揭露系統與組織控制認證之價值攸關性

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：3

、訪客IP：3.140.242.165

姓名

方雨柔(YU-JOU FANG) 查詢紙本館藏

畢業系所

會計研究所

論文名稱

揭露系統與組織控制認證之價值攸關性
(The Value Relevance of Disclosing Systems and Organizational Controls Certification)

相關論文

★ 企業社會責任與會計績效指標之關聯性：考量網頁呈現效果	★ 企業社會責任揭露與網頁呈現對企業財務績效之關聯性
★ 企業社會責任與投資人評價之關聯性: 考量網頁呈現效果	★ 我國企業之資訊安全事件探討－以法令面分析
★ 採用iXBRL對散戶持股比率與交易量之影響	★ 首次發行代幣公司網站呈現方法與交易量之研究
★ iXBRL是否能降低資訊不對稱？	★ 財務報表API之可行性
★ 功能型與證券型代幣發行白皮書相似度對發行成功與否之影響	★ 首次代幣發行白皮書之主題分析對首次代幣發行之影響
★ 資訊安全事件與公司長短期績效-以臺灣資訊安全事件為例	★ 資訊安全之決定因素-考量家族企業與董事會背景
★ 首次代幣發行白皮書可讀性對募資成功與否之影響	★ 網站資訊揭露對首次代幣發行之影響
★ 公司申請法人機構識別碼對股東權益資金成本之影響	★ COVID-19對於實質盈餘管理之影響

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2025-7-17以後開放)

摘要(中)

近年來資安危機對於個人、企業或是政府機關而言造成的損失日益增加，因此各方皆須提高公司資產安全意識及防範網路風險，但是隨著許多公司將其系統外包給服務提供商後，若服務供應商對於公司數據安全的保護措施不完善時，則容易發生公司不可控制的數據洩露事件，因此公司要求服務供應商提供之系統要能有效保護公司資訊不遭受到網路攻擊。但是對於客戶而言，客戶不瞭解服務提供商提供服務系統之內部控制有效性，因此客戶需要藉由公正第三方認證去證明服務提供商有採取措施來保護數據。對此美國註冊會計師協會有訂定與系統攸關之內部控制認證報告，稱為系統與組織控制報告(System and Organization Controls；SOC)，旨在幫助服務供應商藉由通過SOC認證之訊號，建立客戶對服務系統內部控制有效性的信任。
本研究旨在探討公司自願性揭露完成SOC認證之價值攸關性。由於公司完成SOC認證資訊屬於自願性揭露資訊，因此本研究以標準普爾指數1500公司為樣本，人工蒐集公司網站及其他公司報告提及公司完成SOC認證之資訊，研究期間為2013年至2021年，研究模型則根據Gordon, Loeb, and Sohail (2010)提出以Ohlson (1995)和Feltham and Ohlson (1995)之股價評價模型為基礎修改後的模型。實證結果表明，自願揭露完成SOC認證有正向價值攸關性。再者，自願揭露完成SOC認證之正向價值攸關性在處於資安風險較高產業的公司中較強。

摘要(英)

In recent years, the increasing cybersecurity threats have resulted in growing losses for individuals, businesses, and government agencies. Therefore, all parties must enhance their awareness of asset security and mitigate online risks. However, with many companies outsourcing their systems to service providers, there is a risk of uncontrolled data breaches if the service providers do not have adequate controls to protect company data. Hence, companies require service providers’ systems to be able to effectively safeguard information. However, customers may not understand the effectiveness of internal controls implemented by service providers. Therefore, customers need to rely on third-party certifications to verify that service providers have taken procedures to protect data. In this regard, the American Institute of Certified Public Accountants has established a certification report related to system and organization controls—System and Organization Controls (SOC). Its purpose is to assist service providers in establishing customer trust in the effectiveness of internal controls within their service systems through the signal of achieving SOC certification.
The purpose of this study is to explore the value relevance of voluntary disclosure of companies that have completed SOC certification. As disclosing a company’s SOC certification information is voluntary, I manually collect SOC information from the websites and reports of the S&P 1500 companies. The sample period spans from 2013 to 2021. The research model is based on the valuation model originally proposed by Ohlson (1995) and Feltham and Ohlson (1995) and modified by Gordon, Loeb, and Sohail (2010). The empirical results indicate that voluntary disclosure of completion of SOC certification have positive value relevance. Furthermore, the positive value relevance of voluntarily disclosing SOC certification is stronger for companies in industries with higher cybersecurity risks.

