The Impact of Information Technology Internal Controls on Firm Performance

2012 ◽  
Vol 24 (2) ◽  
pp. 39-49 ◽  
Author(s):  
Lemuria D. Carter ◽  
Brandis Phillips ◽  
Porche Millington
Keyword(s):  
Information Technology ◽  
Firm Performance ◽  
Internal Control ◽  
Ordinary Least Squares ◽  
Internal Controls ◽  
Publicly Traded ◽  
Sarbanes Oxley ◽  
Internal Control Weaknesses ◽  
Performance Results ◽  
The Impact

Since the introduction of the Sarbanes-Oxley (SOX) Act in 2002, companies have begun to place more emphasis on information technology (IT) internal controls. IT internal controls are policies that provide assurance that technical systems operate as intended, provide reliable data, and comply with regulations. Research suggests that firms with strong internal controls perform better than those with internal control weaknesses. In this study, the authors evaluate the impact of IT internal controls on firm performance. The sample includes 72 publicly traded firms, 36 that reported IT internal control weaknesses and 36 that did not. The results of ordinary least squares (OLS) regression indicate that substantive IT internal control weaknesses negatively impact firm performance. Results and implications for research and practice are discussed.

SOX 404 Reported Internal Control Weaknesses: A Test of COSO Framework Components and Information Technology

2009 ◽  
Vol 23 (2) ◽  
pp. 1-23 ◽  
Author(s):  
Bonnie K. Klamm ◽  
Marcia Weidenmier Watson
Keyword(s):  
Information Technology ◽  
Internal Control ◽  
Negative Impact ◽  
Internal Controls ◽  
First Year ◽  
Section 404 ◽  
Sarbanes Oxley ◽  
Material Weaknesses ◽  
Assessment And Monitoring ◽  
Internal Control Weaknesses

ABSTRACT: This paper examines internal controls, from both an information technology (IT) and non-IT perspective, in relation to the five components of the Committee of Sponsoring Organization's Internal Control-Integrated Framework (COSO 1992), as well as the achievement of one of COSO's three objectives-reporting reliability. Our sample consists of 490 firms with material weaknesses reported under Sarbanes-Oxley Section 404 during the first year of compliance. We classify the weaknesses by COSO component and as IT-related or non-IT-related. Our results support the interrelationships of the COSO Framework. The results also show that the number of misstated accounts is positively related to the number of weak COSO components (i.e., scope) and certain weak COSO components (i.e., existence). Firms with IT-related weak components report more material weaknesses and misstatements than firms without IT-related weak components, providing evidence on the pervasive negative impact of weak IT controls, especially in control environment, risk assessment, and monitoring.

The Adoption and Consequences of COSO 2013

2021 ◽  
Author(s):  
Amanuel F Tadesse ◽  
Gina Cavalier Rosa ◽  
Robert J. Parker
Keyword(s):  
Information Technology ◽  
Internal Control ◽  
Internal Controls ◽  
Lower Probability ◽  
Control Problems ◽  
Timely Manner ◽  
Sarbanes Oxley ◽  
Enterprise Risk ◽  
Control Framework ◽  
Internal Control Weaknesses

COSO has developed frameworks for firms to improve their internal controls with the objective of reducing fraud and managing enterprise risk. The frameworks are widely used by firms and their auditors to comply with the internal control requirements of the Sarbanes-Oxley Act (SOX). We investigate two issues involving the most recent COSO internal control framework (COSO 2013): the determinants of a firm's decision to adopt it in a timely manner; and the consequences of adoption on internal controls. In our sample, firms that report internal control problems under SOX 404, especially firms with information technology (IT) problems, are likely to be late adopters. Regarding the consequences of adoption, for late adopters, we find that firms using the revised COSO framework have a lower probability of reporting weaknesses in IT-related controls. We also find evidence that COSO 2013 adoption is helpful in remediating internal control weaknesses.

The Impact of Internal Controls and Penalties on Fraud

2010 ◽  
Vol 24 (1) ◽  
pp. 1-21 ◽  
Author(s):  
Roberta Ann Barra
Keyword(s):  
Internal Control ◽  
Internal Controls ◽  
Reliability Engineering ◽  
Ceteris Paribus ◽  
Sarbanes Oxley ◽  
Internal Control System ◽  
Analytical Reliability ◽  
Net Assets ◽  
Managerial Employees ◽  
The Impact

ABSTRACT: Little prior research exists on the parameters of internal control activities. The Sarbanes-Oxley Act of 2002 (SOX 2002) makes identifying the properties of these parameters under various conditions important. In this paper, an analytical/reliability engineering methodology is used to investigate the relative impact of penalties versus other types of internal controls on managerial and non-managerial employees’ propensity to commit fraud. Ceteris paribus, increasing required effort with internal controls and/or increasing employee penalties, increases the minimum amount stolen when a fraud incident occurs; that is, more net assets will be taken per fraud incident with controls than without controls. The findings show that the firm’s least-cost scenario with managerial employees is to enforce maximum penalties. The firm’s least-cost scenario with non-managerial employees is to utilize alternative internal controls while imposing minimum penalties. Further, the effectiveness of separation of duties is dependent on the detective controls in the internal control system.

