., 2011).
Some scholars believe that internal control will have a negative effect on the company's R&D investment. Kaplan and Norton (1996) first proposed the "internal control paradox" that internal control may inhibit innovation investment. They believe that innovation is a process that requires constant trial and error and is full of uncertainty. If the company places too much emphasis on control, formulate formal control points. , Personnel appraisal and evaluation standards may cause the entire organization to fall into rigid conformity and unwillingness to undertake risky innovative activities. Wu Ning et al. (2015) There is a significant negative correlation between internal control corporate risk-taking, and this relationship is more sensitive in nonstate-owned enterprises, that is, internal control inhibits entrepreneurs' adventurous spirit and sense of risk-taking and hinders Innovation investment.Thus, managers engage in unethical behaviour to ensure the company's good performance during their tenure, such as in Ericsson's bribery incident. However, due to the fact that the bribery incident will not be carried out with great fanfare, shareholders cannot quickly hold the management accountable.

Construction of Internal Control
System Based on Informatization

Overall Planning
Integrated planning includes two levels. One is to strengthen the publicity and guidance of internal audit work, so that all employees fully understand the service and necessity of internal audit work and can further assist the work. The second is to build a scientific and reasonable internal audit information system to provide a strong guarantee for the internal audit work of the enterprise. To achieve comprehensive planning must be fully done: first, before the audit work is carried out, rigorous and efficient development of the program. Second, the audit team for the project should be appropriately deployed according to the actual situation. When constructing the internal audit information system, enterprises should consider the overall situation, closely relate to the development plan of the company in recent years, base on the actual situation of the enterprise's own informationization, and carry out suitable and personalized audit services.

Interconnection
This principle actually means that in the process of system operation, there should be connects between various subsystems with resource sharing and maximized advantages of the system. The so-called "interconnection" should be not only in each subsystem, but also in the corresponding business and personnel.The system connects all departments and people. They form a large, simple and effective network.The fundamental goal of the "interconnection" principle is to allow the effective exchange of management resources, information resources, and human resources between departments and units within an enterprise, thus avoiding the "interruption" that occurs in internal audit systems. The separate situation in the internal audit system is avoided. Full transparency of audit information can improve working efficiency through reasonable resource allocation.

Convenient Operation
Convenience of use means that the information system should be simple to run. The best way to do this is to clearly list these basic features in a menu format. The system should have standardized internal working procedures that are userfriendly, significantly reduce the audit workload and can improve the quality of work to a great extent.After the construction of the system is completed, it is important for the auditors to be familiar with its use.
If the internal audit information system operation requirement is high, the process is complex, and there are big differences with the actual business, many auditors are may can not be good and smoothly use of its full functionality. Therefore, the audit information system should adhere to the principle of operation convenience.

Objectives of The Internal Control System
The goal of constructing an enterprise is to improve the operational efficiency of the enterprise, and the main objective is to control risk. For the intuitiveness of the illustration, the authors divided the objectives of building an enterprise internal control system into the following four levels: first, strategic objectives, with which corresponds to strategic risk management; second, operational objectives, with which corresponds to operational risk management; third, reporting objectives, with which corresponds to reporting risk management; and finally, compliance objectives, with which corresponds to compliance risk management. Specifically, strategic risk management is to make the development strategy formulated by the enterprise more scientific and reasonable, taking into account both the market environment and its own operational reality; operational risk management is to manage all kinds of risks in the operation process, covering all business processes and links and all jobs in the enterprise; reporting risk management is to standardize the financial reports of the enterprise, so as to improve the authenticity and accuracy of financial information; compliance risk management is to ensure that all business activities are carried out in compliance with the requirements of laws and regulations. Compliance risk management is to ensure that all business activities are carried out in compliance with legal requirements. Obviously, these four aspects of risk management are independent of each other, but they complement each other and together build the internal control system of the enterprise.

System Framework Design
Based on the above, the framework of internal audit information system should cover seven main parts, namely: audit home, user layer, application layer, functional layer, support layer, foundation layer, and technical layer. By setting personalized rights for different audit objects, user rights are assigned to each user and targeted audit services are provided. The system runs through the whole process of audit work and contains functional modules such as data analysis, company profiles, historical issues and system inquiries to effectively improve the quality and efficiency of audit services.

