上市公司内部控制缺陷披露现状探查——基于沪市A股经验数据

随着《企业内部控制基本规范》和《企业内部控制配套指引》的逐步实施,我国上市公司内部控制缺陷信息的披露情况有了逐步提升.本文以2010-2012年间沪市A股上市公司披露的内部控制相关报告为研究对象,详细描述了这三年间沪市A股上市公司内部控制缺陷信息的披露情况.研究发现,披露内控缺陷的公司数量在逐年增加,信息披露方式趋于规范化,内部控制整体水平有所提高,存在缺陷的公司表现出了一定的行业特征.同时也发现内部控制缺陷信息披露仍然存在信息含量低等问题,针对这些问题,笔者提出了相关的政策性建议.内部控制缺陷情况的研究,一方面考察了我国上市公司对制度的执行情况,另一方面也为内控制度建设提供了经验证据.     

内部控制缺陷信息披露对个人投资者风险认知的影响:一项实验研究

研究个人投资者对内部控制信息披露的反应机理具有重要的与内部控制披露管制相关的政策含义。本文运用实验研究方法,研究了内部控制缺陷信息披露对个人投资者风险认知的影响。研究发现,内部控制缺陷的严重程度对个人投资者的风险认知具有显著影响,但投资者对不披露任何缺陷与披露重要缺陷并没有进行差异化的风险认知反应;管理层对内部控制缺陷的描述程度对个人投资者的风险认知无显著影响。本文研究还发现,对管理者的信任是内部控制缺陷对个人投资者风险认知影响的一个重要中介变量;注册会计师的内部控制审计报告对个人投资者风险认知具有显著影响,在披露内部控制缺陷的情况下,对内部控制审计报告的使用程度越高,越能强化内部控制缺陷对个人投资者风险认知的消极影响。     

以全面预算管理为核心的企业内部控制研究

金融危机后的企业目前所面临的财务管理问题依然严重,既有外部发展环境影响,又有内部发展因素,尤其是企业内部控制问题的制约.缺乏内控制度影响了企业的经济效益,阻碍了企业的发展.解决这一问题,必须研究企业内部控制制度目前存在的问题,企业缺乏内控制度带来的弊端,从而得出促进企业建立内控制度的策略.以预算管理为核心的企业内部控制是一个相对来说较新的研究课题,为企业注入了新的活力与挑战.以全面预算管理为核心的企业的内部控制是企业发展的必行趋势,为企业的发展发挥了更大的作用.本篇论文从内部控制含义出发,详细阐述了全面预算管理与内部控制二者的关系,提出了企业内部控制要以全面预算管理为重要基础和管理手段,推行用全面预算管理来加强企业的内部控制.从内部控制基本要素出发,研究内部控制和全面预算管理这两者的关系,提出把全面预算管理作为核心的企业内部控制强化的思路,设计出适应企业的以全面预算管理为核心的内部控制体系并予以推行,对于企业的健康发展是十分有意义的.必须实行全面预算管理和加强内部控制相结合的方法,才能减少管理层决策的随意性、盲目性,提高资源有效运用效率、降低企业投资风险、提高防范风险的能力,实现企业效益的最大化.     

A composite indicator model to assess natural disaster risks in industry on a spatial level

In the event of natural disasters, industrial production sites can be affected by both direct physical damage and indirect damage. The indirect damage, which often exceeds the direct ones in value, mainly arises from business interruptions resulting from the impairment of information and material flows as well as from domino effects in interlaced supply chains. The importance of industry for society and the domino effects often result in severe economic, social, and environmental consequences of industrial disasters making industrial risk management an important task for risk managers at the administrative level (e.g. civil protection authorities). Since the possible industrial disaster damage depends not only on hazard and exposure but also on the vulnerability of a system, an effective and efficient industrial risk management requires information about the system’s regionalized vulnerability. This paper presents a new methodology for structural industrial vulnerability assessment based on production factors that enables to assess the regional industrial disaster vulnerability. In order to capture industry-specific vulnerability factors and to account for the processes underlying regional industrial vulnerability, a two-stage approach is developed. This approach combines a composite indicator model to assess sector-specific vulnerability indices (V_s) with a new regionalization method. The composite indicator model is based on methodologies from the field of multicriteria decision analysis (MultiAttribute Value Theory) and the Decision-Making Trial and Evaluation Laboratory Method is applied to correct the (V_s) for interdependencies among the indicators. Finally, the developed approach is applied to an exemplar case study and the industrial vulnerability of 44 administrative districts in the German federal state of Baden-Wuerttemberg is assessed.     