Earnings Management of Firms Reporting Material Internal Control Weaknesses under Section 404 of the Sarbanes-Oxley Act

2008 ◽  
Vol 27 (2) ◽  
pp. 161-179 ◽  
Author(s):  
Kam C. Chan ◽  
Barbara Farrell ◽  
Picheng Lee
Keyword(s):  
Earnings Management ◽  
Internal Control ◽  
Internal Controls ◽  
Corporate Disclosure ◽  
Section 404 ◽  
Sarbanes Oxley ◽  
Material Weaknesses ◽  
Potential Benefits ◽  
Internal Control Weaknesses ◽  
Reported Earnings

SUMMARY: The main objectives of the Sarbanes-Oxley Act of 2002 are to improve the accuracy and reliability of corporate disclosure. Under Section 404 of the Sarbanes-Oxley Act, the external auditor has to report an assessment of the firm’s internal controls and attest to management’s assessment of the firm’s internal controls. Material weaknesses in internal controls must be disclosed in the auditor and management reports. The objective of this study is to examine if firms reporting material internal control weaknesses under Section 404 have more earnings management compared to other firms. The results provide mild evidence that there are more positive and absolute discretionary accruals for firms reporting material internal control weaknesses than for other firms. Since the findings of ineffective internal controls by auditors under Section 404 may cause firms to improve their internal controls, Section 404 has the potential benefits of reducing the opportunity of intentional and unintentional accounting errors and of improving the quality of reported earnings.

Using a Movie to Study the COSO Internal Control Framework: An Instructional Case

2008 ◽  
Vol 22 (1) ◽  
pp. 63-76 ◽  
Author(s):  
Arline Savage ◽  
Carolyn Strand Norman ◽  
Kathryn A. S. Lancaster
Keyword(s):  
Internal Control ◽  
House Of Representatives ◽  
Financial Institution ◽  
Internal Controls ◽  
Publicly Traded ◽  
Accounting Firms ◽  
Publicly Traded Companies ◽  
Sarbanes Oxley ◽  
Control Framework ◽  
Accounting Graduates

Following enactment of the Sarbanes-Oxley Act (SOX) of 2002 (U.S. House of Representatives 2002), public accounting firms and publicly traded companies are much more focused on internal controls. Accordingly, many accounting graduates will be asked to evaluate, document, and perhaps test the adequacy of an organization's internal control structure. The Committee of Sponsoring Organizations' (COSO 1992) Internal Control—Integrated Framework is the most widely used tool for this purpose. This instructional case, based on the movie, Rogue Trader, gives students the opportunity to see the consequences of lax corporate governance and weak internal controls at the Barings Bank. Students view the movie and then use the COSO framework to critically analyze the collapse of a well-established financial institution.

The Impact of Enterprise Resource Planning (ERP) Systems on the Effectiveness of Internal Controls over Financial Reporting

2011 ◽  
Vol 25 (1) ◽  
pp. 129-157 ◽  
Author(s):  
John J. Morris
Keyword(s):  
Financial Reporting ◽  
Enterprise Resource Planning ◽  
Internal Control ◽  
Control Sample ◽  
Resource Planning ◽  
Internal Controls ◽  
Erp Systems ◽  
Individual Account ◽  
Sarbanes Oxley ◽  
The Impact

ABSTRACT: Software vendors that market enterprise resource planning (ERP) systems have taken advantage of the increased focus on internal controls that grew out of the Sarbanes-Oxley (SOX) legislation by emphasizing that a key feature of ERP systems is the use of “built-in” controls that mirror a firm’s infrastructure. They argue that these built-in controls and other features will help firms improve their internal control over financial reporting as required by SOX. This study tests that assertion by examining SOX Section 404 compliance data for a sample of firms that implemented ERP systems between 1994 and 2003. The results suggest that ERP-implementing firms are less likely to report internal control weaknesses (ICW) than a matched control sample of non-ERP-implementing firms. It also finds that this difference exists for both general (entity-wide), and individual (account-level) controls.

scholarly journals Internal Control Weakness and Managerial Myopia: Evidence from SOX Section 404 Disclosures

2019 ◽  
Vol 8 (1) ◽  
pp. 71-83 ◽  
Author(s):  
Amy E. Ji
Keyword(s):  
Financial Reporting ◽  
Internal Control ◽  
Investment Decisions ◽  
Reporting Quality ◽  
Internal Controls ◽  
Financial Reporting Quality ◽  
Section 404 ◽  
Managerial Myopia ◽  
Internal Control Weaknesses ◽  
The Impact

