萨班斯法案404内控报告弱点：一个试验COSO框架组件和信息技术【外文翻译】.doc

1、外文翻译原文SOX404REPORTEDINTERNALCONTROLWEAKNESSESATESTOFCOSOFRAMEWORKCOMPONENTSANDINFORMATIONTECHNOLOGYTHISPAPEREXAMINESINTERNALCONTROLS,FROMBOTHANINFORMATIONTECHNOLOGYITANDNONITPERSPECTIVE,INRELATIONTOTHEFIVECOMPONENTSOFTHECOMMITTEEOFSPONSORINGORGANIZATIONSINTERNALCONTROLINTEGRATEDFRAMEWORKCOSO1992,ASW

2、ELLASTHEACHIEVEMENTOFONEOFCOSOSTHREEOBJECTIVESREPORTINGRELIABILITYOURSAMPLECONSISTSOF490FIRMSWITHMATERIALWEAKNESSESREPORTEDUNDERSARBANESOXLEYSECTION404DURINGTHEFIRSTYEAROFCOMPLIANCEWECLASSIFYTHEWEAKNESSESBYCOSOCOMPONENTANDASITRELATEDORNONITRELATEDOURRESULTSSUPPORTTHEINTERRELATIONSHIPSOFTHECOSOFRAMEW

3、ORKTHERESULTSALSOSHOWTHATTHENUMBEROFMISSTATEDACCOUNTSISPOSITIVELYRELATEDTOTHENUMBEROFWEAKCOSOCOMPONENTSIE,SCOPEANDCERTAINWEAKCOSOCOMPONENTSIE,EXISTENCEFIRMSWITHITRELATEDWEAKCOMPONENTSREPORTMOREMATERIALWEAKNESSESANDMISSTATEMENTSTHANFIRMSWITHOUTITRELATEDWEAKCOMPONENTS,PROVIDINGEVIDENCEONTHEPERVASIVENE

4、GATIVEIMPACTOFWEAKITCONTROLS,ESPECIALLYINCONTROLENVIRONMENT,RISKASSESSMENT,ANDMONITORINGBEGINNINGONNOVEMBER15,2004,SECTION404OFTHESARBANESOXLEYACTOF2002SOX404REQUIRESALLACCELERATEDFIRMSWITHATLEAST75MILLIONINPUBLICEQUITYFLOATTOREPORTONTHEEFFECTIVENESSOFTHEIRINTERNALCONTROLSOVERFINANCIALREPORTINGMANAG

5、EMENTMUST1STATETHATTHEYARERESPONSIBLEFORESTABLISHINGANDMAINTAININGINTERNALCONTROLS,2IDENTIFYTHEINTERNALCONTROLFRAMEWORKUSEDTOEVALUATECONTROLS,3PROVIDEANASSESSMENTONTHEEFFECTIVENESSOFINTERNALCONTROLS,AND4IDENTIFYMATERIALWEAKNESSESANMWISADEFICIENCY,ORACOMBINATIONOFDEFICIENCIESSUCHTHATTHEREISAREASONABL

6、EPOSSIBILITYTHATAMATERIALMISSTATEMENTEMPHASISINTHEORIGINALOFTHEFIRMSFINANCIALSTATEMENTSWILLNOTBEPREVENTEDORDETECTEDONATIMELYBASISPCAOB2007,PARAA7AWAVEOFCONTROLSTUDIESUSINGSOXDATAHASEMERGED,PRIMARILYINVESTIGATINGTHECHARACTERISTICSOFFIRMSREPORTINGMWSANDTHEEFFECTOFINTERNALCONTROLREPORTSONMARKETCONDITIO

7、NSFIRMSREPORTINGMWSARESMALLER,YOUNGER,RISKIER,MORECOMPLEX,ANDFINANCIALLYWEAKER,WITHPOORERACCRUALEARNINGSQUALITYMARKETSTUDIESINDICATETHATTHESTOCKPRICEREACTIONTOREPORTSOFMWSISNEGATIVE,ESPECIALLYFORSEVEREMWSEG,HAMMERSLEYETAL2008BENEISHETAL2008MOREOVER,ENRONANDOTHERHIGHPROFILEACCOUNTINGSCANDALSREDUCEDMA

