Sarbanes-Oxley Act

From 2001 to 2002, after a series of false financial reporting and bankruptcy of many large corporations, to relieve the untrusting sentiment and pressure toward capital markets, U.S government drafted and passed a new version of corporate reform act: Sarbanes-Oxley Act to bring the capital market back on track.

美國在2001年至2002年之間經歷了許多大型公司作假帳並且倒閉的一系列風波後，為了解決投資人對於資本市場的不信任以及輿論的施壓，迅速的於2002年制定並且通過了新的企業改革法案－沙賓法案，企圖使失常的資本市場藉由此法的新規定來回到正常軌道。

沙賓法案是美國證券市場管理法制七十年來最大的一次變革。這個法案全文分為十一篇，六十六個條文，內容涵蓋甚廣，大概包括下列幾個部份：設立專責的會計監督機關、強化查核人員的獨立性、加重管理階層的企業責任、財務揭露強化、降低證券分析師之利益衝突、強化證券交易委員會的職權1、要求相關機關提出研究報告、明定企業詐欺的刑事責任並且提高刑罰。本書從其中分析出幾點與內部控制以及內部控制重要的核心－文件有關的地方來介紹：

（一）管理階層切結義務

在加重管理階層責任的規範部份，有鑑於財務弊案發生時管理階層皆聲稱不知情而意圖卸責，新法案第302條要求各發行公司的管理階層除了本來在定期公佈的年報、季報等財務報導上簽名之外，必須另行出具一份書面聲明，來保證其所簽名的各種財務報導為詳實無誤2，縱然管理階層在國外設置其他公司，這些切結義務也都有適用。302條（a）的四、五、六款都與財務報導的內部控制制度有關：

第四款3規定到，這些簽名者必須承諾下列事項：「負責公司有關內部控制之建立即維持、內部控制制度的設計足以確保管理階層在財報編制期間，就得知重要的內部資訊、在呈交財報的九十天前，評估內部控制制度的有效性、在財報中表示內部控制制度有效性的評估結論。」

第五款4規定到，簽名者代表其已經向公司的查核人員及審計委員會揭露下列事項：「該公司的內控制度在設計上或運作上，有足以使公司有關財務資訊出現瑕疵的的缺失、任何關於公司管理階層，或是負責重要內部控制事項之員工的詐欺情事。」

第六款則是規定，簽名者保證其已經在評估內控制度後，於聲明書中表明公司內所有內控制度之重要改變及影響其有效性的重要因素，與內控制度的缺失跟改善方法。

看到這些條文可能讀者們並不是很能夠了解它們所代表的意義，其實本條法規的最大目的就是希望藉由要求管理階層出具內控切結書的方式，來迫使管理階層重視內部控制制度，包括建立及維持、有效性、缺失以及改善方法等等，如果管理階層的確出具了這樣子的聲明書，那麼到時候真的出了什麼岔子時，政府當局就可以名正言順的對這些管理階層來處罰或是追究責任。當然啦，最首要的目標還是希望使人們能夠更謹慎小心的從事企業營運，保障廣大的投資人及市場秩序。

（二）內部控制制度報告

除了跟年報、季報等財報相關的內部控制制度需要管理階層簽署切結之外，沙賓法案第404條（a）6還要求這些發行公司在提交年度財務報告的時候另外加上內部控制制度的報告，敘明針對財務報告的部份，管理階層有義務建立、維持適當的內部控制制度，以及這些內部控制制度的有效性評估報告。

從沙賓法案的這兩條新增規定當中，看的出來立法者對於內部控制制度的重視程度，要求企業必須定期提出公司內部控制制度的報告書以及切結書，以確保公司治理的精神被徹底執行。

（三）竄改文件之刑事處罰與審計資料之保存

文件在企業當中扮演相當重要的角色，這一點在2002年的沙賓法案當中也可以找到一些端倪，沙賓法案的第802條（a）7就是關於竄改文件的刑事制裁的規定，內容是在美國法令彙編第18卷第73章(妨礙司法)增訂兩條條文8，第一條是說，任何人如果基於防礙政府部門調查的目的而修改、銷毀、隱匿、偽造任何紀錄或文件者，必須要處二十年以下有期徒刑以及科或併科罰金；第二條則是規定依美國證交法提供發行公司簽證服務的會計師事務所，自開簽證工作完成後必須將相關業務文件保留五年，包括工作底稿、基本表格、往來信件、分析意見、相關財務數據等。

會有這樣子的規定其實並不奇怪，因為企業內部的文件或是會計師事務所所擁有的企業文件，都是企業經營過程各種大小交易、事件的忠實紀錄，如果要了解企業的來龍去脈，這些相關文件就是最好的著手點，如果這些文件被銷毀、修改或是隱匿，那真相就永遠石沉大海了！本條規定就是要保護文件所擁有的還原事實功能！

（四）吹哨者保護條款與檢舉人保護制度

在恩龍案以及世界通訊案當中最初都是由公司內部的稽核人員發現有異常情事發生，經追查後才抓出重大之財務弊案，這些檢舉人就是所謂的吹哨者（whistleblower）。由於企業內部員工所提供的文件或資料通常是有利於弊案調查的利器，為了使企業內的員工可以無畏懼報復而能提供線索以供追查，沙賓法案也有關於企業內部員工檢舉弊案的保護措施。

沙賓法案第806條（a）9所增訂的1514A就是在保護企業內部的員工，如果有員工對於調查單位提供資料、提出或參加相關訴訟或出席作證，該企業不得對該員工解雇、降級、停職、也不能威脅、騷擾或歧視該員工。

