Auditing Section Research Summaries Space

A Database of Auditing Research - Building Bridges with Practice

This is a public Custom Hive  public

Posts

  • Jennifer M Mueller-Phillips
    Auditor Reporting under Section 404: The Association between...
    research summary posted July 29, 2015 by Jennifer M Mueller-Phillips, tagged 06.0 Risk and Risk Management, Including Fraud Risk, 06.09 Litigation Risk, 07.0 Internal Control, 07.03 Reporting Material Weaknesses, 07.05 Impact of 404 on Fees and Financial Reporting Quality, 12.0 Accountants’ Reports and Reporting, 12.06 Consequences of Adverse 404 Opinions 
    Title:
    Auditor Reporting under Section 404: The Association between the Internal Control and Going Concern Audit Opinions.
    Practical Implications:

    The uncertainties surrounding material weaknesses, the difficulty of auditing around some types of weaknesses, and the fact that the auditor must explain why it issued a clean report on the financial statements when it had issued a MWO, may cause the auditor to become conservative in its GCO decision, which is fairly ambiguous to start with. The study has particular relevance for policy makers and a need for a broader evaluation of the effects of SOX 404.

    Citation:

    Goh, B. W., Krishnan, J., & Li, D. 2013. Auditor Reporting under Section 404: The Association between the Internal Control and Going Concern Audit Opinions. Contemporary Accounting Research 30 (3): 970-995.

    Keywords:
    internal control, going concern, material weakness, ligation risk, SOX 404
    Purpose of the Study:

    Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) requires companies’ independent auditors to provide an opinion on their clients’ internal control over financial reporting, in addition to the opinion on their clients’ financial. The purpose of Section 404 was primarily to provide information on the internal controls, thus enhancing investor understanding of the quality of firms’ financial reporting. The PCAOB also issued AS2 and AS5, which require an “integrated audit of internal control and financial statements” because the “objectives of and work involved in performing both an attestation of management’s assessment of internal control and an audit of the financial statements are closely interrelated.

    In this paper, the authors explore the association between the two audit opinions by examining whether the issuance of an adverse internal control material weakness opinion (MWO) influences, other things equal, the issuance of a going concern audit opinion (GCO) for financially stressed companies. Although the two opinions are the result of an integrated audit process, they serve different purposes. The GCO reflects the auditor’s view of the financial condition of its client, indicating whether (in the auditor’s opinion) the client will continue to be a going concern for a period of 12 months beyond the financial year end. The MWO reflects the auditor’s opinion on whether there are material weaknesses in internal control and therefore the likelihood that material misstatements in the financial statements will not be detected or prevented. Despite this difference, the two opinions could be connected.

    Design/Method/ Approach:

    The authors examine the association between the MWO and the GCO, using a sample of 1,110 financially stressed firms that reported internal control and audit opinions under SOX Section 404. They start with all public firms on COMPUSTAT with year-ends from 2004 to 2009, for which the authors could compute the Altman financial distress Z-score.  

    Findings:
    • The results suggest that the MWO issued under SOX Section 404 does increase the likelihood of a GCO, while the existence of material weaknesses in the Section 302 disclosures does not. Thus, auditors seem to respond to the uncertainties surrounding a material weakness by issuing a GCO only when they have to issue a MWO.
    • Fifty-six percent of the material weaknesses are classified as company-level weaknesses.
    • If an auditor is aware that the client is in the process of remediating the weakness, it is less likely to issue a GCO.
    • Firms with MWOs raise less capital in the subsequent financial year than firms without
      MWOs, providing some evidence that the issuance of a MWO does impair the firm’s ability to raise capital.
    • To examine whether it is the material weakness opinion rather than the presence of the material weakness that drives auditor behavior, the authors examine whether Section 302 material weakness disclosures are similarly associated with the GCO, but find no association.
    • Heightened concerns about litigation may be driving auditors to issue the GCO when they also issue a MWO.
    Category:
    Accountants' Reporting, Internal Control, Risk & Risk Management - Including Fraud Risk
    Sub-category:
    Consequences of Adverse 404 Opinions, Impact of 404 on Fees and Financial Reporting Quality, Litigation Risk, Reporting Material Weaknesses
  • Jennifer M Mueller-Phillips
    Auditors’ Internal Controls over Financial Reporting D...
    research summary posted December 1, 2014 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.04 Impact of 404, 07.0 Internal Control, 07.01 Scope of Testing 
    Title:
    Auditors’ Internal Controls over Financial Reporting Decisions: Analysis, Synthesis, and Research Directions
    Practical Implications:

    In the planning phase, the PCAOB and key stakeholders should consider developing an ICOFR audit risk model to serve as a conceptual planning and evaluative model. Audit firms should pay attention to aligning auditors’ skill sets to their task assignments and employ other mechanisms that encourage consultations.

