내부통제제도에 관한 소고

서지민(Sur, Ji-Min),최준선(Choi, Joon-Sun) 성균관대학교 법학연구소 2010 성균관법학 Vol.22 No.3

Internal control is a process to bring effectiveness and efficiency of operation in corporate management activities and company’s business works lawfully by accepting internal appropriate supervision about internal decisions and management of business. Since the global financial crisis, each countries-involving not only USA but also Japan and other- have tried to secure legality and transparency of management continually. For the case of USA, they tightened up the internal control system through enactment the Sarbanes-Oxley Act; SOX law) and Japan tightened up the inspection function as to stipulate the internal control system as positive law. In the case of Korea, there was no fully understanding about internal control system when we accepted it so it is true that we couldn’t handle it for its purpose. Since the internal control system about financial institution is introduced firstly, now we have been placing the internal control system for just some companies. Especially, the internal control system for financial institution is the part required protection for investor through reinforcement the compliance of the people engaged in financial business based on distinctiveness of business works. Proper regulation is required for efficient market management, but excessive regulation is rather to make obstacle market development. So, there’s need to build the internal control system as an institutional strategy to prevent the violation of laws and to head off the harmful effect for deregulation. To build these internal control systems, the financial institution authorizes compliance officer to have rights and responsibilities about compliance. So, compliance officer works to decide the basic process and standard to be followed by employee to do their job, and enquiries violations of standards. Business management always involves risk, so the internal control to administrate risk is itself the business management. In our country, except vulnerable compliance, to build the internal control system carries an important meaning for management of risk and securing of compliance. This paper searches the process of development of internal control system in all of the countries and then thinks about the problem and its solution focused on compliance officer system. However the most important thing is the will to operate the system not to try to build up the system. Even through the perfect internal control system is introduced, the internal control just offers reasonable guarantee and we should clearly realize that there are some limitations. Therefore, I think it is not the end just to build the internal control system, but there always needs to try supervising constructed internal control system.

Comparative Analysis of Internal Control System in USA, Japan and Korea

박형근,이재춘 아시아.유럽미래학회 2017 유라시아연구 Vol.14 No.4

The internal control system is an essential process to maintain and manage an organization. It helps an organization achieve its goal by containing risks that might affect its accomplishment of the goal. The system is considered increasingly important as it is a fundamental procedure to protect a company’s asset by detecting and preventing irregularities and malpractices. This research compares and analyzes laws and regulations pertaining to internal control systems in the U.S., Japan, and Korea and their key elements. The research result is as described below. The U.S. was the first country to establish laws and regulations on corporate internal controls in order to improve its law enforcement and public disclosure guidelines. The U.S. Securities and Exchange Commission (“SEC”) played a leading role in establishing the Foreign Corrupt Practices Act (“FCPA”) to prevent accounting irregularities of the U.S. companies. The Model Business Corporation Act (“MBCA”) provides basic guidelines of internal controls and stipulates that the board of directors meeting shall be responsible for building and operating the internal control system. Moreover, the Act practically enforces practical control over companies in the U.S. by stipulating compulsory internal control (including compliance issues) in the listed company manuals of the stock exchange. After that, Sarbanes–Oxley Act (“the SOX Act”) was established to have management and external auditors responsible for internal control in a stronger and stricter manner. The SOX Act provides regulations on accounting, corporate governance, and audit, encompassing all three areas of internal control covered in Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) report. Japan introduced regulations on establishment of the internal control system in its Corporate Act of 2005. Afterwards, due to the unlawful acts of Japanese companies, articles and provisions concerning internal control system were stipulated in the Financial Instruments and Exchange Act (“FIEA”). In particular, establishment of the internal control systems is a legal requirement in Japan’s Corporate Act. According to the Act, every large company in the country shall establish an internal control system and issue a public disclosure on the operational result of the system. Where the operation is considered inappropriate, the system shall face an audit. Japan’s Corporate Act categorizes companies in three major groups; companies with board of directors meeting, those without the board, and other companies with committees. It is to specify the responsibility of directors for internal control. The enforcement decree of the Corporation Act specifies matters concerning the compliance management system, for instance directors’ performance of duty shall be in compliance with laws, regulations, and the articles of incorporation. Moreover, FIEA regulates internal control only in terms of corporate accounting, such as reliability of financial reporting. Hence, the definition of internal control suggested by the Corporation Act and FIFA is different from each other and the discrepancy has led to some controversies. Japan reckons internal control as an integrated framework, similar to as suggested by the COSO report of the U.S. issued in 1992. In line with the context of the COSO report, Japan is trying to reflect circumstances of local companies in its legal system. As such, there are some differences in the relevant laws of the U.S. and Japan. The SOX Act of the U.S. largely focuses on financial reporting in regard of internal control, while internal control function is dependent on the monitoring of the board of directors. However, Japan’s Corporate Act mandates large companies and companies with committees to make financial reports on their internal control system as well as ensures the companies lawfully and efficiently perform their business. Korea has broader regul...

