沙氏法案下會計師執行一般控制風險評估模式之建構與實證

The Development of a General Control Risk Assessment Model Based on the Sarbanes-Oxley Act

在安隆與世界通訊等財務醜聞事件爆發後，美國參眾兩院於2002年7月底通過「Sarbanes-Oxley Act of 2002」（簡稱沙氏法案）。美國沙氏法案的通過，促使了企業風險管理整合架構的產生，其要求企業必須要以風險導向為基礎來進行內控制度的設立。本文採用Gowin's Vee的架構作為研究策略。在文獻端部分，本研究藉文獻探討之歸納整理，以整理方式將審計流程、一般控制相關規定以及國內外文獻加以整理收集成一般控制上的風險評估重點。方法端部分，則將風險評估重點作成專家問卷發放並在收回專家問卷後加以整理成為建構模式的評估要項，進而進行風險評估模式的建構。最後在風險評估模式建構完成後，以實證方式來驗證風險評估模式之實用性。本研究所建構出來的風險評估模式，經實證結果顯示，受訪者對於採用本研究所建構出之風險評估模式的意願相當高，且符合會計師事務所查核人員對於一般控制風險評估的需求。

After the Enron and WorldCom scandals broke, the U.S. Congress passed Sarbanes-Oxley Act of 2002 at the end of July in 2002. The passing of Sarbanes-Oxley Act prompted the creation of ERM Integrated Framework, which requires companies to establish risks-oriented internal control systems. This research establishes its research structure based on the research strategies proposed by Gowin's Vee. On the theoretic aspect, this research confirms the measurements and items of risk assessment required for general control, in order to ensure that the list is compliant with Sarbanes-Oxley Act. This approach also assures and enhances the content validity of measurements and assessment items, and the consistency with practices. Before the empirical study, this research develops an expert questionnaire by referring to the method and validation process proposed by Lawshe (1975). The results showed that the respondents are highly willing to use the risk assessment model constructed in this research and that the model fulfils the auditing requirements for Sarbanes-Oxley Act and the requirements for risk assessments of general control.