IT Does Matter: The Folly of Ignoring IT Material Weaknesses

SYNOPSIS Information technology (IT) has a large and growing impact on firms and executives. While there are questions about the ability of IT to create a competitive advantage, we make the case that ignoring IT may be to an organization's and its executives' peril. Using the lens of internal control issues associated with financial reporting systems, we illustrate how internal control weaknesses associated with IT (ITMWs) can have both a dramatic and negative impact on the firm and its leadership. ITMWs take longer to remediate; are associated with more subsequent restatements, less accurate forecasts, higher audit fees, and lower earnings quality; and are more likely associated with executives losing their positions than non-ITMWs. We argue that ITMW remediation requires more time to plan, rewrite, and implement IT changes than to implement non-IT changes. Extant literature suggests that executives should focus their efforts on IT vulnerabilities and risks rather than IT opportunities. Data Availability: Data are available from the public sources cited in the text.

Download Full-text

Determinants of the Persistence of Internal Control Weaknesses

Accounting Horizons ◽

10.2308/acch-10266 ◽

2012 ◽

Vol 26 (2) ◽

pp. 307-333 ◽

Cited By ~ 38

Author(s):

Bonnie K. Klamm ◽

Kevin W. Kobelsky ◽

Marcia Weidenmier Watson

Keyword(s):

Financial Reporting ◽

Internal Control ◽

Management Training ◽

Internal Controls ◽

Senior Management ◽

Data Availability ◽

The Public ◽

Sarbanes Oxley ◽

Material Weaknesses ◽

Specific Control

SYNOPSIS This paper analyzes the degree to which material weaknesses (MWs) in internal control reported under the Sarbanes-Oxley Act of 2002 (SOX) affect the future reporting of MWs. Particularly, we examine information technology (IT) and non-IT MWs and their breakdown into specific IT-related entity-level, non-IT-related entity-level, and account-level deficiencies. Analysis reveals that most account-level and entity-level deficiencies occur at a significantly higher rate in SOX 404 reports with at least one IT MW than in MW reports with only non-IT MWs. Further, the presence and count of both types of MWs and all three types of deficiencies are associated with increased future MWs, as are lower profitability, non-Big 6 auditor, and firm complexity. Specific control deficiencies related to senior management, training, and IT control environment have the strongest impact on future MWs. These results indicate that effective corporate governance of both the IT and non-IT domains is pivotal in establishing and maintaining strong internal controls over financial reporting. Data Availability: Data are available from the public sources identified in the paper.

Download Full-text

Unexpected Fees and the Prediction of Material Weaknesses in Internal Control Over Financial Reporting

Journal of Accounting Auditing & Finance ◽

10.1177/0148558x16662585 ◽

2016 ◽

Vol 33 (4) ◽

pp. 485-505 ◽

Cited By ~ 4

Author(s):

Susan M. Albring ◽

Randal J. Elder ◽

Xiaolu Xu

Keyword(s):

Financial Reporting ◽

Internal Control ◽

Audit Fees ◽

Financial Statement ◽

Section 404 ◽

Sarbanes Oxley ◽

Material Weaknesses ◽

New Material ◽

Internal Control Weaknesses ◽

Section 302

We investigate whether prior year unexpected audit fees help predict new material weaknesses in internal control over financial reporting reported under Section 404 of the Sarbanes–Oxley Act (SOX). Predicting material weaknesses may be useful to investors and other financial statement users because these disclosures have adverse economic impacts on disclosing firms. Unexpected fees are significantly associated with material weaknesses reported under Section 404, even after controlling for Section 302 disclosures and other factors associated with internal control weaknesses. Unexpected fees are associated with company-level weaknesses but are not significantly associated with account-specific weaknesses, consistent with differences in the nature and severity of the two types of material weaknesses. Our results are consistent with unexpected audit fees containing information on unobserved audit costs and client control risks, which help predict future internal control weaknesses.

