Posts

Posts

  • Jennifer M Mueller-Phillips
    Board Independence and Internal Control Weakness: Evidence...
    research summary posted June 22, 2017 by Jennifer M Mueller-Phillips, tagged 01.04 Impact of 404, 07.03 Reporting Material Weaknesses, 13.01 Board/Audit Committee Composition in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Board Independence and Internal Control Weakness: Evidence from SOX 404 Disclosures
    Practical Implications:

    This study examines the effects on internal control weaknesses associated with an independent board of directors. A benefit of having an independent board is the timely remediation of ICWs. This is of high importance because the quicker a material weakness is resolved, the sooner a company can return to normal operations. Another contribution of this study is the discovery of implications regarding Auditing Standard No. 5. The standard changed internal control evaluation to become more holistic and less detailed. This provides the board of directors less tangible information on the status of internal controls.

    Citation:

    Chen, Yangyang, Robert. W. Kechel., V. B. Marisetty, C. Truong, and M. Veeraraghavan.2017. Board Independence and Internal Control Weakness: Evidence from SOX 404 Disclosures. Auditing, A Journal of Practice and Theory 36(21): 45-62.

    Keywords:
    internal control weakness; board independence; unitary versus dual leadership; SOX 404
    Purpose of the Study:

    An important role of corporate governance is its duty to manage various aspects of risk. One way to accomplish this goal is through oversight of management’s system of internal controls. This study examines how corporate governance structure affects management’s disclosure of material weaknesses in internal control over financial reporting. Specifically, the authors investigate how the board’s characteristics of independence and leadership style (a unitary leader versus separate CEO and chairman) influence the frequency of internal control weaknesses (ICWs) reported, the types of ICWs reported, and timeliness of ICW remediation. 

    Design/Method/ Approach:

    Reported ICWs were gathered from Audit Analytics, based on forms 10-K, 10-K/A, 20-F, and 40-F. Board demographics, including independence variables, were gathered from RiskMetrics. The final sample consisted of 2,048 firms and 11,226 observations, from 2004 – 2012.

    Findings:

    The authors find the following related to board independence:

    • Board independence is negatively associated with the disclosure of ICWs. The evidence suggests that higher board independence causes a lower probability of ICWs occurring.
    • There was lower number of both account-specific and company-level ICWs in boards with more independent directors.
    • Board independence is associated with timely remediation of ICWs.

     

    The authors also find:

    • The negative relation between board independence and ICWs is strongest in a company that has unitary leadership. This demonstrates that an effective board is based more on board independence rather than board leadership style.
    • The implementation of Auditing Standard No. 5 in 2007 somewhat weakened the effect of board independence on the disclosure of ICW’s.
    Category:
    Governance, Internal Control, Risk & Risk Management - Including Fraud Risk
    Sub-category:
    Board/Audit Committee Composition, Impact of 404, Reporting Material Weaknesses
    Home:

    http://commons.aaahq.org/groups/e5075f0eec/summary

  • Jennifer M Mueller-Phillips
    The Effect of Auditing Standard No. 5 on Audit Report Lags.
    research summary posted September 21, 2015 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.02 Changes in Audit Standards, 01.04 Impact of 404, 01.05 Impact of SOX, 01.06 Impact of PCAOB, 12.0 Accountants’ Reports and Reporting, 12.06 Consequences of Adverse 404 Opinions in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    The Effect of Auditing Standard No. 5 on Audit Report Lags.
    Practical Implications:

    The findings support the regulators’ contention that the new top-down, risk-based approach under AS5 makes the audit process timelier and efficient by decreasing audit report lags and facilitating firms’ efforts to meet the reporting deadline set by the SEC, especially when the firms have an effective internal control system. However, the firms with material internal control problems that persist either at the company level or at the accounts/transaction level continue to experience larger reporting lags in the post-AS5 years compared with the clean SOX 404 firms. The results are generally consistent with auditors focusing more on critical risk areas associated with ineffective internal controls and applying principle-oriented top-down, risk-based audit procedures to minimize risk, which requires increased audit efforts and longer audit time to accomplish their work properly.

    Citation:

    Mitra, S., H. Song, and J. S. Yang. 2015. The Effect of Auditing Standard No. 5 on Audit Report Lags. Accounting Horizons 29 (3): 507-527.

    Keywords:
    AS5, audit report lags, PCAOB, SOX 404
    Purpose of the Study:

    This study investigates whether the Public Company Accounting Oversight Board’s (PCAOB) Auditing Standard No. 5 (AS5), which was introduced in June 2007, makes the audit process timelier in an extended post-AS5 period from 2007 to 2011 relative to a pre-AS5 period of 20062007. For this, the authors focus on evaluating the AS5 effect on audit report lags (ARL) both for the firms with material internal control weaknesses (ICW) and the firms with a clean SOX 404 opinion (non-ICW). ARL, a proxy for audit effort, has long been an important topic of academic research because ARL is considered critical in influencing timely judgment and decision making by financial statement users.

