초록 열기/닫기 버튼
최근 상장기업에서 발생한 횡령사건으로 인해 효과적인 내부회계관리제도의 구축과 운영에 대한 관심이 집중되고 있다. 2018년 개정 외감법이 시행된 이후, 내부회계관리제도 관련 규정들이 전면 재정비 되면서 회사와 감사인은 많은 변화에 직면하였다. 회사는 정교하고 효과적인 내부회계관리제도를 설계 및 운영할 것을 요구받게 되었고 감사인은 내부회계관리제도에 대해 합리적 확신을 제공 하게 되었다. 이로 인해 회사가 생산한 정보인 IPE(Information produced by entity)의 신뢰성에 대한 중요성이 대두되었다. IPE는 회사가 생산하고 통제활동에 이용하는 정보이므로 회사의 통제활동이 적절히 설계 및 운영되고 있다 하더라도 그 통제활동 운영 시 사용되는 IPE의 신뢰성을 확보하는 통제절차가 미비하다면 해당 통제는 효과적이라고 볼 수 없다. 이에 따라 본 연구에서는 국내 상장사 A사의 신뢰성 확보체계 구축 사례를 통해 IPE의 신뢰성이 어떠한 방식으로 확보되고 있는지 분석하였다. A사는 통제활동의 운영에 사용되는 IPE를 식별하고 해당 IPE가 가지고 있는 위험을 파악한 후, 해당 위험을 감소시킬 수 있는 통제 절차를 구축함으로써 IPE의 신뢰성을 확보하고자 하였다. IPE 관련 통제절차는 투입데이터에 대한 신뢰성 검토, 데이터의 입력⋅이관⋅통합 과정에 대한 무결성 검토, 데이터 의 시스템 추출 시의 완전성 검토로 이루어지며 이를 통해 각 IPE가 가지고 있는 위험이 감소되고 신뢰성이 확보된다. 본 연구는 규제환경의 변화에 따라 IPE의 신뢰성에 대해 고찰하고 내부회계관리제도의 효과성 제고를 위한 IPE의 신뢰성 확보 체계 구축의 실례를 제시한 최초의 연구라는 점에서 공헌점이 있다. 본 연구를 통해 내부회계관리제도에 대한 감사를 후속적으로 도입하는 상장사, IPO나 합병으로 인해 내부회계관리제도에 대한 정교화 및 고도화를 고려하고 있는 기업들, IPE를 감사에 활용하고자 하는 감사인들 및 관련 규제기관에 유의미한 정보를 제공할 수 있을 것으로 기대한다.
Recently there has been growing interest in the effective establishment and operation of the internal control system in relation to embezzlement cases of listed companies . Furthermore, the need to enhance the effectiveness of the internal control system is increasing, as the mandatory audit of the internal control system applied to all listed companies is adopted. With the enforcement of the amendment of the External Audit Act in 2018, internal control system-related regulations were completely overhauled, and companies and auditors have faced many changes. As required by the amended internal control system conceptual framework and best practices, a company is required to design, build, and operate an improved internal accounting management system. The external auditor is required to provide reasonable assurance through various verification procedures for the internal control system in accordance with the amended auditing standards. Due to changes in the regulatory environment, the importance of the reliability of information produced by entity (IPE) has emerged. IPE refers to information generated in a company’s information system and used when the company operates its controls. Information can only be used meaningfully when it is based on reliable data. Therefore, even if the design and operation of a company’s internal control system is properly performed, it cannot be considered reliable and effective without a system to secure the reliability of IPE . In other words, the establishment of a system to secure the reliability of IPE is an important requirement to increase the reliability of the internal control system and to improve and develop the internal control system. Accordingly, this study analyzed how reliability of IPE was secured through the case of establishing a reliability system for domestic listed company A. Company A identified input risk, integrity risk, and extraction and processing risk related to IPE by business process in order to secure reliability of IPE, and designed and operated IPE-related control procedures to reduce the risks . The IPE-related control procedure consists of reviewing the reliability of input data to reduce the input risk, checking the integrity of whether data input, transfer, and integration are properly performed to reduce the integrity risk, and examining the completeness of the extraction to ensure that the data is completely extracted from the system to reduce the risk of extraction and processing. Through this procedure, Company A improved the effectiveness of the internal control system by reducing the risks of IPE for each process and establishing a system to secure reliability. Furthermore, Company A built the foundation to more actively respond to changes in the regulatory environment. This study, as a study of the company’s IPE reliability securing system by paying attention to the reliability of information emphasized in the revised internal control system regulations, makes the following contributions. First, this study makes academic contributions in that it considers ways to improve the effectiveness of the internal accounting management system by securing the reliability of IPE and to expand the scope of academic research related to the internal control system. Second, there is a practical contribution in that the process of identifying IPE and securing reliability (a requirement for a company to improve and advance the internal control system and a consideration when an external auditor audits the internal control system) is presented as a practice. Lastly, this study has institutional contributions in that it helps to enhance the usefulness of accounting information and to achieve transparency in the capital market by providing the basis for establishing detailed guidelines for improving the internal control system to regulators. This study is expected to provide meaningful information to listed companies subsequently introducing audits for internal control systems, companies considering improvement and advancement of internal control systems due to IPOs or mergers, auditors who want to utilize IPE for auditing, and regulators.
키워드열기/닫기 버튼
internal control system, audit on internal controls, IPE, IPE reliability
