SOX 404 Reported Internal Control Weaknesses: A Test of COSO Framework Components and Information Technology

Bonnie K. Klamm; Marcia Weidenmier Watson

doi:10.2308/jis.2009.23.2.1

SOX 404 Reported Internal Control Weaknesses: A Test of COSO Framework Components and Information Technology

Journal of Information Systems ◽

10.2308/jis.2009.23.2.1 ◽

2009 ◽

Vol 23 (2) ◽

pp. 1-23 ◽

Cited By ~ 46

Author(s):

Bonnie K. Klamm ◽

Marcia Weidenmier Watson

Keyword(s):

Information Technology ◽

Internal Control ◽

Negative Impact ◽

Internal Controls ◽

First Year ◽

Section 404 ◽

Sarbanes Oxley ◽

Material Weaknesses ◽

Assessment And Monitoring ◽

Internal Control Weaknesses

ABSTRACT: This paper examines internal controls, from both an information technology (IT) and non-IT perspective, in relation to the five components of the Committee of Sponsoring Organization's Internal Control-Integrated Framework (COSO 1992), as well as the achievement of one of COSO's three objectives-reporting reliability. Our sample consists of 490 firms with material weaknesses reported under Sarbanes-Oxley Section 404 during the first year of compliance. We classify the weaknesses by COSO component and as IT-related or non-IT-related. Our results support the interrelationships of the COSO Framework. The results also show that the number of misstated accounts is positively related to the number of weak COSO components (i.e., scope) and certain weak COSO components (i.e., existence). Firms with IT-related weak components report more material weaknesses and misstatements than firms without IT-related weak components, providing evidence on the pervasive negative impact of weak IT controls, especially in control environment, risk assessment, and monitoring.

Download Full-text

Earnings Management of Firms Reporting Material Internal Control Weaknesses under Section 404 of the Sarbanes-Oxley Act

Auditing A Journal of Practice & Theory ◽

10.2308/aud.2008.27.2.161 ◽

2008 ◽

Vol 27 (2) ◽

pp. 161-179 ◽

Cited By ~ 97

Author(s):

Kam C. Chan ◽

Barbara Farrell ◽

Picheng Lee

Keyword(s):

Earnings Management ◽

Internal Control ◽

Internal Controls ◽

Corporate Disclosure ◽

Section 404 ◽

Sarbanes Oxley ◽

Material Weaknesses ◽

Potential Benefits ◽

Internal Control Weaknesses ◽

Reported Earnings

SUMMARY: The main objectives of the Sarbanes-Oxley Act of 2002 are to improve the accuracy and reliability of corporate disclosure. Under Section 404 of the Sarbanes-Oxley Act, the external auditor has to report an assessment of the firm’s internal controls and attest to management’s assessment of the firm’s internal controls. Material weaknesses in internal controls must be disclosed in the auditor and management reports. The objective of this study is to examine if firms reporting material internal control weaknesses under Section 404 have more earnings management compared to other firms. The results provide mild evidence that there are more positive and absolute discretionary accruals for firms reporting material internal control weaknesses than for other firms. Since the findings of ineffective internal controls by auditors under Section 404 may cause firms to improve their internal controls, Section 404 has the potential benefits of reducing the opportunity of intentional and unintentional accounting errors and of improving the quality of reported earnings.

Download Full-text

The Impact of Information Technology Internal Controls on Firm Performance

Journal of Organizational and End User Computing ◽

10.4018/joeuc.2012040103 ◽

2012 ◽

Vol 24 (2) ◽

pp. 39-49 ◽

Cited By ~ 11

Author(s):

Lemuria D. Carter ◽

Brandis Phillips ◽

Porche Millington

Keyword(s):

