| Bottom | Home | Article | Bookshelf | Keyword | Author | Oxymoron |

 

Internal Control for Governance of Japanese corporation

Cat: ECO
Pub: 2006
#:0623a

Toru Maegawa

up 066712

Title

Internal control for governance of Japanese corporation

日本型企業統治に適した内部統制

Author

Toru Maegawa

前川 徹

Published

July 2006

2006年7月
Index
Why?
  • Mr. Toru Maegawa, former METI bureaucrat, now visiting professor of Waseda Univ. and researcher of Glocom of IUJ delivered lecture at Glocom in June 2006.
  • He had been a famous watcher of US IT industry reporting to METI as 'another Maegawa Report' when he worked at JETRO NY.
  • This is a summary of his lecture about the internal control issue to be applied for governance of Japanese corporations held at Glocom, IUJ in July 2006.
  • 前川徹氏は、以前は経済産業省官僚であり、現在は早稲田大学客員教授、国際大学Glocom主幹研究員である。
  • 彼は、米国ITレポートを「もう一つの前川レポート」としてJETRO-NYから経済産業省へ送り続けたことでも有名である。
  • これは、国際大学Glocomで2006年7月に日本企業の統治に適用すべき内部統制の問題を講演したサマリーである。
Key
English
Japanese
>Top

0. Background:

  • As background related to the internal control, various news and scandals recently occurred both in US and Japan.
  • in US:
    • 1992: COSO (the Committee of Sponsoring Organization of the Treadway Commission) report framework published.
    • Dec. 2001: Enron Corp. failed (debt: $31B); exposed Oct.
    • Jul. 2002: Worldcom failed (debt: $41B); exposed Jun.
    • Jul.30, 2002: >Top SOX Act (Sarbanes-Oxley Act) is enacted.
      • Paul Sarbanes, Sen, D-MD
      • Michael G. Oxley, HR, R-OH
    • Oct. 2002: Arthur Anderson vanished.
  • in Japan:
    • Sep. 2000: Representative suit against Daiwa Bank's illicit trade in NY (loss: $1.1B) ;judged directors' responsibility. 
    • Apr. 2002: Representative suit against Kobe Steel against negligence of establishing internal control system; judged representative directors' responsibility.
    • Jun. 2003: METI published a report of risk and internal control study group.
    • Oct. 2004: Seibu Railway Co. false financial report was exposed
    • Jan. 2005: Tokyo Stock Exchange required timely disclosure with written oath of rep. director.
    • Apr.2004: Kanebo accounting fraud
    • Dec. 2005: Business Accounting Council published guideline of internal control
    • >Top Jun.7, 2006: Financial Products Transaction Act (=Investment Service Act, so-called J-SOX Act.) enacted

0. 背景:

  • 内部統制に関連して、最近日米でさまざまなニュースや不祥事が発生している。
  • 米国:
    • 1992: COSOレポート:内部統制の総合的枠組み公表
    • 2001/12: エンロン破綻 (負債$310億) 10月発覚
    • 2002/7: ワールドコム破綻 (負債$410億) 6月発覚
    • 2002/7/30: >Top 米国SOX法 (サーベンス・オクスリー法、米国企業改革法) 成立
    • 3003/10: アーサーアンダーセン消滅
  • 日本:
    • 2000/9: 大和銀行株主代表訴訟判決 (損失$11億) 取締役の責任を認める
    • 2002/4: 神戸製鋼株主代表訴訟判決。代表取締役に内部統制システム構築の責任を認める。
    • 2004/10: 西武鉄道、有価証券虚偽申告発覚
    • 2005/1: 東京証券取引所は会社情報の適時報告に代表者の宣誓書提出義務化
    • 2005/4: カネボウ粉飾決算
    • 2006/6/7: >Top 金融商品取引法 (=投資サービス法、いわゆるJ-SOX法) 成立

>Top

Maturity model of Internal control:
 (内部統制の成熟モデル)

 

  • CPM= Corporate Performance Management
  • BAM= Business Activity Monitoring

 