회사법상 내부통제제도의 법적 개선방안

이흥붕 중앙대학교 법학연구원 2014 法學論文集 Vol.38 No.2

After a unified concept was formed in the report of COSO, the USA, the most developed country in internal control system throughout the world, based on an independent act which is similar to Model Business Corporation Act (MBCA) and SOX Act, expressly stipulated the basic conditions with regard to internal control amid it, thus strengthening internal control. In contrast, there are not perfect legal provisions on internal control for Korean companies. Korean internal control system is only aimed at financial companies; while general companies have the provisions on internal control in External Audit Act and the contents related to financial reports; law-abiding control criterion and compliance officer system were only listed in the amendment of Commercial Law in April 2011. That is to say, internal control system only exists in Commercial Law, Financial Regulation Law, External Audit Act as well as the provisions of financial supervision organ and the laws and regulations of self-discipline supervision organ dispersedly. The laws related to finance have included internal control criterion and compliance officer system. In the amended Commercial Law, compared with compliance officer system, compliance officer system has been strengthened at the level of internal control in accordance with the laws related to finance. Therefore, different from financial enterprises, general enterprises don’t have all-round control system. The internal control system in listed companies hasn’t been introduced uniformly; while the law-abiding control, financial report (accounting) control and publicity control related to law-abiding volunteers are listed in the provisions of Commercial Law, External Audit Act and exchange respectively and have been implemented; as a result, many problems on low efficiency have been caused. So the internal control system which is contained in various laws including law-abiding control system dispersedly must be stipulated uniformly. However, in the short run, current systems shall be maintained for law-abiding supervisors system for financial enterprises as well as internal accounting control system and compliance officer system in External Audit Act. Nevertheless, in the long run, just as internal control system is not implemented additionally for financial enterprises in Japan and the USA, in view of the provisions of Commercial Law in Korea, a unified form is the best for internal control system. But what is more important is that even if internal control system is improved, it can’t be definitely guaranteed, either. We must realize the important fact that we need to provide reasonable guarantee for internal control system. Therefore, even if we have established internal control system, we still need to make long-term efforts to improve internal control while supervising internal control organ.