Information Technology ◽

Firm Performance ◽

Internal Control ◽

Ordinary Least Squares ◽

Internal Controls ◽

Publicly Traded ◽

Sarbanes Oxley ◽

Internal Control Weaknesses ◽

Performance Results ◽

The Impact

Since the introduction of the Sarbanes-Oxley (SOX) Act in 2002, companies have begun to place more emphasis on information technology (IT) internal controls. IT internal controls are policies that provide assurance that technical systems operate as intended, provide reliable data, and comply with regulations. Research suggests that firms with strong internal controls perform better than those with internal control weaknesses. In this study, the authors evaluate the impact of IT internal controls on firm performance. The sample includes 72 publicly traded firms, 36 that reported IT internal control weaknesses and 36 that did not. The results of ordinary least squares (OLS) regression indicate that substantive IT internal control weaknesses negatively impact firm performance. Results and implications for research and practice are discussed.

Download Full-text

Unexpected Fees and the Prediction of Material Weaknesses in Internal Control Over Financial Reporting

Journal of Accounting Auditing & Finance ◽

10.1177/0148558x16662585 ◽

2016 ◽

Vol 33 (4) ◽

pp. 485-505 ◽

Cited By ~ 4

Author(s):

Susan M. Albring ◽

Randal J. Elder ◽

Xiaolu Xu

Keyword(s):

Financial Reporting ◽

Internal Control ◽

Audit Fees ◽

Financial Statement ◽

Section 404 ◽

Sarbanes Oxley ◽

Material Weaknesses ◽

New Material ◽

Internal Control Weaknesses ◽

Section 302

We investigate whether prior year unexpected audit fees help predict new material weaknesses in internal control over financial reporting reported under Section 404 of the Sarbanes–Oxley Act (SOX). Predicting material weaknesses may be useful to investors and other financial statement users because these disclosures have adverse economic impacts on disclosing firms. Unexpected fees are significantly associated with material weaknesses reported under Section 404, even after controlling for Section 302 disclosures and other factors associated with internal control weaknesses. Unexpected fees are associated with company-level weaknesses but are not significantly associated with account-specific weaknesses, consistent with differences in the nature and severity of the two types of material weaknesses. Our results are consistent with unexpected audit fees containing information on unobserved audit costs and client control risks, which help predict future internal control weaknesses.

Download Full-text

Audit Fees after Remediation of Internal Control Weaknesses

Accounting Horizons ◽

10.2308/acch.2011.25.1.87 ◽

2011 ◽

Vol 25 (1) ◽

pp. 87-105 ◽

Cited By ~ 55

Author(s):

Vishal Munsif ◽

K. Raghunandan ◽

Dasaratha V. Rama ◽

Meghna Singhvi

Keyword(s):

Financial Reporting ◽

Internal Control ◽

Audit Fees ◽

Internal Controls ◽

Future Research ◽

First Year ◽

Section 404 ◽

The Third ◽

Material Weaknesses ◽

Audit Fee

SYNOPSIS: In this study, we examine audit fees for SEC registrants that remediate previously disclosed material weaknesses in internal control. We find that remediating firms have lower audit fees when compared to firms that continue to report material weaknesses in internal control. However, the remediating firms continue to pay, in the year of remediation as well as one and two years subsequent to remediation, a significant audit fee premium compared to firms that have clean Section 404 reports in each of the first four years. Firms that had an adverse Section 404 report only in the first year, but remediated the problems in year two and had clean Section 404 reports in years three and four, pay an audit fee premium of 32 (21) percent in the third (fourth) year when compared to firms that had clean Section 404 reports in each of the first four years. The results, thus, suggest that audit fees are “sticky” for firms that have material weaknesses in internal controls over financial reporting, and suggest some interesting questions for future research.

