外文翻译
原文
Regulation by disclosure: the case of internal control Material:/content/351u43877v108j45/
author:Laura F. Spira Michael Page
…the subject of internal control, once a guaranteed remedy for sleeplessness, has made a spectacular entry onto political and regulatory agendas. (Power 1997: 57) In his analysis of the development of the role of audit, Power observes that internal control has become increasingly important as part of a system of regulation which relies on making internal mechanisms visible through forms of self-validation and disclosure. Corporate governance requirements have frequently been couched in the form of codes of practice on the principle of ‘comply or explain’ rat her than prescriptive legislation. The monitoring role of the board of directors, which forms the apex of the internal control system of an organisation, has been emphasised. The influence of particular interest groups has been important in the negotiation of these developments. Auditors, both internal and external, can claim expertise in internal control, advancing their organisational position in the case of internal auditors (Spira and Page 2003) and increasing the potential for sales of specialised services in the case of external auditors. Regulators and legislators have focused on internal control issues as a policy response to crises (Cunningham 2004).
The use of internal control as a corporate governance device reflects a subtle but significant chang e in its conception, moving from the original ‘‘supportive’’ notion that internal control systems were an integral part of the structure of an organization which enabled its goals to be achieved, to the more recent view of internal control as a substantial ly ‘‘preventive’’ system, designed to minimise obstructions to goal achievement and carrying significantly greater expectations of the effectiveness of such systems. As Page and Spira (2004) note, companies have also increasingly taken ‘risk-based’ approac hes to internal control because of the increased pace of organizational change—control systems change too fast to be rigidly documented and companies may not even have full documentation relating to some of their IT based systems. For these reasons there has been an increase in
‘delegation’ of control downwards in the organization and there is likely to be no central record of control systems.
The emergence of risk-based approaches to internal control has resulted in a confluence of internal control and risk management to the point that an influential publication (Jones and Sutherland 1999) issued at the same time as the Turnbull guidance referred frequently to ‘‘internal control and risk management’’ as a single concept in providing practical assistance for boards in complying with the Turnbull disclosure requirements.
The demonstration of ‘‘good’’ corporate governance is a challenge for boards of directors but describing structural mechanisms such as internal control processes may be one way of meeting demands for transparency. Thus, what was once an internal interest becomes a means of demonstrating regulatory compliance.
Concerns about internal control in the US and the UK arose initially from a desire to establish the boundaries of external auditor responsibility. The difficulties of defining internal control are illustrated in the earliest US experience, as summarized in a lecture by Mautz (1980). He quotes the 1949 AICPA definition: Internal control comprises the plan of organization and all of the coordinate methods and measures adopted within a business to safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed managerial policies.
and describes the concern of fi rms’ legal counsel about the broadness of this definition. This concern led to a new definition issued in 1958 which split the four parts of the original defi nition between ‘‘accounting control’’ (safeguarding assets and checking reliability and accura cy of accounting data) and ‘‘administrative control’’ (promotion of operational ef ficiency and encouragement of adherence to prescribed management policies) and defi ned auditors’ responsibility as reviewing accounting controls only. A further narrowing took place in 1972 when the US auditing profession limited the two components of ‘‘accounting control’’ even more.
Up to this point, the definition was really only of concern to companies and their auditors but the passing of the Foreign Corrupt Practices Act in 1977 changed this. The Act was passed in response to bribery scandals and for the rst time envisaged the use of internal control as regulation. It was based on a narrow conception of internal control newly described as ‘‘internal accounting control’’. It also changed the focus of internal control: whereas the concerns of ‘‘accounting control’’ had been at low organizational levels and clerical procedures, the Act now