    Scoping decisions remain underexplored. Nevertheless, anecdotal evidence suggests that auditors may be cognitively wired to scope some types of ELCs but not others. Firms may consider the interactions between auditors and client personnel that explain the tendency for auditors to evaluate only the ELCs scoped by the client.

    Audit firms should pay special attention to how audit teams design testing plans to test ELCs that are not easily tested by attribute sampling methods (e.g., management philosophy and operating style). This is necessary to address concerns by PCAOB inspections that some auditors identified ELCs that appeared to be designed to operate with a high degree of precision, but failed to obtain sufficient audit evidence of their operating effectiveness.

    In the evaluation phase, firms should consider mechanisms that can help auditors “imagine what could go wrong where nothing wrong has happened.” Examples of such mechanisms include restructuring the task (e.g., documentation, decomposition of the task, or requirements to list what could go wrong). In the reporting phase, firms should consider having a requirement to specifically require auditors to consider the needs of a prudent official. This requirement may be a countervailing check on their detection and disclosure incentives.

    For more information on this study, please contact Stephen K. Asare.

    Citation:

    Asare, S. A., B. C. Fitzgerald, L. E. Graham, J. R. Joe, E. M. Negangard, and C. J. Wolfe. 2013. Auditors’ Internal Controls over Financial Reporting Decisions: Analysis, Synthesis, and Research Directions. Auditing: A Journal of Practice and Theory 32 (sp1): 131-166.

    Keywords:
    Auditor judgment and decision-making; internal controls; Sarbanes-Oxley Act; literature synthesis; standard setting
    Purpose of the Study:

    This paper synthesizes the literature on auditors’ evaluation of and reporting on companies’ internal control over financial reporting (ICOFR) as required by the Sarbanes-Oxley Act (SOX). The purpose of the synthesis is (1) to provide stakeholders with information on how, and how well, auditors perform the ICOFR task; (2) to highlight implementation issues related to auditors’ application of the ICOFR standard and empirical findings related to regulatory concerns; (3) to identify gaps in the existing accounting literature and fruitful areas of future research; and (4) to stimulate additional research focusing on important regulatory areas as well as understanding and improving auditors’ ICOFR decisions.

    Design/Method/ Approach:

    The authors develop a framework to organize the literature on post-SOX ICOFR research. The framework suggests that there are five phases of the ICOFR audit: (1) planning; (2) scoping; (3) testing; (4) evaluation; and (5) reporting. It also suggests that auditors’ performance on the tasks within each phase are affected by (a) the auditor’s attributes, (b) the client’s attributes, (c) the interaction between the auditor and the client, (d) task attributes, and (e) environmental attributes. Following the framework, the authors describe and evaluate auditors’ performance on the specific tasks within each phase of the ICOFR audit. They end their analysis of each phase with a brief summary of the findings, discussion of the under-studied performance determinants, and suggestions for future research.

    Findings:

    Key takeaways from the synthesis paper include the following:

    • In the planning phase, there is an absence of a generally agreed upon ICOFR audit risk model akin to the audit risk model used in the audit of the financial statements. Auditors are not fully aware of the risks in complex enterprise resource planning systems, may be overconfident in their ability to assess risks in this setting, and are reluctant to seek consultation from computer assurance specialists.
    • The evidence from the studies on scoping suggests that the more prescription-oriented Auditing Standard No. 2 induced inefficiencies, some of which have been eliminated by the risk-based scoping prescribed by Auditing Standard No. 5. Further, there is evidence that management trustworthiness and investment in monitoring controls affect scoping decisions.
    • Auditors’ experience, knowledge, and training enhance testing strategies. However, providing auditors with client-prepared documentation before they make an independent assessment can hinder their ability to evaluate internal controls.
    • In the evaluation phase, auditors’ severity assessments are unduly influenced by the absence of a misstatement.
    • In the reporting phase, detection and disclosure incentives play a role in whether existing material weaknesses are reported.
    • The article includes a summary of the authors’ findings related to the Public Company Accounting Oversight Board (PCAOB) staff’s stated interest in the auditor’s testing of entity-level controls (ELCs), multi-location scoping, and the effect of compensating controls on the evaluation of identified control deficiencies.
    • Proposed areas of research related to the audit of ICOFR likely to influence future regulation are presented.
    Category:
    Internal Control, Standard Setting
    Sub-category:
    Impact of 404, Scope of Testing
  • Jennifer M Mueller-Phillips
    Changes in Corporate Governance Associated with the...
    research summary posted October 24, 2013 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.03 Reporting Material Weaknesses, 07.04 Assessing Remediation of Weaknesses, 13.0 Governance, 13.01 Board/Audit Committee Composition 
    Title:
    Changes in Corporate Governance Associated with the Revelation of Internal Control Material Weaknesses and Their Subsequent Remediation
    Practical Implications:

