题名

沙氏法案下會計師執行一般控制風險評估模式之建構與實證

并列篇名

The Development of a General Control Risk Assessment Model Based on the Sarbanes-Oxley Act

DOI

10.6538/TAR.2012.0802.04

作者

張碩毅(She-I Chang);張益誠(I-Cheng Chang);林弘斌(Hong-Bin Lin);陳奕豪(Yi-Hao Chen)

关键词

沙氏法案 ; 一般控制 ; 風險評估 ; Sarbanes-Oxley Act ; General Control ; Risk assessment

期刊名称

中華會計學刊

卷期/出版年月

8卷2期(2012 / 07 / 01)

页次

257 - 285

内容语文

繁體中文;英文
中文摘要

在安隆與世界通訊等財務醜聞事件爆發後,美國參眾兩院於2002年7月底通過「Sarbanes-Oxley Act of 2002」(簡稱沙氏法案)。美國沙氏法案的通過,促使了企業風險管理整合架構的產生,其要求企業必須要以風險導向為基礎來進行內控制度的設立。本文採用Gowin's Vee的架構作為研究策略。在文獻端部分,本研究藉文獻探討之歸納整理,以整理方式將審計流程、一般控制相關規定以及國內外文獻加以整理收集成一般控制上的風險評估重點。方法端部分,則將風險評估重點作成專家問卷發放並在收回專家問卷後加以整理成為建構模式的評估要項,進而進行風險評估模式的建構。最後在風險評估模式建構完成後,以實證方式來驗證風險評估模式之實用性。本研究所建構出來的風險評估模式,經實證結果顯示,受訪者對於採用本研究所建構出之風險評估模式的意願相當高,且符合會計師事務所查核人員對於一般控制風險評估的需求。
英文摘要

