上市银行内部控制实质性漏洞披露现状研究——基于民生银行的案例分析

由于现有政策指引和理论研究中"实质性漏洞"概念的缺失,使得我国上市银行实质性漏洞信息披露极其匮乏。本文以民生银行为例,分析了我国上市银行内部控制中的实质性漏洞信息披露现状,发现年报中各部分披露的内部控制信息含量差异较大并且存在特定年度突然增多或减少的现象,内部控制自我评价报告和内部控制审核报告缺乏统一的评价审核依据,内部控制中的实质性漏洞倾向于同职责划分的缺失和不恰当的授权、培训的缺乏、不适当的对账有关,最常见的账户特定式实质性漏洞主要与风险资产的管理不当有关。本文建议通过建立完善的实质性漏洞信息披露机制、进一步明确实质性漏洞信息披露相关主体的职责、加强内部控制实质性漏洞信息披露的监管等措施,提高和改善实质性漏洞信息披露的质量。     

中国上市银行内部控制实质性漏洞分析——基于控制活动的视角

内部控制体系是银行的"免疫系统",如果银行内控体系存在"实质性漏洞"(material Weakness),则其公司治理与外部监管的有效性将难以保证,进而增加银行的风险.本文主要基于内部控制实质性漏洞,阐述了上市银行控制活动的内容和特征,从内部控制要素"控制活动"的角度,对上市银行在这个过程中容易出现实质性漏洞的项目进行了详细地分析,进而提出针对性的建议,以期有助于完善我国上市银行内部控制制度建设,有利于上市银行加强风险控制管理.     

上市银行内部控制实质性漏洞披露现状研究——基于招商银行的案例分析

上市银行掌握着国家的金融命脉,承担着一国金融安全与稳定的重任,因此对上市银行内控信息的披露现状,尤其是对内控的实质性漏洞进行研究,具有重要的理论及现实意义.本文以招商银行为例,分析了我国上市银行内部控制中的实质性漏洞信息的披露现状,并在整理分析的基础上,提出了关于提高和改善实质性漏洞信息披露质量的建议     

内控体系完善与强化——构筑"三道防线"

与早期银行主要面临流动性风险不同,从20世纪80年代后,银行风险越来越多的由内部控制失效造成.1997年,巴塞尔委员会在剖析英国巴林银行、法国里昂银行、日本大和银行等几起著名案例时发现,主要原因就是内部控制失效.针对银行风险暴露出的新特点和趋势,1998年巴塞尔银行监管委员会颁布了<银行机构内部控制系统框架>,提出银行内部控制体系标准,即银行内部控制体系应包括"管理层监管与控制文化、风险识别与评估、控制活动与职责分离、信息与交流、监管活动与缺陷纠正"五个基本要素.     

基于公司治理机制的企业内部控制制度建设研究

本文从建立和完善企业内部控制的紧迫性和必要性出发,通过对目前我国企业内部控制存在问题的分析,论述;提出从控制环境、风险评估、控制活动、信息与交流和监督评审五个方面入手建立健全我国企业内部控制制度。     

论企业内部控制制度的建立与完善

内部控制制度是社会经济发展到一定阶段的产物,是现代企业管理的重要手段。内部控制涵盖了企业内部五大组成部分：控制环境、风险评估、控制活动、信息与交流和监督评审。这五大组成部分与前述三大目标有机地相结合,构成了内部控制的完整体系。内部控制提出以人为本的理念,尤其强调高级管理层在内部控制制度建立及运行过程中的职责,以说明内部控制的作用在于防患于未然,这才是内部控制的真义。     

我国国有商业银行内部控制研究

本文阐述了国有商业银行建立一套完整、有效、合理的内部控制体系的必要性,结合国际权威的内部控制思想,从商业银行内部控制的构成要素,即内部控制环境、风险识别与评估、内部控制措施、信息交流与反馈、监督纠正与评价五个部分对我国银行内部控制进行了分析,指出了内控工作开展过程中存在的问题。并从这五个方面有针对性地提出了改进意见和措施。     

上市银行内部控制实质性漏洞披露机制的路径探究——基于浦发银行的案例分析

上市银行承担着一国金融安全．与稳定的重任，对上市银行内控信息披露现状，尤其是对内控的实质性漏洞（material weakness）进行研究具有重要的理论及现实意义。目前国内这方面的研究基本处于空白状态，本文以上海浦发银行为例，通过对其披露的年报进行手工整理，研究其公开披露的实质性漏洞现状，以期对后文的研究有所贡献。     

我国上市公司内部控制缺陷的影响因素研究

本文以2009年深圳股市445家上市公司为研究样本,利用Logit模型对我国上市公司内部控制缺陷的影响因素进行了实证研究.研究发现:资产规模、盈利能力与内部控制实质性漏洞显著负相关;重大重组与内部控制实质性漏洞显著正相关.审计委员会会议次数与内部控制实质性漏洞显著负相关,审计委员会规模、审计委员会中独立董事比例与内部控制实质性漏洞相关性不显著.     

