|
「為什麼我們的內稽和外稽人員沒有警告我們?」我最近好幾次聽到來自世界各地不同地方的人們問這個問題-問題甚至來自於那些根本就不想被警告的人!問題的答案到目前為止應該很明確了:內稽和外稽人員僅能分別提供商業與投資人認證。他們正式的角色是要對資料、資訊、知識還有人心存疑問,並使用足夠的知識和技術,透過批判性的、獨立的、即時的懷疑心態進行跟催。讓我們先把重點放在內部稽核,然後下一篇文章中,再來使用本篇的一些論點討論外部稽核。
“How come our internal and external auditors did not warn us?” I have heard this question recently many times from people in various parts of the world - even from those who did not want to be warned! - The answer is by now obvious: Internal and external auditors can only be the providers of business and investor assurances, respectively, if their official role is to be skeptical about data, information, knowledge, and people, and to follow up on reasonable doubts critically, independently, rationally and timely with sufficient mental and technological resources. Let us concentrate on internal auditing in this blog and address external auditing in the next one with reference to the previous.
我們不只允許、同樣也期望與支持內稽人員成為一個批判且對手中證據心存懷疑的第三方機構,他會是在內部當責三角中,成為專業經理人 ( 像是本金、資源、資產與資本的管理者 ) 與所有負責任的參與者在追求組織目標時的橋梁。因此,內部稽核是為了提供認證給所有需要組織知識,以便能合理的懷疑錯誤與疏漏:委託人和他們聘用的經理人 ( 包含監事會和稽核委員會 )、業務管理、以及身處組織流程各個環節的參與者 ( 員工、顧客、產品與服務的供應商,當然也包含了銀行家 )。他們都參與了組織追求目標 (包含實體和金錢) 的過程,因此在追求目標的過程中,他們更加依賴現代化的組織資訊系統,而非如同過去僅是依靠傳統的財務會計與統計系統。Internal auditors must not only be allowed but expected and supported as a critical and skeptical third party in any internal accountability triangle between agents (as managers of principals, resources and wealth in terms of assets and capital), and all other accountable participants in the pursuit of organizational objectives. Thus, internal auditing is meant to provide assurances to all those in need of organizational knowledge in view of reasonable doubts, errors and omissions: Principals and their agents (including supervisory boards and any audit committees), operational managements and all participants along the “organizational lines” of business (employees and customers as well as suppliers of goods and services, including any bankers, of course!). - They are all involved in the pursuit of organizational objectives, both physical and monetary, and therefore dependent on modern organizational information systems rather than on merely traditional financial accounting and statistical systems.
營運確保是極具說服力的證據,理論上,它讓我們知道商業不只是一味地相信,也讓我們可以在任何關鍵的時點,即時地將可確定性做更廣泛的延伸。真理有四種不同的意義:(1) 實用真理;(2) 一致的真理;(3) 對應真理;(4) 語意真理。這四種真理必須被區分開來,並被正確地理解,以避免錯誤或誤導認證。
Business assurance is convincing evidence that what we know about a business is - ideally - not only indubitably believable but also true to the extent ascertainable at any relevant point in time. Truth has four different meanings: (1) Pragmatic truth; (2) coherent truth; (3) correspondent truth; and (4) semantic truth - all of which need to be distinguished and properly understood to avoid false or misleading assurances.
(1) 實用真理:定義「真理」的性質為一敘述句所描述 ( 或認可 ) 的內容被完全地擔保。這需要充分的證據以評斷敘述句所描述 ( 或認可 ) 的內容。但它不同於對應理論,在對應理論中,它的描述即使被完全地擔保了,也不一定可以用來描述 ( 或直接相等於 ) 這個世界。因此即使我們認定被擔保的句子是對的,從某種意義上來說 (1) 這可能是對的也可能是錯的,因為句子本身不一定是對的 (2) 證據僅為片段或根本就在誤導使用者。(Fetzer and Almeder 1993: 13=5-136)
(1) defines “true” as designating the property a declarative sentence has when its assertion (or acceptance) is fully warranted. This requires that the available evidence is sufficient to justify its assertion (or acceptance). Yet it differs from the correspondence theory insofar as sentences whose assertion is fully warranted might not describe (or “correspond to”) the world. Sentences that are warranted and therefore true in sense (1) might or might not be true in sense (2) when the evidence is partial or misleading. (Fetzer and Almeder 1993: 13=5-136).
