« 金融庁 「電子登録債権法(仮称)の制定に向けて~電子登録債権の管理機関のあり方を中心として~」(報告書) | Main | 個人情報保護法は無能なのか? 登録したとたん過去の情報が企業に把握されてしまう場合。。。 »

2006.12.25

SEC Management's Report on Internal Control Over Financial Reporting(公開草案)における2つの原則

 こんにちは、丸山満彦です。SEC Management's Report on Internal Control Over Financial Reporting(公開草案)には中小企業から大企業にまで使える2つの原則がありますね。

 
【SEC】
■・2006.12.20 33-8762 Management's Report on Internal Control Over Financial Reporting
Other Release No.: 34-54976 File No.: S7-24-06

●第一原則
Management should evaluate the design of the controls that it has implemented to determine whether they adequately address the risk that a material misstatement in the financial statements would not be prevented or detected in a timely manner.

●第二原則
Management’s evaluation of evidence about the operation of its controls should be based on its assessment of risk.

=====
The first principle is that management should evaluate the design of the controls that it has implemented to determine whether they adequately address the risk that a material misstatement in the financial statements would not be prevented or detected in a timely manner. The guidance describes a top-down, risk-based approach to this principle, including the role of entity-level controls in assessing financial reporting risks and the adequacy of controls. The proposed guidance promotes efficiency by allowing management to focus on those controls that are needed to adequately address the risk of a material misstatement in its financial statements. There is no requirement in our guidance to identify every control in a process or document the business processes impacting ICFR. Rather, under the approach described herein, management focuses its evaluation process and the documentation supporting the assessment on those controls that it believes adequately address the risk of a material misstatement in the financial statements. For example, if management determines that the risks for a particular financial reporting element are adequately addressed by an entity-level control, no further evaluation of other controls is required.
The second principle is that management’s evaluation of evidence about the operation of its controls should be based on its assessment of risk. The proposed guidance provides an approach for making risk-based judgments about the evidence needed for the evaluation. This allows management to align the nature and extent of its evaluation procedures with those areas of financial reporting that pose the greatest risks to reliable financial reporting (i.e., whether the financial statements are materially accurate). As a result, management may be able to use more efficient approaches to gathering evidence, such as self-assessments, in low-risk areas and perform more extensive testing in high-risk areas.
=====

ガイダンスが触れている領域は例えば、次のようになっています。
=====
• Explains how to vary approaches for gathering evidence to support the evaluation based on risk assessments;
• Explains the use of “daily interaction,” self-assessment, and other on-going monitoring activities as evidence in the evaluation;
• Explains the purpose of documentation and how management has flexibility in approaches to documenting support for its assessment;
• Provides management significant flexibility in making judgments regarding what constitutes adequate evidence in low-risk areas; and
• Allows for management and the auditor to have different testing approaches.
=====

そしてガイダンスの構成は次のようになっていますね。。。

=====
A. The Evaluation Process
1. Identifying Financial Reporting Risks and Controls
a. Identifying Financial Reporting Risks
b. Identifying Controls that Adequately Address Financial Reporting Risks
c. Consideration of Entity-level Controls
d. Role of General Information Technology Controls
e. Evidential Matter to Support the Assessment
2. Evaluating Evidence of the Operating Effectiveness of ICFR
a. Determining the Evidence Needed to Support the Assessment
b. Implementing Procedures to Evaluate Evidence of the Operation of ICFR
c. Evidential Matter to Support the Assessment
3. Multiple Location Considerations

B. Reporting Considerations
1. Evaluation of Control Deficiencies
2. Expression of Assessment of Effectiveness of ICFR by Management and the Registered Public Accounting Firm
3. Disclosures About Material Weaknesses
4. Impact of a Restatement of Previously Issued Financial Statements on Management’s Report on ICFR
5. Inability to Assess Certain Aspects of ICFR
=====

|

« 金融庁 「電子登録債権法(仮称)の制定に向けて~電子登録債権の管理機関のあり方を中心として~」(報告書) | Main | 個人情報保護法は無能なのか? 登録したとたん過去の情報が企業に把握されてしまう場合。。。 »

Comments

はじめまして。いつも大変興味深く拝見しております。
ガイダンスについてようやく本格的に目を通し始めており、自身でブログを立ち上げ、内容を公開してみることにしました。丸山様のように毎日とはいかないとは思いますが、なんとか二日に一回くらいのペースでの内容更新に努め、ガイダンスを読み終えられればと思っております。

Posted by: trainee | 2007.01.08 21:41

traineeさん、コメントありがとうございます。
> ガイダンスについてようやく本格的に目を通し始めており、自身でブログを立ち上げ、内容を公開してみることにしました。
 それでは、時々のぞきに行きます。
よろしくお願いします。

Posted by: 丸山満彦 | 2007.01.09 18:53

Post a comment



(Not displayed with comment.)




TrackBack


Listed below are links to weblogs that reference SEC Management's Report on Internal Control Over Financial Reporting(公開草案)における2つの原則:

« 金融庁 「電子登録債権法(仮称)の制定に向けて~電子登録債権の管理機関のあり方を中心として~」(報告書) | Main | 個人情報保護法は無能なのか? 登録したとたん過去の情報が企業に把握されてしまう場合。。。 »