주식회사(株式會社)의 내부통제제도(內部統制制度)에 관한 연구

정대 ( Dae Chung ) 연세대학교 법학연구원 글로벌비즈니스와 법센터 2010 연세 글로벌 비즈니스 법학연구 Vol.2 No.1

Internal Control-Integrated Framework of Committee of Sponsoring Organizations of the Treadway Commission was published in U.S. in 1992. In 2004, Enterprise Risk Management-Integrated Framework of Committee of Sponsoring Organizations of the Treadway Commission was published. It can be said that Enterprise Risk Management-Integrated Framework contained and developed concept of internal control. In the context of the making of good corporate governance, it is necessary to reinforce and improve internal control system. A company may greatly suffer damages caused by illegal acts or misconduct of employees or the management. In result, establishment of effective internal control system is greatly necessary from the perspectives of corporate governance structure. In addition, as much emphasis has been placed on corporate social responsibility and socially responsible investment fund recently, the importance of establishment of internal control system has been greatly stressed. The competitiveness of the company will be relatively enhanced in a global market if the internal control system is well established. Because of the continued accounting scandals of Enron Energy, and Worldcom, the Sarbanes-Oxley Act of 2002 was enacted in U.S. The Sarbanes-Oxley Act adopted internal control system. According to the Sarbanes-Oxley Act, large corporations in U.S. should establish internal control system. In Japan, internal control system was introduced under the Corporation Code. In addition, the Financial Products Transaction Code of 2006 contained internal control related to a financial report in order to secure confidence of disclosure information in capital market. The reason is that false evaluation of financial position of large companies and illegal acts and misconduct of employees or the management of large companies were continually found. Furthermore, even in Germany, France, England, and China, large corporations should establish internal control system in order to prevent accounting fraud, misconduct, and illegal acts of employees or the management. In Korea, in respect of internal control, a compliance officer should be employed in case of financial institutions and specific large corporations including financial institutions should establish internal accounting management system. Recently, the Supreme Court judged that a director of large corporations had a duty of internal control in the lawsuits in respect of the accounting scandals of the Daewoo Corporation. Therefore, it can be said that a director of large corporations has a duty to establish internal control system and to monitor internal control system. However, there are not any relevant provisions in respect of internal control under the Commercial Code of Korea. Relevant provisions in respect of internal control, therefore, should be codified under the Commercial Code of Korea as soon as possible. Finally, it is necessary to check out and review internal control system from the viewpoint of enterprise risk management.

회사법상 내부통제제도의 법적 개선방안

이흥붕(LI XING PENG) 중앙대학교 법학연구원 2014 法學論文集 Vol.38 No.2

After a unified concept was formed in the report of COSO, the USA, the most developed country in internal control system throughout the world, based on an independent act which is similar to Model Business Corporation Act (MBCA) and SOX Act, expressly stipulated the basic conditions with regard to internal control amid it, thus strengthening internal control. In contrast, there are not perfect legal provisions on internal control for Korean companies. Korean internal control system is only aimed at financial companies; while general companies have the provisions on internal control in External Audit Act and the contents related to financial reports; law-abiding control criterion and compliance officer system were only listed in the amendment of Commercial Law in April 2011. That is to say, internal control system only exists in Commercial Law, Financial Regulation Law, External Audit Act as well as the provisions of financial supervision organ and the laws and regulations of self-discipline supervision organ dispersedly. The laws related to finance have included internal control criterion and compliance officer system. In the amended Commercial Law, compared with compliance officer system, compliance officer system has been strengthened at the level of internal control in accordance with the laws related to finance. Therefore, different from financial enterprises, general enterprises don't have all-round control system. The internal control system in listed companies hasn't been introduced uniformly; while the law-abiding control, financial report (accounting) control and publicity control related to law-abiding volunteers are listed in the provisions of Commercial Law, External Audit Act and exchange respectively and have been implemented; as a result, many problems on low efficiency have been caused. So the internal control system which is contained in various laws including law-abiding control system dispersedly must be stipulated uniformly. However, in the short run, current systems shall be maintained for law-abiding supervisors system for financial enterprises as well as internal accounting control system and compliance officer system in External Audit Act. Nevertheless, in the long run, just as internal control system is not implemented additionally for financial enterprises in Japan and the USA, in view of the provisions of Commercial Law in Korea, a unified form is the best for internal control system. But what is more important is that even if internal control system is improved, it can't be definitely guaranteed, either. We must realize the important fact that we need to provide reasonable guarantee for internal control system. Therefore, even if we have established internal control system, we still need to make long-term efforts to improve internal control while supervising internal control organ.