Download Full-text

The Adoption and Consequences of COSO 2013

Accounting Horizons ◽

10.2308/horizons-18-123 ◽

2021 ◽

Author(s):

Amanuel F Tadesse ◽

Gina Cavalier Rosa ◽

Robert J. Parker

Keyword(s):

Information Technology ◽

Internal Control ◽

Internal Controls ◽

Lower Probability ◽

Control Problems ◽

Timely Manner ◽

Sarbanes Oxley ◽

Enterprise Risk ◽

Control Framework ◽

Internal Control Weaknesses

COSO has developed frameworks for firms to improve their internal controls with the objective of reducing fraud and managing enterprise risk. The frameworks are widely used by firms and their auditors to comply with the internal control requirements of the Sarbanes-Oxley Act (SOX). We investigate two issues involving the most recent COSO internal control framework (COSO 2013): the determinants of a firm's decision to adopt it in a timely manner; and the consequences of adoption on internal controls. In our sample, firms that report internal control problems under SOX 404, especially firms with information technology (IT) problems, are likely to be late adopters. Regarding the consequences of adoption, for late adopters, we find that firms using the revised COSO framework have a lower probability of reporting weaknesses in IT-related controls. We also find evidence that COSO 2013 adoption is helpful in remediating internal control weaknesses.

Download Full-text

The Severity of Internal Controls over Financial Reporting Deficiencies: Differences among Types and Industries

FINANCIAL REPORTING ◽

10.3280/fr2014-001003 ◽

2014 ◽

pp. 55-77

Author(s):

Tatiana Mazza ◽

Stefano Azzali

Keyword(s):

Information Technology ◽

Financial Reporting ◽

Internal Control ◽

Service Industry ◽

Listed Companies ◽

Internal Controls ◽

Service Companies ◽

Finance Industry ◽

Material Weaknesses ◽

Fixed Assets

This study analyzes the severity of Internal Control over Financial Reporting deficiencies (Deficiencies, Significant Deficiencies and Material Weaknesses) in a sample of Italian listed companies, in the period 2007- 2012. Using proprietary data the severity of the deficiencies is tested for account-specific, entity level and information technology controls and for industries (manufacturing and services vs finance industries). The results on ICD severity is compared with one of the most frequent ICD (Acc_Period End/Accounting Policies): for account-specific, ICD in revenues, purchase, fixed assets and intangible, loans and insurance are more severe while ICD in Inventory are less severe. Differences in ICD severity have been found in the characteristic account: ICD in loan and insurance for finance industry and ICD in revenue, purchase for manufacturing and service industry are more severe. Finally, we found that ICD in entity level and information technology controls are less severe than account specific ICD in all industries. However, the results on entity level and information technology deficiencies could also mean that the importance of these types of control are under-evaluated by the manufacturing and service companies.

Download Full-text

Characteristics of Firms with Material Weaknesses in Internal Control: An Assessment of Section 404 of Sarbanes Oxley

SSRN Electronic Journal ◽

10.2139/ssrn.682363 ◽

2005 ◽

Cited By ~ 29

Author(s):

Stephen H. Bryan ◽

Steven B. Lilien

Keyword(s):

Internal Control ◽

Section 404 ◽

Sarbanes Oxley ◽

Material Weaknesses

Download Full-text

Observed effectiveness of the COSO 2013 framework

Journal of Accounting & Organizational Change ◽

10.1108/jaoc-07-2018-0064 ◽

2019 ◽

Vol 16 (1) ◽

pp. 31-45

Author(s):

Ifeoma Udeh

Keyword(s):