Institutional Guarantee
Enterprises should further improve the internal control system, analyze and consider each control node issue one by one, including the business process and related risk The collection, collation and identification of business processes and related risk points. In other words, when an enterprise starts to build an internal audit information system, it should develop a series of targeted risk response strategies to further promote the construction of internal audit information.

Strengthen The Function of Publicity Service
Enterprises should strengthen the promotion of internal audit culture and give full play to the service function of internal audit. The promotion of audit service culture is conducive to the smooth conduct of internal audit and can create a positive cultural atmosphere to promote innovation in internal audit activities. The results of internal audits can provide direction for better service, and also enable different levels of the company to strengthen their service consciousness. The essence of the internal audit service function is to provide consulting services for the company as a whole, to provide advice and consulting services for the development of the company, to promote good overall service work, to enrich the development of innovative company service culture, and to effectively promote the sustainable and healthy development of the company.

Improve The Internal Audit System
The enterprise should put forward feasible overall objectives and provide an objective evaluation index.In addition, in accordance with the requirements of relevant laws and regulations and institutional norms, establish a corresponding management system related to evaluation, feedback and supervision to ensure the consistency of the Group's regulations and laws.To ensure the stable operation of the internal control system, the construction of the information system of internal control must be continuously improved, so that the information system of internal control can be effectively supervised. The information system of internal control is effectively supervised to provide a realistic theoretical basis and standard for the work behavior of internal audit. For different audit roles and audit objects, the system should be regulated from the level of the system, and the code of conduct and regulations should be formulated. The internal audit system will be improved, the work of internal audit will be standardized, and the internal control work will be standardized to ensure the smooth operation of internal audit work from the system level.

Establish an Incentive Mechanism
Enterprises should objectively and fairly evaluate the internal auditors' professional competence in information professional competence in information-based auditing, constantly promote auditors to innovate and develop audit models with the help of information-based thinking, and can combine the quality of audit work and improve the evaluation mechanism.The company should evaluate the performance of the internal auditor and assess the stage of work.The professional ethics of internal auditors should also be evaluated. The professional ethics of internal auditors should also be evaluated. The company should establish a performance evaluation mechanism for auditors and regularly evaluate the work of internal auditors. To evaluate the performance of internal auditors and achieve the goal of internal auditors' performance evaluation.

Safety Guarantee
Big data provides a solid technical foundation for information regulation, but at the same time, due to its own characteristics, it also brings risks and challenges for information For example, due to the strong privacy and sensitivity of the audited data information, a slight mistake may lead to information leakage and bring irreparable losses to enterprises. Personal privacy and commercial enterprise confidentiality are also elements that need special protection. Therefore, the internal audit information system must be strictly authorized to manage and restrict the use of data to ensure that the system data is not stolen and misused. In the construction of the internal audit information system, the audit department should not only apply the data in a reasonable way, but also accelerate the improvement of security.

Set Audit System Permission
With the rapid development of modern information technology, it is widely applied in all walks of life in society and provides a great boost to promote social development. Information technology has become an indispensable application technology in modern society. Audit information system is to achieve the company's development strategy goals through the comprehensive mastery of information and data, full excavation and extensive use of information technology, the audit of the basic data often involves the core business of the enterprise. The enterprise must ensure the security of these data to avoid the risk of leakage. At the same time, full consideration should be given to enhancing the management of the information platform.