8、RKETLIQUIDITY,WHICHREBOUNDEDFOLLOWINGSOX,SUGGESTINGTHATTHELEGISLATIONWASEFFECTIVEATRESTORINGINVESTORCONFIDENCEJAINETAL2008THEOBJECTIVEOFTHISSTUDYISTOEXPANDEXTANTCONTROLLITERATUREBYANALYZINGMWSWITHRESPECTTOINFORMATIONTECHNOLOGY（IT）ANDTHECOMMITTEEOFSPONSORINGORGANIZATIONSINTERNALCONTROLINTEGRATEDFRAME

9、WORKCOSO1992HEREAFTER,COSOCOSOCONSISTSOFFIVEINTERRELATEDCOMPONENTSCONTROLACTIVITIES,INFORMATIONANDCOMMUNICATION,ANDMONITORINGUSINGSOX404REPORTSDURINGTHEFIRSTYEAROFCOMPLIANCE,WECLASSIFYTHEREPORTEDMWSBYCOSOCOMPONENTANDASITRELATEDORNONITRELATEDWEEXAMINETHEINTERRELATEDNESSOFWEAKCOSOCOMPONENTSANDTHEIRREL

10、ATIONSHIPWITHTHENUMBEROFMISSTATEDACCOUNTS,AMEASUREOFFINANCIALREPORTINGRELIABILITYOURRESULTSSUPPORTTHEINTERRELATEDNESSOFWEAKCOSOCOMPONENTSWEPROVIDEEVIDENCETHATAWEAKCONTROLENVIRONMENTHASAPOSITIVEASSOCIATIONWITHOTHERWEAKCOSOCOMPONENTSANDTHATTHEREMAININGWEAKCOMPONENTSAREPOSITIVELYASSOCIATEDWITHTHEPRECED

11、INGWEAKCOMPONENTTHEMODELALSOPROVIDESADDITIONALSUPPORTONTHEINTERRELATEDNESSOFWEAKMONITORINGASITISPOSITIVELYASSOCIATEDWITHWEAKRISKASSESSMENTANDWEAKCONTROLACTIVITIESWEALSOSHOWTHATWEAKCOSOCOMPONENTSAFFECTREPORTINGRELIABILITYWEFINDTHATREPORTINGRELIABILITYISAFFECTEDBYTHESCOPEIE,THENUMBEROFWEAKCOSOCOMPONEN

12、TSANDEXISTENCEOFCONTROLPROBLEMSINSPECIFICWEAKCOMPONENTS,INADDITIONTOWHETHERTHEWEAKNESSISITORNONITRELATEDFIRMSWITHITRELATEDWEAKCOMPONENTSREPORTNOTONLYMORENONITRELATEDMWSANDMISSTATEMENTSTHANFIRMSWITHOUTITRELATEDWEAKCOMPONENTS,BUTALSOHAVEAGREATERSCOPEOFMWSMOREOVER,THEEXISTENCEOFANITRELATEDWEAKCOMPONENT

13、GENERALLYHASANINCREMENTALNEGATIVEEFFECTONREPORTINGRELIABILITYANDTHENUMBEROFNONITMATERIALWEAKNESSESREPORTED,ESPECIALLYFORTHECONTROLENVIRONMENT,RISKASSESSMENT,ANDMONITORINGCOMPONENTSTHUS,THEITDOMAINAPPEARSTOAFFECTOVERALLCONTROLEFFECTIVENESSTHISSTUDYCONTRIBUTESTOTHEUNDERSTANDINGOFTHERELATIONSHIPBETWEEN

