萨班斯法案404内控报告弱点：一个试验COSO框架组件和信息技术【外文翻译】.doc

外文翻译 原文： SOX 404 Reported Internal Control Weaknesses: A Test of COSO Framework Components and Information Technology This paper examines internal controls, from both an information technology (IT) and non-IT perspective, in relation to the five components of the Committee of Sponsoring Organization抯 Internal Control-Integrated Framework (COSO 1992), as well as the achievement of one of COSO抯 three objectives-reporting reliability. Our sample consists of 490 firms with material weaknesses reported under Sarbanes-Oxley Section 404 during the first year of compliance. We classify the weaknesses by COSO component and as IT-related or non-IT-related. Our results support the interrelationships of the COSO Framework. The results also show that the number of misstated accounts is positively related to the number of weak COSO components (i.e., scope) and certain weak COSO components (i.e., existence). Firms with IT-related weak components report more material weaknesses and misstatements than firms without ITrelated weak components, providing evidence on the pervasive negative impact of weak IT controls, especially in control environment, risk assessment, and monitoring Beginning on November 15, 2004, Section 404 of the Sarbanes-Oxley Act of 2002 (SOX 404) requires all accelerated firms (with at least $75 million in public equity float) to report on the effectiveness of their internal controls over financial reporting.Management must (1) state that they are responsible for establishing and maintaining internal controls, (2) identify the internal control framework used to evaluate controls, (3)provide an assessment on the effectiveness of internal controls, and (4) identify material weaknesses. An MW is a ‘‘deficiency, or a combination of deficiencies ... such that there is a reasonable possibility that a material misstatement’’(emphasis in the original)of the firm’s financial statements will not be prevented or detected on a timely basis (PCAOB 2007, para. A7). A wave of