    The results of this study support the audit committee regulations under SOX and the board independence regulations of the listing exchanges. These results are important to regulators as they show that improvements in audit committee influence, competence, and incentives are each positively associated with ICMW remediation. In addition, the results reveal that improvements in these audit committee characteristics are most strongly associated with the remediation of ICMWs relating to control activities and monitoring, but not to ICMWs across the other COSO categories. Lastly, the results are important to management as they highlight the importance of hands-on day-to-day leadership by management in addressing situations involving the revelation and remediation of material negative events.

    For more information on this study, please contact Karla Johnstone.
     

    Citation:

    Johnstone, K., C. Li, and K. H. Rupley. 2011. Changes in Corporate Governance Associated with the Revelation of Internal Control Material Weaknesses and Their Subsequent Remediation.  Contemporary Accounting Research 28 (1):  331-383. 

    Keywords:
    internal controls; material weaknesses; corporate governance; materiality; remediation.
    Purpose of the Study:

    Section 404 of the SOX requires public firms and their external auditors to report on the effectiveness of firms’ internal controls over financial reporting (ICOFR) or to reveal the presence of internal control material weaknesses (ICMWs). Other sections in SOX and listing requirements of the NYSE and NASDAQ also contain regulations intended to improve the conduct and oversight of boards of directors, audit committees, and top management. The purpose of this paper is to propose and test a conceptual model of the process that firms use to remediate negative events in general, and ICMWs specifically, with a focus on the role of governance structure changes (including turnover of and improvements in the characteristics of boards of directors, audit committees, and top management). Specifically, the authors examine what actions companies take in changing corporate governance in an attempt to regain equilibrium upon occurrence of a negative event and how do these changes impact the likelihood that a material weakness is remediated.

    Design/Method/ Approach:

    The authors utilize a conceptual model which includes two primary phases, the first of which concerns the association between the disclosure of ICMWs and turnover of boards of directors, audit committees, and top management. The second phase of the model concerns the association between the remediation of ICMWs and both outright turnover of and changes in the particular characteristics of boards of directors, audit committees, and top management. The first phase utilizes an ICMW sample of firms with December fiscal year ends from 2004 through 2007 that report ICMWs in their SOX Section 404 reports and a control sample which received unqualified SOX 404 Reports and examines the association between ICMW disclosure and governance changes. The second model utilizes a similar sample, but only includes firms which disclose ICMWs in 2004-2006 as it is required that firms need a year to remediate.  This second model estimates the association between ICMW and governance structure changes.

    Findings:
    • The authors find that that the disclosure of ICMWs is positively associated with subsequent turnover of members of boards of directors, audit committees, and top management, including both CEOs and CFOs. As such, the authors infer that the incentives to make significant structural changes in governance following the revelation of an ICMW appear to outweigh the disincentives, and firms revealing an ICMW act in a similar manner to firms revealing other material negative events such as fraud or restatements.
    • Furthermore, the authors show that remediation is positively associated with turnover of audit committee members, but not turnover of board members, CEOs, or CFOs.
    • Additionally, the results reveal that ICMW remediation is positively associated with an increase in the proportion of independent directors on the board, an increase in the percentage of independent directors who also serve on other boards, changes involving having an audit committee member chairing the board, improvements in audit committee member financial expertise, an increase in the percentage of shareholdings of audit committee members, changes toward CFOs with greater accounting expertise, greater CFO-specific work experience, and improvements in CEO reputation.
    • Lastly, the results reveal that ICMW remediation is negatively associated with a greater number of ICMWs and the presence of general ICMWs (those having pervasive effects on financial reporting) rather than specific ICMWs.
       