Problem/ Relevance: Managerial myopia is an important issue of interests to academics, practitioners, and regulators as managers have been condemned for their obsession with short-term earnings and myopic investment decisions that sacrifice firms’ long term value for shareholders. This article contributes by examining whether the quality of firms’ internal controls over financial reporting (ICFR) is associated with managerial myopia. Research Objective/ Questions: The purpose of this study is to examine whether managers in firms reporting material internal control weaknesses (ICW) under Section 404 of the Sarbanes-Oxley Act (SOX) of 2002 engage in myopic behaviors more than those in firms without reporting ICW. Methodology: The study uses the logit regression model to investigate a sample obtained from Compustat for the period of 2005-2013. Major Findings: The study finds a positive association between internal control weaknesses reported by auditors under Section 404 of the SOX and managerial short-termism which is measured by the probability of cutting R&D expenses in the current year from the previous year. Implications: Whereas prior studies mostly examine the impact of internal controls on accounting quality, this study demonstrates the implication of internal controls beyond financial reporting quality by showing an association between internal control quality and managerial myopia. Future research may further investigate the association between firms’ financial reporting quality and managerial investment decisions.

scholarly journals USING THE ANALYTIC HIERARCHY PROCESS TO ASSESS THE IMPACT OF INTERNAL CONTROL WEAKNESSES ON FIRM PERFORMANCE

2020 ◽  
Vol 12 (2) ◽  
Author(s):  
Amanda Lyn Wilford ◽  
Lawrence D. Bodin ◽  
Lawrence A. Gordon
Keyword(s):  
Firm Performance ◽  
Analytic Hierarchy Process ◽  
Internal Control ◽  
Analytic Hierarchy ◽  
Sarbanes Oxley ◽  
Different Types ◽  
The Analytic Hierarchy Process ◽  
The Impact ◽  
Hierarchy Process ◽  
Binary Measure

Since the passage of the Sarbanes-Oxley Act (SOX) of 2002, many studies have examined the impact of material weaknesses in internal control systems (MWICS) on firm performance. Overall, these studies indicate that a negative association exists between poor internal control and firm performance. Prior research suggests that the above noted association between internal control and firm performance should be affected by both the actual number and the different types of MWICS. However, this stream of research has focused on using a binary measure for internal control and has not considered the combined impact that the different types of MWICS may have on firm performance. In this study, we create and introduce a new internal control index, derived from the Analytic Hierarchy Process (AHP). We then show that more information regarding the impact of MWICS can be obtained through our AHP index measure as opposed to the binary measure that is commonly used. These findings have important implications for a firm’s stakeholders (e.g., managers, stockholders, creditors, financial analysts, employees, and auditors).

The Severity of Internal Controls over Financial Reporting Deficiencies: Differences among Types and Industries

2014 ◽  
pp. 55-77
Author(s):  
Tatiana Mazza ◽  
Stefano Azzali
Keyword(s):  
Information Technology ◽  
Financial Reporting ◽  
Internal Control ◽  
Service Industry ◽  
Listed Companies ◽  
Internal Controls ◽  
Service Companies ◽  
Finance Industry ◽  
Material Weaknesses ◽  
Fixed Assets

This study analyzes the severity of Internal Control over Financial Reporting deficiencies (Deficiencies, Significant Deficiencies and Material Weaknesses) in a sample of Italian listed companies, in the period 2007- 2012. Using proprietary data the severity of the deficiencies is tested for account-specific, entity level and information technology controls and for industries (manufacturing and services vs finance industries). The results on ICD severity is compared with one of the most frequent ICD (Acc_Period End/Accounting Policies): for account-specific, ICD in revenues, purchase, fixed assets and intangible, loans and insurance are more severe while ICD in Inventory are less severe. Differences in ICD severity have been found in the characteristic account: ICD in loan and insurance for finance industry and ICD in revenue, purchase for manufacturing and service industry are more severe. Finally, we found that ICD in entity level and information technology controls are less severe than account specific ICD in all industries. However, the results on entity level and information technology deficiencies could also mean that the importance of these types of control are under-evaluated by the manufacturing and service companies.

Board Independence and Internal Control Weakness: Evidence from SOX 404 Disclosures

2016 ◽  
Vol 36 (2) ◽  
pp. 45-62 ◽  
Author(s):  
Yangyang Chen ◽  
W. Robert Knechel ◽  
Vijaya Bhaskar Marisetty ◽  
Cameron Truong ◽  
Madhu Veeraraghavan
Keyword(s):  
Internal Control ◽  
Internal Controls ◽  
Board Independence ◽  
Negative Relation ◽  
Internal Control Weaknesses ◽  
A Company ◽  
Jel Classifications

SUMMARY In this paper, we investigate whether board independence has an impact on the likelihood that a company reports weaknesses in internal controls. Using a sample of 11,226 firm-year observations spanning the period 2004–2012, we establish several findings. First, we document a negative relation between board independence and the disclosure of internal control weaknesses. We also document that the negative relation is stronger for firms with unitary leadership (combined positions of CEO and chairman) than for firms with dual leadership. Next, we show that board independence is associated with both fewer account-specific and company-level weaknesses. Finally, we show that board independence is associated with timely remediation of internal control weaknesses and that the implementation of Auditing Standard No. 5 in 2007 weakens the effect of board independence on the disclosure of ICW. JEL Classifications: G10; G18.

Sign in / Sign up

Export Citation Format

Share Document