關鍵字(中)

★ 服務提供商
★ 系統與組織控制
★ 自願性揭露
★ 資訊不對稱
★ 訊號理論
★ 價值攸關性

關鍵字(英)

★ service provider
★ System and Organization Controls (SOC)
★ voluntary disclosure
★ information asymmetry
★ signaling theory
★ value relevance

論文目次

第壹章、緒論 1
第貳章、 SOC演進、文獻探討與假說發展 4
2.1 SOC演進與發展 4
2.2資訊不對稱與訊號理論 6
2.3自願性揭露資訊之價值攸關性 8
2.4公司自願性揭露完成SOC認證之價值攸關性 10
第參章、研究設計 14
3.1資料來源、研究期間及樣本選取 14
3.2實證模型與變數定義 18
第肆章、實證結果 22
4.1敘述性統計 22
4.2相關係數 24
4.3迴歸分析結果 27
4.4 敏感性分析 34
第伍章、結論與建議 38
參考文獻 41

參考文獻

邱瓊玲，2011，公司之自願性盈餘預測揭露對報酬－盈餘關係的影響，建國科大社會人文期刊，30(2), 53–66。

洪國興、季延平與趙榮耀 Kwo-Shing, Chi Y.-P., and Chao L. R.，2003，資訊安全評估準則層級結構之研究，圖書館學與資訊科學, 29(2)。

詹前隆、曾淑芬與呂志鴻，2013，企業資訊安全投資之決策變數探討，品質學報，20(4), 379–401。

邱品駪，2022，美國會計師協會系統與組織控制報告之實證研究:以標準普爾500指數公司為例，臺灣大學會計學研究所學位論文。

錢俞均，2008，公司治理機制、自願性揭露與經營績效之關聯性，淡江大學會計學系碩士班學位論文。

蕭薇妮，2022，服務組織控制報告對公司行為之影響，臺灣大學會計學研究所學位論文。

Aaker, D. A., and Jacobson, R. 2001. The Value Relevance of Brand Attitude in High-Technology Markets. Journal of Marketing Research, 38(4), 485–493.

Akerlof, G. A. 1970. The Market for “Lemons”: Quality Uncertainty and the Market Mechanism. The Quarterly Journal of Economics, 84(3), 488–500.

American Institute of Certified Public Accountants(AICPA). 2018a. SOC for Service Organizations: Information for Service Organizations. https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/serviceorganization-smanagement.html. (last accessed April 25, 2023).

American Institute of Certified Public Accountants(AICPA). 2018b. SOC for Service Organizations: Information for Users and User Entities. https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/users.html. (last accessed April 25, 2023).

American Institute of Certified Public Accountants(AICPA). 2021. SOC survey results point to the value of SOC 1 and 2 engagements. https://www.aicpa-cima.com/resources/download/soc-survey-results-point-to-the-value-of-soc-1-and-2-engagements. (last accessed April 26, 2023).

Berkman, H., Jona, J., Lee, G., and Soderstrom, N. 2018. Cybersecurity Awareness and Market Valuations. Journal of Accounting and Public Policy, 37(6), 508–526.

Burns, J., and Simer, B. 2013. COSO Enhances Its Internal Control—Integrated Framework. https://www.iasplus.com/en/publications/us/heads-up/2013/coso/file. (last accessed April 25, 2023).

Cavusoglu, H., Mishra, B., and Raghunathan, S. 2004. The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers. International Journal of Electronic Commerce, 9(1), 69–104.

Connelly, B. L., Certo, S. T., Ireland, R. D., and Reutzel, C. R. 2011. Signaling Theory: A Review and Assessment. Journal of Management, 37(1), 39–67.

CPA. 2019. Cybersecurity Risks and Controls. The CPA Journal. https://www.cpajournal.com/2019/07/08/cybersecurity-risks-and-controls/. (last accessed April 25, 2023).

Deloitte 2016. ISAE 3402 Deloitte. https://www2.deloitte.com/content/dam/Deloitte/lt/Documents/process-and-operations/LT_ISAE_3402.pdf. (last accessed May 10, 2023).

Feltham, G. A., and Ohlson, J. A. 1995. Valuation and Clean Surplus Accounting for Operating and Financial Activities. Contemporary Accounting Research, 11(2), 689–731.

Freeze D. 2018a. Global Ransomware Damage Costs Predicted To Exceed $8 Billion In 2018. Cybercrime Magazine. https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-exceed-8-billion-in-2018/. (last accessed April 24, 2023).