    Category:
    Governance, Internal Control
    Sub-category:
    Assessing Remediation of Weaknesses, Board/Audit Committee Composition, Reporting Material Weaknesses
  • Jennifer M Mueller-Phillips
    Detection and Severity Classifications of Sarbanes-Oxley...
    research summary posted October 24, 2013 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.04 Impact of 404, 07.0 Internal Control, 07.02 Assessing Material Weaknesses, 07.04 Assessing Remediation of Weaknesses 
    Title:
    Detection and Severity Classifications of Sarbanes-Oxley Section 404 Internal Control Deficiencies
    Practical Implications:

    The results of this study support the value of auditor involvement at two stages of the ICFR assessment process (detection and classification), and contribute to understanding of factors associated with client and auditor performance in both stages. The study also provides direct evidence on the “yield” of detection methods used by auditors. This issue is at the heart of the debate on the value of auditor involvement in assessing and testing internal controls. Lastly, the findings of this study imply that the recent exemption of Section 404(b) for smaller U.S. public companies could result in failure to fully realize potential improvements in financial reporting quality in that sector of the market.

    For more information on this study, please contact Jean Bedard.
     

    Citation:

    Bedard, J. C. and L. Graham. 2011. Detection and Severity Classifications of Sarbanes-Oxley Section 404 Internal Control Deficiencies.  The Accounting Review 86 (3):  825-855. 

    Keywords:
    internal controls; Sarbanes-Oxley Section 404; risk assessment; materiality
    Purpose of the Study:

    In the aftermath of large company failures (Enron and WorldCom), Congress enacted the Sarbanes-Oxley Act (SOX) and, more specifically, Section 404 to improve the reliability of information provided by public companies to the financial markets by requiring company management and auditors to test internal control over financial reporting (ICFR) and to disclose severe control flaws that are not remediated as of the balance sheet date. Prior research uses publicly available annual report data to distinguish characteristics of companies disclosing ineffective controls (i.e., at least one MW) under Section 404, or quarterly management reports under Section 302  but does not address the full extent of detected control flaws, how those problems are detected, or how auditors determine which problems are disclosed. This study extends prior research and investigates detection and severity classification of internal control deficiencies (ICD) under Section 404 to determine (1) the relative contribution of clients and auditors to ICD detection and (2) the factors are associated with the auditor’s severity classifications of detected ICD.

    Design/Method/ Approach:

    The authors obtained proprietary data from several large audit firms, under confidentiality agreements that limit the ability of the authors to results separate results by firm or firm size. The authors asked that each firm randomly select from 2004–2005 engagements of smaller accelerated filers (with revenues of about $1 billion or less) in non-regulated industries allowing them to increase generalizability to the large number of U.S. public companies. Contact personnel from participating firms helped the authors develop a spreadsheet to be completed by engagement teams, containing both company-level and control-level information. The authors first examine the overall percentage of ICD detected by clients/auditors and also model the factors associated with likelihood of client detection. In addition, because auditors are sometimes aware of the client’s preliminary classification of ICD, the authors test whether auditors override those classifications by judging ICD to be more severe. Lastly, the authors test expectations regarding factors associated with severity classification of ICD.

    Findings:
    • The authors find that clients detect fewer ICD than auditors, and are less likely to detect severe and pervasive ICD and therefore infer that many of the control flaws most likely to affect financial reporting would not be found in a client-driven process such as Section 302.
    • Furthermore, the analysis shows that the use of a large accounting firm consultant for Section 404(a) work is associated with improved client detection
    • The authors find that control tests provide initial evidence on a large proportion of ICD, including most MW and entity-level problems viewed as more serious by financial report users which affirms auditors’ Section 404 control testing as an important source of detecting control deficiencies.
    • The authors find that clients tend to classify ICD as less severe, but auditors frequently override those classifications.
    • Lastly, the authors find higher severity associated with:
    1. greater knowledge and independence in the client’s Section 404(a) process;
    2. more objective evidence (e.g., an existing misstatement);
    3. control flaws other than documentation problems (e.g., inappropriate design);
    4. certain types of entity-level ICD (e.g.,  Control Environment);
    5. certain types of account-specific ICD (revenue and tax), consistent with the regulatory climate of the period.
       
    Category:
    Internal Control, Standard Setting
    Sub-category:
    Assessing Material Weaknesses, Impact of 404 on Fees and Financial Reporting Quality, Impact of 404
  • Jennifer M Mueller-Phillips
    Determinants of the Persistence of Internal Control...
    research summary posted October 31, 2013 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.05 Impact of SOX, 07.0 Internal Control, 07.04 Assessing Remediation of Weaknesses 
    Title:
    Determinants of the Persistence of Internal Control Weaknesses
    Practical Implications:

    Effective corporate governance of both the IT and non-IT domains is pivotal in establishing and maintaining strong internal controls over financial reporting. While credit agencies examine entity-level deficiencies as a possible indicator for downgrading a firm’s rating, account-level deficiencies are associated with long-term effects on internal control as well.

