« 総務省 ネット上のウソ発見器開発? | Main | 開発環境と運用環境の分離ができない場合は変更コントロール »

2006.08.28

SAS No.55の内部統制の要素

 こんにちは、丸山満彦です。1980年代後半におこったいわゆる期待ギャップの解消のために米国ではSAS(監査基準書)の改定が相次いだわけですが、内部統制についての監査基準書も1988年に改定されました。その時の内部統制についての説明です。

 
SAS55では、内部統制構造の要素を3つに分類しています。
・統制環境
・会計システム
・統制手続

統制環境は、COSOの統制環境とモニタリング(内部監査)に近いですね。
会計システムは、情報と伝達に近いですね。
統制手続は、統制活動と一部モニタリングも含まれているように見えます。
 
■Statements on Auditing Standards
No.55 Consideration of the Internal Control Structure in a Financial Statement Audit

=====
Control Environment
09. The control environment represents the collective effect of various factors on establishing, enhancing, or mitigating the effectiveness of specific policies and procedures. Such factors include the following:
> Management’s philosophy and operating style
> The entity’s organizational structure
> The functioning of the board of directors and its committees, particularly the audit committee
> Methods of assigning authority and responsibility
> Management’s control methods for monitoring and following up on performance, including internal auditing
> Personnel policies and practices
> Various external influences that affect an entity’s operations and practices, such as examinations by bank regulatory agencies
The control environment reflects the overall attitude, awareness, and actions of the board of directors, management, owners, and others concerning the importance of control and its emphasis in the entity. (The control environment factors are discussed in greater detail in appendix A.)

Accounting System
10. The accounting system consists of the methods and records established to identify, assemble, analyze, classify, record, and report an entity’s transactions and to maintain accountability for the related assets and liabilities. An effective accounting system gives appropriate consideration to establishing methods and records that will –
> Identify and record all valid transactions
> Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial reporting.
> Measure the value of transactions in a manner that permits recording their proper monetary value in the financial statements.
> Determine the time period in which transactions occurred to permit recording of transactions in the proper accounting period.
> Present properly the transactions and related disclosures in the financial statements.

Control Procedures
11. Control procedures are those policies and procedures in addition to the control environment and accounting system that management has established to provide reasonable assurance that specific entity objectives will be achieved. Control procedures have various objectives and are applied at various organizational and data processing levels. They may also be integrated into specific components of the control environment and the accounting system. Generally, they may be categorized as procedures that pertain to –
> Proper authorization of transactions and activities.
> Segregation of duties that reduce the opportunities to allow any person to be in a position to both perpetrate and conceal errors or irregularities in the normal course of his duties – assigning different people the responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets.
> Design and use of adequate documents and records to help ensure the proper recording of transactions and events, such as monitoring the use of prenumbered shipping documents.
> Adequate safeguards over access to and use of assets and records, such as secured facilities and authorization for access to computer programs and data files.
> Independent checks on performance and proper valuation of recorded amounts, such as clerical checks, reconciliations, comparison of assets with recorded accountability, computer-programmed controls, management review of reports that summarize the detail of account balances (for example, an aged trial balance of accounts receivable), and user review of computer-generated reports.
=====

Appendix A
Control Environment Factors

Management Philosophy and Operating Style
02. Management philosophy and operating style encompass a broad range of characteristics. Such characteristics may include the following: management’s approach to taking and monitoring business risks; management’s attitudes and actions toward financial reporting; and management’s emphasis on meeting budget, profit, and other financial and operating goals. These characteristics management is dominated by one or a few individuals, regardless of the consideration given to the other control environment factors.

Organizational Structure
03. An entity’s organizational structure provides the overall framework for planning, directing, and controlling operations. An organizational structure includes consideration of the form and nature of an entity’s organizational functions and reporting relationships. In addition, the organizational structure should assign authority and responsibility within the entity in an appropriate manner.

Audit Committee
04. An effective audit committee takes an active role in overseeing an entity’s accounting and financial reporting policies and practices. The committee should assist the board of directors in fulfilling its fiduciary and accountability responsibilities and should help maintain a direct line of communication between the board and the entity’s external and internal auditors.

Methods of Assigning Authority and Responsibility
05. These methods affect the understanding of reporting relationships and responsibilities established within the entity, Methods of assigning authority and responsibility include consideration of –
> Entity policy regarding such matters as acceptable business practices, conflicts of interest, and codes of conduct.
> Assignment of responsibility and delegation of authority to deal with such matters as organizational goals and objectives, operating functions, and regulatory requirements.
> Employee job descriptions delineating specific duties, reporting relationships, and constraints
> Computer systems documentation indicating the procedures for authorizing transactions and approving system changes

Management Control Methods
06. These methods affect management’s direct control over the exercise of authority delegated to others and its ability to effectively supervise overall company activities. Management control methods include consideration of –
> Establishing planning and reporting systems that set forth management’s plans and the results of actual performance. Such systems may include business planning; budgeting, forecasting, and profit planning; and responsibility accounting.
> Establishing methods that identify the status of actual performance, as well as communicating them to the appropriate levels of management.
> Using such methods at appropriate management levels to investigate variances from expectations and to take appropriate and timely corrective action.
> Establishing and monitoring policies for developing and modifying accounting systems and control procedures, including the development, modification, and use of any related computer programs and data files.

Internal Audit Function
07. The internal audit function is established within and entity to examine and evaluate the adequacy and effectiveness of other internal control structure policies and procedures. Establishing an effective internal audit function includes consideration of its authority and reporting relationships, the qualifications of its staff, and its resources.

Personnel Policies and Practices
08. These policies and practices affect an entity’s ability to employ sufficient competent personnel to accomplish its goals and objectives. Personnel policies and practices include consideration of an entity’s policies and procedures for hiring, training, evaluating, promoting, and compensating employees, and giving them the resources necessary to discharge their assigned responsibilities.

External Influences
09. These are influences established and exercised by parties outside an entity that affect an entity’s operations and practices. They include monitoring and compliance requirements imposed by legislative and regulatory bodies, such as examinations by bank regulatory agencies. They also include review and follow-up by parties outside the entity concerning entity actions, External Influences are ordinarily outside an entity’s authority. Such influences, however, may heighten management’s consciousness of and attitude towards the conduct and reporting of an entity7s operations and may also prompt management to establish specific internal control structure policies and procedures.
=====

【参考】このブログ
・2006.07.31 内部統制の構成要素比較 日本語
・2006.07.30 内部統制の構成要素比較


|

« 総務省 ネット上のウソ発見器開発? | Main | 開発環境と運用環境の分離ができない場合は変更コントロール »

Comments

Post a comment



(Not displayed with comment.)




TrackBack

TrackBack URL for this entry:
http://app.cocolog-nifty.com/t/trackback/64462/11644139

Listed below are links to weblogs that reference SAS No.55の内部統制の要素:

« 総務省 ネット上のウソ発見器開発? | Main | 開発環境と運用環境の分離ができない場合は変更コントロール »