14、THEWEAKCOMPONENTS,WHICHISIMPORTANTTOREGULATORS,INVESTORS,AUDITORS,ANDMANAGERSBECAUSEAFIRMSDESIGNANDEXECUTIONOFITSINTERNALCONTROLSYSTEMSAFFECTREPORTINGACCURACYASWELLASOPERATIONALEFFICIENCYANDEFFECTIVENESSUNDERSTANDINGITSROLEININTERNALCONTROLSISIMPERATIVEGIVENTHAT1COMPUTERIZEDSYSTEMSPROCESSMOSTBUSINES

15、SINFORMATION,2ITCHANGESTHENATUREOFMISSTATEMENTSKINNEY2000,AND3LITTLEEMPIRICALEVIDENCEEXISTSREGARDINGITSROLEINCONTROLSCF,EILIFSENANDMESSIER2000KREUTZFELDTANDWALLACE2000ITGI2004MOREOVER,CURRENTMANDATEDGUIDANCEGIVESAUDITORSANEFFORTREDUCINGINCENTIVETOUSETESTSOFITCONTROLSPCAOB2007,APPENDIXB28,WHICHREQUIR

16、ESAUDITORSTOCLEARLYUNDERSTANDHOWITANDNONITMWSCANAFFECTTHEEFFECTIVENESSOFTHEFRAMEWORKCOSOINTERNALCONTROLINTEGRATEDFRAMEWORKSOX404REQUIRESMANAGEMENTTOUSEAFRAMEWORKTOEVALUATEINTERNALCONTROLSGIVENTHATMOSTFIRMSAREUSINGCOSO,WEANALYZEINTERNALCONTROLBYEXAMININGMWSWITHINTHECONTEXTOFTHEFOLLOWINGFIVECOMPONENTS

17、OFCOSOTHEFIRSTCOMPONENT,CONTROLENVIRONMENT,PROVIDESTHEFOUNDATIONFORALLOFTHEOTHERCONTROLCOMPONENTSANDSETSTHETONEOFTHEFIRMITINCLUDESTHEINTEGRITY,ETHICALVALUES,COMPETENCE,PHILOSOPHY,ANDOPERATINGSTYLEOFTHEFIRMSMANAGERSANDEMPLOYEESTHESECONDCOMPONENT,RISKASSESSMENT,ISTHEIDENTIFICATION,ANALYSIS,ANDMANAGEME

18、NTOFOPERATING,ECONOMIC,INDUSTRY,REGULATORYRISKSTHATMAYPREVENTAFIRMFROMACHIEVINGITSOBJECTIVESMANAGEMENTIMPLEMENTSCONTROLACTIVITIES,THETHIRDCOMPONENT,TOMITIGATETHEIDENTIFIEDRISKSCONTROLACTIVITIESINCLUDESEGREGATIONOFDUTIES,APPROVALS,REVIEWS,RECONCILIATIONS,ANDAUTHORIZATIONSTHEFOURTHCOMPONENT,INFORMATIO

19、N,ANDCOMMUNICATION,REFERSTOTHETIMELYCAPTUREANDDISSEMINATIONOFPERTINENTINFORMATIONONINTERNALANDEXTERNALEVENTSHORIZONTALLYANDVERTICALLYTHROUGHOUTTHEORGANIZATIONSVALUECHAIN,ANDINCLUDESCOMMUNICATIONAMONGANDBETWEENMANAGEMENT,EMPLOYEES,SUPPLIERS,ANDCUSTOMERSTHELASTCOMPONENT,MONITORING,ISTHECONTINUALEVALUA

20、TIONOFTHEOTHERCOMPONENTSEFFECTIVENESSCOSOEXPLICITLYDEFINESTHECOMPONENTSASINTERRELATEDYET,ONLYONESTUDY,GEIGERETAL2004,EXAMINESTHISINTERRELATEDNESSTHEYCATEGORIZEINTERNALCONTROLMWSREPORTEDBY32RHODEISLANDSTATEAGENCIESANDFINDAUNIVARIATEPOSITIVECORRELATIONBETWEENWEAKCONTROLENVIRONMENTANDWEAKRISKASSESSMENT