이사의 감시의무와 내부통제시스템 - 대법원 2022. 5. 12 선고 2021다279347 판결을 중심으로 -

김경일 대한변호사협회 2023 人權과 正義 : 大韓辯護士協會誌 Vol.- No.511

‘The internal control system principle’ which was imposed to the representative director was introduced in Daewoo ruling in 2008 and was confirmed in the Union Steel ruling in 2021. But it was not clear whether the duty to establish an internal control system would be imposed to independent directors. Recently, the Korean Supreme Court held that an internal control system is imposed to independent directors and all directors have the duty to establish an internal control system, but independent directors have the duty to ask the representative director to establish that in Daewoo Construction ruling(hereafter, this case). But this case did not provide any reasons why the court held like this. This paper reviewed this case and concluded that the court judgement was reasonable according to several reasons. In the Union Steel ruling, the Supreme Court held that ‘the internal accounting management system’ is distinct from the internal control system, so it made it clear that the internal control system is a concept that embraces ② accounting area of COSO report. In the Union Steel ruling and this case, the Supreme Court held that the internal control system is the system enabling the company to identify relevant laws and regulations and manage compliance with those regulations, so it made it clear that the internal control system is targeted to ③ legal compliance area of COSO report. As above, the internal control system is targeted to ②, ③ area according to rulings. This paper reviewed this case and concluded that the court judgement was reasonable according to several reasons. There is a matter whether the internal control system should be also targeted to ‘risk management’ area. But it can be said that it is the matter of legislation. And then it would be necessary to consider enacting a law on the internal control system. It can be said that the importance of the internal control system in large companies has become bigger because of the Union Steel ruling and this case. It is expected that misconducts and wrongdoings in the corporation companies would be previously regulated and prevented through this internal control system 2008년 대우 판결과 2021년 유니온스틸 판결이 대표이사에 대하여 내부통제시스템 구축의무를 설시한 이후, 사외이사에 대하여도 내부통제시스템 구축의무가 부과되는지에 대해서는 명확하지 않았다. 이러한 와중에 대상판결이 사외이사에 대하여도 내부통제시스템 법리를 적용하되, 모든 이사는 내부통제시스템을 구축할 의무가 있다고 판시하면서, 다만 사외이사는 내부통제시스템 구축을 촉구할 의무가 있다고 판시하여 큰 의미를 가진다. 그러나 대상판결은 이러한 판시의 근거에 대하여는 전혀 설시를 하지 아니하여 아쉬움이 남는다. 이 글은 사외이사에 대한 내부통제시스템 법리의 적용여부 및 사외이사의 내부통제의무의 내용과 정도에 관하여 대상판결의 태도가 타당하다는 것을 여러 근거를 들어 살펴보았다. 유니온스틸 판결은 내부통제시스템이 회계관리제도에 국한되는 것이 아니라고 판시하여 COSO 보고서의 ②의 회계영역을 포괄하는 개념이라고 설시하였고, 유니온스틸 판결과 대상판결은 내부통제시스템이 제반 법규를 체계적으로 파악하여 그 준수 여부를 관리할 있는 시스템이라고 판시하여 ③의 준법영역을 대상으로 한다는 것을 설시하였다. 이처럼 판례는 ②와 ③의 영역만 내부통제시스템의 대상으로 하고 있는바, 이 글은 이러한 판례의 태도가 타당하다는 것을 여러 근거를 들어 살펴보았다. 위험관리(risk management) 영역까지 대상으로 하여야 하는지의 문제는 입법론으로 다루어지는 것이 타당하다고 할 수 있다. 이어서 내부통제시스템 구축의무에 관하여 법적근거를 마련하여 그 내용을 명확히 하는 것에 대하여 고려해볼 필요가 있다는 점을 살펴보았다. 내부통제시스템 법리는 고도로 분업화되고 전문화된 대규모회사의 경우에는 이사가 다른 대표이사나 업무담당이사의 업무집행을 정확하게 파악하는 것 자체가 어려운 상황이어서, 내부통제시스템을 구축·운용하는 방식으로 이사의 감시의무를 이행할 수밖에 없다는 점에서 나온 것임을 고려하면, 법제화할 경우 그 대상회사는 우선 이러한 고도로 분업화·전문화된 대규모회사로 설정하는 방안을 생각할 수 있을 것이다. 일본 회사법은 이사회가 내부통제시스템의 대강을 결정하면 충분하고, 구체적인 체제의 정비에 대해서는 각 이사에게 위임할 수 있도록 하여 모든 기업에 대한 획일적인 내부통제시스템이 되지 않도록 하였는바, 이러한 규정방식을 우리나라 입법논의에서 참고할 수 있을 것이다. 최근 유니온스틸 판결에 이은 대상판결로 인해, 우리나라 대규모회사에서 내부통제시스템이 갖는 중요성이 더욱 커지게 되었다고 할 수 있다. 이러한 내부통제시스템을 통해 기업에서의 위법행위나 부정행위가 기업 내부적으로 사전에 규제되어 방지될 것이 기대된다.