除了保護企業內部員工的吹哨者保護條款之外，沙賓法案第1107條禁止對於檢舉人採取報復行為，違反者得科以罰金或是併處十年以下有期徒刑，功能是在保護所有可能的檢舉者，縱然不是弊案發生的企業內部員工，只要是檢舉人都可以適用這一條規定而受到保護，增加檢舉人檢舉的動力。

內部控制制度之所以會被強調，肇因於行之有年的獨立董事功能不彰，美國的發行公司大多都有設置獨立董事，而設置獨立董事的目的就是希望這些具有專業的董事可以好好監督管理階層來保障公司妥善的經營，無奈獨立董事的高薪報酬與其職務間有利益衝突，獨立董事很難發揮其應有的監督功能，弊案還是不停發生。內部控制制度的完善則是繼獨立董事之後再度被寄予厚望的最新良藥。

參考資料：
1. Security Exchange Commission，美國的證券主管機關，簡稱SEC。
2. 沙賓法案第302條（a）開頭：「The Commission shall, by rule, require , for each company filing periodic reports under section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C.78m,78o(d)), that the principal executive officer or officers and the principal financial officer or officers, or persons performing similar functions, certify in each annual or quarterly report filed or submitted under either such section of such Act that —」
3. 沙賓法案第302條（a）第四款原文如下：「(4) the signing officers—(A) are responsible for establishing and maintaining internal controls;(B) have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared;(C) have evaluated the effectiveness of the issuer’s internal controls as of a date within 90 days prior to the report; and (D) have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date;」
4. 沙賓法案第302條（a）第五款原文如下：「(5) the signing officers have disclosed to the issuer’s auditors and the audit committee of the board of directors (or persons fulfilling the equivalent function) (A) all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer’s ability to record, process, summarize, and report financial data and have identified for the issuer’s auditors any material weaknesses in internal controls; and (B) any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer’s internal controls; and」
5. 沙賓法案第302條（a）第六款原文如下：「(6) the signing officers have indicated in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.」
6. 沙賓法案第404條（a）第六款原文如下：「The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d)) to contain an internal control report, which shall—(1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.」
7. 沙賓法案第802條（a）原文如下：「(a) IN GENERAL.—Chapter 73 of title 18, United States Code, is amended by adding at the end the following:‘‘§ 1519. Destruction, alteration, or falsification of records in Federal investigations and bankruptcy ‘‘Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both. ‘‘§ 1520. Destruction of corporate audit records ‘‘(a)(1) Any accountant who conducts an audit of an issuer of securities to which section 10A(a) of the Securities Exchange Act of 1934 (15 U.S.C. 78j–1(a)) applies, shall maintain all audit or review workpapers for a period of 5 years from the end of the fiscal period in which the audit or review was concluded. ‘‘(2) The Securities and Exchange Commission shall promulgate within 180 days, after adequate notice and an opportunity for comment, such rules and regulations, as are reasonably necessary, relating to the retention of relevant records such as workpapers, documents that form the basis of an audit or review, memoranda, correspondence, communications, other documents, and records (including electronic records) which are created, sent, or received in connection with an audit or review and contain conclusions, opinions, analyses, or financial data relating to such an audit or review, which is conducted by any accountant who conducts an audit of an issuer of securities to which section 10A(a) of the Securities Exchange Act of 1934 (15 U.S.C. 78j–1(a)) applies. The Commission may, from time to time, amend or supplement the rules and regulations that it is required to promulgate under this section, after adequate notice and an opportunity for comment, in order to ensure that such rules and regulations adequately comport with the purposes of this section. ‘‘(b) Whoever knowingly and willfully violates subsection (a)(1), or any rule or regulation promulgated by the Securities and Exchange Commission under subsection (a)(2), shall be fined under this title, imprisoned not more than 10 years, or both. ‘‘(c) Nothing in this section shall be deemed to diminish or relieve any person of any other duty or obligation imposed by Federal or State law or regulation to maintain, or refrain from destroying, any document.”」
8. 1519、1520條。
9. 沙賓法案第806條（a）原文如下：「Chapter 73 of title 18, United States Code, is amended by inserting after section 1514 the following:‘‘§ 1514A. Civil action to protect against retaliation in fraud cases‘‘(a) WHISTLEBLOWER PROTECTION FOR EMPLOYEES OF PUBLICLY TRADED COMPANIES.—No company with a class of securities registered under section 12 of the Securities Exchange Act of 1934 (15 U.S.C. 78l), or that is required to file reports under section 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78o(d)), or any officer, employee, contractor, subcontractor, or agent of such company, may discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee in the terms and conditions of employment because of any lawful act done by the employee—‘‘(1) to provide information, cause information to be provided, or otherwise assist in an investigation regarding any conduct which the employee reasonably believes constitutes a violation of section 1341, 1343, 1344, or 1348, any rule or regulation of the Securities and Exchange Commission, or any provision of Federal law relating to fraud against shareholders, when the information or assistance is provided to or the investigation is conducted by—‘‘(A) a Federal regulatory or law enforcement agency;‘‘(B) any Member of Congress or any committee of Congress; or‘‘(C) a person with supervisory authority over the employee (or such other person working for the employer who has the authority to investigate, discover, or terminate misconduct); or‘‘(2) to file, cause to be filed, testify, participate in, or otherwise assist in a proceeding filed or about to be filed (with any knowledge of the employer) relating to an alleged violation of section 1341, 1343, 1344, or 1348, any rule or regulation of the Securities and Exchange Commission, or any provision of Federal law relating to fraud against shareholders.」