内部統制が不備と報告した会社は、7% 2006.04.25現在

　こんにちは、丸山満彦です。2006.05.10にPCAOBのラウンドテーブルが行われますね。今後の日本の動きにも影響があるのでは・・・と思います。そのディスカッション資料に2006.04.25現在で、内部統制が不備と報告した企業の割合が書かれています。昨年度の16%から減少して、7%ということのようです。

　
■PCAOB
・PCAOB and SEC Roundtable on Internal Control Reporting Requirements
・・Briefing Paper: Roundtable on Implementation of Internal Control Reporting Provisions

　2ページ目ですね。

＝＝＝＝＝
During the initial year of reporting under the internal control reporting requirements (November 16, 2004 through November 15, 2005), approximately 3,900 companies reported on the effectiveness of their internal control over financial reporting, with almost 16% of those companies concluding that their internal control over financial reporting was not effective. A total of approximately 1,500 material weaknesses were reported, on a variety of control-related topics.
During the second year of reporting, through April 25, 2006, approximately 3,000 companies have reported, with almost 7% of those companies concluding that their internal control over financial reporting was not effective. A total of approximately 400 material weaknesses have been reported, again on a variety of control-related topics.
(Source: Audit Analytics)
＝＝＝＝＝

当日のディスカッション内容と事前に寄せられた意見・・・
＝＝＝＝＝
PANEL 1. OVERVIEW OF THE SECOND YEAR
Discussion Questions
1. Do you believe that the requirements of Section 404 have helped improve the quality of companies’ annual and quarterly financial statements or resulted in other benefits? If so, what is the primary source of that improvement? What are the countervailing costs of Section 404 compliance?
2. Please provide your overall perspectives regarding your experiences with the second year of assessing, reporting, and auditing internal control over financial reporting. What was different about the process in the second year? Were substantial modifications made in management’s and the auditor’s approach to the assessment? If so, what were they?
3. What are your thoughts about the efforts and costs incurred this year as compared with the first year? What portion of these efforts and costs related to work by the outside auditor versus other efforts and costs to companies? Did you realize expected cost savings in the second year? If so, what is the primary source of cost savings (e.g. increased efficiency, reduced documentation, etc.)? What are your views regarding efforts and costs to be incurred in future years?
4. What implementation and/or ongoing issues have arisen or continued in the second year of assessing, reporting, and auditing internal control over financial reporting? How should such issues be addressed?
5. Was the level of effort required to complete the assessment in the second year substantially greater or less than in the first year? Are further modifications to management’s assessment and the auditor’s process anticipated in future years? Will the same level of effort expended in the second year be necessary or even increase in the third year and beyond?

PANEL 2. MANAGEMENT’S EVALUATION AND ASSESSMENT
Discussion Questions
1. Was the guidance issued on May 16, 2005, by the SEC and PCAOB helpful in improving management’s process in the second year? Were processes for evaluating controls more riskfocused in the second year? What are the biggest challenges in implementing a risk-based approach? Would further guidance be helpful in any area?
2. How, if at all, would management have approached its assessment differently if it did not know that it would be the subject of an independent audit? Were there instances where management believed that it had taken an appropriate, risk-based approach to assessing internal control over financial reporting, but modified that approach based on auditor demands? Were these changes beneficial to the company’s system of internal control over financial reporting or to the effectiveness and efficiency of management’s assessment?
3. Is there sufficient information available to management concerning the appropriate internal control framework? Is there sufficient information available concerning how management should conduct an internal control assessment?
4. Did management’s evaluation process consider company-level controls in determining the scope and extent of testing of accounts and processes? What types of company-level controls have the greatest impact on the scope and extent of testing?
5. Are there issues or challenges that are specific to smaller accelerated filers in completing their assessments that might not apply to all accelerated filers? If so, what are those issues and challenges and how can they be addressed?
6. How did your evaluation of information technology general controls differ in the second year? Do you see additional areas for improvement? Were you able to implement a benchmarking strategy for computer application controls? If not, why not? Would additional guidance be useful?
7. Many companies indicated at last year’s roundtable that they incurred significant effort and cost documenting internal controls. What drove the level of documentation? How did the second year compare to the first year in terms of effort and cost spent on documentation? What modifications to existing requirements might make the process more efficient and effective? Are particular modifications desirable or necessary for smaller and less complex companies?