>Top

1. Essence of US SOX-Act of 2002:

  • The Sarbanes-Oxley Act of 2002 (SOX or SarbOx), aka the Public Company Accounting Reform and Investor Protection Act., including 11 titles 69 sections. Internal Control is stated at Section 303 and 404. Major provisions include:
  • Title I: Public Company Accounting Oversight Board (PCAOB)
    • Sec101: Establishment of board
    • Sec102: Registration with board
    • Sec103: Auditing, quality control, and independence standards
  • Title II: Auditor Independence
    • Sec201: Services outside the scope of practice of auditors
    • Sec203: Audit partner rotation
    • Sec204: Auditor reports to Audit Committees.
    • Sec206: Conflicts of interest
  • Title III: Corporate Responsibility
    • Sec301: Public Company Audit Committee
    • Sec302: Corporate responsibility for financial reports
    • Sec303: Improper influence on conduct of audits
    • Sec304: Forfeiture of certain bonuses and profits
    • Sec306: Insider trades during pension fund blackout periods prohibited
  • Title IV: Enhanced Financial Disclosures
    • Sec401: Disclosures in periodic reports
    • Sec402: Enhanced conflict of interest disclosures
    • Sec403: disclosures of transactions involving management and principal stockholders
    • Sec404: Management assessment of internal controls
    • Sec405: Exemption
    • Sec406: Code of ethics for senior financial officers
    • Sec407: Disclosure of Audit Committee Financial Expert
  • Title V: Analyst Conflicts of Interest
    • Sec501: Treatment of securities analysts by registered securities associations
  • Title VI: Commission Resources And Authority
    • Sec601: Authorization of appropriations
    • Sec602: Appearance and practice before the Commission
    • Sec604: Qualifications of associated persons of brokers and dealers
  • Title VII: Studies And Reports
    • Sec701: GAO study and report regarding consolidation of public accounting firms
    • Sec702: Commission study and report regarding credit rating agencies
    • Sec703: Study and report on violators and violations
    • Sec704: Study of enforcement actions
    • Sec705: Study of investment banks
  • Title VIII: Corporate And Criminal Fraud Accountability
    • Sec802: Criminal penalties for altering documents
    • Sec803: debts nondischargeable if incurred in violation of Securities Fraud Laws.
    • Sec806: Protection for employees of publicly traded companies who provide evidence of fraud
    • Sec807: Criminal penalties for defrauding shareholders of publicly traded companies
  • Title IX: White-Collar Crime Penalty Enhancements
    • Sec902: Attempts and conspiracies to commit criminal fraud offenses
    • Sec903: Criminal penalties for mail and wire fraud
    • Sec904: Criminal penalties for violations of the Employee Retirement Income Security Act of 1974
    • Sec906: Corporate responsibility for financial reports
  • Title X: Corporate Tax Returns
    • Sec1001: Sense of the Senate regarding the signing of corporate tax returns by CEO
  • Title XI: Corporate Fraud And Accountability
    • Sec1102: Tampering with a record or otherwise impeding an official proceeding
    • Sec1105: Authority of the Commission to prohibit persons from serving as officers or directors
    • Sec1106: Increased criminal penalties under Securities Exchange Act

1. 米国SOX法(2002)の要点:

  • 2002年のサーベンス・オクスリー法 (SOX法) は、上場企業会計および投資者保護法が正式名称。11章69の条文からなる。但し、内部統制関連は302条と404条。主な条文は以下。
  • 第1章: 上場企業会計監督委員会の設置
    • PCAOBの設置とその業務
  • 第2章: 会計監査人の独立:
    • 監査と非監査サービスを同じ監査人が実施することの禁止など
  • 第3章: 企業責任:
    • 財務報告書に対する経営者の責任、監査への不当な干渉の禁止など
  • 第4章: 財務の開示強化:
    • 財務報告書における開示事項、経営者に対する利益相反規制の強化など
  • 第5章: アナリストの利益相反:
    • 証券アナリストの潜在的な利益層反の管理に関する規定など
  • 第6章: 証券取引委員会(SEC)の強化:
    • SECの人員強化、SECの権限の強化など
  • 第7章: 調査および報告(SECなどの調査報告義務):
    • SECとGAO (Government Accountability Office) の調査報告義務など
  • 第8章: 企業および犯罪者の不法行為に対する責任:
    • 書類改竄に対する刑事罰の強化など
  • 第9章: 知的犯罪の刑罰強化:
    • 詐欺行為の計画および共同謀議の刑罰、郵便や通信回線を用いた犯罪の刑罰強化など
  • 第10章: 法人所得税申告:
    • 法人所得税申告はCEOが署名すること
  • 第11章: 企業の不正行為とその責任:
    • 記録改竄、公務執行妨害の刑罰強化、証券取引法違反の刑罰強化など

