内部审计的英文文献

中英文翻译内部控制爆炸①摘要：Power的1997版书以审计社会为主题的探讨使得审计活动在联合王国（英国）和北美得到扩散。

由审计爆炸一同带动的是内部控制制度的兴起。

审计已经从审计结果转向审计制度和内部控制，它已然成为公众对公司治理和审计监管政策的辩论主题。

Power表示对什么是有效的内部控制各方说法不一。

本人对内部控制研究方面有一个合理的解释。

内部控制对非常不同概念的各个领域的会计进行探究，并研究如何控制不同水平的组织。

因此，内部控制研究的各类之间的交叉影响是有限的，而且，许多内部会计控制是研究是再更宽广的公司治理问题的背景下进行的。

所以，许多有关内部控制制度对公司治理的价值观点扔需要进行研究。

关键词：机构理论；公司治理；外部审计；内部审计；内部控制制度；管理控制1 概述Power的1997版书以审计社会为主题的探讨使得审计活动在联合王国（英国）和北美得到扩散。

由审计爆炸一同带动的是内部控制制度的兴起。

审计已经从审计结果转向审①Maastricht Accounting and Auditing Research and Education Center (MARC), Faculty of Economics and Business Administration, Universiteit Maastricht, P.O. Box 616, 6200 MD Maastricht, The Netherlands s.maijoor@marc.unimaas.nl Fax: 31-43-3884876 Tel: 31-43-3883783计制度和内部控制，它已然成为公众对公司治理和审计监管政策的辩论主题。