PANEL 3. THE AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING
Discussion Questions
1. Did auditors use any strategies to ensure that they appropriately altered the nature, timing, and extent of their testing in response to the assessed level of risk? If so, what were they? Are there additional improvements that could be made in the auditor’s performance of a riskbased audit?
2. What impact did the Board’s inspections of firms’ first year internal control audits have on the audit process? What effect did the Board’s November 30, 2005, report have on the second-year process? What impact did the Board’s inspection program generally have on the auditor’s approach to implementing the AS No. 2 audit process? How should the Board ensure that its inspection program is both rigorous and consistent with Board guidance concerning the implementation of AS No. 2?
3. Were fully integrated audits performed in the second year? If not, what barriers existed in the second year to prevent integration, and what can be done to reduce those barriers in the future? In what other ways could auditors increase the efficiency and effectiveness of the audit process without compromising the Act’s goals?
4. How do auditors gather and use evidence about company-level controls? Were there changes to the auditors’ approach to evaluating these controls, including control environment, in the second year? How do auditors evaluate the impact of compensating controls on control deficiencies? Do management’s and the auditor’s views differ in this area?
5. Did the process of identifying significant accounts, significant processes, and major classes of transactions worsen or improve in the second year? If not, what is the primary difficulty in this area? Do management’s and the auditor’s views differ in these areas?
6. Did auditors increase or decrease the degree to which the work of others was relied on in the second year? Was the May 16, 2005, guidance issued by the SEC and the PCAOB helpful in determining the extent to which the work of others could be used in the second-year assessment? Are there specific barriers that prevent auditors from using the work of internal auditors and others performing management’s assessment to the fullest extent appropriate?
7. Are auditors tailoring the internal control audit to the complexity of the company? Is there appropriate recognition from auditors that control objectives may be achieved via many different methods? Are auditors reluctant to scale their work in less complex environments? Would modification to AS No. 2, or to the auditors requirements as a whole, make the process more effective and efficient? Are particular modifications necessary for smaller and less complex companies?

PANEL 4. THE EFFECT ON THE MARKET
Discussion Questions
1. Do you believe that the goals of the Act are being met? If not, why not? If so, were the goals being met chiefly by management’s assessment, the independent audit, or both? Are these goals being met at a cost that is justified by the benefits delivered to shareholders? Is your view impacted by the size and/or complexity of the company?
2. Do investors benefit from internal control reporting? What is the source of any benefits? What are the countervailing costs? How could the internal control requirements be improved from an investor’s perspective?
3. How is the competitiveness of U.S. public companies impacted by the internal control requirements? How might the cost of capital for U.S. companies change as a result? What will be the effect on U.S. securities markets and, therefore, U.S. investors? Will companies seeking to go public be influenced by the costs associated with the internal control reporting and auditing requirements? If so, how?
4. Do investors and other market participants generally understand the existing definition of the term “material weakness”? Do companies’ public disclosures about the existence of material weaknesses adequately inform investors and the market about the material weaknesses internal control over financial reporting and the effect of those material weaknesses on financial reporting? Does the market react to material weakness disclosures?
5. In your opinion, have disclosures related to material weaknesses in companies’ internal control over financial reporting been helpful to investors? If so, how? Did such disclosure improve in the second year? If so, how?
6. Should other reporting and/or assessment options that are consistent with the goals of the Act be considered for management or the auditor? If so, how would these reporting options achieve the goals of the Act?