Download Full-text

The Effect of Employee Treatment Policies on Internal Control Weaknesses and Financial Restatements

The Accounting Review ◽

10.2308/accr-51269 ◽

2015 ◽

Vol 91 (4) ◽

pp. 1167-1194 ◽

Cited By ~ 37

Author(s):

Jun Guo ◽

Pinghsun Huang ◽

Yan Zhang ◽

Nan Zhou

Keyword(s):

Financial Reporting ◽

Internal Control ◽

Employee Benefits ◽

Data Availability ◽

Top Executives ◽

Material Weaknesses ◽

Financial Restatements ◽

Treatment Policies ◽

Employee Treatment

ABSTRACT This study investigates the role of employment policies in reducing internal control ineffectiveness and financial restatements. We provide new evidence that employee treatment policies are an important predictor of ineffective internal control. We also find that employee-friendly policies significantly reduce the propensity for employee-related material weaknesses. These results suggest that greater employee benefits facilitate the acquisition, development, and motivation of the workforce and ameliorate the loss of valuable human capital, thereby mitigating employee failures to implement internal control tasks properly. Moreover, we document novel results that financial restatements, especially those caused by unintentional errors, are less likely to arise in firms that invest more in employee benefits. Collectively, our emphasis on the effect of employee treatment policies on the integrity of internal control and financial reporting distinguishes our paper from previous studies that focus on the role of top executives in accounting practices. Data Availability: Data are available from public sources indicated in the text.

Download Full-text

The Failure to Remediate Previously Disclosed Material Weaknesses in Internal Controls

Auditing A Journal of Practice & Theory ◽

10.2308/ajpt-10268 ◽

2012 ◽

Vol 31 (2) ◽

pp. 73-111 ◽

Cited By ~ 44

Author(s):

Jacqueline S. Hammersley ◽

Linda A. Myers ◽

Jian Zhou

Keyword(s):

Interest Rates ◽

Control Systems ◽

Internal Control ◽

Credit Rating ◽

Control Sample ◽

Audit Fees ◽

Data Availability ◽

Audit Committees ◽

Annual Reports ◽

Material Weaknesses

SUMMARY In this paper, we study a sample of companies that fail to remediate previously disclosed material weaknesses (MWs) in their internal control systems and, thus, disclose the same MWs in two consecutive annual reports. Their failure to remediate is surprising given that regulators, credit rating agencies, and academics contend that the remediation of MWs is important. We form a control sample of companies that initially disclosed MWs in their internal control systems, but subsequently remediated these weaknesses, and investigate the characteristics of the remediated and unremediated MWs, the characteristics of remediating versus non-remediating companies, and the consequences to non-remediating companies. Regarding the characteristics of companies failing to remediate, we find that companies are less likely to remediate previously disclosed MWs when the weaknesses are more pervasive (i.e., when they are described as at the entity level, when there are more individual weaknesses) and when their operations are more complex (i.e., they have more segments and have foreign operations). In addition, companies with smaller audit committees are less likely to remediate. Regarding the consequences, we find that companies failing to remediate MWs experience larger increases in audit fees and a higher likelihood of auditor resignation as the number of MWs increases. We also find that non-remediating companies are more likely to receive modified audit opinions and going-concern opinions. Finally, we find that companies failing to remediate are more likely to miss filing deadlines and experience increased cost of debt capital (i.e., they receive poorer credit ratings when entity level MWs are present, and are charged higher interest rates). Data Availability: Data are publicly available from sources identified in the text.

Download Full-text

The Effect of Governance on Specialist Auditor Choice and Audit Fees in U.S. Family Firms

The Accounting Review ◽

10.2308/accr-50840 ◽

2014 ◽

Vol 89 (6) ◽

pp. 2297-2329 ◽

Cited By ~ 51

Author(s):

Bin N. Srinidhi ◽

Shaohua He ◽

Michael Firth

Keyword(s):

Financial Reporting ◽

Family Firms ◽

Earnings Quality ◽

Agency Problem ◽

Audit Fees ◽

Data Availability ◽

Board Governance ◽

Auditor Choice

ABSTRACT Family firms are characterized by less separation between ownership and control (Type 1 agency problem), but greater conflict of interest between controlling insiders and non-controlling outside investors (Type 2 agency problem). Although strong board governance is known to decrease the Type 1 agency problem, its effectiveness in mitigating the adverse consequences of the Type 2 agency problem has not been well documented in the literature. We show that strongly governed family firms are more likely to choose specialist auditors and exhibit higher earnings quality than nonfamily firms. Weakly governed family firms demand lower audit effort and exhibit earnings quality that is no different from that of nonfamily firms. Within family firms, we show that strongly governed family firms choose higher quality audits in the form of a greater use of specialist auditors and higher audit efforts, and exhibit higher earnings quality than other family firms. These findings provide consistent evidence that strong board governance can effectively mitigate the adverse consequences of the Type 2 agency problem on financial reporting and transparency in family firms. Data Availability: The data used are available from the public sources identified in the study.