財務會計以公開聲明 ( 透過會計師或財務經理 ) 提供資訊,我們相信這些資訊可以代表週期性財務狀況的好壞。管理會計是為了產生支援決策與行動所需要的知識,以讓組織能夠達成不同層級的目標。管理的資訊與推論知識是實用真理,也就是如果組織中的每個人都有足夠的證據去評斷他們的信念,他們即可知道信念是否「好到足以作為行動之依循」。舉例來說,以適當的內部控制系統 ( ICS ) 去監控組織的行為,可以提供評斷信念的證據,但如果我們依照錯誤的資料與資訊行動,就可能導致災難性的後果。
Whereas financial accounting provides information in the form of assertions (by accountants or financial managers) believed to be representative of periodic financial success or failure, managerial accounting is meant to generate requisite knowledge in support of decisions and actions in the pursuit of organizational goals at all organizational levels. Managerial information and derived knowledge is pragmatically true if everyone in an organization has sufficient evidence to justify their beliefs as “good enough to act
upon“. For example, monitoring organizational behavior by means of appropriate internal control systems (ICS) can provide such evidence, but if we act on false data and information, it may have catastrophic consequences.
(2) 一致的真理:定義「真理」的性質為一組信念,當滿足邏輯一致性 ( 對任何信念b來說,b與它的反面非b,不會同時成立 ) 與演繹封閉 ( 如果信念b1為真,在邏輯上需要信念b2也為真,那麼當b1成立時,b2也一定要成立 ) 的條件時,這組信念會相互強化 ( 或說是「團結合作」 )。即使一個人在兩個不同的時間有完全不同的信念,與兩個人在相同的時間享有完全不同的信念,只要他們的信念集合是一致的,就會符合真理一致論,故一致論與對應論是兩回事。(ibid.: 134)
(2) defines “true” as a property of sets of beliefs that are mutually reinforcing (or “hang together”) while satisfying conditions of logical consistency (where it is not the case that, for any belief b, both b and its negation, not-b, are accepted at the same time) and of deductive closure (where, if the truth of belief b1 logically requires the truth of belief b2, then b2 must also be accepted whenever b1 is accepted). Since one person at two different times and two persons at the same time are entitled to completely different beliefs as long as their belief sets are coherent, the coherence theory does not entail the correspondence theory. (ibid.: 134).
合乎邏輯的資訊並不一定代表事情真實的樣貌。例如我們可能擁有一致的帳簿紀錄,甚至可能還會取得一些文件去支持紀錄的正確性,但這依然不足以建立紀錄的真實性,因為手中的文件可能是假的,文件所描述的事物也可能根本不存在。因此,合乎邏輯並不能提供「客觀的」認證,因為這種認證需要相關且確鑿的證據做為背書,即使組織中所有參與者的信念因為目標與追求目標的行動而團結一致也一樣。譬如說,資金的維護、獲利能力或現金管理或許可以對有權獲得內外部資訊的人,提供合乎邏輯且具有說服力的解釋,但是句法的連貫性,像是「借 = 貸」,以及語意的連貫性,像是透過文字遵循法律規定 ( 如GAAP ),並不能保障真實性。
Coherent information does not necessarily correspond to the way things are. For example, we can have consistent bookkeeping records and even documents to support them, but that is not enough to establish the truth of those records, since the documents may be fake and what they represent may not even exist. Therefore, coherence cannot provide “objective” assurance based on corresponding and corroborating evidence, even if the beliefs of all organizational participants “hang together” in terms of organizational goals and their pursuit. For example, capital maintenance, profitability or cash management may be coherently and convincingly explainable to anyone entitled to this information internally and externally; but syntactic coherence like “debits=credits” and semantic coherence like literal compliance with legal requirements such as GAAP cannot guarantee truth.
