信息技术条件下的内部控制规范_国际实践与启示

:3(210093),,,,(),IT,,,(InformationTechnology,IT),IT,,,,IT,ITIT,,ITIT,IT,,IT()COSOSOXSECPCAOB(AICPA)319,IT1.COSO(1)COSOTreadway(CommitteeofSponsoringOrganizationsoftheTreadwayCommission,COSO),COSO923(IAPHD)(2005sk112),1992(InternalControlIntegratedFramework),SECPCAOBAICPAIT,,ITIT,IT,COSO,,,,()(generalcontrol)(applica2tioncontrol),:,,IT,,,,IT,COSO,,COSO,,IT,,,,,,1992COSOIT,,IT,,,,(2)2000,,COSO2004,,,,,,IT1992COSO,,,IT,IT,(ERP),,,,,03,,,,COSO1992,,2.SOXSECPCAOB(1)SOX,,20027,-(Sarbanes-OxleyActof2002,SOX)SOX,302404,302404IT,SECPCAOB(2)SECSOX,,SOX,20036SEC:(FinalRule:ManagementpsReportsonInternalControlOverFinancialReportingandCertificationofDisclosureinExchangeActPeriodicReports,),,COSO(3)PCAOBNo12NO12006-007()SOX404SEC,20043,PCAOBNo12,(AnAuditofInternalControloverFinancialReportingPerformedinConjunctionwithanAuditofFinancialStatements),20046SEC,SOXNo12ITNo12,COSO,COSO,PCAOBCOSO(,2006)No12,PCAOB2006NO12006-007()(AnAuditofInternalControlOverFinancialReportingThatIsInte2gratedwithAnAuditofFinancialStatements),SECNo12,IT:(Atop-downapproach),13SOX302::(a)SEC,193413(a)15(d),(CEO)(CFO)():SOX404::(a)SEC,193413(a)15(d),(1);(2)(b)(a),,,,SOX101,,,IT;,IT,319;(walkthroughs),,,:IT,3.AICPA319AICPA()20015319(AUSection319ConsiderationofInternalControlinaFinancialStatementAudit)COSO,16-2030-3277-79IT,:IT,(COSO19925);IT,,,,,;IT,,,,,;IT,,,;,IT,IT,ITIT,,IT,IT,IT,COSO,()IT,IT,,:(1),(2),(3),(4),:(1),(2),(3),(4),(5),(6)ITCOSO1992,IT,IT,IT,,ITIT,,ITIT,IT,ITIT:(1)ITITIT,IT,IT,,,IT,,(2)ITIT,IT,,IT,23,,,,IT,ITIT,,,IT,IT,IT,,COSOIT,,IT,,IT,IT,IT,(ISACA)IT(ITGI)(ControlObjectivesforInformationandrelatedTechnology,COBIT)(AICPA)(CICA)TrustServices(IIA)(ElectronicSystemAssuranceandControl,eSAC)()(COBIT)COBITISACAITGIITIT,IT,IT,COBITISACA,IT,ITCOBIT40IT,COSOCoCo(ISO)(OECD)IT,ITCOBIT1996,COBIT410(2005)7IT,;IT5;IT4:,434318COBIT,COSO,IT,COSOITITITITITCOBITIT,IT()TrustServicesTrustServicesAICPACICA20034,(SysTrust)210310TrustServices5:,4:TrustServicesIT33,,,IT,ITCOBITCOSO,TrustServices,COBIT()(eSAC)1977IIA(SystemsAuditabilityandControl,SAC),,IIA2001eSAC,eSAC4:,5:,5:;:;5:,3:eSAC,,,,,eSAC,IT,IT,,,IT,IT,,,(COSO),IT,:IT,;;IT,,,ITCOSOITIT,,(),,,ITIT,IT,,IT,,ITIT(,2005,2006),IT43(,2001;,2007),,2006715([2006]11),IT,,,IT20073217(),,,,,IT,(),COBITIT,,IT?,ITIT,,.2007..,1:30-37,.2001..,12:32-36.,2005.12.2005..,7:49-54.2006..,2:53-59,.2006....2007.17()([2007]7)AICPA,AUSection319ConsiderationofInternalControlinaFinancialStatementAuditAICPA&CICA,TrustServicesPrinciplesandCriteria,2003COSO,InternalControlIntegratedFramework,1992,EnterpriseRiskManagementIntegratedFramework,2004IIA,ElectronicSystemsAssuranceandControl,2001PCAOB,AnAuditofInternalControloverFinancialReportingPerformedinConjunctionwithanAuditofFinancialStatements,2004.3,AnAuditofInternalControlOverFinancialReportingThatIsIntegratedwithAnAuditofFinancialStatements,2006.12Sarbanes-OxleyAct,2002-7-30SEC,FinalRule:ManagementpsReportsonInternalControlOverFinancialReportingandCertificationofDisclosureinExchangeActPeriodicReports,2003.6TheITGovernanceInstitute,COBIT4.0,200553://:EvidencefromStockMarketinChinaQuXiaohui&QiuYuehuaUsingasampleofalllistedA2sharesfirmsinShanghaiandShenzhenStockExchangesfrom1995to2004withavailabledata,thispaperexamineswhethertheimposedchangeofaccountingregulationsimprovesignificantlytheconservatismofthelistedfirms.Wefindthatconservatismdoesnptexistduring19951997.TheimplementationofAccountingSystemforShare2CapitalEnterprisesdoesnptsignificantlybringabouttheimprovementofconservatismduring19982000,whereastheimplementationofAccountingSystemforBusinessEnterprisesdoessignificantlyimprovetheconservatismofthelistedfirmsduring20012004.However,whenusingtheprofitablesampledataonly,conservatismduring2