Freeze D. 2018b. Cybercrime To Cost The World $10.5 Trillion Annually By 2025. Cybercrime Magazine. https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/. (last accessed April 24, 2023).

Gordon, L. A., Loeb, M. P., and Sohail, T. 2010. Market Value of Voluntary Disclosures Concerning Information Security. MIS Quarterly, 34(3), 567–594.

Hall, B. H., Jaffe, A., and Trajtenberg, M. 2005. Market Value and Patent Citations. The RAND Journal of Economics, 36(1), 16–38.

Holmström, B. 1979. Moral Hazard and Observability. The Bell Journal of Economics, 10(1), 74–91.

Huang, H. H., and Wang, C. 2021. Do Banks Price Firms’ Data Breaches? The Accounting Review, 96(3), 261–286.

IBM. 2022.Cost of a Data Breach Report. https://www.ibm.com/downloads/cas/3R8N1DZJ. (last accessed May 4, 2023).

Ittner, C. D., and Larcker, D. F. 1998. Are Nonfinancial Measures Leading Indicators of Financial Performance? An Analysis of Customer Satisfaction. Journal of Accounting Research, 36, 1–35.

Lester, R. H., Certo, S. T., Dalton, C. M., Dalton, D. R., and Cannella Jr., A. A. 2006. Initial Public Offering Investor Valuations: An Examination of Top Management Team Prestige and Environmental Uncertainty. Journal of Small Business Management, 44(1), 1–26.

Lev, B., and Penman, S. H. 1990. Voluntary Forecast Disclosure, Nondisclosure, and Stock Prices. Journal of Accounting Research, 28(1), 49–76.

Lundholm, R., and Myers, L. A. 2002. Bringing the Future Forward: The Effect of Disclosure on the Returns-Earnings Relation. Journal of Accounting Research, 40(3), 809–839.

Martin, G., and Sinclair, K. 2018. Employer branding and corporate reputation management in global companies: theory and practice. In Global talent management (pp. 144-164).
Martin, K. D., Borah, A., and Palmatier, R. W. 2017. Data Privacy: Effects on Customer and Firm Performance. Journal of Marketing, 81(1), 36–58.

Mata, F. J., Fuerst, W. L., and Barney, J. B. 1995. Information Technology and Sustained Competitive Advantage: A Resource-Based Analysis. MIS Quarterly, 19(4), 487–505.

Nickell, C. G., & Denyer, C. 2007. An Introduction to SAS 70 audits. Benefits Law Journal, 20(1), 58-68.

Ohlson, J. A. 1995. Earnings, Book Values, and Dividends in Equity Valuation. Contemporary Accounting Research, 11(2), 661–687.

Schoenfeld, J. 2022. Cyber risk and voluntary Service Organization Control (SOC) audits. Review of Accounting Studies, 1-41, Forthcoming.

Sheldon, M. D., Bhattacharjee, S., and Barkhi, R. 2023. The Impact of Persuasive Response Sequence and Consistency When Information Technology Service Providers Address Auditor-Identified Issues in System and Organization Control 2 Reports. Journal of Information Systems, 37(1), 85–107.

Smith, T. J. (Tom), Higgs, J. L., and Pinsker, R. E. 2019. Do Auditors Price Breach Risk in Their Audit Fees? Journal of Information Systems, 33(2), 177–204.

Spence, M. 1973. Job Market Signaling. The Quarterly Journal of Economics, 87(3), 355.

Tribunella, T., and Tribunella, H. R. 2022. Service Organization Control (SOC) Reports and Their Usefulness. In Global Perspectives on Information Security Regulations: Compliance, Controls, and Assurance (pp. 125-150).

World Economic Forum (WEF). 2023. Global Risks Report 2023.
https://www3.weforum.org/docs/WEF_Global_Risks_Report_2023.pdf. (last accessed April 25, 2023).

Wertheim S. 2019. Auditing for Cybersecurity Risk. The CPA Journal. https://www.cpajournal.com/2019/06/19/auditing-for-cybersecurity-risk/. (last accessed April 24, 2023).

Yen, J.-C., and Wang, T. 2021. Stock Price Relevance of Voluntary Disclosures about Blockchain Technology and Cryptocurrencies. International Journal of Accounting Information Systems, 40, 100499.

Zhang, Y., and Wiersema, M. F. 2009. Stock Market Reaction to CEO Certification: The Signaling Role of CEO Background. Strategic Management Journal, 30(7), 693–710.

指導教授

顏如君

審核日期

2023-7-18

推文