After the Enron and WorldCom scandals broke, the U.S. Congress passed Sarbanes-Oxley Act of 2002 at the end of July in 2002. The passing of Sarbanes-Oxley Act prompted the creation of ERM Integrated Framework, which requires companies to establish risks-oriented internal control systems. This research establishes its research structure based on the research strategies proposed by Gowin's Vee. On the theoretic aspect, this research confirms the measurements and items of risk assessment required for general control, in order to ensure that the list is compliant with Sarbanes-Oxley Act. This approach also assures and enhances the content validity of measurements and assessment items, and the consistency with practices. Before the empirical study, this research develops an expert questionnaire by referring to the method and validation process proposed by Lawshe (1975). The results showed that the respondents are highly willing to use the risk assessment model constructed in this research and that the model fulfils the auditing requirements for Sarbanes-Oxley Act and the requirements for risk assessments of general control.
主题分类 社會科學 > 財金及會計學
参考文献
  1. 行政院研究發展考核委員會,2007,美國審計部資訊安全風險評估案例-上,http://www.rdec.gov.tw/public/Data/8422943971.pdf
  2. 財團法人中華民國會計研究發展基金會審計準則委員會,1993,《審計準則公報第二十四號-重大性與查核風險》,財團法人中華民國會計研究發展基金會審計準則委員會,台北
  3. 財團法人中華民國會計研究發展基金會審計準則委員會,1997,《審計準則公報第三十一號-電腦資訊系統下執行查核工作之考量》,財團法人中華民國會計研究發展基金會審計準則委員會,台北
  4. Accounting Research and Development Foundation. 1993. General Auditing Standard No. 24- Material and Auditing Risk. Taipei: Accounting Research and Development Foundation. (in Chinese)。
  5. Research, Development and Evaluation Commission. 2007. The case of information systems security risk assessment in US. http://www.rdec.gov.tw/public/Data/8422943971.pdf. (in Chinese)
  6. Accounting Research and Development Foundation. 1997. General Auditing Standard No. 31- Consideration of Auditing Task over Computer Environment. Taipei: Accounting Research and Development Foundation. (in Chinese)。
  7. Brewster, B. 2008. Enhancing the auditor expertise model: How systems thinking fosters a reinforcing feedback loop between knowledge and ability. Working paper, University of Illinois, USA.
  8. British Office of Government Commerce (OGC). 2007. IT Infrastructure Library v3. Norfolk: British Office of Government Commerce.
  9. Su, Yu-Hui. 2005. Complete analysis of Sox 404. The newsletter of Deloitt, March, 6-12. (in Chinese)。
  10. Bierstaker, J. L.,Hunton, J. E.,Thibodeau, J. C.(2009).Do client-prepared internal control documentation and business process flowcharts help or hinder an auditor's ability to identify missing controls?.Auditing: A Journal of Practice & Theory,28(1),79-94.
  11. British Standards Institution=BSI(2000).Information Security Management.London:British Standards Institution.
  12. British Standards Institution=BSI(2002).Information Security Management.London:British Standards Institution.
  13. Chang, She-I、Huang, Shi-Ming、Roan, Jinsheng、Hung, Yu-Chung、Hung, Shin-Yuan(2005)。Enterprise Resource Planning。Taipei:Chuan Hwa Book Co. LTD。
  14. Chen, I-Ping(1999)。New auditing methods in 2000。Accounting Research Monthly,158,10-15。
  15. Committee of Sponsoring Organizations of the Treadway Commission=COSO(2004).Enterprise Risk Management-Integrated Framework.New York:Committee of Sponsoring Organizations of the Treadway Commission.
  16. Committee of Sponsoring Organizations of the Treadway Commission=COSO(1992).,New York:Committee of Sponsoring Organizations of the Treadway Commission.
  17. Cooley, J. W.,Hicks, J. O.(1983).A fuzzy set approach to aggregating internal control judgments.Management Science,29(3),317-334.
  18. Coppers, P.,Lybrand, L. L. P.(2002).Security, Audit and Control Features SAP R/3: A Technical and Risk Management Reference Guide.Illinois, IL:IT Governance Institute.
  19. Davis, F.D.(1989).Perceived usefulness, perceived ease of use, and user acceptance of information technology.MIS Quarterly,13(3),319-340.
  20. Gelinas, U. J., Jr.,Dull, R. B.(2008).Accounting Information Systems.Ohio, OH:Thomson South-Western.
  21. Graham, L.(1993).Expertise in auditing.Auditing: A Journal of Practice & Theory,12(2),46-50.
  22. Gurney, P. M.,Chambers, E.,Grant, L.,Shah, S.,Sullivan, M.(2004).The Internet: marketing research's Panacea or Pandora's box.Marketing Review,4(1),27-45.
  23. Hair, J. F.,Anderson, R. E.,Tatham, R. L.,Blcak, W. C.(1998).Multivariate Data Analysis.New Jersey, NJ:Prentice-Hall.
  24. Huang, Shi-Ming、Chuang, Sheng-Chi(2005)。The Handbook of ACL Analysis and Computer Auditing。Taipei:Chuan Hwa Book Co. LTD.。
  25. IT Governance Institute(2006).COBIT Mapping-Mapping of ISO 17799 with COBIT 4.0.Illinois, IL:IT Governance Institute.
  26. Lawshe, C. H.(1975).A quantitative approach to content validity.Personnel Psychology,28(4),563-575.
  27. Novak, J. D.,Gowin, D.B.(1984).Learning how to Learn.Cambridge:Cambridge University Press.
  28. Wu, Su-Huan、Hung, Chia-Long(2006)。Critical point auditing within computer control-Sales cycle fraud。Accounting Research Monthly,243,80-85。
  29. Wu, Tsung-Fan(1997)。Accounting Information Systems and Computer Auditing。Taipei:Best-wise。
  30. Yen, David Chi-Chung、Huang, Shi-Ming、Lee, Chia-Ling、Hsia, Yung-Ching(2006)。The influence and impact of Sarbanes-Oxley Act。Journal of Computer Audit,15,1-15。
  31. 吳素環、洪嘉隆(2006)。以電腦控制關鍵點查核─銷售循環舞弊。會計研究月刊,243,80-85。
  32. 吳琮璠(1997)。會計資訊系統與電腦審計。台北:智勝圖書。
  33. 張碩毅、黃士銘、阮金聲、洪育忠、洪新原(2005)。企業資源規劃。台北:全華科技圖書股份有限公司。
  34. 陳依蘋(1999)。跨越2000 年的審計新方法。會計研究月刊,158,10-15。
  35. 黃士銘、莊盛棋(2005)。ACL 資料分析與電腦稽核教戰手冊。台北:全華科技圖書股份有限公司。
  36. 嚴紀中、黃士銘、李佳玲、夏詠清(2006)。沙賓法案(Sarbanes-Oxley Act)之適用、影響及衝擊。中華民國電腦稽核協會期刊,15,1-15。
  37. 蘇裕惠(2005)。揭開企業財務運作的神秘面紗─沙氏法案404 完全解析。勤業眾信通訊,2005(3 月號),6-12。
print cancel