Traces of operation information are retained
With the further development and popularization of information technology, the media of information data storage is constantly changing, the network platform is more and more open, and the computer network virus and hacker attacks and other potential threats emerge in an endless stream, the enterprise information data also has a huge security risk, and, Because the internal management of the information system is authorized mainly through the account password and other passwords, but these information is stored in the computer system, so once the information is stolen by others, there will be huge potential risks, but also may cause serious losses to the enterprise, or damage the enterprise reputation and other risk problems. The enterprise audit information system will inevitably encounter such potential threats in the process of management and maintenance, which is also a major challenge that can not be ignored in the process of enterprise internal audit work under the current information background Traditional internal auditing uses paper-based auditing, and all audit results are kept in the form of documents. The storage and confidentiality of the documents are supervised by the enterprise management at all levels, and only authorized and approved personnel are are qualified to access these documents. Modern internal audit, on the other hand, is based on the Internet, and the audit information is built into a network.In addition, the data itself has the characteristics of sharing and flexibility, if someone deliberately altered or deleted the audit data, it is difficult for auditors to recover the original data, and it is also difficult to ensure the correctness of the data used in the process. In the process of use, it is also difficult to ensure the accuracy of the data used, which affects the accuracy of audit conclusions. If you want to ensure the audit process is safe and smooth, you must design relatively strict access conditions through identity verification and path encryption, and update and upgrade the audit system in a timely manner.

Establish the Concept of Service-oriented Audit
Strengthening the propaganda of internal audit concept, so that all employees establish the concept of service-oriented audit, the concept of service for the audited unit is the core of the whole work. Problem finding is only a part of the actual audit work. Moreover, it helps to help to dissect problems, identify their root causes, propose and monitor practical solutions, manage the company's operations in real time, and increase economic benefits. Through the further development and improvement of the internal audit function, the company's internal audit work gradually transitions from the original supervision and management mode to service management, so as to better achieve the company's service purposes.

Cultivate talents with comprehensive quality
Talent is an important subject and key link in promoting informatization construction. A group of audit staff proficient in business and familiar with information technology is the key to play a role in audit informatization. Therefore, it has become an urgent task for the Group to cultivate a team of talents who are supported by information technology and proficient in auditing business.
At the present stage, part of the internal audit staff in the enterprise still maintain the traditional audit work concept, while still using the traditional internal audit work mode and work methods, the overall awareness of the application of information audit technology has not been fully and effectively established. Internal audit staff of enterprises are not familiar with the application of modern information technology, and cannot correctly and skillfully apply modern information audit software to implement the corresponding audit management work. Some audit staff have the corresponding computer technology and network information technology basis, However, due to the lack of solid knowledge foundation in accounting and auditing, they cannot effectively integrate information technology and auditing professional ability in the actual process of carrying out internal audit work.

Conclusion
With the progress of modern science and technology and the continuous development of cloud computing, the new era puts forward higher requirements for internal audit, and internal audit needs to pay more attention to innovation and value creation. It is hoped that in the future development of internal audit, enterprises can pay attention to the important role of internal audit for enterprise development, strive to improve the image of internal audit, specify and refine the positioning of the service function of internal audit, build a new type of internal audit system, create an audit service culture, and at the same time increase investment in information technology so that internal audit information technology can keep pace with the times, comprehensively improve the quality of internal audit work, increase investment in talents, build a talent reserve, expand the source channels of internal audit personnel, improve the information technology level and professional competence of business auditors, pay attention to information security issues and the ability to prevent potential risks, and promote the continuous improvement and progress of internal audit in China.The study found that: (1) The improvement of internal control quality helps to significantly reduce the proportion of overall management costs. (2) Effective internal control can significantly suppress the proportion of employee compensation, office expenses, travel expenses, business entertainment expenses, and intermediary expenses in total operating income, and the improvement of the quality of internal control has a relatively weak inhibitory effect on the proportion of employee compensation. (3) The improvement of internal control quality cannot effectively suppress the proportion of R&D expenditure in operating income.
In the context of the comprehensive implementation of internal control by listed companies in my country, listed companies have stepped up their internal control construction. In order to better meet the needs of the development of corporate internal control, this study suggests that companies can focus on the compensation of employees, office expenses, travel expenses, business entertainment and agency fees when strengthening internal controls related to management expenses. Control, and the internal control requirements related to R&D expenditure can be slightly reduced. When it is difficult for an enterprise to achieve perfection, it should focus on strengthening internal control in order to better realize the goal of maximizing corporate profits and strengthen the competitiveness and vitality of the enterprise.