Quantification of Operational Risk: A Scenario-Based Approach

In this article, I identify challenges to the loss distribution approach in modeling operational risk. I propose a scenario-based methodology for operational risk assessment, which recognizes that each risk can occur under a number of wide-ranging scenarios and that association between risks may behave differently for different scenarios. The model that is developed internally in the company provides a practical quantitative assessment of risk exposure that reflects a deep understanding of the company and its environment, making the risk calculation more responsive to the actual state, ensuring that the company is attending to its key operational risks. In this model qualitative and quantitative approaches are combined to build a loss distribution for individual and aggregate operational risk exposure. The model helps to portray the company's internal control systems and aspects of business environment. These features can help the company increase its operational efficiency, reduce loss from undesirable incidents, and maintain the integrity of internal control.     

企业内控评价体系框架构建研究

内部控制作为提升现代企业经营业绩和管理水平的重要工具,不仅关系到企业的质量和自身发展,而且关系到广大投资者的利益和资本市场的健康发展。通过对企业内部各组织机构内部控制执行的过程监控和结果评价,查找和揭示企业内部控制的缺陷和薄弱环节,并提出整改意见和建议,从而促进企业内部控制制度的进一步加强和完善。本文借鉴ICEM模型框架和COSO五要素报告框架的基础上,基于企业内部控制指引角度构建了内部控制评价系统,提出了企业内部控制评价的一种新的方法体系,为统一内部控制自我评价制度和注册会计师核实评价制度,完善我国上市公司内部控制评价及信息披露制度,推进我国企业内部控制建设和内部控制规范化,具有较强的理论意义和现实意义。     

Subjective Economic Risk to Beneficiaries in Notional Defined Contribution Accounts

This article aims to quantify the aggregate subjective economic risk to which beneficiaries would be exposed if a retirement pension system based on notional account philosophy were introduced. We use scenario generation techniques to make projections of the factors that determine the real expected internal rate of return (IRR) and the expected replacement rate (RR) for the beneficiary according to six retirement formulae based on the most widely accepted rates or indices. We then apply the model to the case of Spain. Our projections are based on Herce and Alonso's macroeconomic scenario 2000–2050 (2000) and include information about the past performance of the indices and the time period the forecast is to cover. The results of the IRR calculation—average value, standard deviation, and value‐at‐risk (VaR)—are analyzed both in objective terms and for different degrees of participants' risk aversion.     

Does it pay to remediate? An analysis of the internal and external benefits of remediation

We examine the internal and external benefits associated with the remediation, or correction, of material weaknesses in internal controls over financial reporting. We document that firms that remediate material weaknesses exhibit higher performance and reporting quality than firms that never reported any weaknesses. These results suggest that the remediation of material weaknesses, an indication of an improved internal control system, is associated with internal benefits. Moreover, we find that remediating firms experience significantly lower audit fees and betas (i.e. external costs) than non-material weakness firms. However, these lower external costs are contingent on a firm's level of performance and information quality. These results suggest that remediation offers firms a chance to re-examine and correct their internal controls and this leads to better performance and information quality. Furthermore, external stakeholders are not necessarily swayed by remediation alone but need to observe tangible evidence of the corrected internal control system before reassessing a firm's risk downward.     

What do a bank’s legal expenses reveal about its internal controls and operational risk?

Excessive (substantially above peer) litigation against a bank is indicative of operational risk because it often suggests failure to maintain a strong system of internal control. We examine the relation between bank performance and weak internal control using legal expense as a proxy. We find that legal expense is a strong determinant of loan losses and stock returns. Bank regulators should require reporting of legal expense on call reports to help identify institutions with weaknesses in internal control. Current reporting creates unnecessary information asymmetries because investors are not well informed about operational risk, leading to mispricing of bank securities.     

An evidential reasoning approach to Sarbanes-Oxley mandated internal control risk assessment

In response to the enactment of the Sarbanes-Oxley Act 2002 and of the release of the Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5, this study develops a risk-based evidential reasoning approach for assessing the effectiveness of internal controls over financial reporting (ICoFR). This approach provides a structured methodology for assessing the effectiveness of ICoFR by considering relevant factors and their interrelationships. The Dempster-Shafer theory of belief functions is utilized for representing risk.First, we develop a generic ICoFR assessment model based upon a Big 4 audit firm's approach and apply it to a real-world example. Then, based on this model, we develop a quantitative representation of various levels of ICoFR effectiveness and related risk-assessment as defined by the PCAOB and contrast these representations with levels implied by Auditing Standard No. 5. In doing so, we demonstrate the potential value of formal risk assessment models in both facilitating the assessment of risks in an individual engagement and in assessing the effects of different regulations.     

Assessing inherent risk during audit planning: The development of a knowledge based model

Within the academic and professional auditing communities there has been growing concern with accurately assessing the various risks associated with the performance of an audit. One approach to developing sophisticated risk assessment models is to study how experienced expert auditors use industry and firm specific factors in making audit judgements. This study presents a model of inherent risk assessment based on literature reviews and a field study that involved structured and unstructured interviews and observations of experts in audit planning meetings. Analysis of the data gathered led to the specification of a conceptual model of inherent risk assessment which has been implemented as a computer program (a computational model). Auditors were asked to assess the behavior and performance of the computational model as a first step in evaluating the expert model.     