>Top

2. Section 302 of SOX Act:

  • Corporate Responsibility For Financial Reports
  • The Commission shall require, for each company filing periodic reports that the principal executive officer and the principal financial officer certify in each annual or quarterly report filed or submitted that -
    • (1) the signing officer has reviewed the report;
      (2) the report does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements not misleading;
    • (3) the financial statements, and other financial information included in the report, fairly present in all material respects the financial condition and results of operations of the issuer as of the periods presented in the report;
    • (4) the signing officers -
      • (A) are responsible for establishing and maintaining internal controls;
      • (B) have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared;
      • (C) have evaluated the effectiveness of the issuer's internal controls as of a date within 90 days prior to the report;and
      • (D) have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date;
    • (5) the signing officers have disclosed to the issuer's auditors and the audit committee of the board of directors -
      • (A) all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer's ability to record, process, summarize, and report financial data and have identified for the issuer's auditors any material weaknesses in internal controls; and
      • (B) any fraud that involves management or other employees who have a significant role in the issuer's internal controls; and
    • (6) the signing officers have indicated in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.

2. SOX法 302条の概要:

  • 財務諸表に対する責任
  • 302条は、上場企業のCEOとCFOに対して、年次報告書、四半期報告において、以下の項目を宣誓することを要求。
    1. 財務報告を自らレビューしたこと
    2. 財務報告書には誤解を招くような重要事実に関する不実記載や脱漏がないこと。
    3. 財務諸表などの財務情報が企業の財務状態、経営成績を正しく表していること
    4. 内部統制の確率維持に関する責任は、CEOとCFOにあり、連結子会社を含めて内部統制の仕組みが設計されていること。財務報告書の提出日前90日以内に内部統制の有効性を評価しており、その結果を財務報告書に記述したこと
    5. 内部統制の設計および運用に間する深刻な欠陥をすべて監査人および監査委員会に開示したこと、内部統制の仕組みにおける重大な弱点を監査人に明らかにしたこと
    6. 経営者が絡んだ不正行為を監査人および監査委員会に開示したこと
>Top

3. Section 404 of SOX Act:

  • Management Assessment Of Internal Controls
  • (a) The Commission shall prescribe rules requiring each annual report to contain an internal control report, which shall--
    • (1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and
    • (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.
  • (b) INTERNAL CONTROL EVALUATION AND REPORTING- With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement.

3. SOX法 404条の概要:

  • 内部統制に対する有効性評価
  • 404条は、上場企業の経営者に財務報告に係る内部統制の有効性評価を義務づける。但し、この条文が直接、義務を定めてはいない。条文はSECに対し、年次報告に次の二点を記載した「内部統制報告書」を記載することを義務づける規定を制定するよう要求。 (2003.5にSECは規則を制定)
    1. 経営者が、財務報告に係る適切な内部統制の仕組の確立と維持に関して責任を負っていること
    2. 経営者が行った直近の財務報告に係る内部統制の仕組の有効性評価の評価結果
  • また404条は、当該企業の監査を行う監査法人に対して、内部統制報告書に記述された内部統制の仕組みに対する有効性評価に対する監査および報告 (Direct reporting)を義務づけている。
  • 注) J-SOXにはこのDirect reporting義務なし
>Top