    First, the authors investigate the impact of the change from AS2 to AS5 on audit report lags over an extended period from 2006 to 2011. Second, they compare the effect of AS5 on report lags separately for the large accelerated filers and accelerated filers given significant differences in the 10-K filing deadlines for these two types of filers. Third, they examine the impact of AS5 on audit report lags for firms with internal control weaknesses (ICW) with separate analyses for firms with company-level control weaknesses and for firms with account-specific control weaknesses.

    Design/Method/ Approach:

    The analyses are conducted for the period from 2006 to 2011, which covers the AS2 period of 20062007 and the AS5 period of 20072011. The sample comprises 2,062 AS2 observations (divided between 1,877 non-ICW and 185 ICW observations) and 9,200 AS5 observations (divided between 8,870 non-ICW and 330 ICW observations). The authors use Compustat Annual and Business Segment files to gather information.

    Findings:
    • Audit report lags in the AS5 years were significantly lower than those in the AS2 years; the report lags decline, on an average, by 1.85 days.
    • ICW firms, in general, have larger report lags than the clean SOX 404 firms, but AS5 does not have an incremental effect on the report lags for the ICW firms, indicating the report lags decline only for the firms with a clean SOX 404 opinion.
    • Separate analyses for the ICW firms with company-level and account-specific material weaknesses show that audit report lags for those firms do not significantly change between the AS2 and AS5 periods and continue to be higher compared with those for the clean SOX 404 firms.
    • Additional tests using a constant sample of firms demonstrate a learning curve effect of AS5 in reducing report lags in the post-AS5 period both for the full sample and for the firms with a clean SOX 404 opinion.
    • The report lags significantly decline in both the early and late AS5 periods for both the large accelerated filers and accelerated filers and for the full constant sample.
    • Overall, the results show that the new top-down, risk-based approach under AS5 makes the audit process more efficient and timelier by decreasing audit report lags.
    Category:
    Accountants' Reporting, Standard Setting
    Sub-category:
    Changes in Audit Standards, Consequences of Adverse 404 Opinions, Impact of 404, Impact of PCAOB, Impact of SOX
  • Jennifer M Mueller-Phillips
    Home Country Investor Protection, Ownership Structure and...
    research summary posted July 29, 2015 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.04 Impact of 404, 01.05 Impact of SOX, 07.0 Internal Control, 07.05 Impact of 404 on Fees and Financial Reporting Quality in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Home Country Investor Protection, Ownership Structure and Cross-Listed Firms’ Compliance with SOX-Mandated Internal Control Disclosures.
    Practical Implications:

    The results carry important implications for regulators, investors, and researchers. The findings suggest both firm-level corporate governance and home country investor protection still matter in explaining the disclosure behavior of cross-listed firms. Hence, it may be warranted for U.S. securities regulators to devote more resources to monitoring the financial disclosure quality of CONTROL_WEDGE firms from weak investor protection countries. The results suggest that U.S. investors should pay closer attention to the financial disclosure quality of cross-listed firms, especially CONTROL_WEDGE firms from weak investor protection countries. This is important because the recent accounting frauds involving cross-listed firms suggest that U.S. investors might not have paid sufficient attention to the disclosure quality, and as a result suffered significant economic losses after the revelation of the accounting frauds.

    Citation:

    Gong, G., Ke, B., & Yu, Y. 2013. Home Country Investor Protection, Ownership Structure and Cross-Listed Firms' Compliance with SOX-Mandated Internal Control Deficiency Disclosures. Contemporary Accounting Research 30 (4): 1490-1523. 

    Keywords:
    investor protection, Sarbanes-Oxley, internal controls
    Purpose of the Study:

    The objective of this study is to assess the effects of home country investor protection and ownership structure on the Sarbanes-Oxley Act (SOX)mandated internal control deficiency (ICD) disclosures by foreign firms that are listed on the U.S. stock exchanges (hereafter referred to as cross-listed firms). In this study, the authors focus on SOX-mandated internal control disclosure provisions, because internal control systems play a crucial role in ensuring the reliability of financial reporting. It is widely recognized that material internal control weaknesses give management the flexibility to manipulate financial reporting to conceal their expropriation activities. In addition, the SOX-mandated internal control disclosure provisions are regarded as the most costly and controversial provisions of SOX. Therefore, it is important to analyze cross-listed firms’ compliance with SOX-mandated ICD disclosure requirements.