基于治理结构完善公司内控规范問題研究: 韩国公司内控制度建设经验引发的思考

최순희 한국회계정책학회 2012 회계와 정책연구 Vol.17 No.1

This paper aims to provide suggestions on corporate internal control system in China by analyzing corporate internal control system and internal accounting control system in Korea which were adopted during financial crisis in late nineties. This paper summarizes two points from Korea’s experience in establishing internal control system. First, the adoption of corporate internal control system and internal accounting control system in Korea aimed at improving firms’ corporate governance. Second, Korea’s corporate internal system is designed to coincide with characteristics of firms’ corporate governance, which contributes to transparency of firms’ management and accounting information by establishing clear-cut lines of authority and responsibility of board of directors, directors, internal audit committee in overall process of system’s design, operation, evaluation and reporting. Further, this paper provides suggestions on China’s corporate governance. It is suggested that firms improve their corporate governance according to different characteristics between state-owned firms and private firms. It is also suggested the internal control system clarify the responsibility of board of directors, directors and the person in charge of internal control system, since the current internal control system in China disregards the importance of internal control system in corporate governance. 本文在分析韩国公司内控制度及内部会计管理制度建设经验的基础上探讨了改善我国企业内控制度问题。本文首先分析了韩国建设公司内部控制规范及公司内部会计管理规范的经验,其经验就是先行了公司治理结构的改善,在此基础上根据公司治理结构的特点在制度设计、运行、评价、报告等全过程明确规定公司董事会,董事长、常务董事、内部审计委员会以及内部会计制度责任人的责任和权利,以保证了企业经营及会计信息的透明度。紧接着,论文分析了中国企业治理结构存在的问题,并提出了改善企业内部控制制度的方案。我国现行企业内控制度规范是以经营者责任为中心的,这就忽略了企业内部控制规范的核心问题就是企业治理结构。我国企业内部控制规范必须明确董事会、董事长、常务董事、内部审计委员会以及企业内部控制制度负责人的责任和权力。

내부회계관리제도 운영에 대한 연구 동향 : 내부회계관리제도 운영효과를 중심으로

신상훈 ( Sang Hoon Shin ),김선미 ( Seon Mi Kim ),유승원 ( Seung Weon Yoo ) 한국회계학회 2021 회계저널 Vol.30 No.6