4. Section 906 of SOX Act:

  • Failure of corporate officers to certify financial reports
  • (a) CERTIFICATION OF PERIODIC FINANCIAL REPORTS- Each periodic report containing financial statements filed by an issuer with the Securities Exchange Commission shall be accompanied by a written statement by the chief executive officer and chief financial officer of the issuer.
  • "(b) CONTENT- The statement required under subsection (a) shall certify that the periodic report containing the financial statements fully complies with the requirements of the Securities Exchange Act of 1934 and that information contained in the periodic report fairly presents, in all material respects, the financial condition and results of operations of the issuer.
  • "(c) CRIMINAL PENALTIES - Whoever
    • "(1) certifies any statement as set forth in subsections (a) and (b) of this section knowing that the periodic report accompanying the statement does not comport with all the requirements set forth in this section shall be fined not more than $1,000,000 or imprisoned not more than 10 years, or both; or
    • "(2) willfully certifies any statement as set forth in subsections (a) and (b) of this section knowing that the periodic report accompanying the statement does not comport with all the requirements set forth in this section shall be fined not more than $5,000,000, or imprisoned not more than 20 years, or both."

4. SOX法 906条の概要:

  • 財務諸表虚偽申告に対する罰則
  • SEC提出書類に虚偽が見つかった場合は、CEOとCFOは個人として責任が問われる
  • 開示内容が不適切であることを知っていた場合は、$100万以下の罰金および/または10年以下の懲役
  • 故意に虚偽を記載していた場合には$500万以下の罰金および/または20年以下の懲役
  • 注) 罰則規定の厳しさはJ-SOXとの大きな相違点
>Top  

5. Cost impact of SOX-Act:

    Unit:$K
    Est. (2004/1)
    Est. (2004/7)
    Actual
    (2005/1)
    Internal cost
    613
    1,283
    1,338
    External cost

    732

    1,037
    1,717
    Audit cost
    590
    823
    1,302
    Total
    1,935
    3,143
    4.356
  • Public corporation's estimate and actual cost related to SOX Act published at FEI (Financial Executive International)
    • Source: Watanabe report (JETRO)

5. SOX法対応のコスト:

  • <左表>
    上場企業の内部統制に必要なコストの増大
  • 財務担当役員国際協会が2005/3に発表したSOX遵守に伴うコストの予測と実績
    • 出典: 渡辺弘美 report (JETRO)

>Top

6. COSO Framework of 2004:

  • ERM Framework published in 2004:
  • Object:
    1. Strategic
    2. Effective & Efficient Operations
    3. Credible Financial Report
    4. Compliance with rules
  • Factor:
    1. Control Environment; education
    2. Objective Setting
    3. Event Identification
    4. Risk Assessment
    5. Risk Response
    6. Control Activities
    7. Information & Communication
    8. Monitoring

6. COSOフレームワーク (2004):

  • 目的:
    1. 戦略
    2. 業務の有効性と効率性
    3. 財務報告の信頼性
    4. 関連法規の遵守
  • 要素:
    1. 統制環境
    2. 目標の設定
    3. 事象の識別
    4. リスク評価
    5. リスク対応
    6. 統制活動
    7. 情報と伝達
    8. モニタリング
>Top  

7. Framework of J-SOX Act:

  • Difference with US-SOX Act:
    • Explicit expression of "IT Utilization"
    • Explicit expression of "Asset Conservation"
    • Indirect Report:
      Directors are not required to make independent report.
  • Difference with US SOX Act
    • "Asset conservation" is added as an objective of internal control
    • "IT utilization" is added to fulfill the object of internal control.
    • Adopted 'Top-down' risk approach. (Bottom-up risk approach in US?)
    • Didn't adopt direct reporting by the auditor.
      • Direct reporting is a method of evaluating effectiveness of the internal control by making a report selecting independent checking items by the auditor.
    • One package of external auditing and reporting.
    • Very permissive penalty clause compared to US SOX Act.
      • Japan: not more than \5M ($0.05M) or 5 years imprisonment
      • US: not more than $1M and/or 10 years imprisonment; but $5M and/or 20 years in intentional case.