    Consideration of the types of MWs and the specific underlying deficiencies should be important to interested stakeholders: auditors, as they assess and evaluate risk and controls; rating agencies, as they evaluate credit worthiness; investors and analysts, as they evaluate the value of the firm; and management and audit committees, as they consider investments in controls.

    For more information on this study, please contact Marcia Weidenmier Watson.
     

    Citation:

    Klamm, B. K., K. W. Kobelsky, and M. W. Watson. Determinants of the Persistence of Internal Control Weaknesses. Accounting Horizons 26 (2): 307-333.

    Keywords:
    Sarbanes-Oxley Act of 2002; internal controls; information technology
    Purpose of the Study:

    This paper analyzes the degree to which material weaknesses (MWs) in internal control reported under the Sarbanes-Oxley Act of 2002 (SOX) affect the future reporting of MWs.

    Design/Method/ Approach:
    • The authors use SOX 404 reports filed between September 20, 2004, and December 31, 2009.
    • The authors examine information technology (IT) and non-IT MWs and their breakdown into specific IT-related entity-level, non-IT-related entity-level, and account-level deficiencies. They then examine the relationship of all of these to: (1) the future number of MWs and (2) the future number of years with an ineffective internal control report.
       
    Findings:
    • The presence and number of MW’s (IT and non-IT) deficiencies are all positively related to the future number of MWs as well as the future number of years in which MWs are reported.
    • Firms reporting account-level (non-IT entity-level) deficiencies have 129 percent (192) more future MWs than firms not reporting that type of control deficiency.
    • Firms reporting an IT entity-level control deficiency also report 127 percent more future MWs than firms not reporting that type of deficiency.
    • The presence of specific entity-level deficiencies relating to training, senior management, and IT control environment in the first year reporting a MW are associated with the future reporting of MWs.
    • The presence of an IT control environment deficiency has the largest effect of all deficiencies, so that firms reporting it have nearly twice as many future MWs and take 56 percent longer to fully resolve MWs than other firms.
    • The analyses also reveal a negative relation between the future number of years of MWs and Big 6 auditor affiliation and ROA, indicating that auditor expertise, as well as financial resources, helps a firm eliminate MWs more quickly.
    • There is also a positive relation between complexity, as measured by the number of firm operating segments and acquisitions, and future MWs, indicating that firms with greater scope face a greater challenge in eliminating control weaknesses.
       
    Category:
    Internal Control, Standard Setting
    Sub-category:
    Assessing Remediation of Weaknesses, Impact of SOX
  • The Auditing Section
    Discussion of “Internal Audit Sourcing Arrangement and the E...
    research summary posted May 7, 2012 by The Auditing Section, tagged 07.0 Internal Control, 07.01 Scope of Testing, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting 
    Title:
    Discussion of “Internal Audit Sourcing Arrangement and the External Auditor’s Reliance Decision”
    Practical Implications:

    The points noted below suggest some limitations in Glover, Prawitt & Wood (2008) article. However, Messier acknowledges that the article provides insight on some factors that might affect the external auditors’ reliance decisions under AS 5.

    Citation:

    Messier, W. F. 2008. Internal Audit Sourcing Arrangement and the External Auditor’s Reliance Decision. Contemporary Accounting Research 25 (1) 215-218.

    Purpose of the Study:

    This is a discussion of the Glover et al. article (2008). The comments are based on Messier’s comments provided during the 2006 Contemporary Accounting Research Conference.

    Findings:
    • Glover, Prawitt, & Wood (2008) used a first-year audit scenario for their experiment. Messier suggests that auditors are more conservative in first-year audits. This conservative nature may have caused the auditors (participants) to assess the internal audit work as relatively low in terms of reliability. 
    • Messier suggests that the evaluation of “task subjectivity” may be confounded with the auditors’ consideration of the type of work performed, in accordance with SAS No. 65. (The “objective task” was control testing; the “subjective task” was inventory valuation.) This may limit the implications for the findings related to task objectivity/subjectivity, noted above.
    Category:
    Internal Control, Governance
    Sub-category:
    Scope of Testing, Internal auditor role and involvement in controls and reporting
    Home:
    home button
  • Jennifer M Mueller-Phillips
    Do SOX 404 Control Audits and Management Assessments Improve...
    research summary posted September 13, 2016 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.05 Impact of 404 on Fees and Financial Reporting Quality 
    Title:
    Do SOX 404 Control Audits and Management Assessments Improve Overall Internal Control System Quality?
    Practical Implications:

     The authors’ findings are important because they indicate that AS5 may be less effective at improving ICQ than AS2 and provides some evidence that declining material weakness rates under AS5 do not indicate improving ICQ. The findings also suggest that SOX 404(a) management assessments are not an acceptable substitute to ICFR audits for improving ICQ. The results suggest that more rigorous SOX 404(b) audits under Auditing Standard No. 2 had real benefits in terms of improved overall internal control system quality and unaudited accruals quality; however, attempts to reduce ICFR audit costs via reduced requirements of Auditing Standard No. 5 may have resulted in lower material weakness disclosure rates and lower overall internal control system quality.

    Citation:

    Schroeder, J. H. and M. L. Shepardson. 2016. Do Sox 404 Control Audits and Management Assessments Improve Overall Control System Quality? The Accounting Review 91 (5): 1513-1541.

    Keywords:
    internal control quality, SOX Section 404, internal control audits, and PCAOB Auditing Standard No. 5 (AS5)
    Purpose of the Study:

    In this study, the authors address whether audits and management assessments of internal controls over financial reporting (ICFR) required by Section 404 of the Sarbanes-Oxley Act are associated with maintained improvements to an entity’s overall internal control system quality (ICQ). Stakeholders and researchers continue to question whether benefits of ICFR audits justify high costs, and regulators and researchers alike have questioned whether control audits under the current auditing standard provide accurate material weakness disclosures. In 2013, the PCAOB disclosed that 15 percent of 2010 inspected internal control audits were ineffective, suggesting that declining material weakness disclosures may not signal improving ICQ and that the current control auditing standard may be insufficient for inducing ICO improvements. The authors believe that the maintained improvement in overall ICQ due to control audits and management assessments is important and largely unexplored. 

    Design/Method/ Approach:

    The authors address the question using a ten-year period that includes three control disclosure regulation changes; initial implementation of ICFR audits, a 2007 reduction in control auditing requirements and implementation of unaudited management assessments for small firms. The authors use unaudited quarterly accruals quality in future periods subsequent to ICFR audits and management assessments to identify sustained improvements in overall control system quality. They use two research designs to estimate the effects of control regulation regime changes and perform analyses on all firms for which they have the requisite data, as well as a size-restricted sample of firms with less than $150 million in market capitalization. 

    Findings:
    • The authors find that UAQ improves after AS2 control audit implementation, providing evidence that AS2-based control audits are associated with maintained improvements to overall ICO.
    • The authors find that in the sample of accelerated filers that UAQ decreased between the pre- and post-AS5 periods, providing evidence that the auditing standards change led to a deterioration in ICQ.
    • Using the difference-in-differences design, the authors find that accelerated filer UAQ deteriorated relative to non-accelerated filers subsequent to implementation of AS% for accelerated filers and SOX 404(a) for non-accelerated filers. Combined results are consistent with the difference-in-differences being causes, at least in part, by ICO decline related to AS5.
    • The authors find little evidence that SOX 404(a) management assessments affect UAQ, but they do find a significant decrease in the likelihood of material misstatement subsequent to SOX 404(a) implementation. 
    Category:
    Internal Control
    Sub-category:
    Impact of 404 on Fees and Financial Reporting Quality
  • Jennifer M Mueller-Phillips
    Does Ineffective Internal Control over Financial Reporting...
    research summary posted July 23, 2015 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.05 Impact of 404 on Fees and Financial Reporting Quality 
    Title:
    Does Ineffective Internal Control over Financial Reporting affect a Firm's Operations? Evidence from Firms' Inventory Management.
    Practical Implications:

    This is first paper to examine the broad effect of ineffective ICFR on firm operations, and to establish a more direct link between MWIC over inventory and managers’ inventory management decisions. These results provide strong evidence that despite being largely unremarked upon as a potential benefit by managers or regulators, maintaining effective ICFR can provide an economically meaningful benefit to their firms’ operations. To the extent that there is a disconnect between actual and perceived benefits to maintaining effective ICFR, the recent regulatory move to exempt certain firms from internal control disclosure regulation may be premature. For a large sample of publicly traded firms, the authors provide evidence that the lack of proper inventory acquisition, tracking, or valuation systems has a direct impact on firms’ operating performance.

    Citation:

    Feng, Mei, Li, C., McVay, S. E., & Skaife, H. 2015. Does Ineffective Internal Control over Financial Reporting affect a Firm's Operations? Evidence from Firms' Inventory Management. Accounting Review 90 (2): 529-557.