    The authors focus on the ICD disclosures during the Section 302 reporting regime and examine whether cross-listed firms whose management is the controlling shareholder of the firm and holds greater voting rights than cash flow rights (denoted as CONTROL_WEDGE firms) have a higher likelihood of misreporting ICDs than other cross-listed firms, especially for cross-listed firms domiciled in weak investor protection countries where managers’ ICD misreporting faces fewer constraints.

    Design/Method/ Approach:

    The sample is restricted to cross-listed firms that are listed on the three major U.S. stock exchanges as of the end of 2002. The sample includes both American Depository Receipts (ADRs) and foreign firms directly listed on the U.S. stock. Using COMPUSTAT, SEC filings, CRSP, and Audit Analytics, the authors created a sample of 355 unique cross-listed firms, of which 41 firms disclosed at least one material weakness during the Section 302 reporting regime.

    Findings:

    For cross-listed firms domiciled in weak investor protection countries, the authors find the following results: 

    • CONTROL_WEDGE firms have a higher likelihood of ICD misreporting than other firms during the Section 302 reporting regime. In addition, the likelihood of ICD misreporting is negatively associated with earnings quality during the Section 302 reporting regime.
    • The likelihood of ICD misreporting is positively associated with the likelihood of voluntary deregistration from the SEC prior to the Section 404 effective date.
    • For cross-listed firms that chose not to deregister, the likelihood of ICD misreporting is positively associated with the likelihood of reporting previously undisclosed ICDs during the Section 404 reporting regime.

    The authors do not find similar results for cross-listed firms domiciled in strong investor protection countries. Overall, the results are consistent with the hypothesis that management of CONTROL_WEDGE firms domiciled in weak investor protection countries is reluctant to disclose ICDs in order to protect its private control benefits. In addition, the results suggest that Section 404 is effective in weeding out cross-listed firms whose management has an incentive to hide ICDs or forcing cross-listed firms to truthfully reveal their ICDs.

     

    Category:
    Internal Control, Standard Setting
    Sub-category:
    Impact of 404 on Fees and Financial Reporting Quality, Impact of 404, Impact of SOX
  • Jennifer M Mueller-Phillips
    The Interactive Effects of Internal Control Audits and...
    research summary posted July 28, 2015 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.04 Impact of 404, 01.05 Impact of SOX, 07.0 Internal Control, 07.05 Impact of 404 on Fees and Financial Reporting Quality in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    The Interactive Effects of Internal Control Audits and Manager Legal Liability on Managers' Internal Controls Decisions, Investor Confidence, and Market Prices.
    Practical Implications:

    The results demonstrate a demand for IC audits such that, even in the presence of increased manager liability, the IC audit incrementally motivates managers to spend on improving IC and to provide more consistent and accurate ICFR disclosures. Unlike managers, investors react as though manager liability and IC audits are substitutes. This finding has implications for policymakers as it demonstrates the need to consider the possible differing effects of regulation on managers and investors. Moreover, with respect to regulatory actions to simultaneously implement both manager liability and an IC audit, the results suggest that both mechanisms may not be necessary to improve investors’ confidence and in turn market prices.

    Citation:

    Wu, Y., & Tuttle, B. 2014. The Interactive Effects of Internal Control Audits and Manager Legal Liability on Managers' Internal Controls Decisions, Investor Confidence, and Market Prices. Contemporary Accounting Research 31 (2): 444-468.

    Keywords:
    internal controls, internal auditing, investor confidence, Sarbanes-Oxley
    Purpose of the Study:

    This study investigates the effects of the audit of internal controls (IC audit) and manager liability for the company’s internal controls on investor confidence and market prices. This research is motivated by the substantial debate regarding the incremental effectiveness of IC audits and manager liability on investor confidence in financial disclosures. This debate came to the forefront with the Sarbanes-Oxley Act of 2002 (SOX) when the U.S. Congress simultaneously implemented both regulatory mechanisms. Section 302 requires that CEOs and CFOs personally attest, under penalty of perjury, that effective internal controls over financial reporting (ICFR) have been established, maintained, and evaluated on a timely basis. Section 404 requires that the auditors of publicly-traded companies provide assurance on the effectiveness of ICFR. However, direct empirical evidence remains limited regarding the individual versus joint effectiveness of these two regulatory mechanisms in (1) motivating managers to spend on improving ICFR and to provide more accurate ICFR disclosures and (2) improving investor confidence and market prices.

    Design/Method/ Approach:

    Seventy-six MBA students from a major public university participated in this study. The 76 participants resulted in a total of 19 sessions with four participants assigned to each. The experiment is programmed and conducted using ZTree software. Each session takes approximately 90 minutes and includes three practice rounds followed by 21 experimental rounds. The number of rounds is not known by participants. The evidence was collected prior to the summer of 2014.

