信息披露制度:内部控制【外文翻译】

  • 格式:doc
  • 大小:53.65 KB
  • 文档页数:8

外文翻译原文Regulation by disclosure: the case of internal control Material:/content/351u43877v108j45/author:Laura F. Spira Michael Page…the subject of internal control, once a guaranteed remedy for sleeplessness, has made a spectacular entry onto political and regulatory agendas. (Power 1997: 57) In his analysis of the development of the role of audit, Power observes that internal control has become increasingly important as part of a system of regulation which relies on making internal mechanisms visible through forms of self-validation and disclosure. Corporate governance requirements have frequently been couched in the form of codes of practice on the principle of ‘comply or explain’ rat her than prescriptive legislation. The monitoring role of the board of directors, which forms the apex of the internal control system of an organisation, has been emphasised. The influence of particular interest groups has been important in the negotiation of these developments. Auditors, both internal and external, can claim expertise in internal control, advancing their organisational position in the case of internal auditors (Spira and Page 2003) and increasing the potential for sales of specialised services in the case of external auditors. Regulators and legislators have focused on internal control issues as a policy response to crises (Cunningham 2004).The use of internal control as a corporate governance device reflects a subtle but significant chang e in its conception, moving from the original ‘‘supportive’’ notion that internal control systems were an integral part of the structure of an organization which enabled its goals to be achieved, to the more recent view of internal control as a substantial ly ‘‘preventive’’ system, designed to minimise obstructions to goal achievement and carrying significantly greater expectations of the effectiveness of such systems. As Page and Spira (2004) note, companies have also increasingly taken ‘risk-based’ approac hes to internal control because of the increased pace of organizational change—control systems change too fast to be rigidly documented and companies may not even have full documentation relating to some of their IT based systems. For these reasons there has been an increase in‘delegation’ of control downwards in the organization and there is likely to be no central record of control systems.The emergence of risk-based approaches to internal control has resulted in a confluence of internal control and risk management to the point that an influential publication (Jones and Sutherland 1999) issued at the same time as the Turnbull guidance referred frequently to ‘‘internal control and risk management’’ as a single concept in providing practical assistance for boards in complying with the Turnbull disclosure requirements.The demonstration of ‘‘good’’ corporate governance is a challenge for boards of directors but describing structural mechanisms such as internal control processes may be one way of meeting demands for transparency. Thus, what was once an internal interest becomes a means of demonstrating regulatory compliance.Concerns about internal control in the US and the UK arose initially from a desire to establish the boundaries of external auditor responsibility. The difficulties of defining internal control are illustrated in the earliest US experience, as summarized in a lecture by Mautz (1980). He quotes the 1949 AICPA definition: Internal control comprises the plan of organization and all of the coordinate methods and measures adopted within a business to safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed managerial policies.and describes the concern of fi rms’ legal counsel about the broadness of this definition. This concern led to a new definition issued in 1958 which split the four parts of the original defi nition between ‘‘accounting control’’ (safeguarding assets and checking reliability and accura cy of accounting data) and ‘‘administrative control’’ (promotion of operational ef ficiency and encouragement of adherence to prescribed management policies) and defi ned auditors’ responsibility as reviewing accounting controls only. A further narrowing took place in 1972 when the US auditing profession limited the two components of ‘‘accounting control’’ even more.Up to this point, the definition was really only of concern to companies and their auditors but the passing of the Foreign Corrupt Practices Act in 1977 changed this. The Act was passed in response to bribery scandals and for the rst time envisaged the use of internal control as regulation. It was based on a narrow conception of internal control newly described as ‘‘internal accounting control’’. It also changed the focus of internal control: whereas the concerns of ‘‘accounting control’’ had been at low organizational levels and clerical procedures, the Act nowshifted attention to controls at board level for the first time.A process for identifying, evaluating and managing the significant risks faced by the Group has been in place throughout the period and is reviewed regularly by the Board. The management of each business is responsible for establishing detailed controls which are embedded within operational and financial procedures in order to manage business risks on a day-to-day basis. Changes in key business objectives which may impact on the risk role of the Group and require changes to existing controls and procedures were monitored during the year by the Chief Executive and Group Finance Director through the established framework of monthly reviews with the Managing Directors and Financial Controllers of each of the business