컴플라이언스 담당자의 업무범위와 책임에 관한 연구
ⅵ, 169 p.
컴플라이언스 내부통제 내부통제법 준법감시 준법통제 업무범위 리스크의 종류 COSO 보고서 COSO ERM 책무 책임;
- 원문 URL
Historically internal control was started from accounting control for avoiding fraudulent accounting in USA. And then it encompassed administrative control. In 1992, COSO Internal Control - Integrated Framework comprised Compliance objective. So, objectives of internal control were 'effectiveness and efficiency of operations', 'reliability of financial reporting', 'compliance with applicable laws and regulation' under 1992 COSO. But, the Integrated Framework was changed as Enterprise Risk Management Framework in 2004 including 'strategic objective' in its objectives instead of internal control by COSO. Internal control is an integral part of enterprise risk management. This enterprise risk management framework encompasses internal control, forming a more robust conceptualization and tool for management. So it means that internal control can achieve by enterprise risk management. Compliance system as internal control system in the financial companies of Korea was imported from USA in 2000 as cause analysis of IMF financial crisis. But the concept definitions and job scope of compliance function as part of internal control was not defined in laws and decrees. It was supplemented by best practices or standards of financial supervisory services and private institution. So it makes several problems of liabilities and responsibilities such a example as work overlapping. Those problems are born from the insufficiency of understandings about corporate governance of Korean companies which are different from American companies' governance, and the deficiency of concept definition. So, it is needed the concept definition of internal control and every kind of risks. In this treatise, I want to set up the concept definitions of internal control and every kind of risks referring to global standards such as BCBS papers of BIS, 1992 report and 2004 Enterprise Risk Management Framework by COSO. Because these global standards has stood the test of time by lots of banks around the world, these documents remain in place as the definition of and framework for internal control and risk management. Every operation and business department needs the risk management and concept definition of risks. Especially, compliance and internal audit function need them for internal control. In this treatise, I recommend the definitions for 10 kinds of risks, namely compliance risk, legal risk, accounting & administrative risk, competition & treating customers fairy risk, operation risk, general risk(including credit or market risk, etc.), supervisor regulation risk, ethical risk, reputation risk, strategic risk. Compliance risk is defines as “the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organization standards, and codes of conduct applicable to its banking activities (together, “compliance laws, rules and standards”) by Basel Committee on Banking Supervision. Compliance risk is a risk of the widest scope including legal risk. It is very important for interpretation of 'legal' to define the scope of legal risk. The scope of 'legal' is composed by Constitution, laws, its implementing decrees, rules, regulations, related self-regulatory organization standards, code of ethics, code of conduct, manuals. For legal service department occasion, it can be hardly distinguishable whether they should control anywhere from Constitution to manuals. Korean Commercial Law makes the Compliance supporter system for compliance(legal only) control of big companies in 2011. In this treatise, the Compliance supporter should control the violation risk of Constitution, laws, its implementing decrees, rules, regulations, related self-regulatory organization standards. A difference of risk scope between financial company and general commercial company is reasonable application in Korea, because they are different from the type of industrial risk. Owing to a loophole of concept definition, the scope and liabilities of internal control in Korean laws, we should supplement the liabilities by criminal theories and the scope by interpretation of global standards. Such as this, Korean law need the legislate of a tentatively called "Corporate Internal Control Law" including all companies and government authorities to solve problems which is occurring by a loophole of concept definition, the scope and liabilities of internal control. Key Words : Internal control, Enterprise Risk Management, the Scope of Compliance, Liabilities of Compliance Function, COSO, Corporate Internal Control Law.