萨班斯法案404内控报告弱点：一个试验COSO框架组件和信息技术【外文翻译】.pdfVIP

外文翻译 原文： SOX 404 Reported Internal Control Weakne es: A Test of COSO Framework Components and Information Technology This paper examines internal controls, from both an information technology (IT) and non-IT perspective, in relation to the five components of the Committee of Sponsoring Organization ’s Internal Control-Integrated Framework (COSO 1992), as well as the achievement of one of COSO ’s three objectives-reporting reliability. Our sample consists of 490 firms with material weaknesses reported under Sarbanes-Oxley Section 404 during the first year of compliance. We classify the weaknesses by COSO component and as IT-related or non-IT-related. Our results support the interrelationships of the COSO Framework. The results also show that the number of misstated a ounts is positively related to the number of weak COSO components (i.e., scope) and certain weak COSO components (i.e., existence). Firms with IT-related weak components report more material weaknesses and misstatements than firms without ITrelated weak components, providing evidence on the pervasive negative impact of weak IT controls, especially in control environment, risk assessment, and monitoring Beginning on November 15, 2004, Section 404 of the Sarbanes-Oxley Act of 2002 (SOX 404) requires all a elerated firms (with at least $75 million in publi equity float) to report on the effectiveness of their internal controls over financial reporting.Management must (1) state that they are responsible for establishing and maintaining internal controls, (2) identify the internal control framework used to evaluate controls, (3)provide an assessment on the effectiveness of internal controls, and (4) i