例如，在最近的对于欧洲联盟内外部审计服务的内部市场形成的辩论中，监管建议建立关于内部控制和内部审计制度。

虽然对有关内部控制的价值期望高，但Power表示对什么是有效的内部控制各方说法不一。

本人对内部控制研究方面有一个合理的解释。

文献信息：文献标题：New Product Development, Accounting Information, and Internal Audits: A Proposed Integrative Framework（新产品开发，会计信息和内部审计：一个拟议的综合框架）国外作者：Kanyamon Wittayapoom文献出处：《Procedia - Social and Behavioral Sciences》, 2014, 148(148):307-314字数统计：英文3375单词，19083字符；中文6023汉字外文文献：New Product Development, Accounting Information, andInternal Audits: A Proposed Integrative Framework Abstract Innovation activities and processes of an organization have been given considerable attention within the past decade by both managers and academics. The new product development (NPD) process is a critical innovation process that has been explored from different functional perspectives, such as marketing, engineering, finance and manufacturing, due to its interfunctional nature. As new product failure rates continue to remain high, management control systems have become an important issue. While perceptions of the ‘intervention’ of accounting practices in business processes have been widely regarded as unwelcome constraints on innovation (e.g. R&D), the view taken here is that accounting, particularly the tasks of auditing, becomes an integral internal information generating activity that enhances, rather than constrains, the NPD process and ultimately overall NPD team performance. The purpose of this paper is to identify and explain accounting information and accounting audit tasks that are essential for efficient execution of the NPD process. In doing so, a conceptual framework is presented, which integrates accounting information andpractices into the NPD process. Moreover, it is argued that the extent to which accounting information is actually utilized as part of the NPD process has an influence on the performance outcomes of the NPD process. Theoretical and practical contributions, as well as suggestions for future research are also discussed.Keywords: New product development; accounting information; accounting audit; team performance1.IntroductionNew product development (NPD) is an important process for a firm’s mar keting team to launch a meaningful innovative product (Racela, O. C., Chaikittisilpa. C., & Thoumrungroje, A. 2010), as an important potential source for competitive advantage (Sheng, S., Zhou, K. Z., & Lessassy, L. 2012), and for cross-functional integration within the organization. The NPD process requires organization resources to create new products with adaptations to interfunctional activity. As failure rates of new products continue to remain high, management control systems have become an important issue in NPD order to exploit new market opportunities and sustain firm profitability (Leenders, M. A. A. M., & Wierenga, B. 2008). The more common management and marketing control systems are often ineffective and an internal audit may prove more useful activities (e.g. cost and financial budgetary into development process within NPD process) as a means of enhancing the NPD process and NPD team performance (Brownlie, D. 1996).A generic NPD process may have five stages including: 1) opportunity identification selection, which involves gathering preliminary information to assess risk and opportunity of a need in the marketplace that can be filled by a new product, 2) concept generation, that involves the generation of ideas for product innovation, 3) concept evaluation, which requires systematic procedures to rate and rank different concepts, 4) development, which implements both technical design and marketing strategy planning, and 5) launch, which is the execution of the marketing plan. During each of these NPD stages, accounting information and accounting audits are crucial in facilitating effective NPD team output and product design.While accounting practices have been widely regarded as unwelcome constraints on innovation (Song, M., & Montoya-Weiss, M. M. 2001, Clark., Kim, B. & Fujimoto, T. 1991), an internal audit process is critical to improve programs that are aimed at reducing error or fraud, to design and control resource allocation, and to evaluate organizational performance in order to reduce non-value adding activities (Sisaye, S. 1999) of the NPD process. Hence, the NPD process is relevant to all kinds of functions within organization, e.g. project management to organize the control system of NPD, the information technology (IT) team to implement and prepare needed software applications and systems, accounting information to estimate budgets, internal audits to control and appropriate approvals, which means organizations must adopt proper strategies to reduce unnecessary costs (Yang, L-R. 2012).According to organization theory, product team performance enhances the application of knowledge that is needed for the creation of innovative ideas for NPD (Ju, T. L., Li, C. Y., & Lee, T. S. 2006). From a resource-based view, organizational knowledge and expertise are valuable, rare, and non-substitutable resources. Different sources of knowledge, particularly from accounting information and internal audits, become a valuable means to achieve competitive advantage (Barney, J. B. 1991). The NPD process integrates different knowledge and perspectives from different functions (Poon, J. P. H. & MacPherson, A. 2005), thus applying tacit knowledge and codified knowledge of the organization (Boer, M. D., & Bosch, V. D. 1999).The purpose of this paper is to explore and discuss accounting information and accounting audit task that are essential for efficiency execution of the NPD process and better NPD team performance. In this paper, NPD team performance refers to effectiveness, efficiency, and economy based on NPD teamwork. The highlight of this paper is that it attempts to integrate accounting information and practices into the NPD process, particularly the tasks of auditing, and suggests that such information generating activities enhance, rather than constrains, the NPD process and ultimately overall NPD team performance. Moreover, it is argued that the extent to which accounting information is actually utilized as part of the NPD process has an influence on the performance outcomes of the NPD process.2.Theoretical FrameworkTo expand the conceptualization of the NPD process in order to integrate accounting information and internal audits, the relationships among concepts are based on the theoretical underpinnings of the resources-based view of the firm (RBV) and contingency theory. RBV posits that different resources within the organization, like those in marketing, human resource, accounting and financial management are deployed to execute processes, including the execution of the NPD stages (Morgan, N.A., Clark,B. H., & Gooner, R. 2002, Wernerfelt, B. 1984). NPD resources can include accounting knowledge and internal audits that the NPD team uses to learn and support part of NPD process (Durmuşoğlu, S. S., & Barczak, G. 2011) because the new product team relies on a variety of knowledge from different functions in order to proceed effectively through the NPD process. Therefore, accounting information and internal audits can be regarded as information that are used to facilitate knowledge creation in a NPD process.In general, the sources of knowledge, particularly accounting information, can help NPD team members to improve their contributions to NPD and to the team. Within organizations, knowledge from different sources may be necessary, thus the transferring and sharing of knowledge and practices within and between organizational units is related to the resource-based view of the firm (RBV). To explain the existence of knowledge, such as in project management, IT management, or accounting management in NPD processes, knowledge of and from the NPD process includes the management of different resources and considerations such as scope, time, cost, quality, human resource, communication risk, or procurement. RBV, which was initially established in organizational studies and widely used in the field of strategic management, helps to understand the internal resources of an organization that can be deployed to achieve a competitive advantage (Grant, R. M. 1996). Such resources include organizational processes, knowledge, and know-how from both tacit and codified knowledge from the organization and employees, which is regarded as tangible and intangible assets. Within the RBV, the different sources of knowledgecan help the organization to formulate strategy and to generate competitive advantage (Kaleka, A. 2002) to achieve superior marketing outcomes (McGrath, R. MacMillan, I. & Venkatraman, S. 1994) and team performance. Because innovation activities and processes of an organization have been given considerable attention, the new product development (NPD) process is considered a critical innovation process that has been explored from different functional perspectives. Therefore, sources of knowledge from different functional units within an organization are necessary. The NPD team needs a variety of knowledge and know-how from each professional function in order to reduce new product failure rates. The NPD team also needs a high degree of knowledge sharing from NPD team members. Hence, the sources of accounting knowledge practices and knowledge-sharing in business processes have been widely regarded, as the tasks of auditing become an integral internal information generating activity to enhance, rather than constrain, the NPD process and ultimately overall NPD team performance.Contingency theory argues that organizational behaviors and performance depends on contextual factors (McAdam, R. & McClelland, J. 2002) and suggests that organizational effectiveness is related to corporate characteristics (Chenhall, R. H., 2003). In academic studies, the literature in marketing management, accounting management, and internal auditing shows very little attention given to the role of contingencies within organizations (Morgan, N. A., Clark, B. H., & Gooner, R. 2002). To enhance the likelihood of new product success, management control systems have been adopted to align accounting information and internal audits to NPD. Therefore, in this paper, contingency theory explains how different contexts of internal audit activities influence the NPD process and NPD team performance (Chapman, R. & Hyland, P. 2004). The conceptual model is presented in figure 1.3.Conceptual and Proposition3.1.Sources of Accounting Knowledge and NPD ProcessIn this paper, ‘source of knowledge’refers to the relevant tacit and codified knowledge within an organization and used by organizational members. Sources of knowledge can come from all organizational functions. Accounting knowledge can be considered a source of knowledge that is very important for organizational strategy and management and which is critical to realize improvements in the NPD process (Jørgensen, B. & Messner, M. 2010).Tacit knowledge can be described as knowledge that cannot be easily articulated verbally and is therefore difficult to transfer to or to be understood by another person.Because of this difficulty, tacit knowledge is difficult to imitate and replicate and iseasier to protect (Saarenketo, S., Puumalainen, K., Kuivalainen, O., & Kylaheiko, K. 2004). For instance, a person’s ability that has developed over time through the accumulation of knowledge