(3) 對應真理:定義「真理」的性質為,一個敘述句所說的事情真的就是那件事情。這是最常被接受的真理論。當世界 ( 或現實 ) 是如同一個句子 ( 約翰是個單身漢 ) 所描述的狀況,那它即是真實 ( 因為在這個例子中,約翰真的單身 )。真理語意論是從對應論中衍生出來的。(ibid.: 135)。它主要的問題是:決定事件是什麼。
(3) defines “true” as designating the property of a declarative sentence when what it asserts to be the case is the case. This is the commonly accepted theory of truth. Such a sentence (“John is a bachelor”) is true when the world (or reality) is the way it is thereby described as being or when that sentence “corresponds” to the world (because, in this case, John is a bachelor). The semantic theory of truth is a refinement of the correspondence theory. (ibid.: 135). The problem is to determine what is the case.
我們通常可使用由以下來源所提供的證據,建立符合「組織現況」的管理資訊:(1) 相關且可稽核的內控系統;(2) 視察有形資產與庫存,或是具約束力的合約與義務;或者回顧人們的行動、預期及意圖。在實務上,真理的實用論與一致論會根據所有可用之相關證據,替關於何者為真 ( 與事情本應如何一致 ) 的推論提供背書。
Managerial information that corresponds to “organizational reality” can usually be based upon evidence such as that provided by (1) relevant and auditable ICS; (2) inspecting tangible assets and inventories or binding contracts and obligations; or by interviewing people about their actions, expectations, and intentions. In practice, the pragmatic and the coherence theories tend to support the same inferences about what is true (and therefore correspond to the way things are) when they are based upon all the available relevant evidence.
為了使誤導的風險,或儲存在管理資訊系統 ( MIS ) 中的資訊、資料 ( 它們越來越依賴容易犯錯的程式設計或資訊系統操作,因此可能會導致故障或暴露缺點 ) 錯誤的風險最小化,我們需要使用內控系統作為解釋管理資訊系統的工具 ( 後設管理資訊系統,meta-MIS )。譬如說,MIS為了要能夠被稽核,所有訊息 ( 廣義的交易 ) 的目的地或接受者的紀錄都要被集中監控 ( 記錄日誌 ) ,以便能夠追溯其組織目的與使用者。因此,內控系統的範圍一定要能夠涵蓋組織的所有行為,以便能夠做到成功的內部規範。良好的調節定理 ( Conant 和 Ashby ) 一書提到:「每個良好的系統調節都要能夠成為系統 [ 相關的 ] 模型。」好的稽核人員、檢查人員、面試人員在尋找真理的過程中也同樣要有這樣的模型。
To minimize the risks of misleading or wrong data and information contained in modern information systems (MIS) which are increasingly dependent on fallibly programmed or operated information technology that may be malfunctioning and vulnerable (i.e., physically insecure), we need ICS as meta-MIS. For example, for MIS to be auditable, all messages (transactions in a broad sense) need to be monitored (logged) together with a record of their destination or recipient in order to be able to link them causally to respective organizational purposes and users. Therefore, the scope of ICS must correspond to the variety of organizational behavior in order to support successful internal regulation. The Good Regulator Theorem (Conant and Ashby) reads: "Every Good Regulator of a system must be a [corresponding] model of that system." Good auditors, inspectors and interviewers also have one when searching for the truth.
