在萨班斯法案第302条下的公司治理质量的和内部控制报告【外文翻译】

外文文献翻译译文
一、外文原文
原文：
Corporate Governance Quality and Internal Control Reporting
under SOX Section 302
In this study I examine the impact of corporate governance quality on firm reporting quality in the absence of an external audit. Specifically, I examine the corporate governance quality impact on firm reporting of internal control deficiencies (ICDs) prior to SOX-mandated audits. In doing so, I provide evidence on the current debate over whether smaller public companies should be exempted from the audit of internal controls as mandated by the Sarbanes- Oxley Act of 2002 (SOX) section 404.
To test the link between corporate governance quality and company reporting, I use internal control reports issued by management under section 302 of SOX. This section requires that CEOs and CFOs certify in each quarterly and annual report that they have evaluated the company’s internal controls “a s of a date within 90 days prior to the report”and that they have presented their conclusions regarding the effectiveness of their controls in that quarterly or annual report. This requirement relates to all quarterly and annual filings after August 29, 2002.
The requirements in SOX relating to internal control reporting provide an ideal setting to examine the impact of corporate governance on firm reporting in the absence of the audit. Under Section 302 management is required to perform control evaluations; however, the auditor is not required to evaluate management’s assessment of control quality or to perform their own control evaluation. Beginning with fiscal year ends after November 15, 2004, section 404 of SOX requires that the external financial statement auditor perform an audit of the firm’s internal controls over financial reporting and provide an opinion in the annual filing as to their effectiveness as well as an opinion regarding management’s assessment of internal
controls.
Therefore, from the period of August 29, 2002 until the firm s’ first fiscal year end on or after November 15, 2004, the reporting decisions of the firm regarding internal control quality were controlled by management and other corporate governance bodies. External auditors had no responsibility during this time period to perform the extent of control tests necessary to come to a conclusion regarding control effectiveness, nor did they have a responsibility to publicly report on internal control quality.
I use this lag time between the implementation of section 302 and section 404 to examine the impact of corporate governance quality on disclosure quality in a setting where we know what “shoul d” h ave been disclosed (i.e. weaknesses identified in the audited internal control report).Using this setting, I examine two questions of interest: First, does corporate governance quality impact the likelihood of disclosure of ICDs prior to SOX-mandated audits? Second, holding constant the disclosure of ICDs under SOX 302, does corporate governance quality impact the likelihood of correct assessment of the level of seriousness of the ICD?
Significant discussion has taken place regarding the costs and benefits of SOX section 404 which requires an audit of internal controls over financial reporting. The SEC continues to push back the compliance date for smaller companies, with the most recent proposal pushing compliance to fiscal years on or after December 15, 2009 for these smaller companies (SEC 2008).Some have argued that attempting to improve financial reporting quality by improving corporate governance quality might be a less costly alternative to the audit of internal controls (SEC 2005).
I provide evidence on this assertion by examining the role of corporate governance in the disclosure of ICDs prior to SOX-mandated audits.I hold constant the existence of control problems by examining only those companies that disclosed material weaknesses in internal controls in their first audited internal control report. From this sample of companies with material weaknesses, I look back in time to compare companies that disclose those ICDs under the section 302 regime with companies that do not disclose them under the section 302 regime but subsequently
disclose them under section 404. Using this sample, I examine firm governance characteristics relating to the disclosure of ICDs under section 302 of SOX holding constant the existence of a weakness.
In designing the study in this way, I make the assumption that material weaknesses disclosed in company’s annual filings under SOX 404 existed throughout the fiscal year. I attempt to limit those observations where the control weakness was reported under section 404 but did not exist previously by looking at only the 3 quarters prior to the first 404 report to determine whether the observation was in the group disclosing under section 302 or the group not disclosing under section 302. This assumption is also in line with assumptions made in prior research as well as by professionals. For example, Glass-Lewis & Company argue, “In our view, the control deficiency probably did not appear overnight. Consequently, we feel that the problem most likely existed in prior quarter s”(Glass-Lewis & Co. 2005). Doyle et al. (2007b) argue that many of the internal control weaknesses “have existed for several years prior to their disclosure, if not since the firm’s incepti on.”
Concurrent research examines the effect of corporate governance quality on the quality of internal controls. Hoitash (2009) finds evidence of a negative relationship between corporate governance quality and internal control disclosures under the section 404 regime. They find no such relationship under the section 302 regime.
They conclude that corporate governance quality has little impact on internal control quality in a regime without the management and auditing requirements outlined in section 404.
The next best alternative to corporate governance improving the quality of internal control over financial reporting is for them to at least disclose ICDs to investors so investors have more information with which to judge the quality of financial disclosures. The requirements in SOX sections 302 and 404 relate to the discovery and disclosure of ICDs. I extend the findings in Hoitash et al. (2009) by studying the relationship between corporate governance quality and disclosure of ICDs in an environment void of the requirement of an audit of internal controls.
I define corporate governance to include the audit committee of the board of