PANEL 5. NEXT STEPS
Discussion Questions
1. What remaining concerns about the implementation of internal control over financial reporting should be addressed? Do you believe management could obtain a reasonable basis for its assessment with less work and cost in subsequent years? Could the auditor issue his or her opinion with less work? If so, what work could be reduced or eliminated? Should management or the auditor be permitted to rotate the controls tested in subsequent years?
2. Are there specific amendments that could be made to either the Commission’s rules or the PCAOB’s standards to improve the efficiency and effectiveness of management’s assessment and the auditor’s role?
3. Is there specific additional guidance regarding internal control over financial reporting that the Commission should provide to companies, including guidance with respect to management’s assessment? Is there specific additional guidance that the Board should provide to auditors regarding the audit of internal control?
4. Did costs related to internal control over financial reporting decrease as much as expected in the second year? Did total audit fees for the integrated audit decrease in the second year? Are costs expected to come down significantly in the third and subsequent years?
5. What other actions should the Commission and the Board consider to improve the process? What actions could other interested parties take to improve the process?
＝＝＝＝＝

SECに寄せられたコメントについては、
・SEC Comments on:Second-year Experiences with Implementation of Sarbanes-Oxley Internal Control Reporting and Auditing Provisions [File No. 4-511]
又は
・PCAOB Comments on Experiences with the Second-year Implementation of Internal Control Reporting and Auditing Provisions

＝＝＝＝＝
後で読んでおこうと思ったレポート
●Oversight
・Oversight Systems Executive Reports

Comments

まるちゃんおひさしぶりです。こんにちは。

このＳＯＸ法は投資家のために作った法律だと理解しています。

①内部統制に不備があってもＳＥＣ登録を抹消された企業と言うのを聞いたことがありませんが、実際どうなのでしょうか？噂によれば「途中経過に問題があっても最終的に数字が合ってれば事実上お咎めなし」とのことですが。

②また、この情報を基にしてたとえば株を買う、買わないの判断をしている投資家の率を調査したデータってどこかにないのでしょうか？

①がそのとおりと仮定し、②もし調査結果があって非常に低い率（私自身は、企業には絶対どこかしらに問題点がある、と考えているので、ＭＷはあって当然でこの情報をもとに株の売り買いの判断はまずもってしません）だとすると、このＳＯＸ法は運用している意味が非常に希薄ですよね。企業もなんのためにやってるのかわからん。あほらし。てなことになります。

で、これを真似して法律施行しようとしている日本はもっとあほらし、ということになってしまわなければよいのですが・・・

私はＳＯＸ、Ｊ－ＳＯＸを「運転の仕方を報告させれば交通事故が減るだろう法」と命名したくてしょうがありません。違反の厳罰化と取締りの強化に手間隙かけたほうが結果がよくなりそうなものですがね。大学の先生や会計士さんにはそういうお考はないものなのでしょうか？
プロ野球の交流戦が一番の興味どころである一般ピーポーレベルにはとってもわかりにくい世界であります。

Posted by: family_k | 2006.05.09 16:23

family_kさん、コメントありがとうございます。
なるほど・・・。

膨大な文書化と評価作業が必要な業務プロセスより、大きな不正は経営者がしたりするので、何が本当は必要か・・・ということも考える必要があるのかもしれませんね・・・

Posted by: 丸山満彦 | 2006.05.10 23:24

>「運転の仕方を報告させれば交通事故が減るだろう法」

ただし、ドライブレコーダーを付した自動車は、確かに事故は減るだろうし、事故後の紛争解決費用は激減することは確かでしょうね。

さらに、フライトレコーダーは、将来の重大事故を減らすのに劇的な効果はありますね。

では、マネジメントレコーダーみたいなのをつくりましょということではどうなんでしょ。

Posted by: ミスターIT | 2006.05.26 12:03

ミスターITさんコメントありがとうございます。
>>「運転の仕方を報告させれば交通事故が減るだろう法」

> ドライブレコーダーを付した自動車は、確かに事故は減るだろうし、事故後の紛争解決費用は激減することは確かでしょうね。

ドライブレコーダーをつけると事故は減るのですが、ドライブレコーダーの価格と性能（というか効果）の問題なのだろうと思います。

Posted by: 丸山満彦 | 2006.05.27 08:46