and gained through practical experience, are often considered forms of tacit knowledge.Tacit knowledge can be better understood by others or groups who are well versed in the particular subject matter and with the language that describes the information, such as a groups of practitioners or professionals of a field (Nightingale, O. 1998). Tacit knowledge also includes knowledge that is embedded in social networks that contains a higher tacit content due to the major mechanism of transferring is rooted in individuals or groups who are necessary for carrying out tasks and processes within the organization. Thus, tacit knowledge from different areas of the organization are necessary for the NPD process whereby the NPD team’s abilities, including those related to accounting and internal auditing, can be a valuable source of knowledge (Chen, S. 2005).Codified knowledge is organized around procedures, properties, facts or axiomatic proposition, transferred via teaching, and interpersonal interaction (Edmonson, A., Winslow, A. B., Bohmer, R. M. J., & Pisano, G. P. 2003). The use of codified knowledge allows persons to increase their knowledge, increase the quantity of information exchanged, clarify information content, and to reduce uncertainty in information sharing. Accounting is considered a main source of codified knowledge. Use of such knowledge also applies within the NPD process, as codified knowledge of accounting information is embedded in the product design (Carbonara, N., & Scozzi, B. 2006). Accounting information can be used to provide direction to the NPD team and in their formulation of strategies for NPD. For instance, knowing and understanding the product’s contribution margins ma y help the NPD team better coordinate proposed production schedules for a new product that will be added to a firm’s current product line. Therefore, based on the tacit and codified knowledge of accounting information, the following proposition is given:Proposition 1: Sources of accounting knowledge enhances the NPD process and NPD team performance.3.2.Internal Audits, NPD Process, Team PerformanceIn recent years, organizations continue to seek ways to improve their NPD process (e.g. reduced cost, and budget) and increase NPD team performance (e.g. effectiveness, efficiency, and economy of product quality). Management control systems are important to ensure better organizational performance (Jaworski, B. J. 1988). NPD team performance is essential for the execution of an efficient NPD process and activities. The NPD team must be comprised of a variety of skills and competence from members of different functions who can bring to the team different knowledge. The concept of internal audit can be useful for NPD team to organize NPD process such as risk assessment, control quality, or managing the team performance.In general terms, an internal audit is the process to examine, monitor, and analyze organizational activities in order to review what the firm is doing in order to assess its health and profitability, identify potential threats, and to advise on ways to mitigate risk of those threats in order to minimize costs. The internal audit is a part of the firm’s administrative structure and involves the tasks of audit planning, audit executing, and audit reporting with an emphasis on accounting information. As already mentioned, internal audit tasks can be related to the stages of the NPD process. The three distinct roles of the internal audit process are:•aud it planning, which involves the collection of preliminary information, the identification and evaluation of risk , and the review of sufficient and appropriate internal controls;•audit execution, which involves checking whether there is appropriate and sufficient audit evidence, selecting an audit sampling technique to collect information for analysis, choosing a number of audit techniques to apply, and documenting the audit; and•audit report, which involves communicating and disseminating information of the new product and the NPD process with which due diligence.From this internal audit process, the NPD team stays informed of the financial aspects of the NPD process and can apply such knowledge in subsequent NPD stages.Given the importance of the NPD process, an internal audit process can be implemented at each stage of the NPD. In the first stage of the NPD process, i.e. opportunity identification and screening of generated concepts, the launch of an internal audit project may appear as a set of key components which includes a plan to conduct the internal audit, with the aim to understand the NPD process and to know how the NPD team identifies market opportunities and how the team evaluates ideas/concepts for further consideration. The audit planning should arise from discussions between members of the NPD team in order to get ‘the big picture’ of the broad context of opportunities for new product development (Stewart, D. W. 2009). Based on this, the internal auditor in the NPD team should:•gather preli minary information by documenting the internal control environment and to obtain information and feedback from NPD team members;•evaluate potential risk related to the NPD process, define performance outcomes that will be used to assess NPD process success, and propose ways to decrease risk; and•conduct an internal control of all stages of the NPD process.Hence, the NPD team, particularly the internal auditor works from preliminary information gathering, risk evaluation, and internal control by making inquiries and reviewing information from interviews, questionnaires, and/or observations of the NPD process activities so that an audit program can be established.Second, when the NPD team evaluates concepts that can be pursued for further development, an internal audit would involve determining a formal audit objective directed at the NPD process and to review NPD team performance and to determine NPD activities that would support the audit objective. The NPD team would need to decide what appropriate information and tools are necessary for NPD (Buyukozkan, G. & Feyzioglu, O. 2004). In essence, for the NPD stage of concept evaluation, the audit activities could include:•ensuring there is appropriate and sufficient audit evidence, which requires the NPD team to collect and maintain documentation to support the internal audit objective and to ensure that documents are appropriate in terms of (i.e. quality andreliability) and sufficient (i.e. quantity) for analysis;•implementing an audit sampling technique w here the NPD team decides which audit sampling technique should be used as a tool for gathering sufficient information (e.g., probability sampling technique or non-probability sampling technique)•adopting several audit techniques in order to test intern al controls, and monitor data assurance, whereby the internal auditor in the NPD team would make inquiries and data from questionnaires, observation or other analytical procedures in order to ensure the NPD process is accurate; and•conducting‘audit’ paperwork with due diligence with the internal auditor of the NPD team applying ‘bookkeeping’ practices of their audit into formal documentation, ensuring accurate information. Due diligence also requires sufficient internal audit skills for the audit results to be given as a recommendation to the NPD team as a formal audit report.Finally, at the last stage of the NPD process, when the new product is ready for launch into the market, the launch should also be communicated within the organization as well as to selected target markets. Similar to the internal audit, after audit team analyzed the process of new product to ensure that NPD process is completed influence to team performance, internal auditor within NPD team should prepare an audit report. The audit reporting generated by the accounting information system on which analyzed the material errors, omissions, and fraud (Chan, D. Y. & Vasarhely, M. A. 2011). While the NPD team ensures that the process of new product system is educate and total quality assurance by internal control system. The total quality assurance refers to NPD team, particularly internal auditor to collections and gathers all activities of NPD process to facilitate the quality control as an internal audit portfolio. Therefore, the following proposition is given:Proposition 2: Internal audit of the NPD process enhances the NPD process and NPD team performance.3.3.Sharing of Accounting InformationAccounting information refers to information from financial statements that are generated from traditional ‘book- keeping’ and which are used for decision-making.While for the most part, accounting information is typically associated with clear and easily understood accounting ratios, it also includes qualitative information such as in the interpretations, implications, and economic consequences of trends and patterns (i.e., costs, expenditures, returns on investments, etc.) not easily detected from financial statements of one reporting period. Information sharing is an important factor that may moderate the influence of sources of accounting knowledge on the NPD process (Song, M., & Thieme, R. J. 2006). This is because the NPD process relies on information (e.g. upgrade product design efficiency) (Venkatasubramanian, V., Zhao, et al 2006) and is a foundation for collaborative NPD design (Kim, K.Y., Manley, D. G., & Yang, H. 2006, Zhanga, S., Shen, W., & Ghenniwa, H. 2004). As part of the NPD process, the internal audit generally is concerned with knowledge from several different functional units, and as such, the NPD team must adapt this shared information to reduce communication error (i.e. tacit and codified knowledge). Thus with improved quality of communication, the sharing of accounting information should enhance the NPD process and NPD team performance (Merminod, V., & Rowe.F. 2012). Therefore, the following proposition is given:Proposition 3: Greater sharing of accounting information within the organization and within the NPD team strengthens the influence of accounting knowledge on the NPD process and NPD team performance4.Implications and ConclusionThis paper discusses the NPD process, accounting knowledge, internal audits, and accounting information and posits that the NPD process can be enhanced through greater use of accounting knowledge and particularly the tasks of auditing. Moreover, greater use and sharing of accounting information as part of the NPD process enhances accounting’s role on the performance outcomes of the NPD process. In this paper, perspectives from RBV and contingency theory are applied to develop and propose a conceptual framework for the posited relationships among constructs. Therefore, this paper makes a theoretical contribution to the areas of knowledge as a resource and postulates that the NPD process needs accounting knowledge and thesharing of information by accounting professionals. This paper also offers managerial implications, since management and NPD team members must understand the need to for control systems to improve NPD and NPD team performance.This paper proposed a conceptual framework that integrates theories and concepts and therefore, future research is needed to conduct empirical analysis to test the posited relationships.中文译文：新产品开发，会计信息和内部审计：一个拟议的综合框架摘要在过去十年中，一个组织的创新活动和过程受到管理者和学术界的相当大的重视。