21、ANDNEGATIVERELATIONSHIPSBETWEENWEAKCONTROLACTIVITIESANDTHEOTHERWEAKCOMPONENTSUSINGSOX404DATAFORHUNDREDSOFPUBLICLYTRADEDFIRMS,WEEXPANDTHISANALYSISTOCONSIDERNOTONLYTHERELATIONBETWEENWEAKCOSOCOMPONENTS,BUTALSOTHERELATIONOFWEAKCOSOCOMPONENTSWITHMISSTATEMENTSTHISANALYSISPROVIDESINSIGHTSABOUTTHECONSEQUENC

22、ESOFTHEREPORTEDMWS,ANDINTURN,THEVALUEOFINTERNALCONTROLREPORTSHYPOTHESESTOHAVEEFFECTIVEINTERNALCONTROLS,AFIRMNEEDSTOHAVEALLFIVECOSOCOMPONENTSFUNCTIONINGTOGETHERTHETHEORETICALBASISOFCOSOISASTRONGCONTROLENVIRONMENT,THEFOUNDATIONFORTHEEFFECTIVENESSOFTHEOTHERCOMPONENTSTHUS,IFTHECONTROLENVIRONMENTISSTRONG

23、WEAK,THEOTHERFOURCOMPONENTSARELESSMORELIKELYTOHAVEMWSTHEREFORE,WEHYPOTHESIZEH1APOSITIVEASSOCIATIONSAREEXPECTEDBETWEENAWEAKCONTROLENVIRONMENTANDOTHERWEAKCOMPONENTSOFTHECOSOFRAMEWORKINADDITIONTOTHEFOUNDATIONPROVIDEDBYTHECONTROLENVIRONMENT,THEREMAININGCOMPONENTSALSOBUILDUPONTHEEFFECTIVENESSOFTHEPRECEDI

24、NGCOMPONENTCOSO1992,EXHIBIT1,19MOREOVER,COSOCLEARLYDESCRIBESTHESEBUILDINGRELATIONSHIPSAS1PRIORITIZERISKS,2IDENTIFYCONTROLSTOADDRESSTHESERISKS,3IDENTIFYNEEDEDINFORMATIONTOMONITOR4KLAMMANDWATSONJOURNALOFINFORMATIONSYSTEMS,FALL2009ESTABLISHEDCONTROLS,AND4IMPLEMENTMONITORINGTOEVALUATETHECOLLECTEDINFORMA

25、TIONCOSO2008,8IFTHERISKASSESSMENTCOMPONENTISNOTEFFECTIVE,AFIRMCANNOTIMPLEMENTNECESSARYCONTROLACTIVITIESTOMITIGATEUNIDENTIFIEDRISKSTHUS,IFRISKASSESSMENTISWEAK,CONTROLACTIVITIESAREMORELIKELYTOALSOBEWEAKIFCONTROLACTIVITIESAREWEAK,INFORMATIONANDCOMMUNICATIONISMORELIKELYTOBEWEAKANDFINALLY,IFINFORMATIONAN

26、DCOMMUNICATIONISWEAK,MONITORINGISMORELIKELYTOBEWEAKTHUS,WEHYPOTHESIZEH1BAPOSITIVEASSOCIATIONISEXPECTEDBETWEENAWEAKRISKASSESSMENTCOMPONENTANDAWEAKCONTROLACTIVITIESCOMPONENTH1CAPOSITIVEASSOCIATIONISEXPECTEDBETWEENAWEAKCONTROLACTIVITIESCOMPONENTANDAWEAKINFORMATIONANDCOMMUNICATIONCOMPONENTH1DAPOSITIVEAS

