Auditing Section Research Summaries Space

A Database of Auditing Research - Building Bridges with Practice

This is a public Custom Hive  public

research summary

    Determinants of the Persistence of Internal Control...
    research summary posted October 31, 2013 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.05 Impact of SOX, 07.0 Internal Control, 07.04 Assessing Remediation of Weaknesses 
    584 Views
    Title:
    Determinants of the Persistence of Internal Control Weaknesses
    Practical Implications:

    Effective corporate governance of both the IT and non-IT domains is pivotal in establishing and maintaining strong internal controls over financial reporting. While credit agencies examine entity-level deficiencies as a possible indicator for downgrading a firm’s rating, account-level deficiencies are associated with long-term effects on internal control as well.

    Consideration of the types of MWs and the specific underlying deficiencies should be important to interested stakeholders: auditors, as they assess and evaluate risk and controls; rating agencies, as they evaluate credit worthiness; investors and analysts, as they evaluate the value of the firm; and management and audit committees, as they consider investments in controls.

    For more information on this study, please contact Marcia Weidenmier Watson.
     

    Citation:

    Klamm, B. K., K. W. Kobelsky, and M. W. Watson. Determinants of the Persistence of Internal Control Weaknesses. Accounting Horizons 26 (2): 307-333.

    Keywords:
    Sarbanes-Oxley Act of 2002; internal controls; information technology
    Purpose of the Study:

    This paper analyzes the degree to which material weaknesses (MWs) in internal control reported under the Sarbanes-Oxley Act of 2002 (SOX) affect the future reporting of MWs.

    Design/Method/ Approach:
    • The authors use SOX 404 reports filed between September 20, 2004, and December 31, 2009.
    • The authors examine information technology (IT) and non-IT MWs and their breakdown into specific IT-related entity-level, non-IT-related entity-level, and account-level deficiencies. They then examine the relationship of all of these to: (1) the future number of MWs and (2) the future number of years with an ineffective internal control report.
       
    Findings:
    • The presence and number of MW’s (IT and non-IT) deficiencies are all positively related to the future number of MWs as well as the future number of years in which MWs are reported.
    • Firms reporting account-level (non-IT entity-level) deficiencies have 129 percent (192) more future MWs than firms not reporting that type of control deficiency.
    • Firms reporting an IT entity-level control deficiency also report 127 percent more future MWs than firms not reporting that type of deficiency.
    • The presence of specific entity-level deficiencies relating to training, senior management, and IT control environment in the first year reporting a MW are associated with the future reporting of MWs.
    • The presence of an IT control environment deficiency has the largest effect of all deficiencies, so that firms reporting it have nearly twice as many future MWs and take 56 percent longer to fully resolve MWs than other firms.
    • The analyses also reveal a negative relation between the future number of years of MWs and Big 6 auditor affiliation and ROA, indicating that auditor expertise, as well as financial resources, helps a firm eliminate MWs more quickly.
    • There is also a positive relation between complexity, as measured by the number of firm operating segments and acquisitions, and future MWs, indicating that firms with greater scope face a greater challenge in eliminating control weaknesses.
       
    Category:
    Internal Control, Standard Setting
    Sub-category:
    Assessing Remediation of Weaknesses, Impact of SOX