directors, management, and the external auditor. These three parties, along with internal auditors, have been argued to be “the cornerstones of the foundation on which effective corporate governance must be built.”I focus on the audit committee of the board rather than on the board of directors as a whole because the audit committee is the sub-group of the board charged with overseeing the financial reporting process, which includes responsibility for internal controls.
I find evidence that higher quality corporate governance improves the likelihood of disclosure of ICDs under the section 302 regime. I also find evidence that the accounting background of corporate governance parties improves the accuracy of the evaluation of the level of seriousness of the ICD (i.e. the classification of the ICD as a significant deficiency or a material weakness). In particular, I find that companies that were audited by industry leading auditors and that have audit committees with an accounting financial expert are more likely to have disclosed ICDs during the section 302 regime. I find a negative relationship between auditor tenure and the likelihood of internal control disclosures under the section 302 reporting regime. In additional analysis using only companies that disclosed ICDs under section 302 and disclosed a material weakness under section 404, I find that companies that have a CFO with accounting background are more likely to properly classify the deficiency as a “material weakness”rather than the less-serious “significant deficiency.”
These findings complement the findings in Hoitash et al. (2009) who provide evidence that companies with higher quality corporate governance are less likely to have ICDs. This paper provides evidence that companies with ICDs are more likely to disclose them when their corporate governance is of higher quality. The findings also support the argument made by the Sub-Committee to the SECs Advisory Committee on Smaller Public Companies that attempting to improve financial reporting quality by improving corporate governance quality might be a less costly alternative to the audit of internal controls (SEC 2005).
As noted previously, each of these studies focuses on the existence or absence of internal control problems. Very little research has considered the reporting behavior
prior to SOX- mandated audits of the companies that have weaknesses in their internal controls. Bronson, Carcello, & Raghunandan (2006) examine the characteristics of firms that issued voluntary management reports on internal controls in 1998, prior to the passage of SOX.
A contemporaneous working paper also examines characteristics of companies that disclose control problems prior to SOX-mandated audits. Hermanson and Ye (2007) examine the relationship between companies providing ‘early warning’of material weaknesses and variables related to material weakness characteristics, financing incentives, and external monitoring for a group of companies receiving an adverse 404 audit opinion. They find significant relationships between disclosing control problems under section 302 and the following variables: the severity and number of material weaknesses, prior earnings restatements, future equity financing activities, auditor independence and effort, CFO change, the number of institutional investors, and the number of audit committee meetings.
My study differs from theirs in that Hermanson and Ye (2007) focus on reporting incentives of companies prior to SOX 404 mandated audits. They examine variables related to upcoming debt and equity issuance, the characteristics of the weakness itself, and external monitoring of the firm. The focus of my paper is on governance factors related to the disclosure of ICDs.Additionally, I examine not only the reporting/nonreporing of ICDs but also how governance factors influence the accurate classification of the ICD (i.e. as a material weakness or significant deficiency).
I examine the corporate governance quality impact on firm reporting of internal control deficiencies (ICDs) prior to SOX-mandated audits. I find companies that were audited by industry leading auditors, and that have higher quality audit committees are more likely to disclose ICDs under the SOX section 302 regime—prior to the mandatory audit of internal controls. I also find that companies that have a CFO with financial accounting experience are more likely to accurately assess the seriousness of ICDs and classify them properly as material weaknesses rather than the less-serious significant deficiencies.
My findings suggest that the quality of the external auditor and audit committee impact the likelihood of disclosure of the ICD in the absence of external audit report requirements, while the CFOs accounting background directly impacts the accuracy of the assessment of the seriousness of the ICD.
These results have implications for the current debate over whether smaller public companies should be exempted from the audit of internal controls as mandated by the Sarbanes- Oxley Act of 2002 (SOX) section 404. Specifically, some have argued that attempting to improve financial reporting quality by improving corporate governance quality might be a less costly alternative to the audit of internal controls (SEC 2005). I provide evidence that higher quality corporate governance does lead to a higher probability of ICD disclosure in the SOX 302 regime when audits of internal controls were not required. Additionally, my findings suggest that while improving the audit committee and the external auditor may help improve the likelihood of disclosures in a setting void of the external audit requirements, assuring the CFO has necessary experience and knowledge can impact the likelihood that ICD is reported at the correct level of seriousness.
Contrary to expectations, I find that longer auditor tenure is associated with decreased likelihood of ICD disclosure under SOX 302. After controlling for recent auditor changes which might have been due to discovered internal control weaknesses, the results persist. This finding is consistent with the common argument that longer auditor/client tenure results in a lack of independence and therefore lower quality reporting. However, it could also be driven by companies with longer auditor/client relationships having less severe control problems that only surfaced when a thorough audit of internal controls was performed at year-end.
Source: Nathaniel M. Stephens./abstract=1313339；August 28, 2009
二、翻译文章
译文：
在萨班斯法案第302条下的公司治理质量的和内部控制报告
该项关于影响公司治理结构的报表研究是基于没有外部审计事务的情况下进行的。