Science and proven experience: a Swedish variety of evidence-based medicine and a way to better risk analysis?

A key question for evidence-based medicine (EBM) is how best to model the way in which EBM should ‘[integrate] individual clinical expertise and the best external evidence’. We argue that the formulations and models available in the literature today are modest variations on a common theme and face very similar problems when it comes to risk analysis, which is here understood as a decision procedure comprising a factual assessment of risk, the risk assessment, and the decision what to do based on this assessment, the risk management. Both the early and updated models of evidence-based clinical decisions presented in the writings of Haynes, Devereaux and Guyatt assume that EBM consists of, among other things, evidence from clinical research together with information about patients’ values and clinical expertise. On this A-view, EBM describes all that goes on in a specific justifiable medical decision. There is, however, an alternative interpretation of EBM, the B-view, in which EBM describes just one component of the decision situation (a component usually based on evidence from clinical research) and in which, together with other types of evidence, EBM leads to a justifiable clincial decision but does not describe the decision itself. This B-view is inspired by a 100-years older version of EBM, a Swedish standard requiring medical decision-making, professional risk-taking and practice to be in accordance with ‘science and proven experience’ (VBE). In the paper, we outline how the Swedish concept leads to an improved understanding of the way in which scientific evidence and clinical experience can and cannot be integrated in light of EBM. How scientific evidence and clinical experience is integrated influences both the way we do risk assessment and risk management. In addition, the paper sketches the as yet unexplored historical background to VBE and EBM.     

回归金融本质：互联网金融创新与“e租宝”案

互联网金融创新是"双创"的重要领域,"e 租宝"案例表明:互联网金融平台爆发式增长的同时积累了各类风险.互联网金融创新应回归金融本质,应用市场链理论可将互联网金融风险模块化为管理与技术的内控风险、超高利息承诺信用风险、低资产客户评估风险、监管生态风险、原始资本薄弱风险和模块间信息传递风险六个模块.互联网技术只是解决金融业务信息不对称的手段,应从金融本质视角出发结构化地防范互联网金融风险.     

Continuous monitoring with machine learning and interactive data visualization: An application to a healthcare payroll process

This paper presents a framework for proactive and intelligent continuous control monitoring (CCM) that helps management gain higher assurance over business processes and alleviate information overload. We adopt a design science approach towards systematically developing CCM artifacts, including operation and internal control violation display and multidimensional anomaly detection. We illustrate the design with an implementation project whereby a CPA firm, the firm's healthcare sector client, and the research team work together to improve the assurance provided by payroll reviews. This study contributes to the CCM literature by envisioning that interactive data visualization and machine learning technologies can alleviate information overload for management in CCM. Second, we provide real-world evidence on the improvement brought to economic and behavioral aspects of the control monitoring process compared to the traditional approach. We show that emerging technologies substantially improve the efficiency and effectiveness of risk assessment, anomaly detection, and loss prevention. We also contribute to control monitoring practice by providing guidance on artifact development and application for practitioners to follow.     

Investor perceptions of an auditor’s adverse internal control opinion

In response to recent corporate scandals, Congress passed the Sarbanes–Oxley Act of 2002 (SOX) which, among other things, requires that the auditor render an opinion as to the effectiveness of a company’s system of internal controls. The assumption implicit in this requirement is that the new internal control opinion provides investors with value-relevant information. Our evidence suggests that an adverse audit opinion on internal control over financial reporting provides incremental value-relevant information to investors beyond that contained in the financial statement audit opinion alone. Specifically we find that an adverse audit opinion on internal controls over financial reporting relative to an unqualified opinion is significantly associated with investors assessing a higher risk of financial statement misstatement, higher risk of a future financial statement restatement, higher information asymmetry, lower financial statement transparency, higher risk premium, higher cost of capital, lower sustainability of earnings, and lower earnings predictability. Overall, our empirical results support our hypotheses that the auditor’s opinion on the internal controls over financial reporting provides financial statement users with value-relevant information.     