审计外文参考文献参考文献是学术研究过程之中对于所涉及到的所有文献资料的总结与概括，以下是店铺搜集整理的审计论文参考文献，欢迎阅读查看。

审计参考文献参考文献一：[1]王广明，谭宪才，雷光勇.中国独立审计长沙[M].湖南人民出版社，2002.[2]原红旗，李海建，会计师事务所组织形式、规模与审计质量.会计研究，2003(1):32-37.[3]漆江娜，陈慧霖，张阳.事务所规模·品牌·价格与审计质量——国际“四大”中国审计市场收费与质量研究[J].审计研究，2004，(03)：59-65.[4]武晓玲.我国会计师事务所规模研究一基于审计市场经验数据的聚类分析[J].会计研究，2005(3):22—27.[5]李旭洁.关于审计质量影响因素的研宄[J].商业会计，2012(2).[6]马宁，会计师事务所审计质量的全过程分析[J].会计之友，2012(2).[7]李晓慧，吴雅楠.影响审计质量的因素研宄——基于会计师事务所视角的问卷调查[J].中国注册会计师，2012(12).[8]肖瑞利，审计质量的特征及其影响因素分析[J]，商业会计，2012(15).[9]杨柳.会计师事务所审计质量影响因素分析及对策[J].商业会计，2013(10).[10]张荣静.异常审计费用、会计师事务所声誉与审计质量[J].财会之友，2016(3).[11]温毓敏.会计师事务所规模、法制环境与审计质量实证研究[J].财会通讯，2016(9).[12]王善平.中国独立审计的现实问题思考.审计研究[J].2001(2).[13]李万军，周耀光.会计师事务所综合质量评价体系研究，中国注册会计师[J].2002(11).[14]孙永军，丁莉娜.审计质量评价研究:基于我国100强事务所的数据分析[J].审计研究，2009(6).[15]郭颖，李永华.会计师事务所审计质量评价指标体系研宄[J].财会月刊，2009(07).[16]李俊，夏斌.层次分析法、模糊综合评价法联用的会计师事务所综合评价[J].财会月刊，2010(11).[17]万佳，陈颖.独立审计质量衡量标准体系的研宄[J].财务与金融，2010(5).[18]孙蕾.建立会计师事务所审计质量评价体系.企业论坛[J].2011:121-127.[19]洪敏，我国会计师事务所审计质量评价——基于中注协会计事务所综合评价体系[J].财会通讯，2011(4).[20]阎银泉.三种审计主体审计质量评价比较研究[J].会计之友，2013(1).[21]刘蕊.会计师事务所审计质量评价体系研究[D].云南民族大学.2015.[22]宋英男.会计师事务所审计质量评价体系研究与应用[D].北京交通大学.2014.参考文献二：[1]马克思.资本论(第一卷)[M].中共中央马克思恩格斯列宁斯大林着作编译局,译.北京：人民出版社，2004.[2]马克思.资本论(第三卷)[M].中共中央马克思恩格斯列宁斯大林着作编译局,译.北京：人民出版社，2004.[3]马克思.剩余价值理论[M].李善明，编，郭大力，译.北京：人民日报出版社，2010.[4]亚当·斯密.国民财富的性质和原因的研究(上卷)[M].郭大力，王亚南,译.北京：商务印书馆，1972.[5]亚当·斯密.国民财富的性质和原因的研究(下卷)[M].郭大力，王亚南,译.北京：商务印书馆，1972.[6]欧文·休斯.公共管理导论(第二版)[M].彭和平，周明德，金竹青,等,译.北京：中国人民大学出版社，2001.[7]李扬，张晓晶，常欣,等.中国国家资产负债表2013——理论、方法与风险评估[M].北京：中国社会科学出版社，2013.[8]马骏，张晓蓉，李治国,等.中国国家资产负债表研究[M].北京：社会科学文献出版社，2012.[9]国家统计局.中国资产负债表编制方法[M].北京：中国统计出版社，2007.[10]尼古拉斯·亨利.公共行政与公共事务(第八版)[M].张昕,等,译.北京：中国人民大学出版社，2002.[11]戴维·奥斯本，德特·盖布勒.改革政府——企业精神如何改革着公营部门[M].周敦仁，汤国维，寿进文，徐荻洲,译.上海：上海译文出版社，1996.[12]莱昂·瓦尔拉斯.纯粹经济学要义[M].蔡受百,译.北京：商务印书馆，1989.[13]王静.政府财政资产负债核算国际规范的比较研究——基于2001GFS和IPSAS的研究[J].统计教育，2009，12.[14]李扬.要从资产负债表来控制资产泡沫[EB/OL].2009夏季达沃斯论坛发言.[15]王健.政府经济管理案例(二)——国有资产管理与政府规制篇[M].北京：经济科学出版社，2010.[16]尤安山.拉美债务危机：原因及对策[J].拉丁美洲研究.1986(1):23-26.[17]沈沛龙，樊欢.基于可流动性资产负债表的我国政府债务风险研究[J].经济研究，2012，2.[18]吕伟.政府或有负债风险管理研究：理论框架与实践探索[M].北京：中国财政经济出版社，2008.[19]许宪春.中国国民经济核算与统计问题研究[M].北京：北京大学出版社，2010.[20]广东商学院国民经济研究中心.国民经济发展与国民经济核算[M].北京：经济科学出版社，2011.[21]毛太田.地方政府公共财政支出绩效评价研究[M].北京：光明日报出版社，2013.[22]HanaPolachovaBrixi，马骏.财政风险管理：新理念与国际经验[M].北京：中国财政经济出版社，2003.[23]李林林.关于国家风险与主权信用评级的研究[D].北京：中国社会科学院，2013.[24]胡浩.政府资产负债管理风险对“欧洲五国”主权债务危机的影响研究[D].北京：财政部财政科学研究所，2012.[25]郑小娟.欧洲国家债务危机的风险传导研究[D].湖北：武汉大学，2014.[26]顾诚浩.我国政府财务报告改革的研究[D].江苏：苏州大学，2014.[27]刘笑霞.政府绩效评价理论框架之构建——以一级政府为中心[D].福建：厦门大学，2014.[28]____.基于绩效管理的政府会计体系构建研究[D].辽宁：东北财经大学，2014.[29]李敏.中国地方债务风险管理研究[D].北京：首都经济贸易大学，2014.[30]董丽.欧洲主权债务危机的起因、影响及启示[D].云南：云南财经大学，2011.[31]侯杰.国家资本结构与新兴市场国家金融危机[D].北京：中国人民大学，2006.[32]李光辉.国家综合负债研究[D].北京：中共中央党校，2001.[33]周瑞华.“两库两公开”——资产评估监管新模式[J].当代经济，2009，7.[34]罗和平.关于国有资产评估项目管理改革的几个问题[J].国有资产管理，2005，11.[35]朱毛瑞.三份资产负债表传递的债务信息[N].香港经济导报，2013，1(17).[36]陈学安.建立我国财政支出绩效评价体系研究[J].财政研究，2004，8.[37]张永慧，李天祥.专项资金绩效评价指标体系初探[J].财政研究，2005，5.[38]郭亚军，何延芳.我国1994-2001年财政支出状况的综合评价[J].财政研究，2003，9.[39]李彦历.我国财政资金绩效管理研究[D].北京：财政部财政科学研究所，2010.[40]赵红梅.基于多级模糊综合评判法的地方政府绩效评估研究[J].科技管理研究，2008，28.[41]王克强，刘红梅，陈玲娣.财政支出绩效评价研究综述[J].开发研究，2006，5.[42]崔元锋，严立冬.基于DEA的财政农业支出资金绩效评价[J].农业经济问题，2006，9.[43]高敏雪，等.国民经济核算原理与中国实践[M].北京：中国人民大学出版社，2007.[44]戴维·奥斯本，彼得·普拉斯特里克.摒弃官僚制：政府再造的五项战略[M].谭功荣，刘霞,译.北京：中国人民大学出版社，1996.[45]莫里斯·戈登斯坦，菲利普·特纳.货币错配——新兴市场国家的困境与对策[M].李扬，曾刚,译.北京：社会科学文献出版社，2005.[46]王定云，王世雄.中西方国家新公共管理理论综述与实务分析[M].上海：上海三联出版社，2008.[47]黄维民.新范式与新工具：公共管理视角下的公共政策[M].北京：中国社会科学出版社，2008.[48]王彦荣，等.中国政府资产管理改革[M].北京：经济科学出版社，2008.[49]曹荣湘，朱全涛.国家风险与主权评级[M].北京：社会科学文献出版社，2004.[50]财政部会计司.政府会计研究报告[M].大连：东北财经大学出版社，2005.[51]陈小悦，陈立齐.政府预算与会计改革——中国与西方国家模式[M].北京：中信出版社，2002.[52]李建发.政府会计论[M].厦门：厦门大学出版社，1999.[53]李金早.告别GDP崇拜[M].北京：商务印书馆，2011.[54]程祥国，韩艺.国际新公共管理浪潮与行政改革[M].北京：人民出版社，2007.[55]马恩涛.中国经济转型中的政府或有负债研究[M].北京：经济科学出版社，2010.参考文献三：[1]王大力，李瑞红，王双彦.我国内部审计情况调查[J].会计师，2006(04)：23-26.[2]滕海林.内审的“监督主导型”向“服务主导型”转变可行性探讨[J].经济管理者，2013(21)：36-38.[3]郭慧.内部审计职能拓展影响因素研究:综述与展望[J].财会通讯，2013(31)41-42.[4]王兵，刘立云等.中国内部审计近30年发展：历程回顾与启示[J].会计研究，2013(10)：45.[5]李越冬.内部审计职能研究：国内外文献评述[J].审计研究，2010(3)：42-47.[6]郭慧.上市公司内部审计治理效应研究[M].中国社会科学出版社，2010：182-183.[7]王守海，郑伟，张彦国.内部审计水平与财务报告质量研究—来自中国上市公司的经验证据[J].审计研究，2010(5)：82-88.[8]潘玉梅.论内部审计质量的影响因素及其改善[J].财经界(学术版)，2013(15)：24-25..[9]江锋，唐均，于荣霞.公司治理与内部审计质量控制的实践探索[J].全国内部审计理论研讨优秀论文集，2013：66-73.[10]韩峥.企业审计人员专业胜任能力和审计效用均衡的探索[J].财税研究，2015(8)：250[11]庄莹.论我国上市公司内部审计有效性的提升[J].中国管理信息化，2013(12)：2-4[12]时现.现代企业内部审计治理功能透视[J].审计研究，2003(4):61-64.[13]刘国常，郭慧.内部审计特征的影响因素及其效果研究--来自中国中小企业板块的证据[J].审计研究，2008(2)：29-30.[14]胡继荣.基于ERM框架的商业银行内部审计机制研究[J].南开管理评论，2009(2)：146-152[15]陈武朝.内部审计有效性与持续改进[J].审计研究，2010(3)：55.[16]黄辉，魏培培.基于公司治理的内部审计有效性研究[J].华东交通大学学报，2013(4)：120.[17]蔡春，蔡利，陈幸.内部审计质量与盈余管理--来自中国A股制造业上市公司的经验证据[J].上海立信会计学院学报，2009(6)：9-20.[18]王守海，郑伟，张彦国.内部审计水平与财务报告质量研究—来自中国上市公司的经验证据[J].审计研究，2010(5)：82-88.[19]王光远，瞿曲.公司治理中的内部审计一一受托责任视角的内部治理机制观[J].审计研究，2006(9).[20]张婷.内部审计特征对内部控制信息披露质量的影响[D].山西财经大学硕士学位论文.2015.[21]中国内部审计协会.内部审计基本准则[S]，2013：4.[22]杜静然.上市公司内部审计治理效率实证分析[J].财会通讯，2012(12)：44-45.[23]李立军.中小板上市公司内部审计有效性研究——基于财务报告质量视角[D].西南财经大学硕士学位论文.2014.[24]张维迎.正确理解公司治理结构[N].东方早报，2014-5-13.[25]中国注册会计师协会.公司战略与风险管理[M].经济科学出版社，2011:40-41.[26]深圳证券交易所.中小企业板上市公司内部审计工作指引[S]，2007.[27]张荷玲，刘正军.湖南省制造企业内部审计对企业绩效影响的实证研究[J].中国软科学增刊(上)，2010(1)86-93.[28]李秀玲.我国上市公司审计委员会特征对审计质量影响的实证研究[D].西南财经大学硕士学位论文.2011.[29]苏佳.提高企业内部审计有效性的可行策略分析[J].中国管理信息化，2015(6)：44审计外文参考文献将本文的Word文档下载到电脑，方便收藏和打印推荐度：点击下载文档文档为doc格式。