上市银行内部控制实质性漏洞研究述评

上市银行是金融体系中的核心组织,是维护金融安全、促进经济持续发展的重要基础。实质性漏洞是银行内控免疫系统中的脆弱环节,它的存在使银行公司治理和外部监管的有效性难以保障,在加强宏观监管的背景下,对其展开深入研究具有重要的理论及现实意义。本文对国内外实质性漏洞的研究进行了梳理与述评,并对如何构建上市银行内控实质性漏洞评价体系和风险预警机制提出了研究设想,以期对深化金融体系改革和加强金融创新研究有所启示和帮助。     

Does it pay to remediate? An analysis of the internal and external benefits of remediation

We examine the internal and external benefits associated with the remediation, or correction, of material weaknesses in internal controls over financial reporting. We document that firms that remediate material weaknesses exhibit higher performance and reporting quality than firms that never reported any weaknesses. These results suggest that the remediation of material weaknesses, an indication of an improved internal control system, is associated with internal benefits. Moreover, we find that remediating firms experience significantly lower audit fees and betas (i.e. external costs) than non-material weakness firms. However, these lower external costs are contingent on a firm's level of performance and information quality. These results suggest that remediation offers firms a chance to re-examine and correct their internal controls and this leads to better performance and information quality. Furthermore, external stakeholders are not necessarily swayed by remediation alone but need to observe tangible evidence of the corrected internal control system before reassessing a firm's risk downward.     

The effect of auditor IT expertise on internal controls

Material weaknesses in internal controls related to information technology (IT) represent unique threats to organizations. Utilizing the external auditor as an example of an externally observable governance mechanism, we investigate if firms with revealed IT internal control deficiencies employ a strategy of disassociation with their current auditor. Our tests show that prior evidence of disassociation strategies hold in both IT and non-IT contexts. Of particular focus to our study, we document a positive association between firms that report IT material weaknesses and subsequent auditor dismissals or switching. We next investigate the potential internal control benefits of switching to auditors with greater expertise in environments that emphasize the importance of IT. We argue that greater audit firm IT expertise promotes improved internal controls for their clients, especially those controls that are dependent on IT. We find that clients that switch to auditors with greater IT expertise, relative to their former auditor, have a greater likelihood of material weakness remediation within one year of reporting control weaknesses. Complementing these findings, we find that audit IT expertise is negatively associated with both non-IT and IT material weaknesses in an ex ante reporting setting. Prior literature takes a longstanding interest in both the incentive for developing auditor expertise and the effects of that expertise. We contribute to this literature stream by providing additional evidence related to a specific type of expertise.     

The cost stickiness of information technology material weaknesses: An intertemporal comparison between it-related and other material weaknesses

The PCAOB's audit firm inspections drive audit focus and costs. The PCAOB's 2010-initiated increased emphasis on internal control audit work intensified concern over internal control weaknesses (ICW). IT-related material weaknesses (ITMW) have emerged as particularly significant with PCAOB reports (2008, 2012) highlighting on-going deficiencies in IT controls auditing and the 2015 PCAOB brief noting an on-going focus on recurring audit deficiencies. We explore how ICW affect audit fees and how alternative types of ITMW lead to varying degrees of persistence in fee premiums. Using propensity score matched samples, we find fee premiums associated with ITMW linger longer than premiums for non-IT entity-level material weaknesses (ELMW) or firms reporting account-specific material weaknesses. Moreover, we find that audit fee premiums by type of ICW remediated is overall strongest for ITMW linked to data processing integrity. Our findings underscore the importance of distinguishing not only between non-IT ELMW and ITMW but also types of ITMW as identified in data quality research.     

Internal and external influences on IT control governance

This study provides empirical evidence on the effects of internal and external governance on IT control quality proxied by IT related material weaknesses. IT control governance is defined as the leadership and organizational structures and control processes which ensure that the company's IT sustains and extends the company's strategies and objectives. Specifically, we examine the influence of senior management, the board of directors, and audit committees regarding IT control governance. We find that companies with more IT-experienced senior managers, with CIO positions or longer tenured CIOs and with higher percentages of independent board directors are less likely to have IT material weaknesses. We also provide partial evidence that more IT-experienced audit committee members are associated with less IT material weakness. The results suggest that both internal and external governance serve important roles in IT control quality.     

Can non-executive equity incentives reduce internal control ineffectiveness? Evidence from China

Using data from Chinese listed firms for the period 2012–2018, we provide new evidence that the intensity of non-executive equity incentives can reduce the likelihood of internal control weaknesses and improve internal control effectiveness. We also find that internal control weaknesses are more likely to be remedied in firms that implement strong non-executive equity incentive polices. Besides, we document novel results that employee equity incentives for non-executives can optimise the internal environment, improve the internal supervision system, and thereby reduce the operational-level weaknesses of a company’s internal controls.     