7. 金融商品取引法と内部統制:

  • 目的:
    1. 業務の有効性と効率性
    2. 財務報告の信頼性
    3. 関連法令等の遵守
    4. 資産の保全
  • 要素:
    1. ITへの対応
    2. 統制環境
    3. リスクの評価
    4. リスクの対応
    5. 統制活動
    6. 情報と伝達
    7. モニタリング
  • 米国SOX法との違い:
    • 内部統制の目的に資産の保全を追加
    • 内部統制の目的を実現するためにITの利用を追加
    • トップダウン型のリスクアプローチを採用
    • 監査人によるダイレクト・レポーティングを採用していない。
      • Direct Reportingとは、監査人が経営者とは別にチェック項目を設定して内部統制の有効性を評価し報告すること
    • 外部監査との一体的実施、報告の一体的作成
    • 罰則規定は米国SOX法に比べて極めて弱い:
      • 日本:500万円/5年以下
      • 米国:$1M/10年、故意は$5M/20年以下
>Top

8. Japanese corporations responding J-SOX:

  • To acknowledge the target area and categorize all possible risks
  • To make the triples documents:
    1. Business description
    2. Business flow chart
    3. Risk control matrix
  • To apply various controls to business procedures.
  • To prevail and acknowledge of the procedure.
  • To conduct the internal control.
  • To show continuous improvement (PDCA cycle)

8. 日本企業の対応状況:

  • 対象範囲の決定とリスクの洗い出し
  • 3点セットの作成
    1. 業務記述書
    2. 業務フローチャート
    3. リスク・コントロール・マトリックス (リスクとコントロールのマトリックス表)
  • コントロールの業務への適用
  • 普及啓蒙・教育活動
  • 内部監査
  • 継続的改善 (PDCAサイクル)
  • General process of internal control system:
    1. Start-up of the project team.
    2. Learning background knowledge
    3. Collection of internal document
    4. Analysis of status-quo
    5. Selection of important accounting titles
    6. Selection of business process
    7. Selection of target division
    8. Making of formats
    9. Having explanatory meeting
    10. Making of the triple document
    11. Confirmation of present process
    12. Consideration of change of process
    13. Evaluation of risks and responsiveness
    14. Documentation
    15. Confirmation of the documents and registration
  • 一般的な内部統制システム構築手順:
    1. プロジェクトチーム立ち上げ
    2. 知識習得・学習
    3. 社内文書の収集
    4. 現状分析
    5. 重要勘定科目の選定
    6. 業務プロセスの抽出
    7. 対象部門の決定
    8. フォーマット等の作成
    9. 説明会の実施
    10. 3点セットの作成
    11. 現状プロセスの確認
    12. プロセスの変更の検討
    13. リスク評価とその対応
    14. 文書化
    15. 文書の確認と登録
>Top

9. Dishonesty by employees or employers:

  • Mainly due to dishonest employee:
    • Sales of inventory to illegal channels
    • Peculation of rebate, or padding
    • Fictious sales and returns in the following term.
    • Embezzlement of claw-back
    • Fraud upon client
    • Excess payment and peculation of returns
    • Padding bill and peculation of kickback
    • Pocketing of petty cash
    • Embezzlement of deposit
    • Padding of entertainment expenses
    • Fictitious billing
    • Fictive travel
  • Mainly due to dishonest employer:
    • Excess debt and kickback
    • False description of financial statements
    • Accounting fraud
    • Give favors to corporate extortioner and raise of off-the-book funds
    • Purchase of securities and kickback
    • Camouflage
    • Failing to report recalls
    • Prebidding agreement (Dango)
    • Failure of quality control
    • False description and mendacious assertion

9. 従業員の不正と経営者の不正:

  • 主に従業員の不正:
    • 在庫の横流し
    • リベートの着服・水増し
    • 架空売上と翌期の返品処理
    • 回収金の着服&ラッピング
    • 取引先からの詐欺
    • 過大支払いの返金の横領
    • 水増し請求&キックバックの着服
    • 小口現金の着服
    • 預金の横領
    • 交際費の水増し
    • 架空請求
    • カラ出張
  • 主に経営者の不正:
    • 過剰借入&キックバック
    • 有価証券報告書の不実記載
    • 粉飾決算
    • 総会屋への利益供与&裏金作り
    • 債券購入&キックバック
    • 偽装事件
    • リコール隠し
    • 談合
    • 品質管理
    • 虚偽表示、虚偽申告
>Top

