Summary: | 沙氏法是美國在經歷一連串包括安隆、世界通訊等知名企業在內的財報不實醜聞後,為重建投資大眾對公開發行公司財報及美國證券市場的信心,迅速於2002年7月30日頒佈之一項企業革新法。綜觀其中66項條款,引發最多爭議、且對所有公司影響最大的首推404條款。該條款要求管理階層與簽證會計師評估公司與財務報導有關之內部控制制度其有效性,而爭議的重點主要在其實施方式和高遵循成本。
本研究透過個案研究,以深度訪談與問卷調查的方式,瞭解個案公司為遵循沙氏法404條款而推動之專案其組織架構與施行程序,同時蒐集公司主管及員工之意見,以分析實施效益並提出建議。
研究發現,33.34%的受訪者認同公司遵循沙氏法404條款所獲得的效益大於成本,17.34%反對,49.33%持中性看法。受訪者除認為實施沙氏法專案有助於強化同仁的風險意識、引導公司重新檢視與財務報導有關之內部控制制度,並將作業程序標準化、提升內控品質與財報可信度、遵循集團政策外,同時認為沙氏法專案有改善的空間,尤其在整合公司現有的風險控管機制、簡化測試流程及對測試文件的要求等方面。
誠如個案公司財務長所重視的“塑造企業文化”,沙氏法404條款強調的是“由上到下、以風險為基礎”,因此,樹立正確的在上位者之語調與表態極為重要,尤其是董事會、執行長和財務長,必須全力支持,建構具成本效益且符合沙氏法404條款的測試架構,以評估與財務報導有關之內部控制,進而確保財務報導之可靠性。
=== After a whole series of financial scandals, such as Enron and WorldCom frauds, the US government swiftly declared the Corporate Reform Law on July 30, 2002, i.e. the Sarbanes-Oxley Act of 2002 (“SOX”), aiming to restore investors’ confidence in financial statements of the public companies and the US security market, as well. Among 66 sections in total in SOX, the most contentious aspect, which has also made significant impacts on companies, is Section 404 (“SOX 404”) requiring management and the external auditors to assess the effectiveness of Internal Control over Financial Reporting (“ICFR”). The key point of contention is its stringent implementation and high compliance cost.
In-depth interview and questionnaire survey methods were adopted in this case study to explore how the researched company (“the Company”) implemented its project in response to SOX 404 and then to have a detailed analysis based upon the answers and comments obtained from the interviewees and the questionnaire respondents. Suggestions are made at the end of the study.
The study finds that 33.34% of the respondents agreed with the view that compliance with SOX 404 generates greater benefit than cost to the Company, while 17.34% were against it, and 49.33% remained neutral. Despite the fact that abiding by SOX may enhance the employees’ risk awareness, guide the company to reexamine its ICFR, add more credibility of financial reports, and conform to Group policy etc., both the interviewees and the respondents consider that there is room for improvement as far as SOX 404 project is concerned. For example, a full integration of the existing risk management mechanisms and also a great simplification of testing procedures and documentation requirements.
Just as the CFO of the Company highlights the importance of molding enterprise culture, SOX 404 is also top-down, risk-based oriented. As a result, it is essential to set the right tone at the top. The Board of Directors, CEO, and CFO must give their full support for building a testing framework, which is cost-effective and keeps to SOX 404. By doing so, ICFR can be accurately assessed, and the reliability of financial reports can be virtually assured.
|