THE ACCOUNTING REVIEW American Accounting Association V ol.84,No.3DOI:10.2308/accr.2009.84.3.839 2009pp.839–867Corporate Governance and InternalControl over Financial Reporting:A Comparison of Regulatory RegimesUdi HoitashNortheastern UniversityRani HoitashBentley UniversityJean C.BedardBentley University and University of New South WalesABSTRACT:This study examines the association between corporate governance anddisclosures of material weaknesses(MW)in internal control overfinancial reporting.Westudy this association using MW reported under Sarbanes-Oxley Sections302and404,deriving data on audit committeefinancial expertise from automated parsing of memberqualifications from their biographies.Wefind that a lower likelihood of disclosing Sec-tion404MW is associated with relatively more audit committee members having ac-counting and supervisory experience,as well as board strength.Further,the nature ofMW varies with the type of experience.However,these associations are not detectableusing Section302reports.We alsofind that MW disclosure is associated with desig-nating afinancial expert without accounting experience,or designating multiplefinan-cial experts.We conclude that board and audit committee characteristics are associ-ated with internal control quality.However,this association is only observable underthe more stringent requirements of Section404.Keywords:internal controls;corporate governance;audit committee;financialexpertise.Data Availability:Data are publicly available from sources identified in the paper.For comments on prior versions of this paper,the authors thank Mohammad Abdolmohammadi,Vicky Arnold, Jim Bierstaker,Joe Carcello,Anna Cianci,Jonathan Doh,Karla Johnstone,April Klein,Jayanthi Krishnan,Jim Largay,Johnnie Lee,Mike Peters,Robin Roberts,Heibatollah Sami,Steve Sutton,Jay Thibodeau,participants of the2007Auditing Midyear Conference,the Philadelphia Accounting Research Consortium,and accounting research workshops at Bentley University,University of Central Florida,University of Melbourne,and University of New South Wales.We have also benefited from comments by John Core(editor),Steven Kachelmeier(senior editor), and two anonymous referees.Editor’s note:Accepted by Steven Kachelmeier,with thanks to John Core for serving as editor on a previous version.Submitted:March2007Accepted:October2008Published Online:May2009839840Hoitash,Hoitash,and BedardThe Accounting Review May 2009American Accounting Association I.INTRODUCTIONT his study investigates the association of audit committee and board characteristics with effectiveness of internal controls over financial reporting (ICFR).We measure this association using data on internal controls from two provisions of the Sarbanes-Oxley Act (Sections 302and 404)that differ in the requirement that controls be tested by the company’s management and external auditor.Our study fits within a large and diver-sified literature on the effectiveness of corporate governance mechanisms in addressing the agency problem arising from separation of corporate ownership from management.As noted by Sloan (2001)among others,the financial reporting system provides a means by which providers of capital can monitor managers.Managers’discretion over the measurement of earnings,along with the effects of earnings on management compensation through effects on stock prices,can combine to exacerbate the agency problem (e.g.,Xie et al.2003).If effective ICFR is imposed by owners,then the agency problem is mitigated.As represen-tatives of owners,corporate boards of directors are responsible for supervising the financial reporting function to achieve this goal.The expectation of regulators that corporate governance and financial reporting are strongly linked underlies several provisions of the Sarbanes-Oxley Act (SOX).These pro-visions apply higher standards for the structure and responsibilities of boards and audit committees with regard to financial reporting.1For example,with regard to governance structure,SOX Section 407requires disclosure of audit committee members that the com-pany chooses to designate as ‘‘financial experts.’’While the SEC initially proposed that only individuals with accounting experience could fulfill this role,final regulations imple-menting Section 407allow two other categories of experience:‘‘supervisors’’of the finan-cial reporting function (e.g.,CEOs)and ‘‘users’’of financial reports in a professional ca-pacity (e.g.,financial analysts and venture capitalists).With regard to governance responsibilities,SOX Sections 302and 404require companies to report information on the effectiveness of ICFR and related disclosures.Because strong ICFR restrict management’s measurement discretion,disclosures made under these sections provide additional measures beyond financial reports that can be used to gauge the extent to which corporate governance has succeeded in reducing agency costs.Thus,SOX and its related regulations provide an increased emphasis on corporate governance as well as sources of data through which to measure the linkage of governance to internal control quality.We investigate two research questions related to this linkage.First,we study whether internal control quality,measured as material weaknesses (MW)disclosure,is associated with governance characteristics;i.e.,audit committee financial expertise,and board and audit committee structure and activity.Prior research on this issue presents mixed results.2For instance,Zhang et al.(2007)find that MW disclosure is negatively associated with audit committee financial expertise,but do not find an association with other audit com-mittee characteristics.We build on that study by:(1)using a much larger sample enabled by automated collection of data on audit committee financial expertise;(2)covering a longer time period (the first two years of Section 404implementation);(3)separately analyzing 1Since SOX,external auditors report that the responsibilities and authority of the audit committee have increased,in terms of power over,and impact on,the financial reporting process (Cohen et al.2009).2While we investigate internal control quality as an indicator of financial reporting quality,some prior research directly investigates the association of corporate governance with characteristics of earnings (e.g.,abnormal accruals or conservatism)or events consistent with poor quality of published financial reports (detected fraud or financial restatements)(e.g.,Xie et al.2003;Larcker et al.2007;Dhaliwal et al.2007;Carcello et al.2008).Results of these studies also vary in detecting an association of governance with financial reporting quality.Corporate Governance and Internal Control over Financial Reporting 841The Accounting Review May 2009American Accounting AssociationMW by source (Section 302or 404)and financial expertise by type (accounting,supervi-sory,and user);and (4)studying both qualifications of all audit committee members,and the board’s decision to designate certain members as ‘‘Section 407financial experts.’’Second,we investigate whether the link between governance characteristics and internal control quality holds in both Sections 302and 404regulatory regimes.While both provi-sions require disclosures of internal control quality,they vary in strength.Section 404goes beyond Section 302in requiring both companies and their external auditors to test control effectiveness and in requiring an auditor opinion on control effectiveness.If mandated control testing and auditor involvement are required for process effectiveness,then less well-governed companies with ineffective ICFR may not detect and disclose MW under Section 302.If so,an association between corporate governance quality and internal control quality would not be evident under Section 302reporting.This issue is of great importance,as the extension of Section 404auditor testing to smaller U.S.public companies remains controversial,and regulators in other countries seek evidence on whether less stringent internal control regimes are sufficient for high-quality financial reporting.We investigate these issues using a unique method of gathering data on corporate governance quality,specifically on audit committee financial expertise.Prior research ad-dressing audit committee financial expertise is limited in obtaining data on smaller com-panies,which is needed to address our second research question.Those studies have either obtained data on audit committee qualifications from corporate governance databases (which focus on large public companies)or have hand-collected biographical information from proxy statements,resulting in small samples.Instead,we use an automated data ex-traction and parsing routine that builds a database of audit committee qualifications from background information available from AuditAnalytics.This method produces a sample of 5,480firm-year observations with complete data on fiscal years ending between November 2004to May 2006(including 19,673audit committee members),enabling us to address our second research question by studying the governance/MW association among smaller companies that are subject to Section 302(but not Section 404)as well as larger companies subject to both regulatory regimes.3Our findings reflect a clear difference in the association of corporate governance quality with MW disclosure between these regulatory regimes.We find that more accounting and supervisory financial expertise on the audit committee is associated with lower likelihood of MW disclosure under Section 404,but not under Section 302.For members with ac-counting qualifications,this association is evident regardless of whether the individuals are publicly designated as ‘‘Section 407financial experts.’’However,among members with supervisory qualifications,we find a significant association only for individuals not publicly designated.Given the liability concerns expressed in comment letters to the SEC,some highly effective audit committee members with supervisory qualifications (e.g.,CEOs or board chairs)may have been willing to serve,but not to be publicly identified as a ‘‘Section 407financial expert.’’In supplemental analysis,we also find evidence that these two groups play different roles,consistent with their specialized expertise.Specifically,only accounting financial experts are associated with lower likelihood of disclosing MW related to account-specific control problems,while only supervisory financial experts are associated with lower likelihood of disclosing MW related to more management-oriented issues of personnel and 3The original SEC guidelines in Regulation 12b-2define accelerated filers as companies that have at least $75million of common equity float,have previously filed at least one 10-K,are subject to the Exchange Act for at least 12months,and do not qualify as a small business under SEC rules.842Hoitash,Hoitash,and Bedard The Accounting Review May 2009American Accounting Association information technology.Examining ‘‘user’’financial experts (e.g.,venture capitalists,finan-cial analysts),we find that designating an audit committee member with ‘‘user’’qualifica-tions is associated with greater likelihood of Section 404MW disclosure,relative to des-ignating a member with accounting qualifications.4Results of this model also indicate that companies voluntarily designating multiple audit committee financial experts are more likely to disclose MW.In addition to audit committee financial expertise,our models show the expected negative association of Section 404MW disclosure with higher quality cor-porate governance at the board level.The above results are consistent across contemporaneous and lag specifications,are not sensitive to controlling for selection bias,and are robust to several alternative variable specifications.While they imply that corporate governance mechanisms are associated with better financial reporting quality as measured by Section 404ICFR effectiveness,our mod-els show no evidence of this association using Section 302data.5Taken together,our findings suggest that in regulatory environments without requirements of mandatory testing and independent auditor attestation that are required under Section 404,corporate gover-nance quality has no observable association with ICFR disclosure.The remainder of this study is organized as follows.Section II presents the study’s background,discusses prior research,and develops our research questions.Section III gives details on the study’s method,and Section IV reports empirical results.Section V concludes the paper and presents limitations of our analyses.II.DEVELOPMENT OF RESEARCH QUESTIONSIn this section,we discuss the study’s regulatory context and review prior literature related to our research questions.We consider prior research on the association of corporate governance and internal control quality (our first research question),focusing especially on studies of audit committee financial expertise and internal control effectiveness.Next,we argue why this association might differ when internal control effectiveness is measured using MW disclosed under SOX Sections 302and 404,supporting our second research question.Corporate Governance and Financial Reporting QualityTo address our first research question,we consider characteristics of boards and audit committees commonly understood to be associated with good governance,such as com-position,diligence,and independence.The corporate board of directors is responsible for monitoring management to protect the interests of owners.6While prior research has con-sidered both board and audit committees,the most direct responsibility for financial re-porting lies with the audit committee.As noted by Xie et al.