27、SOCIATIONISEXPECTEDBETWEENAWEAKINFORMATIONANDCOMMUNICATIONCOMPONENTANDAWEAKMONITORINGCOMPONENTINTERNALCONTROLISAMULTIDIRECTIONALITERATIVEPROCESSINWHICHALMOSTANYCOMPONENTCANANDWILLINFLUENCEANOTHERCOSO1992,18WHILEMODELRESTRICTIONSPREVENTUSFROMTESTINGALLPOSSIBLERELATIONSHIPS,WEFOCUSONTHEMONITORINGCOMPO

28、NENT,BECAUSE,WHENPROPERLYIMPLEMENTED,ITHELPSFIRMSIMPROVECONTROLSWHILEALSOREDUCINGTHECOSTSOFASSURINGTHATCONTROLSAREEFFECTIVECOSO2008DESPITETHESEBENEFITS,THEMONITORINGCOMPONENTHASNOTBEENFULLYUTILIZEDBYFIRMSDUETOALACKOFCLEARGUIDANCEANDUNDERSTANDINGCOSO2008EFFECTIVEMONITORINGSHOULDDETERMINETHATINTERNALC

29、ONTROLSYSTEMCONTINUESTOBERELEVANTANDABLETOADDRESSNEWRISKSCOSO2008,3,EMPHASISINORIGINALASRISKSCHANGE,MANAGEMENTMUSTRECOGNIZEANDEVALUATETHOSENEWRISKSANDIMPLEMENTAPPROPRIATEINTERNALCONTROLSTOMITIGATETHEMTHEREFORE,FIRMSWITHWEAKMONITORINGARELIKELYTOHAVEMWSINRISKASSESSMENTANDCONTROLACTIVITIESASHYPOTHESIZE

30、DBELOWH1EAPOSITIVEASSOCIATIONISEXPECTEDBETWEENAWEAKMONITORINGCOMPONENTANDAWEAKRISKASSESSMENTCOMPONENTH1FAPOSITIVEASSOCIATIONISEXPECTEDBETWEENAWEAKMONITORINGCOMPONENTANDAWEAKCONTROLACTIVITIESCOMPONENTONEOFTHEOBJECTIVESOFINTERNALCONTROLISTOPROVIDERELIABLEINFORMATIONTHUS,STRONGWEAKINTERNALCONTROLSSHOUL

31、DLEADTOHIGHLOWFINANCIALREPORTINGRELIABILITYRELIABLEFINANCIALREPORTINGINDICATESTHAT1FIRMSFOLLOWGENERALLYACCEPTEDACCOUNTINGPRINCIPLESCOSO1992,35,AND2ACCOUNTSAREAPPROPRIATELYSTATEDAMISSTATEMENTISTHEDIFFERENCEBETWEENTHERECORDEDANDTRUEVALUEOFANACCOUNTLINEITEMTHISDIFFERENCEMAYORMAYNOTBEDETECTEDBYTHEAUDITO

32、RSANDINCLUDESUNINTENTIONALERRORS,MISAPPROPRIATIONFRAUDKINNEY2000,ANDMISREPRESENTATIONFRAUDSUCHMISSTATEMENTSDECREASEFINANCIALREPORTINGRELIABILITYACCORDINGTOCOSO,IFALLCOMPONENTSARENOTWORKINGEFFECTIVELYIE,DETECTORPREVENTTHEENTRYOFERRONEOUSORFRAUDULENTDATA,THEOBJECTIVEOFFINANCIALREPORTINGRELIABILITYMAYN

33、OTBEMET,ANDACCOUNTSMAYBEMISSTATEDTHUS,WEEXPECTTHATWEAKCOSOCOMPONENTSAREPOSITIVELYRELATEDTOMISSTATEMENTS,ASSTATEDINOURSECONDHYPOTHESISH2WEAKCOSOCOMPONENTSAREPOSITIVELYRELATEDTOTHENUMBEROFMISSTATEDACCOUNTBALANCESGIVENTHATITISTHEFOUNDATIONOFANEFFECTIVESYSTEMOFINTERNALCONTROL,ITCONTROLSHAVEAPERVASIVEEFF