Download Full-text

SOX 404 Reported Internal Control Weaknesses: A Test of COSO Framework Components and Information Technology

Journal of Information Systems ◽

10.2308/jis.2009.23.2.1 ◽

2009 ◽

Vol 23 (2) ◽

pp. 1-23 ◽

Cited By ~ 46

Author(s):

Bonnie K. Klamm ◽

Marcia Weidenmier Watson

Keyword(s):

Information Technology ◽

Internal Control ◽

Negative Impact ◽

Internal Controls ◽

First Year ◽

Section 404 ◽

Sarbanes Oxley ◽

Material Weaknesses ◽

Assessment And Monitoring ◽

Internal Control Weaknesses

ABSTRACT: This paper examines internal controls, from both an information technology (IT) and non-IT perspective, in relation to the five components of the Committee of Sponsoring Organization's Internal Control-Integrated Framework (COSO 1992), as well as the achievement of one of COSO's three objectives-reporting reliability. Our sample consists of 490 firms with material weaknesses reported under Sarbanes-Oxley Section 404 during the first year of compliance. We classify the weaknesses by COSO component and as IT-related or non-IT-related. Our results support the interrelationships of the COSO Framework. The results also show that the number of misstated accounts is positively related to the number of weak COSO components (i.e., scope) and certain weak COSO components (i.e., existence). Firms with IT-related weak components report more material weaknesses and misstatements than firms without IT-related weak components, providing evidence on the pervasive negative impact of weak IT controls, especially in control environment, risk assessment, and monitoring.

Download Full-text

Audit Fees after Remediation of Internal Control Weaknesses

Accounting Horizons ◽

10.2308/acch.2011.25.1.87 ◽

2011 ◽

Vol 25 (1) ◽

pp. 87-105 ◽

Cited By ~ 55

Author(s):

Vishal Munsif ◽

K. Raghunandan ◽

Dasaratha V. Rama ◽

Meghna Singhvi

Keyword(s):

Financial Reporting ◽

Internal Control ◽

Audit Fees ◽

Internal Controls ◽

Future Research ◽

First Year ◽

Section 404 ◽

The Third ◽

Material Weaknesses ◽

Audit Fee

SYNOPSIS: In this study, we examine audit fees for SEC registrants that remediate previously disclosed material weaknesses in internal control. We find that remediating firms have lower audit fees when compared to firms that continue to report material weaknesses in internal control. However, the remediating firms continue to pay, in the year of remediation as well as one and two years subsequent to remediation, a significant audit fee premium compared to firms that have clean Section 404 reports in each of the first four years. Firms that had an adverse Section 404 report only in the first year, but remediated the problems in year two and had clean Section 404 reports in years three and four, pay an audit fee premium of 32 (21) percent in the third (fourth) year when compared to firms that had clean Section 404 reports in each of the first four years. The results, thus, suggest that audit fees are “sticky” for firms that have material weaknesses in internal controls over financial reporting, and suggest some interesting questions for future research.

Download Full-text

Business Strategy, Internal Control over Financial Reporting, and Audit Reporting Quality

Auditing A Journal of Practice & Theory ◽

10.2308/ajpt-51693 ◽

2017 ◽

Vol 36 (4) ◽

pp. 49-69 ◽

Cited By ~ 15

Author(s):

Kathleen A. Bentley-Goode ◽

Nathan J. Newton ◽

Anne M. Thompson

Keyword(s):

Quality Improvement ◽

Financial Reporting ◽

Internal Control ◽

Business Strategy ◽

Audit Quality ◽

Reporting Quality ◽

Internal Controls ◽

Data Availability ◽

Material Weaknesses ◽

Jel Classifications

SUMMARY This study examines whether a company's business strategy is an underlying determinant of the strength of its internal control over financial reporting (ICFR) and auditors' internal control reporting quality. Organizational theory suggests that companies following an innovative “prospector” strategy are likely to have weaker internal controls than companies following an efficient “defender” strategy. Consistent with theory, we find that firms with greater prospector-like characteristics are more likely to report and less likely to remediate material weaknesses, incremental to known determinants of material weaknesses. We also find that auditors' internal control reporting quality is lower among clients with greater prospector-like characteristics when measured using the timeliness of reported material weaknesses. Our findings indicate that business strategy is a useful summary indicator for evaluating companies' internal control strength and suggest that internal control reporting is an important area for audit quality improvement among prospector-like clients. JEL Classifications: D21; 21; M41. Data Availability: Data are obtained from public sources as indicated in the text.