    Findings:
    • Results suggest that the effects of manager liability and an IC audit are additive with respect to IC spending, with the IC audit having a stronger effect than manager liability.
    • Even after controlling for managers’ IC spending, results also demonstrate that IC audits improve the accuracy of managers’ ICFR disclosures.
    • Similar improvement is not associated with increased manager liability. In the presence of the IC audit, managers’ IC spending strategies are more constant over time and enable managers to provide accurate information more consistently regarding the effectiveness of ICFR.
    • Managers will spend more to improve ICFR when either liability or IC audits are present and that even in the presence of manager liability the IC audit incrementally increases managers IC spending.
    • The results demonstrate that investor confidence and stock price are no greater when both regulatory mechanisms are present than when only one is present.
    • Supplemental analyses suggest that manager reputation for accurate ICFR disclosures explains, at least in part, why investors perceive manager liability and IC audit to be substitutes.
    • The results suggest that when managers accrue a reputation for accurate ICFR disclosures, both regulatory mechanisms may not be necessary to improve investor confidence in managers’ earnings reports.
    Category:
    Internal Control, Standard Setting
    Sub-category:
    Impact of 404 on Fees and Financial Reporting Quality, Impact of 404, Impact of SOX
  • Jennifer M Mueller-Phillips
    The Impact of Internal Audit Function Quality and...
    research summary posted July 24, 2015 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.04 Impact of 404, 08.0 Auditing Procedures – Nature, Timing and Extent, 08.11 Reliance on Internal Auditors, 11.0 Audit Quality and Quality Control in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    The Impact of Internal Audit Function Quality and Contribution on Audit Delay.
    Practical Implications:

    This research should be of interest to regulators who are concerned with the timeliness of financial reports, practitioners who are responsible for preparing and auditing financial statements, and standard setters who provide auditing guidance. In particular, the findings indicate that firms’ decisions regarding the structure of the IAF and their role in the financial statement audit can significantly affect audit completion times. Reducing audit delay from current levels back to pre- SOX 404 levels could potentially reverse the decline in the reliability of earnings announcements. The results are useful to external auditors in determining whether and how IAF work can be incorporated into the financial statement audit. This study also provides support for recent PCAOB guidance contending that external auditors can improve audit efficiency by making more extensive use of work performed by others.

    Citation:

     Pizzini, M., Lin, S., & Ziegenfuss, D. E. 2015. The Impact of Internal Audit Function Quality and Contribution on Audit Delay. Auditing: A Journal Of Practice & Theory 34 (1): 25-58.

    Keywords:
    audit delay, audit report timeliness, internal audit contribution, internal audit quality
    Purpose of the Study:

    This study investigates the internal audit function’s (IAF’s) role in the financial statement audit by examining whether measures of IAF quality and the IAF’s contribution to the financial statement audit affect audit delay. Audit delay, measured as the number of days between a firm’s fiscal year-end and the audit report date, generally captures the time required to complete fieldwork. Current interest in audit delay stems from recent accelerations in reporting deadlines and the implementation of Section 404 of the Sarbanes-Oxley Act (SOX), which together require preparers and external auditors to do more work in less time. Given the increased attestation requirements created by SOX, it is important to investigate ways in which the IAF can influence audit delay. In this study, the authors argue that the IAF can significantly affect audit completion times by helping management establish and maintain a strong system of internal control over financial reporting (ICFR) and by assisting the external auditor in the financial statement audit. The authors investigate whether IAF quality and the IAF’s contribution to financial statement audits affect audit delay in a sample of 292 firm-year observations drawn from the pre-SOX 404 period. 

    Design/Method/ Approach:

    The authors use firm-level data collected by the IIA through their 2003 and 2004 GAIN surveys. They then collect firm financial data from Compustat and audit fee and restatement data from Audit Analytics. The resulting sample contains 293 firm-year observations from 216 firms with fiscal years ending on or after December 31, 2000 and prior to November 15, 2004.

    Findings:
    • A one standard deviation increase in the comprehensive quality measure corresponds to audit delay reductions of 3.1 to 3.9 days, which are primarily driven by the competence of the internal audit staff and the quality of their fieldwork.
    • Objectivity and investment in the IAF are also associated with reductions in audit delay, but significance levels vary with time period and model specification.
    • Audit delay is significantly shorter (4.1 to 6.6 days) when the IAF contributes to the financial statement audit by independently performing relevant work, but not when the IAF works under the direction of the external auditor.
    • The mean delay is 41.9 days, and earnings are announced an average of 9.8 days prior to the audit report date.
    • High-quality IAFs are more likely to assist the external auditor by independently performing relevant work, while low-quality IAFs are more likely to be used as direct assistants.
    • The authors expect the impact of IAF quality and contribution would be even larger in the current period. The more rigorous attestation requirements of SOX 404 expanded the IAF’s potential to contribute to the financial reporting process and, therefore, should increase the impact of IAF quality and contribution on audit delay.
       