    Keywords:
    firm operations, internal control over financial reporting, inventory management
    Purpose of the Study:

    For the past decade, managers and regulators have debated the costs and benefits of Section 404 of the Sarbanes-Oxley Act, which requires disclosure of the effectiveness of internal control over financial reporting (ICFR). Managers appear to recognize that they provide higher-quality information as a result of effective ICFR, but they do not appear to recognize that they may also be using higher-quality information to make better operational decisions when they maintain effective ICFR because some controls play both operational and financial reporting roles.

    The purpose of this study is to assess the implications of ICFR for firm operations. When a firm fails to have adequate systems to control inventory purchase, tracking, and valuation, there is a greater likelihood of a mismatch between inventory supply and demand, leading to poorer operating performance. The authors investigate whether ineffective internal control (MWIC) over financial reporting has implications for firm operations by examining the association between inventory related material weaknesses in internal control over financial reporting and firms’ inventory management. 

    Design/Method/ Approach:

    The sample is comprised of 8,953 accelerated filer firm-years with available data on internal control effectiveness from 2004 to 2009 from the WRDS-based Audit Analytics and Compustat databases. Audit Analytics includes both the evaluation of ICFR as effective or ineffective, as well as the underlying reason(s) for any material weaknesses in internal control. The authors conduct multiple empirical analyses on the sample.

    Findings:
    • Firms with inventory-related MWIC, as identified in firms’ required internal control reports, have systematically slower inventory turnover and have a higher likelihood and magnitude of inventory impairments.
    • Inventory turnover ratios increase after firms remediate their inventory-tracking MWIC. Sales, gross margin, and cash flows from operations also improve when the weaknesses are remediated.
    • Importantly, the authors do not find an increase in inventory turnover ratios following the remediation of other types of MWIC.
    • The results of the inventory turnover and inventory impairment tests provide evidence that ineffective ICFR related to inventory has adverse consequences for inventory management, leading to less profitable operations.
    • Firms that correct their inventory-related MWIC report significant increases in sales, gross margin, and operating cash flows after remediation. Moreover, once firms remediate their inventory-related MWIC, the authors find that their gross profit and operating income are no longer significantly different from firms with effective ICFR.
    • The average return on assets is lower for firms with MWIC and that the remediation of MWIC is associated with higher future return on assets.
    Category:
    Internal Control
    Sub-category:
    Impact of 404 on Fees and Financial Reporting Quality
  • Jennifer M Mueller-Phillips
    Does SOX 404 Have Teeth? Consequences of the Failure to...
    research summary posted July 22, 2015 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.05 Impact of 404 on Fees and Financial Reporting Quality, 12.0 Accountants’ Reports and Reporting, 12.03 Restatements 
    Title:
    Does SOX 404 Have Teeth? Consequences of the Failure to Report Existing Internal Control Weaknesses.
    Practical Implications:

    The evidence showing that, all else equal, SEC sanctions following restatements are no more likely for firms that previously claimed to have effective internal controls (and, in some cases, are less likely) suggests that public enforcement of SOX 404 is unlikely to provide strong incentives to detect and disclose existing weaknesses. Also, the results showing that penalties stemming from various private mechanisms are more likely for firms that report their internal control weaknesses in advance of restatements suggests the existence of possible disincentives to detect and disclose existing weaknesses. Together, these results offer a potential explanation for why the majority of restatements occur at firms that previously claimed to have effective controls.

    Citation:

    Rice, S. C., Weber, D. P., & Wu, Biyu. 2015. Does SOX 404 Have Teeth? Consequences of the Failure to Report Existing Internal Control Weaknesses. Accounting Review 90 (3): 1169-1200.

    Keywords:
    enforcement, internal controls, restatements, Sarbanes-Oxley Act, SOX 404
    Purpose of the Study:

    In this paper, the authors examine several potential consequences of failing to report existing control weaknesses as required by Section 404 of the Sarbanes-Oxley Act of 2002. The investigation is motivated largely by recent concerns about the reliability of SOX 404 reports and related evidence of firms claiming to have effective internal controls over financial reporting when they instead have material weaknesses in those controls. Understanding the consequences of such reporting failures is important because it bears on managers’ and auditors’ incentives to detect and disclose internal control weaknesses and, thus, on the effectiveness of SOX 404 in achieving its intended goal of boosting investor confidence in the reliability of financial reports. This importance is underscored by the high costs of control audits, which have made these requirements the most controversial aspect of SOX. Under SOX 404, firms and their auditors are required to provide formal opinions on the effectiveness of internal controls over financial reporting within the annual 10-K filing. However, concerns have begun to emerge about the reliability of SOX 404 reports, and the effectiveness of SOX 404 in providing advance warning of potential accounting problems remains unclear.