34、ECTONTHEACHIEVEMENTOFCONTROLOBJECTIVESASWELLASTHEFIRMSINHERENTRISKOFMISSTATEMENTSSPECIFICALLY,INEFFECTIVEITCONTROLSMAYLEADTOINCORRECTRECORDINGOFTRANSACTIONS,WHICHINTURNMAYRESULTINMISSTATEMENTSITGI2004,21,6PRIORRESEARCHFINDSFIRMSWITHITMWSHAVELESSACCURATEFORECASTSWHENCOMPAREDTOFIRMSWITHNONITRELATEDMWS

35、,INDICATINGLOWERQUALITYFINANCIALINFORMATIONFORITWEAKFIRMSLIETAL2008THUS,WEEXPECTFIRMSWITHITRELATEDMWSTOHAVEMOREMISSTATEDACCOUNTBALANCES,WHICHLEADSTOOURTHIRDHYPOTHESISH3FIRMSWITHITRELATEDMWSREPORTMOREMISSTATEDACCOUNTSTHANFIRMSWITHNONITRELATEDMWSUSINGUSAUDITDATAFROM1988WHERE56PERCENTOFTHEFIRMSWERECOMP

36、UTERIZEDMESSIERETAL2004,224,BELLETAL1998,14FINDTHATINCORRECTMANUALCOMPUTATIONS,IMPROPERRECORDINGOFEXCHANGEDOCUMENTS,INCORRECTAPPLICATIONOFINTERNALCONTROLS,ANDINADEQUATEINTERNALCONTROLSAREMORELIKELYTOBESOURCESOFPROBLEMSWHENINFORMATIONSYSTEMSARECOMPUTERIZEDEMPHASISINORIGINALADECADELATER,USINGNORWEGIAN

37、AUDITDATAFROM1997,MESSIERETAL2004EXAMINEDASAMPLEOFFIRMS62PERCENTWERECOMPUTERIZEDINALLBUSINESSPROCESSES38PERCENTWEREPARTIALLYCOMPUTERIZED,EG,BUSINESSPROCESSESSUCHASPAYROLLLEASESAND/OROTHERACTIVITIESWERENOTCOMPUTERIZEDTHEYFINDTHATMISSINGCONTROLS,POORLYDESIGNEDCONTROLS,ANDOVERWORKEDACCOUNTINGPERSONNELA

38、REMORELIKELYTOBETHESOURCEOFMISSTATEMENTSINCOMPUTERIZEDBUSINESSPROCESSESASCOMPAREDTONONCOMPUTERIZEDBUSINESSPROCESSESTHUS,THEUSEOFITAPPEARSTOHISTORICALLYBEASSOCIATEDWITHMOREOVERALLNONITCONTROLPROBLEMSTODAY,ITISINSEPARABLEFROMAFIRMSSTRATEGICANDOPERATIONALINFORMATIONSYSTEMS,MAKINGITCONTROLCOMPETENCYINAL

39、LOFTHECOSOCOMPONENTSANECESSITYFORCOSOTOBEEFFECTIVEITGI2004,27,EMPHASISADDEDWHILEEFFECTIVEITCONTROLSSUPPORTTHEENTIRECOSOFRAMEWORKITGI2004,27,INEFFECTIVEITCONTROLSMAYSTILLBEASSOCIATEDWITHNONITCONTROLPROBLEMSGIVENITSGROWINGROLEINTHEFIRMTHEREFORE,WEEXAMINEWHETHERFIRMSWITHATLEASTONEITRELATEDINTERNALCONTR

40、OLPROBLEMHAVEMORENONITRELATEDINTERNALCONTROLPROBLEMS,ASSTATEDINOURFOURTHHYPOTHESISH4FIRMSWITHITRELATEDMWSREPORTMORENONITRELATEDMWSTHANFIRMSWITHONLYNONITRELATEDMWSSOURCEBONNIEKKLAMM,MARCIAWEIDENMIERWATSONSOX404REPORTEDINTERNALCONTROLWEAKNESSESATESTOFCOSOFRAMEWORKCOMPONENTSANDINFORMATIONTECHNOLOGYJJOU