具体而言，我审查的是，萨班斯法案规定的审计之前内部控制不足的报表对公司治理质量的影响。

在这一过程中，我提供了目前针对小型上市公司对是否应该把内部控制由2002年第404萨班斯法案规定的审计中免除的讨论证明。

为了测试公司治理的质量和公司报表之间的联系，我使用了基于萨班斯法案第302条管理条例的内部控制报告。

本节要求首席执行官和财务总监保证在每个季度和年度报表中证明他们已经评估“在某一日期前90天内的报告”，且其结论保证公司内部控制在该季度或年度报表的有效性。

这一规定涉及在2002年8月29日以后的的所有季度和年度的申报。

萨班斯法案要求提供一个有关内部控制报告的理想环境，进而研究公司治理对没有进行外部审计的公司报告的影响。

根据萨班斯法案第302条的管理条例规定，管理层必须对控制进行评价。

但是，审计人员并不需要评估管理的控制质量或评价自己的控制。

从2004年11月15日之后的会计年度开始，萨班斯法案第404条规定，外部财务报表审计人员审计公司的内部控制财务报告并提供意见，作为对管理的内部控制评估年度申报有效性的基础。

因此，从2002年8月29日到公司第一次或2004年11月15日之后的会计年度结束期间，该公司对内部控制质量控制报告是由管理层和其他公司治理机构决定的。

外聘审计人员没有履行此期间控制测试程度必须得到一个关于控制效果的责任，也没有责任向公众报告内部控制的质量。

我利用这部分滞后的时间实施萨班斯法案第302条和第404条管理条例来研究公司治理质量的信息披露，而让我们知道什么是“应该”被披露（例如，在审计报告中发现的内部控制的弱点）。

使用此设置时，我考察了两个问题：第一，公司治理对萨班斯法案授权审计的内部控制缺陷影响的可能性；第二，萨班斯法案第302条在对内部控制缺陷的不断披露下，严重内部控制缺陷是否确实影响正确的评估公司治理质量。

大量关于已经发生的费用和萨班斯法案第404条的讨论，规定了财务报告关于内部控制审计的利益。

美国证券交易委员会最近的建议是将符合2009年12月15日或之后的会计年度的这些规模较小的公司继续推迟遵守的日期（2008年美国证券交易委员会）。

有些人认为，通过提高公司治理质量改善财务报告质量可能花费更少的内部控制替代审计程序（2005年美国证券交易委员会）。

通过分析萨班斯法案授权审计前公司治理的作用，我认为只有通过检查这些公司在其第一次披露经审计的内部控制报告才能发现内控重大缺陷问题的存在。

从这个简单的例子中，我回顾该公司资料发现第302条没有披露内部控制缺陷，但其后根据第404条披露了公司的股权结构。

针对使用的这个示例，我研究了公司治理特征有关在萨班斯法案第302条下披露内部控制缺陷恒定存在的弱点。

在设计该项研究时，我做了这样一个假设——在萨班斯法案第404条下公司整个年度提交的文件中存在重大缺陷披露。

我试图限制那些根据第404条观察出的控制弱点的报告，但不存在仅通过查看前3个季度的第一个404报告来决定是否根据第302条意见披露。

这一假设也符合先前的研究和专业人士的假设。

例如，Glass-Lewis和公司争论：“在我们看来,控制不足大概没有一夜之间出现的。

因此,我们觉得这个问题很可能存在于在以前季度” (Glass-Lewis & Co. 2005)。

Doyle等人（2007年）认为，很多内部控制的薄弱环节如果不是从公司的成立就有，那就已经存在好几年不曾披露了。

同时我们研究探讨了公司治理质量对内部控制质量的影响。

Hoitash（2009）发现的证据表明：公司治理的质量和404条款下内部控制披露呈负相关。

他们没有发现第302条款的这种关系。

他们的结论是公司治理的质量对内部控制的影响不大，没有第404条款的审计要求。

第二个最佳选择改善公司治理对财务报告的内部控制质量的做法是，至少让他们给投资者披露内部控制的缺陷，因此投资者有更多的信息来判断资金来源的质量。

在萨班斯法案第302和404条的要求涉及到的内部控制缺陷中，我在Hoitash等人（2009）的研究结果发现了内部审计的要求与内部控制缺陷信息披露的关系。

我认为公司治理包括董事会，审计委员会和外部审计人员。

这三个机构中内部审计人员已被认为是“中国需要建立真正有效的公司治理结构的基石”，我注
重于审计委员会，而不是董事会，因为审计委员会是子集团的董事会负责监督财务报告汇报的过程中包括对内部控制责任一个整体。