최근 회계정보의 투명성 제고를 위한 내·외부감사 환경이 급격하게 변화하고 있다. 특히, 기업의 신뢰성 있는 회계정보 공시는 내부통제 측면에서 적절한 내부회계관리규정과 이를 관리·운영하는 내부감사조직 운영을 통해 달성 할 수 있을 것이다. 2018년 11월 개정된 新외감법에 따라 내부회계관리제도에 대한 인증수준이 감사로 상향되는 현 시점에서 국내기업 내부통제 운영과 그 설계 효과성에 대한 선행연구를 재검토 하고 앞으로의 연구 방향을 제시하고자 한다. 본 연구는 내부회계관리제도 운영보고서 내용을 바탕으로 내부회계 관련 법안이 최초로 논의된 2001년에서 2021년 현재까지 국내 회계학 학술지와 연구보고서 등에 게재된 선행연구들을 바탕으로 한다. 기존 연구는 내부회계관리제도 운영과 관련하여 내부회계 인력구성과 그 영향, 감사위원회 특성, 내부회계관리제도 검토와 관련된 연구가 중점적으로 이루어졌다. 일부 연구보고서들은 新외감법 도입 이후 비적정 감사의견을 받은 기업의 수가 크게 증가하지 않고 있음을 제시하기도 했다. 그러나 내부회계관리제도에 대한 감사의견 제시, 대표자 책임강화 등과 관련된 新외감법 도입과 그 영향에 대한 연구는 아직 미흡하다. 또한, 내부회계관리제도 인력현황과 관련된 부분에서도 내부회계담당인력에 대한 분석이 주를 이루며, 내부회계 지원조직과 전담 부서 등이 회계정보 작성과 공시 신뢰성 등에 미치는 연구 역시 부족한 실정이다. 이에 내부회계관리제도 확대 도입을 앞둔 시점에서 내부회계관리제도의 효율적 운영과 그 실효성 방안을 논의하기 위해서는 기존 문헌검토를 살펴보고 종합적인 관점에서 추가적인 분석이 수행되어야 할 것이다. 이를 통해, 내부회계관리제도 운영·평가에 대한 새로운 관점을 제공하고 내부통제담당자, 감사(위원회), 그리고 관계 당국에도 제도 개선 관점에서 중요한 시사점을 제공할 것이다. This paper investigates the trends in literature review on the internal accounting control system. Recently, the environment of internal and external control is rapidly changing to enhance the transparency of accounting information. In particular, firms might disclosure reliable accounting information through appropriate internal control system and their operation of an internal control system. At the time when the level of certification for internal control system raised to audit after the New External Audit Act amended in November 2018, we review previous studies on whether the operation of internal control of domestic companies and their design effectiveness can be achieved, and we would like to suggest a research direction. This study is based on previous studies published in domestic accounting journals and research reports from 2001 to 2021, when the internal accounting-related legislation was first discussed. Existing studies focused on the internal accounting control system, employees composition in internal control department and its impact, the characteristics of the audit committee, and the review of the internal accounting control system. Therefore, it is necessary to review the existing literature and perform additional analysis from a comprehensive perspective, in order to discuss the effective operation of the internal accounting control system. It will provide a new perspective on the operation and evaluation of the internal accounting control system. we can provide important implications for system improvement to internal control officers, auditors (audit committee), and related authorities.