41、RNALOFINFORMATIONSYSTEMS,2009,3123译文萨班斯法案404内控报告弱点一个试验COSO框架组件和信息技术本文通过信息技术IT和非信息技术角度来研究内部控制和委员会内部控制整合框架的五个要素相关COSO1992年以及COSO中的三个项目报告可靠性成果。我们的样品是根据490个公司在依照萨班斯奥克斯利法案第404条款下的第一年间的薄弱报告资料。我们通过COSO部分信息技术相关和信息技术不相关来划分弱点。我们的研究结果支持COSO框架的相互联系，结果还表明账目虚报的数量和薄弱COSO部分（如，范围）和确切的薄弱COSO部分（如，存在）呈正相关。信息相关薄弱部分的公司比没

42、有信息相关薄弱部分的公司有更多不足资料和错报，为薄弱的信息技术控制普遍负面影响提供证据,特别是在控制环境、风险评价、和监控方面。2004年11月15日开始，2002（SOX404）萨班斯奥克斯利法案第404条要求所有上市公司（至少7500万美元上市股份浮动）报告其财务报告中内部控制的有效性。管理者必须（1）明确他们有责任建立并维持内部控制。（2）确定内部控制框架来评估控制。（3）提供内部控制有效性的措施。（4）确定重大弱点。MWS是“一个弱点或是弱点的组合而存在公司财务报表没有及时发现和避免重大错报（早期重点）的合理性（内部控制审计准则2007，第A7）。一些使用SOX数据控制研究大量出现，主

43、要调查公司MWS报告和市场条件下内部控制报告对市场条件影响的特点。公司的MWS报告是规模更小、更年轻、更危险、更复杂并且较差累计盈余质量使经济更薄弱。市场研究表明股票价格对MWS报告的反应是消极的，尤其是对严重的MWS（哈默斯利等，2008；贝尼斯等，2008）。此外，安然和其他高知名度的会计丑闻降低了市场的流动性，反弹于SOX，表明法律有效的恢复投资者的信心（杰恩等，2008）。这项研究的目标是通过对信息技术和委员会组织的内部控制整体来分析MWS以扩大现存的控制文献。（COSO，1992；后来的COSO）COSO有五个相关的部分组成控制环境、风险评估、控制活动、信息与沟通、监控。在SOX40

44、4法规使用的第一年中，我们通过COSO部分和信息相关和非信息相关来分类MWS报告。我们研究薄弱COSO部分的相关性和他们与大量虚假报告和财务报表可靠性措施的关系。我们的结果支持薄弱COSO部分的相关性，我们提供证据表明一个薄弱的控制环境与其他薄弱COSO部分呈正相关。并且其余薄弱部分和先前（薄弱）部分积极联系起来。该模型在薄弱监控的关联性提供了额外支持。因为薄弱的风险评估和薄弱的控制活动是正相关。我们还表明薄弱的COSO部分会影响报告的可靠性。我们发现报告的可靠性被范围（即薄弱COSO部分的数量）和具体薄弱部分存在的控制问题影响，并且无论弱点是IT信息技术或非信息技术相关。信息技术相关薄弱部分

45、报告的公司比公司无信息技术相关薄弱部分不仅有更多的非信息技术相关的MWS和错报，而且有一个更大MWS范围。此外，信息技术相关薄弱部分的一般对报告的可靠性和大量非信息技术重大弱点报告有一个增加的负面影响，特别是对控制环境，风险评估和监控部分。因此，信息技术领域似乎影响整体控制的有效性。这项研究有助于理解薄弱部分之间的关系，这对监管者，投资者，审计师和管理人员都非常重要，因为一个公司的设计和内部控制制度的执行影响报告的准确性以及运作效率和效益。料及信息技术在内部控制中的作用必须考虑到（1）计算机系统处理大多数商业信息。（2）信息技术改变虚假的性质（金尼，2000）。（3）一些经验证据存在相关信息技

