내부통제시스템의 설계와 기업 지배구조에 관한 회사법적 고찰

Recent years have seen heightened focus on internal control requirements as one of key legal issues in corporate law, for internal control system is a enterprise risk management process that enables management to effectively deal with uncertainty and associated risk and opportunity, providing assurance regarding the achievement of business objectives. This article is in three volumes. The first consists of the internal controls history in U.S. and U.K. and Japan, providing the changes of its concepts from the accounting controls to integrated framework. The definition of the American Institute of Accountants(AIA) served as a momentum that internal control was viewed as a broad concept that extends beyond the accounting functions. In 1992, COSO(the Committee of Sponsoring Organizations of the Treadway Commission) published 「Internal Control-Integrated Framework」that defined as a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financing reporting, compliance with appliable laws and regulations. This framework has been recognized by standard-setters as a international comprehensive framework for evaluating internal control, including internal control over financial reporting. In 2004, COSO released the Report(「Internal Control- Enterprise Risk Management -Integrated Framework」) that expanded on internal control, providing a more robust and extensive focus on the broader subject of enterprise risk management. In 2006, COSO issued 「Internal Control over Financial Reporting-Guidance for Smaller Public Companies」that helped smaller public companies design and implement cost-effective internal control over financial reporting. This COSO’s report have influenced on U.K. and Japan and Korea etc., until now. The second provides an overview of legislating for the architecture and operation of internal control system in U.S. and Japan, including the Sarbanes-Oxley Act and Japan Corporation Law of 2005. The third contains roles and responsibilities of an entity’s parties, providing connection mechanism of everyone in an entity. Board of directors is responsible for the architecture and operation of internal control system, including evaluating the effectiveness of internal control system and monitoring of internal control activities. Representing directors are responsible for executing enterprise risk management in accordance with established directives and protocols. Audit committee and internal auditors and external auditors, also, should evaluate the effectiveness of internal control system if circumstances require. And I emphasize that the Corporation Law should prescribe that the duty of the architecture and operation of internal control system is accountable to the board of directors on large corporation.