Exploring the information content of cyber breach reports and the relationship to internal controls

A number of institutions make reports available regarding the types, impacts, or origins of cybersecurity breaches. The information content of cyber breach reports is examined in light of Principle 15 of the 2017 Committee on Sponsoring Organizations Enterprise Risk Management (COSO ERM) information security control framework to understand the degree to which cyber breach reports reflect the established COSO internal control framework. This study utilizes the COSO ERM internal control framework to examine whether current cyber breach reports contain information that may influence a firm’s ability to assess substantial change within its industry due to external forces (COSO ERM Principle 15). As such, this study focuses on data breaches, a special type of cyber incident, which may result in the loss of confidential information. Cyber decision makers rely on this type of information to calibrate information security programs to ensure coverage of relevant threats and the efficient use of available funds. These reports may be used for the purposes of cybersecurity risk assessment and strategic planning. We compare, contrast, and analyzie the reports to identify their utility in such contexts. We also provide an overview of the current cybersecurity reporting environment and suggest revisions to US national cyber policy with the intent of increasing the benefit to reporters and consumers of the data.This study is focused on education as to the current structure of breach reporting based upon our review and synthesis of publicly-available breach reports.In this study, we review nine (9) reports that meet four (4) criteria. We relate these criteria to the framework provided by COSO ERM Principle 15 by analyzing and placing the criteria into a taxonomy developed for this purpose. We analyze the degree to which the reports are complementary, reflect potential improvements of internal controls, and provide recommendations for ways in which these types of reports might be used by practitioners, while highlighting potential limitations. Our findings indicate that the sample reports contain little information that may be incorporated to improve the risk profile of an entity. We provide recommendations to improve the information content and timeliness of breach reports.     

Shifting from the incurred to the expected credit loss model and stock price crash risk

Using a difference-in-differences (DID) design, this study examines the effect of shifting from the incurred credit loss model (ICL model) to the expected credit loss model (ECL model) on banks’ future stock price crash risk. We find that switching to the ECL model decreases the stock price crash risk of commercial banks. Inspired by Onali et al. (2021), we proceed with cross-sectional tests from the perspectives of opportunistic incentives, information environments, and compliance costs and find that the effect is more pronounced for (i) banks with less opportunistic incentives, proxied by state-owned property rights and managerial ownership; (ii) banks with opaque internal and external information environments, proxied by weak internal control, weak board governance, low analyst coverage, and short auditor tenure; and (iii) banks with lower implementation costs, proxied by less day-one impact and higher levels of accounting conservatism. Channel analyses show that banks increase their asset impairment provisions and the timeliness of loan loss recognition, and there is an increase in the value relevance of earnings and bank efficiency after the adoption of the ECL model. Overall, our evidence suggests that the flexibility of principle-based accounting standards influences banks’ stock price crash risk and provides implications that could be helpful to regulators and standard setters.     

Modeling catastrophic deaths using EVT with a microsimulation approach to reinsurance pricing

Recently, a marked Poisson process (MPP) model for life catastrophe risk was proposed in Ekheden & Hössjer (2014). We provide a justification and further support for the model by considering more general Poisson point processes in the context of extreme value theory (EVT), and basing the choice of model on statistical tests and model comparisons. A case study examining accidental deaths in the Finnish population is provided. We further extend the applicability of the catastrophe risk model by considering small and big accidents separately; the resulting combined MPP model can flexibly capture the whole range of accidental death counts. Using the proposed model, we present a simulation framework for pricing (life) catastrophe reinsurance, based on modeling the underlying policies at individual contract level. The accidents are first simulated at population level, and their effect on a specific insurance company is then determined by explicitly simulating the resulting insured deaths. The proposed microsimulation approach can potentially lead to more accurate results than the traditional methods, and to a better view of risk, as it can make use of all the information available to the re/insurer and can explicitly accommodate even complex re/insurance terms and product features. As an example, we price several excess reinsurance contracts. The proposed simulation model is also suitable for solvency assessment.     

我国中央银行内部控制评价研究

本文通过研究中央银行内部控制评价的背景及意义,分析我国中央银行内部控制评价的现状,从评价的标准、程序、方法、指标体系和模型五个方面提出我国中央银行内部控制评价体系框架,并从完善制度规范、扩展评价主体、构建评价方法和指标体系等方面进行了探讨。     

An algorithmic trading system based on a stacked generalization model and hidden Markov model in the foreign exchange market

The Forex market has been one of the most attractive markets to researchers, funds, and traders. Literature shows that a single model algorithm usually cannot perform satisfactorily on the foreign exchange (Forex) time series because of the market's complexity. This study develops an algorithm based on two stacked generalization models consisting of four machine-learning models. First, the optimal lags of features are found using the Fisher discriminant ratio and partial autocorrelation function. Second, one stacked model fits the bullish trends, and the other holds the bearish trends resulting from a hidden Markov model. We reinforce the predictive signals of these models by extracting relationships between currency pairs with correlation and mutual information. Lastly, the proposed algorithm constructs a portfolio based on the strength of signals dependent on correlation and mutual information. As a result, this paper compares the performance of the proposed approach with different states of the model and several established benchmarks regarding return and risk metrics. The outcomes show that the proposed model's added features—such as time series clustering, considering a range of inputs, and internal relationships among different assets—can increase its performance in the Forex market.