    Design/Method/ Approach:

    The authors use Audit Analytics to create a full sample of 659 observations of firms that are subject to SOX 404 and that also have restatements. The full sample includes 134 firms that reported the existence of material weaknesses prior to their restatements and 525 that did not. The authors extracted all restatements for U.S. incorporated firms announced by the end of 2010 that include annual reporting periods ending after the effective date of SOX 404 (November 14, 2004).

    Findings:
    • The likelihood of receiving an Accounting and Auditing Enforcement Release (AAER) following a restatement is similar regardless of whether firms had reported their control weaknesses or instead claimed that their controls were effective prior to the restatement. 
    • The prior acknowledgment of control weaknesses increases the likelihood of receiving an AAER by about 6 percent.
    • The authors find no evidence of vigorous public enforcement of SOX 404; instead, the evidence is suggestive of the opposite: that reported control weaknesses aid the SEC in identifying cases where potential enforcement actions are likely to succeed and make it difficult for management to claim they were unaware of the problems that led to the restatement.
    • Class action lawsuits are 5 to 10 percent more likely when firms report internal control weaknesses prior to restatements. This is true even when the authors remove lawsuits that are later dismissed.
    • The top management turnover is 15 to 26 percent more likely at firms that report control weaknesses prior to their restatements. This result holds for both CEOs and CFOs.
    Category:
    Accountants' Reporting, Internal Control
    Sub-category:
    Impact of 404 on Fees and Financial Reporting Quality, Restatements
  • Jennifer M Mueller-Phillips
    Early Warnings of Internal Control Problems: Additional...
    research summary posted October 22, 2014 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.03 Reporting Material Weaknesses 
    Title:
    Early Warnings of Internal Control Problems: Additional Evidence
    Practical Implications:

    The high proportion of disclosures of internal control problems in annual Section 404 filings without a prior disclosure in quarterly Section 302 filings suggests that in many cases it is the auditors who detect and/or classify a problem as material enough to warrant public disclosure. The empirical evidence is useful for the debate about the role of auditors in internal control testing and reporting.

     

     

    For more information on this study, please contact K. Raghunandan (raghu@fiu.edu).

    Citation:

    Munsif, V., K. Raghunandan and D. V. Rama. 2013. Early warnings of internal control problems: Additional evidence. Auditing: A Journal of Practice and Theory 32(2): 171-188.

    Keywords:
    Internal control; Reporting material weaknesses; SOX; 404; 302.
    Purpose of the Study:

    Sections 404 and 302 of SOX deal with annual and quarterly reporting on internal controls, respectively. There are some other differences between the requirements arising from the two sections. However, the SEC notes that “disclosure controls and procedures” (the topic of Section 302) are closely related to “internal control over financial reporting” (the topic of Section 404). Many users view the Section 302 rules as requiring prior disclosure about material weaknesses in internal controls in quarterly Section 302 filings before such problems are disclosed in annual Section 404 filings.  However, many companies do not provide such early warning in their Section 302 filings. This study addresses the following questions: How frequent are such early warnings? What are the factors associated with such early warning disclosures?

    Design/Method/ Approach:

    The data are from the fourth and fifth year of Section 404 reporting (i.e., fiscal years ending between November 15, 2007 to November 14, 2009).  Excluded are: firms in the financial sector (SIC codes 60-67) and foreign firms.  The sample includes 6,040 observations—2,927 accelerated and 3,113 non-accelerated filers—for 2007. The sample for fiscal year 2008 includes 2,796 accelerated filers and 3,195 non-accelerated filers.

    Findings:
    • The proportion of accelerated filers (with adverse Section 404 reports) that have early warnings (in Section 302 certifications in previous quarters of the same fiscal year) is less than 50 percent even in the fourth and fifth years of Section 404 reporting. 
    • Non-accelerated filers were more likely to have early warnings than accelerated filers in 2008; however, the difference is not significant in 2007.
    • Early warning is more likely for firms with (a) a higher number of material weaknesses in internal control, (b) a new CFO, (c) more audit committee members, and (d) more frequent audit committee meetings.  
    Category:
    Internal Control
    Sub-category:
    Reporting Material Weaknesses

Filter by Type

Filter by Tag