    Category:
    Audit Quality & Quality Control, Auditing Procedures - Nature - Timing and Extent, Standard Setting
    Sub-category:
    Impact of 404, Reliance on Internal Auditors
  • Jennifer M Mueller-Phillips
    Balancing the Costs and Benefits of Auditing and Financial...
    research summary posted March 30, 2015 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.02 Changes in Audit Standards, 01.03 Impact of New Accounting Pronouncements, 01.04 Impact of 404 in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Balancing the Costs and Benefits of Auditing and Financial Reporting Regulation Post-SOX, Part I: Perspectives from the Nexus at the SEC
    Practical Implications:

    The results of this study are important because they illuminate the impact of new accounting rules on standard setters and companies abiding by these rules (in this case, the specific context was the implementation process related to SOX Section 404). The study suggests that a number of steps are required in order to perfect the guidance. It is important to understand the meaning and intentions behind authoritative literature in order to follow it. The observations suggest that the process for implementing new guidance has room for change, yet has evolved over time to increase effectiveness. The findings are specific to the implementation for assessment and auditing of internal controls for public companies.

    For more information on this study, please contact Zoe-Vonna Palmrose (zv.palmrose@marshall.usc.edu).

    Citation:

    Palmrose, Z.-V. 2010. Balancing the Costs and Benefits of Auditing and Financial Reporting Regulation Post-SOX, Part I: Perspectives from the Nexus at the SEC. Accounting Horizons 24 (2):313-326.

    Purpose of the Study:

    Sarbanes-Oxley (SOX) Section 404 adds requirements for disclosures discussing management’s assessment of internal controls. Zoe-Vonna Palmrose served as the Deputy Chief Accountant for Professional Practice in the Office of the Chief Accountant. From August 2006 to July 2008, Palmrose observed the effects of SOX Section 404 on practice. The paper describes her observations related to:

    • The purpose of SOX Section 404.
    • Initial implementation efforts related to SOX Section 404.
    • Improvements for the implementation of SOX Section 404. These improvements primarily focus on the cost-benefit for smaller companies that had to report under SOX Section 404.
    • Overall cost-benefit effect on SOX Section 404 filers.
    Design/Method/ Approach:

    The author collected data through personal experiences from August 2006 through July 2008. She observed and recorded information related to SOX Section 404 during her time as the Deputy Chief Accountant in the Professional Practice Group.

    Findings:
    • The author finds that SOX Section 404 does not require a company to implement adequate internal controls because previous standards released in 1977 already accomplished that objective. Instead, SOX Section 404 requires disclosure of management’s assessment of the adequacy of its internal controls. The assessment is based on whether the internal controls can provide reasonable assurance about the reliability of the financial statements. SOX Section 404 does not allow management to disclose that its internal controls are effective if it determines material misstatements exist in the financial statements. The guidance also requires that a registered PCAOB auditor opines on management’s assessment of internal controls.
    • The author finds that the problems associated with the initial implementation of SOX Section 404 arose because it was issued from the top down. Few companies were reporting on internal controls before SOX required public companies to do so. The author observes that AS No. 2 was initially poorly suited for reporting on internal controls because it was difficult to determine the respective responsibilities of the auditor and management. In June 2006, the PCAOB clarified the standard in response to this confusion.
    • The author finds that the PPG aided the amendment to AS No. 2, accomplished in AS No. 5. Furthermore, an open meeting between the SEC and the PCAOB was primarily held to discuss how to make management and the auditor’s responsibilities more effective with respect to the responsibilities of each party.
    • The author finds that deferring implementation of SOX Section 404 for smaller public companies allowed the implementation flaws to be discovered before smaller companies were harmed.
    • The author finds that audit fees rose in order to compensate for the added work for the auditors. Cost-benefit relationships were analyzed in order to determine the effectiveness of the work to be completed.
    Category:
    Standard Setting
    Sub-category:
    Changes in Audit Standards, Impact of 404, Impact of New Accounting Pronouncements
  • Jennifer M Mueller-Phillips
    Section 404 Compliance and Financial Reporting Quality
    research summary posted March 9, 2015 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.04 Impact of 404, 12.0 Accountants’ Reports and Reporting in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Section 404 Compliance and Financial Reporting Quality
    Practical Implications:

    As is asserted in its summary, “this study provides evidence that the S404 compliance effort reduces the likelihood of issuing materially misstated financial statements, and suggests that S404 regulation is meeting its objective of improving the quality of financial reports.”

    For more information on this study, please contact Albert L. Nagy

    Citation:

    Albert L. Nagy (2010) Section 404 Compliance and Financial Reporting Quality. Accounting Horizons: September 2010, Vol. 24, No. 3, pp. 441-454.