在美上市公司内部控制重大缺陷认定、披露及对我国企业的借鉴

本文研究了《萨班斯—奥克斯利法案》执行初期在美国上市的公司财务报告内部控制重大缺陷的认定及披露。研究发现,许多重大缺陷是根据内部控制审计准则指出的表明公司内部控制可能存在重大缺陷的重要迹象来认定的;其他的则通过重大缺陷的定义来认定。披露的内部控制重大缺陷涉及到COSO《内部控制—整合框架》五要素的几乎所有内容,以及资产负债表和利润表的几乎所有项目。仅有部分公司披露导致交易或账户层面重大缺陷的企业层面内部控制重大缺陷,同时,仅有部分公司披露受账户或交易层面内部控制重大缺陷影响的所有账户。本文最后分析了在美上市公司重大缺陷认定及披露对我国上市公司执行《企业内部控制基本规范》及其配套指引的借鉴。     

Audit committee quality,auditor independence,and internal control weaknesses

In this paper we investigate the relation between audit committee quality, auditor independence, and the disclosure of internal control weaknesses after the enactment of the Sarbanes-Oxley Act. We begin with a sample of firms with internal control weaknesses and, based on industry, size, and performance, match these firms to a sample of control firms without internal control weaknesses. Our conditional logit analyses indicate that a relation exists between audit committee quality, auditor independence, and internal control weaknesses. Firms are more likely to be identified with an internal control weakness, if their audit committees have less financial expertise or, more specifically, have less accounting financial expertise and non-accounting financial expertise. They are also more likely to be identified with an internal control weakness, if their auditors are more independent. In addition, firms with recent auditor changes are more likely to have internal control weaknesses.     

Does the value of cash holdings deteriorate or improve with material weaknesses in internal control over financial reporting?

We find that cash holdings are more valuable for firms disclosing material weaknesses in the Sarbanes–Oxley (SOX) 404 internal control assessments. We estimate that the value spread for firms with weak controls vs. effective controls is about $0.25 for an extra dollar of cash. Our results are not driven by account-level weaknesses but by more severe, company-level weaknesses in internal control over financial reporting (ICFR). Further, the economic consequences of cash resources significantly decrease with the remediation of previously reported material weaknesses. These results suggest that the favorable (precautionary) impact induced by weak ICFR appears to more than offset the adverse (agency) effect entailed by ineffective ICFR. Overall, our results survive alternative variable specifications, sample splits, matched sample analyses, and a variety of controls.     

Market reactions to the disclosure of internal control weaknesses and to the characteristics of those weaknesses under section 302 of the Sarbanes Oxley Act of 2002

We examine the stock price reaction to management’s disclosure of internal control weaknesses under §302 of the Sarbanes Oxley Act and to the characteristics of these weaknesses, controlling for other material announcements in the event window. We find that some characteristics of the weaknesses—their severity, management’s conclusion regarding the effectiveness of the controls, their auditability, and the vagueness of the disclosures—are informative. We also find that the information content of internal control weakness disclosures depends on the severity of the internal control weakness. Moreover, in a sub-sample uncontaminated by other announcements in the event window, we find negative price reactions to the disclosure of internal control weaknesses and material weaknesses.

CFOs’ and public accountants’ perceptions of material weaknesses in internal control areas as required by Section 404 of the Sarbanes-Oxley act

One of the most controversial aspects of the Sarbanes-Oxley Act of 2002 (SOA) is related to Section 404, which requires management to assess the entity’s internal controls, and then its independent auditor to attest and report on management’s assessment. The auditing standard governing this requirement was promulgated by the Public Company Accounting Oversight Board (PCAOB). Its title is Auditing Standard (AS) No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements [Public Company Accounting Oversight Board (PCAOB) (2004). An audit of internal control over financial reporting performed in conjunction with an audit of financial statements. Auditing Standard No. 2, Washington, DC: PCAOB]. AS No. 2 requires, among other things, that management must disclose any “material weaknesses” in internal controls. However, absent any guidance other than definitions from the PCAOB, management and independent auditors are left to their own judgment to define and recognize “material weakness in internal control” or “significant deficiency” while implementing AS No. 2. The research question, then, becomes to what extent, if any, are weaknesses in internal control over financial reporting consistently assessed, recognized and agreed upon by both parties? Or does their professional judgment and point of view cause different perceptions? Most of the Section 404 research has focused on the characteristics of the material weaknesses disclosed (and the capital market or other impacts of reported material weaknesses). This study, in contrast, is behavioral in context, and examines the perceptions of CFOs and CPAs as to whether they believe an internal control material weakness exists under four independent scenarios. The results indicate that the CPAs were significantly more conservative in their assessments in two of the four cases.