금융회사의 내부통제제도에 관한 연구 - 규제체계의 문제점과 입법적 개선을 중심으로 -

정준아 한국경제법학회 2022 경제법연구 Vol.21 No.2

More than 20 years have passed since the introduction of the internal control system for financial firms, financial accidents caused by neglect of internal control continue to occur. In particular, in 2019, a large-scale mis-selling of private equity funds involving major banks and securities firms took place, and the financial supervisory authorities imposed sanctions. In the process, there was a sharp controversy over the interpretation of the obligation to establish internal control standards under the Act on Corporate Governance of Financial Companies(hereinafter reffered to as the “Governance Act”). Such series of events stemmed from the overly formal internal control regulation system of the Governance Act. Accordingly, this study examined the current status of the internal control system under the Governance Act and its problems, and reviewed the concept of internal control, the internal control system of foreign countries, and the attitude of recent precedents, and proposed reasonable legislative improvement measures for the internal control system under the Governance Act. The Governance Act needs to be improved by (i) establishing a provision on the definition of the “internal control system,” (ii) imposing the “obligation to establish a reasonable internal control system and to faithfully operate it” on financial companies, (iii) re-establishing the roles of each internal control entity based on the COSO’s 3rd line of defense model, and specifying the role of the representative director in the Governance Act, and (iv) specifying that only officers may be sanctioned in the event of a material outcome due to failure of internal control. 금융회사에 대한 내부통제제도가 금융업법에 도입된 지 20여년이 경과하였음에도 금융회사내 내부통제 소홀에 따른 금융사고가 지속적으로 발생하고 있다. 특히, 2019년에는 시중 주요 은행과 증권회사들이 관련된 대규모 사모펀드 불완전판매 사건이 발생하여 금융감독당국의 제재절차가 진행되었는데, 금융회사의 지배구조에 관한 법률(이하 “지배구조법”이라 함)상 내부통제기준 마련의무의 해석과 적용을 둘러싸고 첨예한 논란이 발생하였다. 이에 현재 관련 행정소송이 진행되고 있는데, 이러한 일련의 사태는 지배구조법의 지나치게 형식적인 내부통제 규제체계에서 비롯되었다고 할 것이다. 따라서 본 연구는 지배구조법상 내부통제제도의 규제체계 현황과 그에 따른 문제점을 살펴본 후, COSO보고서를 통한 내부통제의 개념과 외국의 내부통제제도 및 내부통제 관련 최근 판례의 태도 등을 검토하여 지배구조법상 내부통제제도의 합리적인 입법적 개선 방안을 제시하고자 하였다. 지배구조법의 개선은, ⅰ) COSO가 제시한 내부통제 개념 등을 반영한 “내부통제시스템”에 대한 정의 조항을 신설하여 내부통제 본연의 목적과 본질을 강조하고, ⅱ) 금융회사에 대한 현행 “내부통제기준 마련의무”를 “합리적인 내부통제시스템의 구축 및 성실한 운영의무”로 전환하여 금융회사의 내부통제가 통합체계로서 실질적으로 기능할 수 있도록 하는 것이 바람직하다. 또한, ⅲ) COSO의 3차 방어선 모형에 따라 내부통제 주체별 역할을 재정립하고, 특히 논란이 많은 대표이사의 역할에 대한 혼란을 해소하기 위해 지배구조법령에 “대표이사는 이사회가 정한 바에 따라 구체적으로 내부통제시스템을 구축하고 운영할 책임을 진다”는 점을 명시할 필요가 있다. 한편, ⅳ) 지배구조법상 내부통제제도를 내부통제시스템의 구축과 운영으로 확대함에 따라 발생할 수 있는 제재 남용의 우려를 해소하기 위해 내부통제 실패에 따른 제재는 중대한 결과가 발생한 경우 임원 위주로 이루어질 수 있도록 지배구조법 별표에 제재 사유와 대상을 한정하여 명시하는 것이 바람직하다.