(2003),the audit committee 4Due to limitations on automated coding,we measure their association with internal control quality by studying companies’choices regarding whom to publicly designate as a ‘‘Section 407financial expert.’’5We find two results regarding our test variables that are common to both Section 302and 404regimes.First,audit committee size is not associated with MW disclosure under either regime,as also found by prior research (e.g.,Krishnan 2005).Second,companies disclosing MW have significantly more audit committee meetings.This association is inconsistent with the notion of number of meetings as a diligence measure,and suggests that rather,audit committees with potential MW disclosures meet more frequently to discuss the problems with management and auditors prior to the public Section 302or 404report.Under both Section 302and 404regimes,we also find the expected associations of corporate complexity,financial health,and auditor change with MW disclosures.6Relevant responsibilities of the board include member appointments,the designation of financial experts,rati-fying audit committee decisions,and influencing management with respect to resource allocation into the finan-cial reporting function.Corporate Governance and Internal Control over Financial Reporting 843The Accounting Review May 2009American Accounting Associationhas the responsibility to oversee ICFR,communicating with management,internal and external auditors,and the board of directors to assure that appropriate controls are in place and reporting processes are effective.In order to discharge its responsibility to restrict managers’ability to use the financial measurement system to increase their own wealth at the expense of owners,the audit committee must possess the requisite understanding of financial reporting (SEC Rule 33-8177;2003),including understanding of controls over that function.7Section 407of SOX addresses this need through a disclosure requirement:at least one qualified individual must be ‘‘designated’’(i.e.,named in the 10-K),or the company must explain why no such individual is named.In implementing Section 407,the Securities and Exchange Commission (SEC 2002)originally defined ‘‘financial expert’’narrowly as ‘‘a person who has,through education and experience as a public accountant,auditor,principal financial officer,controller,or principal accounting officer,of a company that,at the time the person held such position,was required to file reports’’(emphasis added).The SEC received over 200comment letters,many claiming that this definition was too restrictive and would make it difficult to attract qualified individuals.Hence,the final regulation implementing Section 407(SEC Rule 33–8177;2003)defines ‘‘audit committee financial expert’’as an individual with understanding of financial reporting and related internal controls,but not necessarily with direct experience in that function.This rule expands the set of allowed qualifications to include two additional categories:persons with experience supervising the financial function (e.g.,CEOs,board chairs),and those with experience using financial information (e.g.,venture capitalists,financial analysts).While ‘‘supervisory’’and ‘‘user’’expertise also relate to financial re-porting,their experience is less directly tied to the preparation of financial reports.8In line with their more relevant experience,prior research consistently finds that higher financial reporting quality is associated with more accounting financial experts on the audit committee (e.g.,for characteristics of earnings see Dhaliwal et al.2007;Carcello et al.2008;Be ´dard et al.2004;for internal control MW see Zhang et al.2007;Krishnan 2005).However,few studies separately examine the other two categories.Of those,only Carcello et al.(2008)find that user expertise is associated with higher earnings quality,but neither Carcello et al.(2008)nor Dhaliwal et al.(2007)find an association with supervisory ex-pertise.9Past studies of MW disclosure do not separately assess the supervisory and user categories,although Zhang et al.(2007)find a lower likelihood of MW associated with a 7For example,more knowledgeable audit committee members might have urged management to get an early start on ICFR documentation and testing under SOX 302/404,which would have reduced the likelihood of disclosing a MW at the balance sheet date.8The originally proposed rule would have further required companies to disclose the number and names of all accounting financial experts.Many comment letters raised concerns that identifying individuals as financial experts would carry a higher liability,and thus it would be harder to find qualified individuals for the task.In reaction,the final rule requires companies to designate and disclose the name of only one financial expert,or explain why no one is so designated.9Other studies either combine two of the expertise categories or use more narrow definitions of qualifications within categories,and most use pre-SOX data.For example,Abbott et al.(2004)use the broad definition of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees (BRC 1999)in a study of restatements during the 1990s,finding that companies with at least one financial expert have lower restatement likelihood.Be ´dard et al.(2004)use a definition of financial expertise more narrow than the BRC’s (i.e.,excluding CEOs),and find that this variable is negatively associated with earnings management.Farber (2006),using the BRC definition,finds mixed evidence of association between audit committee financial expertise and fraud in the pre-SOX period.Krishnan and Visvanathan (2008)find that a combined category of supervisor and user experts is not associated with more conservative financial reporting during 2000–2002.Xie et al.(2003)find evidence of association for both supervisor and user categories,but only use a subset of the qualifications listed in the SEC regulations:outside corporate directors and outside members from investment banks.844Hoitash,Hoitash,and Bedard The Accounting Review May 2009American Accounting Association combined measure of supervisory and user expertise.In sum,prior research strongly sup-ports the value of including individuals with accounting-related experience on audit com-mittees and boards of directors.However,the value of allowing financial experts with less direct financial reporting experience remains unclear.Further,very few studies have been performed on post-SOX data.Due to the importance of this issue,regulatory change and variance in prior findings,further research is called for.In addressing this question,we extend our consideration of audit committee composi-tion related to financial expertise,by considering companies’designation decisions.While all committee members likely contribute to discussion of issues brought before the com-mittee,the decision to publicly designate specific individuals as officially fulfilling require-ments of SOX 407is an important object of study in itself.Designated financial experts might bear the greater responsibility and legal liability (Carcello et al.2006;Carcello et al.2008).While companies may designate the most highly qualified audit committee members as financial experts,highly accomplished audit committee members might not be willing to be designated due to litigation concerns.To investigate this issue,we separately examine designated and non-designated financial experts.We also extend prior research by testing whether voluntary designation of more than one financial expert is associated with the ICFR effectiveness.As noted by Carcello et al.(2006,357),the likely sign of association is unclear ex ante :‘‘some companies may name multiple experts ...as a means of diffusing the responsibility and potential liability that may fall on one person if only a single financial expert is named.Alternatively,some companies may believe that having more than one financial expert contributes to audit committee effectiveness.’’The former explanation sug-gests a positive association of multiple experts with financial reporting risk,while the latter suggests a negative association.Beyond financial expertise,prior research also considers audit committee characteristics such as size and number of meetings as indicators of monitoring quality.10As recommended by the Blue Ribbon Committee (BRC 1999),the major stock exchanges in the U.S.require listed companies to include at least three directors on audit committees,implying that larger audit committees are an index of quality.However,prior research tends not to find an association of audit committee size with financial reporting or internal control quality (e.g.,Abbott et al.2004;Krishnan and Visvanathan 2008;Krishnan 2005;Zhang et al.2007).The number of audit committee meetings is commonly considered a measure of diligence:fewer meetings can indicate lack of commitment and/or insufficient time for effective mon-itoring.McMullen and Raghunandan (1996),Beasley et al.(2000),Farber (2006),and Archambeault and DeZoort (2001)observe fewer audit committee meetings among firms with restatements,SEC enforcements,fraud,and suspicious auditor switches,respectively.However,in the current environment,the direction of causality implied in an association of audit committee meetings with MW may run in the opposite direction;i.e.,more audit committee meetings may occur as a result of discovering a MW in a given period (Carcello et al.2006,368).Evidence for an association of internal control effectiveness with audit committee size or diligence is inconclusive,as Zhang et al.(2007)do not find either variable to be associated with MW disclosure.Prior literature also assesses corporate governance at the board level,considering size,independence,and meeting frequency.Research findings are rcker et al.(2007)10Another aspect of audit committee governance considered by prior research is the independence of its members from management.For instance,Krishnan (2005)finds that more independent audit committees are less likely to issue 8-Ks with MW disclosures.However,since SOX Section 301now requires audit committee members to be independent,there is insufficient variance in this measure,and we do not include it in the study.Corporate Governance and Internal Control over Financial Reporting 845The Accounting Review May 2009American Accounting Associationfind varying evidence on the association of board characteristics with abnormal accruals,as do Krishnan and Visvanathan (2008).Xie et al.(2003)and Klein (2002b)both find that accruals quality is associated with board independence,and Beasley (1996)finds that more independent boards have lower likelihood of fraud.However,Bushman et al.(2004)find no association of board characteristics with earnings ing composite gover-nance scores that combine board and audit committee composition and activity,both DeFond et al.(2005)and Carcello et al.(2008)conclude that strong corporate governance contributes to financial reporting quality.Considering studies of internal control effective-ness,Doyle et al.(2007)do not find an association of a corporate governance quality index and the overall likelihood of disclosing MW (but do find an association with MW in revenue recognition only).Zhang et al.(2007)find that MW disclosure is associated with smaller boards and more board meetings.Neither they nor Krishnan (2005)find an association of MW disclosure with board independence.In sum,this study addresses our first research question by examining the association of several corporate governance mechanisms with internal quality as measured by MW disclosures.Our corporate governance measures are summarized in Panel A of Figure 1.Alternative Regulatory Regimes for Disclosure of Internal Control EffectivenessOur second research question asks whether there are differential associations of MW disclosure with corporate governance quality in the Section 302and 404regimes.Section 404is more stringent in that it requires registrants to document and test ICFR effectiveness,and their external auditors to independently test those controls and offer a separate opinion on internal control effectiveness.Under Section 302,companies are required to design and maintain appropriate controls over the financial reporting and disclosure functions.11Man-agement must assert the effectiveness of ‘‘disclosure controls’’in the 10-Q,as well as report any detected MW.Control testing is not required under Section 302,nor is a separate auditor opinion.12Section 404was initially required only for certain companies meeting certain criteria set by the SEC (termed ‘‘accelerated filers’’),with the intention of eventual application to all public companies.However,expansion beyond accelerated filers was delayed several times due to outcry from the business community regarding the high cost of testing controls,and few other countries have implemented regulations as stringent as Section 404.13However,if a Section 404-type process (with required controls testing by auditors)is not in place,then the markets must rely more on corporate governance to impose the discipline of effective ICFR.If corporate governance is effective in monitoring man-agement,detecting and disclosing internal control problems without Section 404’s testing and auditor involvement requirements,then better governance mechanisms should be as-sociated with higher internal control quality (less likelihood of a MW)in Section 302as well as Section 404disclosures.However,a key difference between these provisions is that Section 302testing is vol-untary.While prior research shows that corporate governance mechanisms are associated 11Bedard and Graham (2008)note that over 70percent of internal control problems detected under Section 404activity are not documentation problems,but rather are due to missing,ineffective or insufficiently tested controls.This implies that without mandatory testing,many problems will be missed.12While both Sections 302and 404require companies to disclose MW that are detected in ICFR,they differ somewhat in the scope of controls considered.We describe this difference in a following section,and consider it in our analysis.13No country other than Japan has adopted a mandatory internal control testing regulation similar to Section 404.However,other jurisdictions (including the European Union,Canada,and Australia)have regulations similar in spirit to Section 302.。