Download Full-text

Audit Partners' Judgments and Challenges in the Audits of Internal Control over Financial Reporting

Auditing A Journal of Practice & Theory ◽

10.2308/ajpt-18-088 ◽

2020 ◽

Vol 39 (4) ◽

pp. 57-85

Author(s):

Jeffrey R. Cohen ◽

Jennifer R. Joe ◽

Jay C. Thibodeau ◽

Gregory M. Trompeter

Keyword(s):

Financial Reporting ◽

Internal Control ◽

Data Availability ◽

Audit Committees ◽

Structured Interviews ◽

Material Weakness ◽

The Public ◽

National Office ◽

Evaluation Task ◽

Public Company

SUMMARY Internal control over financial reporting (ICFR) audits have been the subject of intensive examination by the Public Company Accounting Oversight Board (PCAOB) and researchers but the process through which auditors make ICFR judgments is largely a “black box.” To understand ICFR judgments, we conducted semi-structured interviews with 20 audit partners. Common themes in our interviews suggest that the subjectivity inherent in the ICFR evaluation task contributes to resistance against ICFR audit findings and cougnterarguments from management. Moreover, auditors perceive that their judgments are being second-guessed by PCAOB inspectors. Auditors believe that managers have difficulty accepting that material weaknesses can exist without a detected error, that management's reflexive reaction is to deny/avoid a material weakness finding, and managers routinely claim that management review controls (MRCs) would have caught the detected control deficiency. Auditors cope with management's defenses by consulting with their national office and leveraging support from strong audit committees. Data Availability: Requests for the data should be accompanied by a description of intended uses.

Download Full-text

Evidence on the Impact of Internal Control over Financial Reporting on Audit Fees

International Journal of Accounting and Financial Reporting ◽

10.5296/ijafr.v9i3.15001 ◽

2019 ◽

Vol 9 (3) ◽

pp. 1

Author(s):

Mohamed Gaber ◽

Samy Garas ◽

Edward J. Lusk

Keyword(s):

Financial Reporting ◽

Internal Control ◽

Public Information ◽

Audit Fees ◽

Stock Trading ◽

Audit Opinion ◽

The Public ◽

Public Company ◽

Effective Group ◽

The Impact

Introduction: Circa 1992, the dot.com sector created an irrational stock-trading market where the usual “financial” profiles of: Liquidity, Cash Flow from Operations, and Revenue generation were replaced by Ponzi-esque mayhem. To stabilize the markets, the Public Company Accounting Oversight Board [PCAOB] required a second audit opinion: the COSO Opinion on the adequacy of management’s system of Internal Control over Financial Reporting: [ICoFR].Study Focus: Three COSO-[ICoFR] designations are now required as public information: (i) A “clean” opinion [Is Effective], (ii) Deficiencies are noted, and (iii) Weaknesses reported. Our research interest is to determine, for a panel of randomly selected firms traded on the S&P500 for a eleven-year period: 2005 to 2015, the nature of the effect that the COSO deficiency reporting protocol has on (i) Audit Fees and (ii) the Market Cap of traded firms.Method: To this end we collected, using the Audit Analytics Ô[WRDSÔ] database, various categories of reported Audit Fees and also Market Cap information. This random sample was classified into two sets: the first group: Is Effective SEC 302 Designation and No COSO issues & the second group: Is Not 100% Effective for which there were SEC 302 Deficiencies or Weaknesses noted.Results: Inferential testing indicates that failure to attend to the PCAOB-COSO imperatives results in a relational where there are higher Audit Fees and a slippage of the firm’s Market Cap compared to the Is Effective Group. The PCAOB’s protocol to require the Audit of the firm’s ICoFR system and make that evaluation public information seems to be an excellent corrective “Carrot and Stick”.

Download Full-text