10. Natural skepticism on internal control:

  • Dishonest:
    • Can it prevent dishonesty conduct of employer?
    • Is this a really effective way?
    • is heavy penalty for the employer effective?
    • Is an internal whisle-blower protected? Is an incentive needed?
  • Object:
    • What will be the object of internal control?
    • Companies Act is for general internal control, while Financial Product Transaction Law is for correct financial statement.
  • Cost:
    • How is cost of internal control?
    • How is cost of maintaining and improving internal control?
    • Is productivity affected by the process of internal control?
  • Dead letter:
    • Are the triple documents the object?
    • Do they emphasize irection and measures only? (manual-addict)
    • Noboby can hold by excessive rules and manuals?
  • Consistency (PDCA Cycle):
    • Is the project team temporal?
    • Who continues PDCA cycle?
  • Understanding of CEO:
    • Does CEO consider internal control as his or her own problem?
    • Does CEO entrust staff to follow it?
    • Does CEO consider documentation as the only object?
  • Outcome:
    • Is there any company without internal control?
    • Does the present system function well?
    • Is the documentation sufficent?
  • Responsibility:
    • Top-down approach vs. Entrustment
    • Cost performance by internal control
    • Can reparation be exempt by internal control?
  • IT Utilization:
    • Does IT really improve business efficiency?
    • Does IT utilization become an advantage?
    • Does flexible operation become impossible?
  • ERM ( Enterprise Risk Management)
    • What about ISMS, protection of personal data, compliance, CSR, ERM, .... or foreseeable risk?

10. 内部統制に関する素朴な疑問:

  • 不正:
    • 経営者の不正を防止できるか
    • 有効な方法は何か?
    • 罰則強化か?
    • 内部告発者を守る仕組み?インセンティブの付与?
  • 目的:
    • 内部統制の目標は何か?
    • 会社法は内部統制全般、金融商品取引法は財務報告に係る内部統制
  • コスト:
    • 内部統制のコストは?
    • 内部統制の維持・改善のコストは?
    • 内部統制で生産性は落ちないか?
  • 形骸化:
    • 3点セットの作成自体の目的化?
    • 傾向と対策のみか?
    • 規定やマニュアルが複雑に、誰も守れない
  • 継続性 (PDCA Cycle) :
    • プロジェクトチームは一時的?
    • 誰がPDCAを回していくのか?
  • 経営者の認識:
    • 内部統制を自分の問題として認識しているか?
    • 誰かに任せればよいと思っているか?
    • 文書化すればよいと思っているか?
  • 成果:
    • 内部統制のない会社はないはず?
    • 現状の内部統制が機能しているか?
    • 文書化しているか?
  • 義務・責任:
    • トップダウン・アプローチ対お任せ
    • 業務効率対内部統制
    • 内部統制によって賠償責任は免れるか?
  • IT利用:
    • 業務効率を向上させるか?
    • IT利用による競争力強化は?
    • 柔軟な業務処理は可能か?
  • 企業リスク管理:
    • ISMS、個人情報保護、コンプライアンス、CSR、ERM、予測可能リスクは?
Comment
  • It is shameful that crimes derived from internal organization (inside job) are increasing. The corporations are required to prepare too many rules.
  • The more moral organization should be less ruled organization.
  • Dying words of Ishikawa Goemon, so-called master thief of 16C in Japan, "The number of grains at a seashore might run out, but the seeds of thief would be countless."
  • Ancient Chinese philosophers argued weather humans were born inherently good or bad. How they feel about present internal control?
  • 内部組織からの犯罪が増加しているのは情けない。会社はますます多くの規則が必要となる。
  • モラルの高い組織は規則の少ない組織であるべきである。
  • 石川五右衛門の辞世:「石川や浜の真砂は尽きるとも世に盗人の種は尽きまじ」
  • 古代中国の哲学者は、性善説と性悪説とで論争になった。彼らは今日の内部統制をどう思うだろうか。

| Top | Home | Article | Bookshelf | Keyword | Author | Oxymoron |