    Purpose of the Study:

    As asserted in its introduction, this study examines whether the Sarbanes-Oxley Act Section 404 (S404) compliance efforts lead to higher quality financial reports. This study examines whether the regulators have achieved their objective by examining whether the S404 compliance efforts reduce the likelihood of issuing materially misstated financial statements. 

    Design/Method/ Approach:

    A logistic regression model is estimated using a sample of company data (from years 2005 and 2006) surrounding the S404 compliance threshold to measure the S404 compliance effect on the likelihood of issuing materially misstated financial statements.

    Findings:

    Study results, “show a significant and negative relation between S404 compliance and issuance of materially misstated financial statements."

    Category:
    Standard Setting
    Sub-category:
    Impact of 404
  • Jennifer M Mueller-Phillips
    The Influence of Auditor and Client Section 404 Processes on...
    research summary posted October 22, 2014 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.04 Impact of 404, 07.0 Internal Control, 07.04 Assessing Remediation of Weaknesses in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    The Influence of Auditor and Client Section 404 Processes on Remediation of Internal Control Deficiencies at All Levels of Severity
    Practical Implications:

    Overall, this study suggests that remediation of detected ICFR problems prior to the balance sheet date is one benefit of Section 404 activity to stakeholders. This study’s finding of lower remediation of auditor-discovered ICDs implies that client personnel missed the control flaw in their own Section 404(a) process, so may lack the expertise to remediate the problem. This calls into question the current policy of relying on Section 404(a) alone for non-accelerated filer (most public companies). Further, this study’s results on client processes imply that the most important factors affecting remediation are not who directly manages the process, but rather the client’s organization of the process in making an early start and coordinating the effort with IT personnel.

    For more information on this study, please contact Jean C. Bedard.

    Citation:

    Graham, L., and J.C. Bedard. 2013. The Influence of Auditor and Client Section 404 Processes on Remediation of Internal Control Deficiencies at All Levels of Severity. Auditing: A Journal of Practice & Theory 32(4): 45-69

    Keywords:
    Remediation; Sarbanes-Oxley Section 404; internal control deficiencies.
    Purpose of the Study:

    This paper investigates remediation of a comprehensive census of deficiencies in internal control over financial reporting (ICFR) detected in a sample of companies under Section 404 of the Sarbanes-Oxley Act. Internal control weaknesses have often been implicated in fraud and business failure. Section 404 was designed to improve corporate controls by requiring company management and external auditors to document, test and report ICFR. Research on the costs and benefits of Section 404 remains important, due to continued pressure to reduce financial regulation. Several prior studies examine remediation of publicly disclosed material weaknesses (MWs). However, auditors and company personnel detect many internal control deficiencies (ICDs), of which relatively few are MWs. Because publicly available data do not reveal non-MW ICDs, research has not yet considered the nature and extent of remediation activity that takes place behind the scenes. We study remediation of all ICDs, whether publicly reported or not, among companies with effective, as well as ineffective controls. We further address the issue of the benefits of Section 404(b) by measuring the impact of auditor activity in the remediation process. In addition, we directly examine the impact of whether, at the time of the auditor’s assessment, the flawed control had already failed to prevent a misstatement in the accounts.

    Design/Method/ Approach:

    This study is based on a sample of almost 4,000 ICDs detected by audit firm or client personnel in 76 engagements on 44 different companies in 2004–2005 (the first two years of compliance with SOX 404(b)), obtained from engagement teams at several large auditing firms. Sample companies have a mix of effective and ineffective control reports that is similar to the population as whole during that period. 

    Findings:
    • Prior research using publicly available finds substantial remediation of MWs from one reporting year to the next. In contrast, the authors of this paper find relatively low remediation within the year, between time of identification and the balance sheet date. Thus, a number of control flaws of varying severity remain to affect financial reporting quality in the following year.
    • The authors find higher remediation rates when there is an earlier start to control testing and better integration of the client’s IT personnel into the Section 404 process.
    • The authors also find lower remediation rates among auditor-discovered ICDs, detection through substantive tests (often performed late in the year or after year-end), and by the presence of a previously unknown misstatement that has already resulted from a control failure. The combination of auditor detection and an associated misstatement is particularly problematic, as this implies that not only did the client miss the problem in its own testing, but also the auditor has already linked it to an account misstatement, elevating its importance. 
    Category:
    Internal Control, Standard Setting
    Sub-category:
    Assessing Remediation of Weaknesses, Impact of 404
  • Jennifer M Mueller-Phillips
    Auditors’ Internal Controls over Financial Reporting D...
    research summary posted December 1, 2014 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.04 Impact of 404, 07.0 Internal Control, 07.01 Scope of Testing in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Auditors’ Internal Controls over Financial Reporting Decisions: Analysis, Synthesis, and Research Directions
    Practical Implications:

    In the planning phase, the PCAOB and key stakeholders should consider developing an ICOFR audit risk model to serve as a conceptual planning and evaluative model. Audit firms should pay attention to aligning auditors’ skill sets to their task assignments and employ other mechanisms that encourage consultations.