준법 및 윤리 경영을 위한 내부통제의 새로운 과제 : 사기, 사이버 위험 등의 집중 관리 및 기업집단의 내부통제체제를 중심으로

박세화 법무부 2017 선진상사법률연구 Vol.- No.79

2000년대 초반부터 내부통제가 상사법의 주요한 주제로서 많은 연구가 있어 왔고 입법적 성과도 적지 않았다. 상법상의 준법지원인제도・금융회사의 지배구조에 관한 법률상의 준법감시인 및 위험관리책임자 제도・주식회사 외부감사에 관한 법률의 내부회계관리제도 등의 대표적 내부통제 관련 법제만 보아도 그 동안 우리의 노력을 알 수 있다. 그러나 이러한 외형상 발전과는 달리 아직도 많은 기업들이 내부통제에 대한 이해부족으로 어려움을 겪고 있고 통일적이고 체계적인 법제 정비의 필요성이 지속적으로 제기되고 있기도 하다. 그리고 기업들의 선택의 폭을 넓히려는 사회적 노력도 여전히 부족하다는 지적도 적지 않다. 이 글에서는 경제민주화라는 새로운 시대정신을 구현하는 하나의 작은 노력으로, 기업들이 직면하고 있는 새로운 도전 들을 내부통제라는 방식을 통하여 해소해보기로 하고 이를 위해 몇 가지 관련 주제를 검토해 보았다. 내부통제를 통하여 윤리적 경영태도를 제도적으로 보장 해가는 문제, 내부통제설계에 있어서 소규모 기업들에 대한 배려, 사기의 예방 및 대처에 중점을 둔 내부통제 프레임, 빠르고 동시에 광범위하게 공격해오는 사이버 위험에 대한 내부통제의 대응, 체계화된 다중 방어선을 통한 빈틈없는 위험방어라인 구성, 기업집단을 위한 연합 내부통제체제의 모색 등이 그 것이다. 필자는 윤리경영을 준법경영과 대등한 위치에 놓고 내부통제체제를 구축할 필요가 있다는 어찌 보면 당연하고 평범한 진리를 다시 한번 생각해 보고자 한다. 또한 모든 내부통제모델에서 이사들이 체제의 구축과 운용에 있어 정점에 있으며 궁극적인 책임자의 지위에 있음을 주시시키고 확인하기 위하여 여러 내부통제 프레임의 설계와 운용상의 쟁점들을 살피면서 이 원칙을 비중 있게 다루었다. 또한 사기 등의 기업범죄의 충격이 기업에 미치는 영향이 매우 크기 때문에 ‘사기관리 집중형 내부통제프레임’의 구축 필요성을 역설하고 그 프레임이 갖추어야 하는 특성을 살펴보았다. 또한 수준 높고 빈틈없는 위험관리체제의 한 모델로서 COSO 리포트가 소개하고 있는 ‘세 가지 방어라인(The Three Lines of Defense)’을 상세히 소개했다. 그리고 사이버 공격이 기업업무의 전 영역에 걸쳐 첨단 IT기법으로 이루어지고 있기 때문에 사이버 위험의 사전・사후 관리절차에 관하여도 적지 않은 지면을 할애 하였다. 마지막으로 기업집단에 있어서 지배회사가 설계해야하는 확장된 내부통제모델을 상정하여 보았는데, 일본회사법과 같이 입법으로 이 문제를 해결하지 못한 우리가 현행법하에서 어떤 법리를 근거로 기업집단 구성회사 상호간 조화로운 기업집단 내부통제체제를 실현하도록 유도해 갈수 있을까? 를 탐색해 보았다. The COSO(Committee of Sponsoring Organizations of the Treadway Commission) has provided thought leadership to companies through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence after 1992. Today, our companies face various management risks and want the internal control system to manage them efficiently. This paper describes several tasks for internal control systems that correspond to the changing business environment. They are issues of Realizing corporate ethics through internal control systems, Emphasizing the role of the Board of Directors in internal control system, Prevention of fraud - focused internal control system, Cyber risk protection internal control system, Integration internal control system for conglomerate, and so on. Also this article introduces "the Three Lines of Defense" model of COSO in detail for helping companies to build internal control systems. Especially considering the weakness of our legislative system, which is not mandatory for the establishment of conglomerate internal control system, this paper explores how to establish an obligation to establish internal control systems of corporate groups through interpretation of current commercial law. And this article highlights the importance of systematic legislation of internal control and the provision of various internal control management models. Through this paper, we can certainly see that the internal control system is the self-checking system for corporate risk management. Through this thesis, I urge our companies to reconsider the meaning and utility of internal control and adopt an aggressive attitude toward establishing and operating internal control system. And this thesis is implicit that we need to keep in mind that internal controls can be achieved only when everyone in our community cares about it.