外文翻译Risk Analysis-Specific Procedure of the Internal AuditMaterial Source:Annals of the University of Petrosani Author:George;TraianRisks, as inherent elements in the conduct of any activity, can lead to different effects. In the literature there are found many definitions of the risk. Thus, one of the recognized experts in the French environment, Dominique Vicente, quoted in the literature in Romania, considers that: “risk is a threat in the purpose that an event or action to have an adverse impact on the company's capacity to fulfill its objectives successfully”. In another publication in the area, Risk Management: Changing the Internal Auditor's Paradigm, two renowned experts, David Mcmanee and George Selim, argue that “risk is a concept used to expre ss uncertainty about the event and/ or their results, which may have a significant effect on the objectives of the organization”.International Standards on Internal Audit define risk as “the probability of producing an event that may impact on the achieve ment of the objectives”. Internal audit rules applicable to public sector entities define risk as being ,“any event, action, situation or behavior with negative impact on the public entity's ability to achieve its objectives”. Analysis of such definitions points out that risk is a problem which has not yet occurred but could occur in the future, where it constitute a threat to the entity regarding the achievement of the objectives set by the multiannual and annual plans and those concerning each function of the enterprise; the risk should be seen as a combination of probability and impact.Considering the volume on the impact, there may be strategic or operational risks (in some approaches appear intermediate risks or program risks as well). Also, some risks have their origin in the external environment of the organization (external risks), and others are risks of the organization itself (internal risks). However, risks can be seen in the light of nature of the activity, in which case they may be risks: legal, judicial, financial, professional, social, commercial, informational, operational, environmental, image (goodwill), property. For illustrating different types of risks that may affect the activity of an entity, we consider as representative the tableshown below including the categories of risks.According to General rules regarding the exercise of public internal audit activity, the main categories of risks are: organizational risks (unformalized procedures): lack of clear responsibilities, insufficient organization of human resources, inadequate documentation, outdated; operational risks: not recording in the accounts, improper archiving of justificatory documents, lack of control on high-risk operations; financial risks: unsecured payments, not detecting financial risk operations; - other risks: risks arising from legislative, structural changes or managerial changes.From the above it results that the risks must be identified and evaluated in terms of the combination of its two components namely, the probability that something (the risk) may occur and the impact (the consequence in the objective) that the materialization of such probability will have:a) Measuring the probability means determining the likelihood of occurrence probability of a specific result. We would like to recall that the risk is a problem (situation, event) that may occur (to materialize), case that leads the objectives to be affected. In other words, there is uncertainty in the occurrence of the situation or event that may affect the achievement of the objectives. The probability is a measure of uncertainty. The probability of risk’s advent varies from impossibility to certainty and is expressed on a scale of values on three levels: low probability, average probability, high probability.In practice, for the probability of risk’s advent measurement, two criteria are used: a.1. vulnerability assessment of the entity. To make the assessment, the auditor will examine all the factors that could have an incidence on the vulnerability of theexisting technical means. The vulnerability is expressed on three levels: low vulnerability, average vulnerability, high vulnerability.a.2. assessment of internal control. The assessment of internal control is based on an analysis of the entity's internal quality control on three levels: appropriate internal control, insufficient internal control, deficient internal control.b) Measuring the severity of the consequences of the event (at impact level). The impact represents the consequence on the expected objectives (outcomes), which may be, depending on the nature of the risk, positive or negative. In some situations, especially when it comes to strategic objectives and the organizations are complex (alike, complex projects, complex activities), the assessment of impact becomes a difficult problem that requires impact studies. But, in an organization, most risks are not of the above mentioned the nature and their impact can be measured with considerably less effort. The impact of any risk is characterized by the consequences of different natures. Besides qualitative consequences, expressed in a descriptive way, can be identified and consequences can be expressed in terms of budget (costs), effort (work time) and time (possible delays in the allocated period to achieve the objectives).Performing risk analysis in accordance with the rules of internal public audit,supposes crossing the following phases:A. Identify the risks associated activities. Identifying the risks associated to the objects that may be audited, has as its starting point, the analysis of the objects and / or the operations covered by the Centralized list of objects that may be audited. For this purpose, the auditors collect information about the objects that may be audited, information which are then examined in order to determine their impact on the mission.Regarding the information that the auditors need at this time of deployment of internal audit activity, reviews the literature points out that these concerns: business objectives and goals; rules, plans, procedures, legal and contractual regulations which may have significant impact on the operations; audited entity/structure: number and names of the employees, employees who occupy key positions, job descriptions, changes in the organizational structure, changes in information systems; the income and expenditure, turnover and financial data regarding the audited activity; working documents of previous internal audit assignments; results of other missions, including external auditors, completed or under development; corre- spondence files to detect important problems; information on the technical reference documentation for the activity being audited;technical reference documentation for the activity concerned.However, in order to achieve the analysis of risks, the auditors should assess the processes of risk management. Regarding these issues, The International Internal Audit Standards states: “We must distinguish between the assessment of risk management processes and risk analysis that the auditors must make, in order to plan their activities. However, the information resulting from a full risk management process and in particular from the identification of the subjects of interest to the managers and the Council may help the internal auditor to plan audit activities”. In such conditions and requisitions we consider as necessary the following presentation of several issues that may be considered as useful in terms of the auditor's awareness of the situations they may encounter in practice.A first practical issue that can be incorporated, relates to the situation where the risk management process, as part of the organizational management process is well organized within the entity1, in which case there is a risk registry book that highlights the main risks, identified and assessed, associated with relevant objectives. Because the risks are constantly changing, the auditor will be interested to see whether the risks and their mitigation measures were reviewed regularly and recently.If this is evident in practice, the auditor will be interested to explore and validate the content revision, or if full, current and well-founded.Finally, if the auditor concludes that the risk registry book is a good basis to guide the audit activity, he will focus on the higher risks involved, to ensure that control instruments are put with effectiveness in practice. Likewise, it should be mentioned that these risks are seen by the auditor on one hand as an "exposure" because the control instruments are not sufficiently consistent, and on the other hand as a potential for adding value based on the made recommendations.Another relevant practical issue to this problem, is specific to entities that do not have organized such a risk registry book and the management does not have a clear idea on the most important risks they are facing. In these circumstances, the auditor should discuss with the management about the risks, their impact and probability. This thing is recorded by the internal auditor as part of the audit trail. If the management is not very concerned by these risks, the auditor should seek to identify and assess the risks on his own knowledge and experience and using all other sources of information that is available. This can be done only when all other options mentioned above have been already explored and considered as inappropriate. In practice this first phase of risk analysis procedure is completed by internal auditors through elaboration of the document called Identification of risks. Regarding this document, the internal auditing standards applicable in Romania do not provide a standardized templatet, leaving it up to the professionals to prepare this document as necessary.B. Establishing the criteria, weightings and levels of risk assessment. On the subject of risk assessment, the internal auditor should develop an assessment methodology. Best practice in the field recommends that the structure of the internal audit to establish a set of criteria (factors), objectives for impact measurement and another set of instruments as targets for measuring the probability. In international practice, the impact criteria include financial criteria, operational criteria, reputational criteria, compliance criteria etc., and the probability criteria are often a combination of experience and insight sustained by information. The rules of internal audit in Romania, applicable to public economic entities, recommends for the risk analysis the following factors/criteria of risk: assessment of internal control, quantitative assessment, qualitative assessment.C. Determination of risk level and determining the total risk score. Based on the risk factors described above in this phase of the risk analysis procedure, a riskassessment is carried out associated to the activities that may be audited which materializes in: applying to the weights of the risk factors for assessing the level of risk, risk factors, based on evaluations conducted by internal auditors; determining total risk score is achieved by applying the share of each risk assessment factor level to determine the total score.D. Risk Ranking based on total scores. After the calculation, the phase of Appraisal of the level of risk and determining the total risk score is necessary to indicate to which level of risk corresponds numerical result of the calculation. To conduct this work, it is necessary to establish intervals which will indicate the level of risk, in fact the priority it gives a risk audit. Best practice in the field recommends that in establishing the size of the interval, to consider the available resources within the entity in order to carry out the mission of internal audit. Internal audit rules applicable to public economic entities in Romania, recommends sharing the risks - depending on the risk factors taken into analysis – on three risk levels: low, medium, large. At the same time, practice in the related area from our country, recommends for risk classification in the case of three risk factors, using the following intervals: small risk from 1.0 to 1.8; average risk from 1,9 to 2,3; high risks from 2.4 to 3.0. All activities developed by the auditors in this phase of risk analysis are summarized with a summary document - Ranking objects that may be audited, which the legislation has enabled the user to adapt to his needs.E. Hierarchy of activities / operations depending on risk analysis. Prioritizing activities which are to be audited shall be based on previously prepared document. For the successful completion of this activity is necessary to take into account the number of staff, available time, other activities taking place within the structure of internal audit and risk analysis specifically identified in other areas of the entity.F. Develop the detailed thematic of the internal audit mission. The detailed thematic of the internal audit mission is that phase within the internal audit mission, which is done by selecting objectives that may be audited, having as starting point the Table of strengths and weaknesses document, which were assessed as weaknesses and will be considered further for auditing. Regarding the method of selecting objects that may be audited, we consider it appropriate to mention the view of experts from Romania, respectively, “In practice usually there are considered all the objectives that were classified as weaknesses, but may be covered by the auditors and objectives that are qualified as strengths, if the auditor believes it necessary to investigate whether the internal control system is functioning”. Theresults of this work are reflected in elaboration of the the detailed thematic of the internal audit mission document, for which the rules of internal audit applicable to public economic entities, do not recommend to use a formalized document, leaving it up to an auditor to use this document in accordance with his needs.译文风险分析——内部审计的特定过程资料来源:帕特罗萨尼大学经济学年报作者：卡罗特乔治，特拉扬风险，作为任何活动的内在因素，会对活动造成不同的影响。