    Scoping decisions remain underexplored. Nevertheless, anecdotal evidence suggests that auditors may be cognitively wired to scope some types of ELCs but not others. Firms may consider the interactions between auditors and client personnel that explain the tendency for auditors to evaluate only the ELCs scoped by the client.

    Audit firms should pay special attention to how audit teams design testing plans to test ELCs that are not easily tested by attribute sampling methods (e.g., management philosophy and operating style). This is necessary to address concerns by PCAOB inspections that some auditors identified ELCs that appeared to be designed to operate with a high degree of precision, but failed to obtain sufficient audit evidence of their operating effectiveness.

    In the evaluation phase, firms should consider mechanisms that can help auditors “imagine what could go wrong where nothing wrong has happened.” Examples of such mechanisms include restructuring the task (e.g., documentation, decomposition of the task, or requirements to list what could go wrong). In the reporting phase, firms should consider having a requirement to specifically require auditors to consider the needs of a prudent official. This requirement may be a countervailing check on their detection and disclosure incentives.

    For more information on this study, please contact Stephen K. Asare.

    Citation:

    Asare, S. A., B. C. Fitzgerald, L. E. Graham, J. R. Joe, E. M. Negangard, and C. J. Wolfe. 2013. Auditors’ Internal Controls over Financial Reporting Decisions: Analysis, Synthesis, and Research Directions. Auditing: A Journal of Practice and Theory 32 (sp1): 131-166.

    Keywords:
    Auditor judgment and decision-making; internal controls; Sarbanes-Oxley Act; literature synthesis; standard setting
    Purpose of the Study:

    This paper synthesizes the literature on auditors’ evaluation of and reporting on companies’ internal control over financial reporting (ICOFR) as required by the Sarbanes-Oxley Act (SOX). The purpose of the synthesis is (1) to provide stakeholders with information on how, and how well, auditors perform the ICOFR task; (2) to highlight implementation issues related to auditors’ application of the ICOFR standard and empirical findings related to regulatory concerns; (3) to identify gaps in the existing accounting literature and fruitful areas of future research; and (4) to stimulate additional research focusing on important regulatory areas as well as understanding and improving auditors’ ICOFR decisions.

    Design/Method/ Approach:

    The authors develop a framework to organize the literature on post-SOX ICOFR research. The framework suggests that there are five phases of the ICOFR audit: (1) planning; (2) scoping; (3) testing; (4) evaluation; and (5) reporting. It also suggests that auditors’ performance on the tasks within each phase are affected by (a) the auditor’s attributes, (b) the client’s attributes, (c) the interaction between the auditor and the client, (d) task attributes, and (e) environmental attributes. Following the framework, the authors describe and evaluate auditors’ performance on the specific tasks within each phase of the ICOFR audit. They end their analysis of each phase with a brief summary of the findings, discussion of the under-studied performance determinants, and suggestions for future research.

    Findings:

    Key takeaways from the synthesis paper include the following:

    • In the planning phase, there is an absence of a generally agreed upon ICOFR audit risk model akin to the audit risk model used in the audit of the financial statements. Auditors are not fully aware of the risks in complex enterprise resource planning systems, may be overconfident in their ability to assess risks in this setting, and are reluctant to seek consultation from computer assurance specialists.
    • The evidence from the studies on scoping suggests that the more prescription-oriented Auditing Standard No. 2 induced inefficiencies, some of which have been eliminated by the risk-based scoping prescribed by Auditing Standard No. 5. Further, there is evidence that management trustworthiness and investment in monitoring controls affect scoping decisions.
    • Auditors’ experience, knowledge, and training enhance testing strategies. However, providing auditors with client-prepared documentation before they make an independent assessment can hinder their ability to evaluate internal controls.
    • In the evaluation phase, auditors’ severity assessments are unduly influenced by the absence of a misstatement.
    • In the reporting phase, detection and disclosure incentives play a role in whether existing material weaknesses are reported.
    • The article includes a summary of the authors’ findings related to the Public Company Accounting Oversight Board (PCAOB) staff’s stated interest in the auditor’s testing of entity-level controls (ELCs), multi-location scoping, and the effect of compensating controls on the evaluation of identified control deficiencies.
    • Proposed areas of research related to the audit of ICOFR likely to influence future regulation are presented.
    Category:
    Internal Control, Standard Setting
    Sub-category:
    Impact of 404, Scope of Testing
  • Jennifer M Mueller-Phillips
    PCAOB Inspection Consequences, Processes, and Inspection...
    research summary posted October 22, 2014 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.04 Impact of 404, 01.05 Impact of SOX in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    PCAOB Inspection Consequences, Processes, and Inspection Team Performance: Perspectives of Triennially Inspected Firms
    Practical Implications:

    The results of this study are important to practitioners, regulators, legislators, academicians, and other market participants as many aspects of SOX and PCAOB inspections have been criticized. Oversight bodies have modified SOX in response to concerns of oversight groups (Advisory Committee on Smaller Public Companies). Researchers and practitioners have called for research to study the impact of SOX on audit quality and the public interest. The Government Accountability Office (GAO), required by SOX to study the potential effects of further mandates, chose to wait several years to monitor and evaluate the effectiveness of SOX and the PCAOB on auditor independence and audit quality before proposing any further modifications (GAO 2004). We interpret our findings as suggesting the efficacy of PCAOB inspections may be enhanced by focusing on potential unintended consequences and inspection process modifications rather than on inspectors’ qualifications and actions.

     

    For more information on this study, please contact Brian Daugherty at University of Wisconsin-Milwaukee.

    Citation:

    Daugherty, B., and W. Tervo. 2010. PCAOB Inspection Consequences, Processes, and Inspection Team Performance: Perspectives of Triennially Inspected Firms. Accounting Horizons 24 (2):189-219.

    Keywords:
    PCAOB inspections: registered auditing firms: Sarbanes-Oxley; peer review
    Purpose of the Study:

    We solicit perceptions of the Public Company Accounting Oversight Board’s (PCAOB) inspection process from the leadership of triennial firms (100 or fewer publicly-traded audit clients, inspected triennially) receiving their initial inspection through the use of a survey. Our research is motivated by a growing stream of research related to triennial firms. Practitioners have called for research to determine if the performance of audits in the Sarbanes-Oxley era may fail to attain the stated objective of enhancing investor confidence in the capital markets. 

    Design/Method/ Approach:
    • Through December 2007, over 1,800 firms and affiliates were registered with and approved by the PCAOB to conduct audits of U.S. registrants, and 467 triennial firms had their initial inspection report posted on the PCAOB’s website. Instruments were mailed from 9/2007 to 1/2008.
    • We asked that the research instrument be completed by the person in each firm most closely involved with PCAOB inspections. 
    • A number of statements were designed to have participants evaluate consequences resulting from initial PCAOB inspections (Consequences), evaluate the inspection process (Process), and rate the performance of their PCAOB inspection team (Team). Consequence statements seek perceptions related to the influence of PCAOB inspections on overall audit quality, the ability to accept and retain public audit clients, public confidence in the audit profession, personnel time incurred in anticipation of inspection, incremental fees billed to clients as a result of inspection, recruitment and retention matters, and litigation risk. Process statements cover inspectors’ criticisms, engagement selection, time devoted to inspection, and confidentiality of findings related to firms’ QC systems and also gauge firms’ level of agreement with inspectors’ findings and evaluations of PCAOB inspections relative to the prior peer-review process. Team statements include those related to the technical knowledge and professional conduct of inspectors as well as the appropriateness of their focus on workpaper documentation, substantive procedures, and internal control audits.
    Findings:
    • Smaller respondents reported initial PCAOB inspections resulted in a negative impact on many aspects of their audit practices while medium and larger firms reported more favorable consequences.
    • Firms with reports released earlier in the initial inspection cycle reported negative consequences that appear to diminish as the process matures.
    • Results suggest very small triennial firms may be ceasing the performance of audits of public enterprises as a result of PCAOB inspections.
    • Smaller triennial firms disagree the PCAOB inspection process increases overall audit quality (contrary to the stated intentions of SOX) and both smaller and medium firms do not view PCAOB inspections as positively impacting their audit business.
    • Respondents generally evaluated inspectors’ performance in favorable terms but were much more critical of the inspection process itself.
    • An overriding concern of many inspected firms is the perception that inspectors are, in many cases, substituting their own judgment for the auditor’s professional judgment in determining whether audit engagements comply with applicable professional standards. This possibility is particularly troubling given the auditors’ direct interaction with client personnel and audit committee members in an ex-ante setting while PCAOB inspections are, by definition, conducted in an ex-post setting with minimal or no audit client contact.
    • Firms evaluated their initial inspection team’s performance favorably, but were more critical of the inspection process itself. Levels of satisfaction with nearly all aspects of PCAOB inspections appear to increase with firm size and the passage of time. 
    Category:
    Standard Setting
    Sub-category:
    Impact of PCAOB, Impact of SOX