隨著資訊科技不斷的創新,各種資訊系統也廣泛的的應用於企業及個人,再加上網路的普及,很多商業的交易行為透過資訊系統在網際網路進行,可以說公司的營運與資訊部門及科技習習相關,因此資訊科技運用與公司的治理關聯性,是一項非常重要的課題。 美國企業集團安隆(Enron)公司、世界通訊(WorldCom)等公司連續爆發做假帳醜聞後,美國政府為了重拾投資大眾的信心,強化企業財務資訊的透明度與可信度,於2002年7月30日簽署了沙賓法案(Sarbanes-Oxley Act),其中的404章節內容規範公開公司必須建置並維持有效的與財務報導有關之內部控制,對企業資訊科技的治理產生很大的影響。 本研究為探索性之研究,主題在於沙賓法案實施之後,針對個案公司為符合法案需求所實施之因應對策、稽核過程以及改進方式做研究,透過文獻蒐集與探討,了解目前國際上公司治理及資訊科技治理的相關規範,包含COSO、COBIT以及沙賓法案的302與404節,並整理其相關性與在企業內的應用範圍,提高國內企業的資訊主管對於沙賓法案的了解程度,增加對資訊科技內控管理機制的重視程度。 研究結果顯示個案公司在導入沙賓法案的稽核時,初期面臨系統無法遵循要求、若干文件付之闕如、人力不足或人員稽核專業不足等問題,然個案公司經過多年來的稽核測試及改善經驗,缺失的數目及其實質內涵皆有所改善,如今資訊科技應用不僅符合公司財務報導的正確、可靠及完整性要求,亦能因此使得資訊部門本身受益;研究最後並提出若干建議事項,做為個案公司及企業界加強內部控制及資訊稽核之參考,以進一步提昇企業的資訊控管機制,符合法令的規範。 With the innovation of information technology (IT), various kinds of information systems have been applied to the enterprise. Taking advantage of the network, there are lots of commercial activities going through the Internet as well. A significant portion of enterprise operations are relying on the information technology, making the IT-related company governance an important issue that businesses have to deal with. As a reaction to a number of major corporate and accounting scandals, including Enron and WorldCom, the Sarbanes-Oxley Act of 2002 (SOX) is a United States federal law enacted on July 30, 2002 to rebuild public confidence, strength the visibility and reliability of finance statements. In Section 404, the Act requires management to build and maintain an adequate level of internal control over financial reporting. It also has significant impact on the IT governance. This research is an exploratory research to provide an overview of the procedure that the case company implemented SOX. The study also reviewed the frameworks related to IT governance, including COSO, COBIT as well as Sections 302 and 404 of SOX. The result of study shows that the case company experienced problems in different aspects including system, manpower and technical knowledge. After many years of auditing and remediation, the company has made great improvement to SOX compliance and IT governance. The research finally provides the implementation framework and suggestions from the case study.