有关审计质量的研究Wooten·Thomas C，Colson·Robert H 术语“审计质量”对不同的人意味着不同的事情。

例如，对财务报表用户的一项调查（Epstein和Geiger，1994）表明，有70％的投资者认为审计应绝对保证财务报表中不存在重大错报或欺诈。

审计师可能会以其他方式考虑审计质量。

除了严格遵守GAAS之外，审计师还评估业务风险，目的是避免诉讼，最大程度地减少客户不满以及将损害程度限制在可能导致“不良”后果的声誉上。

审计。

在这个连续体中的某个地方是法院的观点。

当潜在的审计失败案件提交法官或陪审团审理时，没人能确定结果。

法院确定的审计质量有时会导致比GAAS 更为具体的标准，有时则要少得多。

衡量审计质量也存在问题。

审计质量的结果无法直接或立即观察到。

审核质量控制程序试图在审核过程中保持较高的控制标准，但是通常在业务失败的情况下会发现审核失败。

当一家大型公司遇到审计失败时，商业新闻将对其进行广播。

不可能知道根本未被发现和公开的劣质审核的数量。

一家公司可能执行的审计质量很差，但是如果不对财务报表进行实质性的错误处理，则在没有计划和现场工作知识的情况下，就无法表明这一点。

同样，如果执行了质量低下的审核并且忽略了重大错误陈述，则可能不会造成负面影响。

由于审计质量是不可观察的，因此研究人员会查看审计质量的替代指标或指标，例如专家的意见，以确定质量审计的输入和输出。

其他研究人员使用更多客观的输出作为确定审计质量的来源。

如果一家公司的诉讼率很低，在同行评审中获得很好的评价，并且很少需要重新发布审计意见，那么就可以推断出它执行了高质量的审计。

审核质量模型DeAngelo在1981年开发了一个二维的审计质量定义，为解决该问题设定了标准。

首先，必须检测到重大错误陈述，其次，必须报告重大错误陈述。

审计质量也受许多其他因素影响。

自1981年以来，会计研究人员就试图定义，衡量和研究审计质量的多个维度。

审计风险外文文献(1)摘要审计风险是每一个企业都不可避免的存在，如何有效地对企业进行风险管理和风险评估，是企业在竞争激烈的市场经济中持续发展的关键。

本文研究了一些关于审计风险的外文文献，包括审计风险概念、审计风险评估方法、审计风险管理等方面，旨在为企业的管理者提供有益的参考。

正文1. Introduction随着市场经济的不断发展，企业日益面临着各种各样的风险，其中审计风险是一种不可忽视的风险。

审计是公司财务状况公开的重要手段，而审计风险则是指在审计过程中，会发现实际情况与财务报告不符或存在其他问题，这种风险不仅会对企业的财务状况产生影响，也会对企业的声誉产生负面影响。

2. 审计风险概念审计风险分为三个方面：检查风险、控制风险和依赖风险。

检查风险是指审核员未能检查到可疑交易或错误的信息。

控制风险是指公司的内部控制程序存在缺失，导致财务报告的准确性受到影响。

依赖风险是指报告使用者过度依赖于审计师提供的信息。

3. 审计风险评估方法审计风险评估是完整的审计过程的一部分，目的是评估审计风险的程度。

当确定企业的特定事件可能导致审计误差时，重要的是要确定风险的数量级和可能性。

评估审计风险的方法通常有三种：3.1 指标法指标法是根据历史数据，使用统计学方法来确定预测未来事件的可能性。

它通常将风险因素与特定事件发生的概率联系起来，以确定将需要进行更详细的审计程序的区域。

#### 3.2 经验法经验法根据审计人员的经验来确定预测的未来事件可能性。

这种方法不依赖于任何统计数据，而是基于审计人员对企业的认识和经验来进行评估。

#### 3.3 聚集法聚集法涉及对不同因素进行评估，这可以提高风险评估的确定性和准确性。

在这种方法中，审计人员可以对所有可能影响判断的因素进行评估，包括企业规模、行业类型、管理体系等。

4. 审计风险控制为了减少风险，管理人员可以采取以下措施：4.1 审计策略管理人员应该制定一个明确的审计策略来减少审计风险。