Control Systems ◽

Internal Control ◽

Design Methodology ◽

Control Process ◽

Regression Analyses ◽

Section 404 ◽

Content Type ◽

Sarbanes Oxley ◽

Material Weaknesses ◽

Practical Implications

Purpose This paper aims to examine the effectiveness of the Committee of Sponsoring Organization’s 2013 Framework, by investigating how the number of auditor-reported material weaknesses compares for Early-, Timely- and Late-adopters of the framework, and how the number of auditor-reported material weaknesses changed for Early- and Timely-adopters following their adoption of the framework. Design/methodology/approach The paper uses regression analyses based on a sample of US firms subject to Sarbanes-Oxley Act Section 404(b). Findings Timely-adopters of the 2013 Framework continued to exhibit fewer instances of auditor-reported material weaknesses than Late-adopters, even though they had a marginal increase in the number of auditor-reported material weaknesses, in the post-2013 Framework period. Practical implications The findings suggest that the effectiveness of the 2013 Framework may lie in the iterative nature of the internal control process, and as firms remedy deficiencies they or their auditors identify, they will continuously improve the effectiveness of their internal control systems. Originality/value Unlike existing literature, this paper uses data from the pre-2013 Framework, transition and post-2013 Framework periods to examine changes in the number of auditor-reported material weaknesses, thus differentiating between Early-, Timely- and Late-adopters of the 2013 Framework. It also shows the effect of adopting the 2013 Framework on the number of auditor-reported material weaknesses.

Download Full-text

SOX Section 404 Material Weakness Disclosures and Audit Fees

Auditing A Journal of Practice & Theory ◽

10.2308/aud.2006.25.1.99 ◽

2006 ◽

Vol 25 (1) ◽

pp. 99-114 ◽

Cited By ~ 258

Author(s):

K. Raghunandan ◽

Dasaratha V. Rama

Keyword(s):

Financial Reporting ◽

Internal Control ◽

Audit Fees ◽

Internal Controls ◽

Fiscal Year ◽

Section 404 ◽

Control Material ◽

Material Weakness ◽

Sarbanes Oxley ◽

The Mean

Section 404 of the Sarbanes-Oxley Act and Auditing Standard No. 2 (PCAOB 2004) require management and the auditor to report on internal controls over financial reporting. Section 404 is arguably the most controversial element of SOX, and much of the debate around the costs of implementing section 404 has focused on auditors' fees (Ernst & Young 2005). In this paper, we examine the association between audit fees and internal control disclosures made pursuant to section 404. Our sample includes 660 manufacturing firms that have a December 31, 2004 fiscal year-end and filed the section 404 report by May 15, 2005. We find that the mean (median) audit fees for the firms in our sample for fiscal 2004 is 86 (128) percent higher than the corresponding fees for fiscal 2003. Audit fees for fiscal 2004 are 43 percent higher for clients with a material weakness disclosure compared to clients without such disclosure; however, audit fees for fiscal 2003 are not associated with an internal control material weakness disclosure (in the 10-K filed following fiscal 2004). We also find that the association between audit fees and the presence of a material weakness disclosure does not vary depending on the type of material weakness (systemic or non-systemic).

Download Full-text

Corporate Governance and Internal Control over Financial Reporting: A Comparison of Regulatory Regimes

The Accounting Review ◽

10.2308/accr.2009.84.3.839 ◽

2009 ◽

Vol 84 (3) ◽

pp. 839-867 ◽

Cited By ~ 288

Author(s):

Udi Hoitash ◽

Rani Hoitash ◽

Jean C. Bedard

Keyword(s):

Corporate Governance ◽

Financial Reporting ◽

Internal Control ◽

Audit Committee ◽

Section 404 ◽

Sarbanes Oxley ◽

Material Weaknesses ◽

Financial Expertise ◽

Financial Expert ◽

Section 302

ABSTRACT: This study examines the association between corporate governance and disclosures of material weaknesses (MW) in internal control over financial reporting. We study this association using MW reported under Sarbanes-Oxley Sections 302 and 404, deriving data on audit committee financial expertise from automated parsing of member qualifications from their biographies. We find that a lower likelihood of disclosing Section 404 MW is associated with relatively more audit committee members having accounting and supervisory experience, as well as board strength. Further, the nature of MW varies with the type of experience. However, these associations are not detectable using Section 302 reports. We also find that MW disclosure is associated with designating a financial expert without accounting experience, or designating multiple financial experts. We conclude that board and audit committee characteristics are associated with internal control quality. However, this association is only observable under the more stringent requirements of Section 404.

Download Full-text