证据表明，公司治理的质量越高，越能提高内部控制缺陷披露制度下的第302条的可能性。

有证据表明，公司治理中会计人员的知识素质提高了对内部控制缺陷的严重性水平评价的准确性（如内部控制缺陷的分类一个重大缺陷或严重的薄弱环节）。

特别是，我发现经审计人员审核后，行业领先的审计和会计、审计委员会财务专家更有可能揭露302条款的内部控制缺陷。

我发现会计人员任期和根据302条款的内部控制披露之间可能呈负相关。

额外的分析中，我发现只使用302条款下内部控制缺陷披露的公司财务总监的财务会计知识的缺乏有可能影响正确的分类。

这些结果补充了Hoitash等人的研究结果（2009）他们提供的证据表明，更高品质的公司治理不太可能有内部控制缺陷。

本文提供的证据表明，更有可能披露内部控制缺陷的公司有更高质量的公司治理。

调查结果也支持这个论点，规模较小的上市公司想要改善财务报表的质量需要较少的成本来代替内部控制的审计（2005年美国证券交易委员会）。

正如以前所述，每项研究的重点是存在或缺乏内部控制的问题。

研究很少考虑报表之前的行为，而萨班斯法案规定的公司都在其内部控制薄弱环节进行审计。

Bronson, Carcello和Raghunandan（2006）通过萨班斯法案审查企业的特点，自愿发表了关于1998年内部控制的财务报表。

一个时期的工作报告也可以审查公司的特点和在萨班斯法案规定的审计披露之前的控制问题。

Hermanson 和Ye（2007）研究提供用于接收到第404条不利的审计意见的公司检查预警报告的弱点和相关的重大缺陷的关系。

他们发现第302条披露重大控制问题之间的关系及以下变量：材料不足的严重程度和数量，重列以前年度的收入，未来的股权融资活动，审计的独立性和努力，财务总监的变化，机构投资者的数量和审计委员会的会议次数。

我的研究不同之处在于：Hermanson 和Ye (2007)侧重于报告之前，按萨班斯法案第404条规定的进行审计。

他们审查的是即将上市的债券和股票发行变量自身的弱点与企业外部监督的特点。

而我的论文重点是涉及到的内部控制缺陷披露所涉及到的治理因素。

此外，我的研究涉及了报表的内部控制缺陷，也涉及
了如何将关于治理内部控制缺陷的影响因素准确分类（作为一个重大缺陷或重大不足）。

我审查了影响公司治理质量的内部控制不足，而该内部控制是基于萨班斯法案规定的审计之前的。

我认为，这是由业界领先的审计人员审核，并具有较高的质量的公司审计委员会更有可能披露根据萨班斯法案第302条款规定的内部控制缺陷。

我还发现，有财务会计经验的财务总监更有可能准确地评估内部控制缺陷的严重性作为重大缺陷，而不是欠妥善的不足。

我的研究结果表明，外部审计人员和审计委员会可能影响在没有外部审计情况下内部控制缺陷的披露。

同时，财务总监的会计知识直接影响到了内部控制缺陷严重性评估的准确性。

这些结果是针对目前小型上市公司对是否应该把内部控制由2002年萨班斯法案第404条规定的审计中免除的讨论的证明。

特别是有些人认为，想要改善公司治理的质量可能是一个成本较低的内部控制替代审计程序（美国证券交易委员会2005年）。

我提供的证据表明，公司治理的质量越高越容易导致内部控制缺陷的信息披露，当萨班斯法案第302条的可能实现时，内部控制审计不是必需的。

此外，研究结果表明，同时提高审计委员会和外部审计人员的质量可以帮助改善外部审计要求披露的可能性；保证财务总监必要的经验和知识，可以影响内部控制缺陷报告严重水平的正确性。

与人们的期望相反，我觉得审计人员的任期可能降低萨班斯法案302规定的内部控制缺陷的披露。

最近审计人员的变化可能是由于发现内部控制缺陷的控制结果仍然存在。

这一调查结果与普遍的说法是一致的，即审计人员在一个缺乏独立性的任期导致的是低质量报告的结果。

但是，它也可能是公司长期审计人员有较严重的控制问题，只是在年终审计内部控制时才浮出水面。

出处：Nathaniel M. Stephens./abstract=1313339;August 28, 2009。