units. The findings and recommendations of internal audit work carried out during the 2004 financial year have been reported to the Audit Committee and a summary of the findings has been presented to the Board. The internal audit program focuses on the key risks inherent in the businesses and the system of control necessary to manage such risks. (Parity Plc)There is little surprise here: in fact it appears to be a series of statements of the obvious. The same impression is gained when reviewing the disclosures of Shaftsbury Plc.The key elements of the Company’s procedur es and internal financial control framework are:1. The close involvement of the executive Directors in all aspects of day-to-day operations, including regular meetings with senior staff to review all operational aspects of the business.2. Clearly defined responsibilities and limits of authority. The Board has responsibility for strategy and has adopted a schedule of matters which are required to be brought to it for decision.3. A comprehensive system of financial reporting and forecasting. Financial accounts are prepared quarterly and submitted to the Board. Profit and cash flow forecasts are prepared at least quarterly, approved by the Board and used to monitor actual performance.4. Regular meetings of the Board and Audit Committee at which financial information is reviewed and business risks are identified and monitored.The company seems to have the kinds of controls that could be expected in a public company. The only context in which ‘risk’ is mentioned is ‘identi fication and monitoring’ that occurs, (in some unexplained way) at regular board and auditcommittee meetings.Both these disclosures are largely ‘statements of the obvious’; while they are apparently company specific there is nothing that surprises, indeed, one would be very surprised if the opposite were stated.Other companies disclosures fall on a continuum of informativeness. For example Electrocomponents plc explains that risk management is ‘an integral part of the system of internal control’ and goes on to give a details of its c ontrol structure and risk processes within a report of average length.Substantive disclosures may include:●descriptions of company structure, particularly relating to committeescharged with risk management responsibilities and their relationship and communications with the board●the role of the audit committee and of the internal audit function, and therelationship between them and with the board●descriptions of risks identified as material●descriptions of risk events and action taken in responseNat ional Grid plc provides a lengthy section ‘‘Risk Factors’’ which identi fies a very extensive range of risks faced by the company.But as one Turnbull Review respondent observed, this is a historical record and current situations may differ.4.5 Effectiveness of internal control and dealing with weaknessesPara 38 of the Guidance sates:In relation to Code Provision D.2.1, the board should summarise the process it (where applicable, through its committees) has applied in reviewing the effectiveness of the system of internal control. It should also disclose the process it has applied to deal with material internal control aspects of any significant problems disclosed in the annual report and accounts.As mentioned previously, reporting on internal control effectiveness was the most contentious of the Cadbury recommendations and the compromise reached in the Combined Code was that companies should report the process that they had undertaken, but not necessarily the results. Only one company expressed a positive opinion on the quality of internal control.The guidance does not ask explicitly that boards indicate the conclusions drawn from the reviews undertaken and only one company does so in a positive fashion The board considers that the measures taken, including physical controls,segregation of duties and reviews by management, provide sufficient and objective assurance.Others tend to frame their conclusions in a negative way:In the opinion of the Board the review did not indicate that the system was ineffective or unsatisfactory.Having reviewed its effectiveness, the directors are not aware of any significant weakness or defi ciency in the Group’s system of internal controls during the year. (Mersey Docks and Harbour Company)Where such a statement is accompanied by a more detailed account of the review process, it appears to have been included as a formality within a substantive, company specific disclosure.In rare cases, actions taken as a result of reviews or incidents are described:Following the significant issues experienced within the implementation of the new supply chain system, the following additional processes have been put in place:●specific management teams were convened to examine the root causeof the supply problems, and to put in place new processes and controls to reduce and eliminate these issues;●management report weekly to the Executive Committee on the progresswith the stabilization of the system and the effectiveness of supply to our customers;●the risk management process outlined below was reviewed andenhanced with the emphasis on ownership, risk mitigation activities and improved monitoring activities to act as early warning indicators of risk occurrence.These activities are designed to strengthen the control environment. (MFIFurniture Group plc)This analysis using the headings derived from the Turnbull guidance (see above) demonstrates the superficiality of disclosures that appear to comply formally with the guidance.译文信息披露制度:内部控制资料来源:/content/351u43877v108j45/作者:Laura F. Spira Michael Page使用内部控制作为公司治理的一种策略,反映了公司治理中一个微妙但是重要的改变。