(4) 語意真理:作為對應理論的正式變化,它指出真理應該要能夠被詮釋,用來當作元語言述語,以避免不同的語意矛盾 ( 像是有個句子針對本身指出:「這個句子是錯的」,如果它說的是錯的,那這個句子就是對的;反之當它說的是對的,那句子就是錯的 )。真理被視為一種述語 ( 譯註:句子中對主語加以陳述的部分,如 [ 他告訴我 ] 中的 [ 告訴我 ] ),它出現於後設語言中,用於描述出現在目標語言中的句子。(ibid.: 136) 它並不斷言一個句子是否為真,而是指出在什麼樣的條件之下句子為真。因此,舉例來說,「Schnee ist weiss」這個句子僅在雪真的是白的情況下,它在德文中才是對的。在這個例子中,德文是目標語言,而英文 ( 或中文 ) 則可作為後設語言。在實務中,我們會根據可用的相關證據,來判斷一個句子是否為真。
(4) as a formal variation on the correspondence theory maintains that truth ought to be interpreted as a meta-linguistic predicate in order to avoid various semantic paradoxes (such as the sentence that asserts of itself, “This sentence is false,” which is true if it is false and false if it is true). Truth is viewed as a predicate that occurs in a meta-language to describe sentences that occur in an object language. (ibid.: 136) It does not assert what sentences are true but the conditions under which those sentences are true. Thus, for example, the sentence "Schnee ist weiss" is true-in-German if and only if snow is white, where German is the object language and enhanced English the meta-language. In practice, which sentences are judged to be true will depend upon the available relevant evidence.
為了要評估組織用許多不同目標語言表達的資料、資訊、與知識之真實性,我們需要一個有足夠能力的後設語言,在此我們稱之為稽核語言 ( auditese ),用它來正確地翻譯目標語言所要表達的事情與狀態。如果 ( 內部 ) 稽核人員可以且能夠確保組織任何可能參與者的資料、資訊、與各別知識的真實性,那麼我們就可以將認證想成是種後設知識,所有相關的目標資料與後設資料、目標資訊與後設資訊,應該也要能透過稽核語言使用並評估。
In order to assess the truth of organizational data, information and knowledge as expressed in various specialized object languages semantically, a sufficiently powerful meta-language, here called auditese, is required into which all such object language expressions and statements can be correctly translated. Since we can consider assurances as meta-knowledge, all relevant object data and meta-data and object information and meta-information must also be accessible and assessable by means of auditese if (internal) auditors are to be able and capable to assure any and possibly all organizational participants of the truth of their data, information and respective knowledge.
概括說來,營運確保 ( 個體經濟上的理解 ) 是建立於,提供充足的相關證據給企業行為可接受的解釋:任何關於關鍵事件、目標、系統狀態或主題 ( 根據正式的資料、資訊、與組織參與者所表達的任何合理懷疑 ) 的假說,都應該要能夠令人信服且滿意地解釋。因此,內部稽核人員須要降低不確定性;監控已知的風險;使用嚴格的審查及持懷疑態度的訪問與回顧,建立可稽核的後設語言,以提供陷入疑惑中的「客戶」保障。除此之外,他們應該要隨時準備好承認並解釋他們為何沒辦法做到該做到的事情。因此,我們需要使用嚴苛的方法測試是否有人試圖竄改財務文件與記錄。如果這些文件與記錄並沒有在測試過程中被否決,那麼我們就可以合理推斷:並不是說它們完全正確,但至少它們沒有明顯錯誤。
In summary, business assurance (micro-economically understood) is based on sufficient relevant evidence for acceptable explanations of corporate behavior: Any proper hypothesis about critical events, objects, system states or subjects based on formal data and information and any reasonable doubt expressed by organizational participants ought to be convincingly and satisfactorily explainable. Thus, internal auditors need to be able to reduce uncertainty; to monitor known risks; and to assure their “clients“ in doubtful situations by means of an auditable meta-language based on critical inspections and skeptical interviews and reviews. Otherwise they ought to be prepared to admit and explain their inability to do so. The appropriate attitude to adopt therefore is to employ severe tests of financial documents and records in an attempt to falsify them. If they are not refuted in the process, then it is reasonable to infer, not that they are true, but that they are at least not obviously false.
© Copyright 2009 by Hart J. Will
翻譯:中正會資所 汪修平 |
(共有73人投票)