46、术在内部控制中的作用（梅西尔等，2000；华莱士等，2000；信息技术治理协会，2004）。此外，目前授权知道提供给审计人员努力减少激励去利用信息技术控制测试（美国上市公司会计监管委员会，2007，附录B28），这要求审计人员清楚地了解信息技术和非信息技术MWS怎样影响框架的有效性。COSO内部控制的集成框架SOX404要求管理者利用一个框架来评估内部控制管理，鉴于大多数企业使用的是COSO，我们通过研究MWS在COSO五个部分下的内容来分析内部控制。第一个部分控制环境为其他部分提供基础，并设置公司的结构，它包括完整性、道德、观念、能力、理念和公司管理人员和雇员的经营风格。第二部分是风险评估是

47、识别、分析和可能会阻碍公司实现其目标的风险管理（经营，经济，工业，监管）。第三部分是管理者通过实施控制环境来降低已识别的风险。控制活动包括职责、审批、审查、对账和授权管理。第四个部分是信息与沟通，指的是及时获取和传播内部和外部事件（水平和垂直）的整个组织价值链的相关信息，并且包括管理者、员工、供应商和客户之间的沟通。最后的部分是监控，是持续监测其他部分的有效性。COSO明确定义为相互关联的组成部分。然而，仅一项叫盖革（2004）的研究表明了它们的关联性。她们通过罗德岛的32个国家机构对内部控制工作报告来归类内部控制的MWS报告并且发现在薄弱的内部控制环境和风险评估之间的（单变的）正相关以及薄弱

48、的内部控制活动和其他部分之间的负相关。使用萨班斯法案404上百家公开上市公司的数据，我们扩大这种分析不仅考虑COSO薄弱部分的关系，而且考虑COSO中虚假薄弱部分的关系。这个分析提供关于MWS报告后果的洞察力和相反的内部控制报告的价值。假设为了获得一个有效地内部控制，公司需要包括COSO五个部分的全部功能，COSO的理论基础是强大的内部控制环境，是其他部分有效性的基础。因此，如果控制环境是强（弱）的，其他四个部分较少（较多）可能有MWS。因此，我假设1、预计薄弱的控制环境部分和其他薄弱的COSO框架部分是正相关。除了通过控制环境提供基础之外，其余部分也在前面部分的基础上建立了有效性（COSO，

49、1992，解释，1,19）。此外，COSO明确地描述这些“建立”关系（1）优先处理风险。（2）识别控制风险。（3）确定所需要的信息以监控克拉马姆和沃森杂志的4个信息系统再2009年全球成立的控制。（4）实施监控以评估收集到的信息（COSO，2008,8）。如果风险评估部分无效，公司就无法执行必要地控制活动来降低不明风险。因此，如果风险评估是薄弱的，则控制活动也更有可能是薄弱的，最后，如果信息和沟通时薄弱的，则监控更有可能是薄弱的。因此，我假设1、预计薄弱的风险评估部分和薄弱的内部控制之间是正相关。2、预计薄弱的控制活动部分和薄弱的信息与沟通部分是正相关。3、预计薄弱信息与沟通部分和薄弱监控部分是正相关。内部控制是一个“几乎任何部分能够并将影响其他部分的多向反复的过程”（COSO,1992，18）。而模型防止我们测试所有可能的关系，我们集中于监控部分，因为当适当的实施有助于公司改善控制，并在保证控制有效性的同时降低成本（COSO，2008）。尽管有这些优点，监控部分由于企业缺乏明确的指导和了解而没有被充分利用（COSO，2008）。有效的监控应当确定内部控制系统仍然相关联并能够解决新的风险。随着风险的变化，管理必须认识和评价这些新风险并且实施适当的内部控制以降低风