We examine detection and severity classification of internal control deficiencies (ICD) identified under Section 404 of the Sarbanes-Oxley Act of 2002. While the cost/benefit balance of auditor testing of internal controls is highly controversial, prior research has not examined auditor vs. client detection of ICD, nor has it examined factors auditors consider in judging ICD severity. We find that auditors detect about three-fourths of unremediated ICD, usually though control testing. This finding contrasts with extant research inferring control deficiency detection effectiveness from publicly available data, underscoring the value of Section 404 auditor testing in improving financial reporting quality. Auditors judge greater severity when a misstatement has already occurred. In the absence of a misstatement, severity is contingent on client and ICD characteristics, implying a more complex and nuanced judgment process without objective evidence of control failure. We also find that clients often underestimate ICD severity, but this tendency is lower among well-controlled companies with a well-designed Section 404 process.

For additional information contact Jean Bedard (jbedard@bentley.edu)

Hunton, J. E., Rose, J. (2011). Effects of Anonymous Whistle-Blowing and Perceived Reputation Threats on Investigations of Whistle-Blowing Allegations by Audit Committee Members. Journal of Management Studies, 48 (1), 75-98.

A total of 83 experienced audit committee members participated in an experiment in which they evaluated the credibility of and allocated investigative resources towards a whistle-blowing allegation of financial reporting malfeasance by corporate executive officers. We manipulated whether the whistle-blowing allegation was made through anonymous or non-anonymous channels and whether the allegation posed a relatively high or low threat to the personal reputation of the audit committee member who was charged with investigating the allegation. Results indicate that the participating audit committee members attributed lower credibility and allocated fewer investigatory resources when the whistle-blowing report was received through an anonymous versus non-anonymous channel, and when the allegation posed a relatively high versus low level of reputation threat. While the Sarbanes–Oxley Act of 2002 requires audit committees of publicly traded firms to provide an anonymous whistle-blowing channel to employees, our findings suggest disturbing unintended consequences of such regulation; specifically, audit committee members might fail to sufficiently investigate whistle-blowing allegations received through anonymous whistle-blowing channels, particularly if the allegation poses a personal reputation threat.

For additional information contact Jim Hunton (jhunton@bentley.edu)

Abdolmohammadi, M. J., Read, W. J., Asare, K. N. (2010). Corporate Governance Factors Associated with Financial Fraud. Journal of Forensic and Investigative Accounting, 2 (2), 1-29.

We identify a sample of 36 publicly-held companies with financial fraud in their 2003 financial statements. We use industry-specific summary corporate governance ratings (CGQ-Y) from RiskMetrics Group (formerly Institutional Investor Services), to select a sample of control firms with governance ratings similar to the fraud firms. We trace changes in CGQ-Y ratings as well as numerous governance mechanisms over the period of 2003-2006 to identify those with significant differences between the fraud firms and control firms. Specifically, we identify two corporate governance mechanisms with theoretical justification for their effects on differences due to fraud. The first is the extent of non-audit services, as proxied by the dollar magnitude of “audit-related” and “other” non-audit fees, provided by incumbent auditors. We hypothesize and find that significantly fewer fraud firms received substantial non-audit services compared to the control sample. The second governance variable is board election, where we hypothesize and find that fraud companies elect all directors annually, more often than control firms, which have more staggered terms for their directors.

We used the Compustat data base to codify a number of control variables identified from prior literature as impacting governance and investigated differences by fraud and control firms. We do not find significant differences between fraud and control firms with respect to return on assets, the proportion of executive ownership of the firm, or firm size. However, we find that fraud firms have significantly more financial need, lower Z-scores, and more audit committee meetings in the fraud year than control firms. Finally, when compared with control firms, we find that fraud firms improve their overall governance rating in the year following the fraud, but revert to lower ratings in the following two years.

For additional information contact Ali Abdolmohammadi (mabdolmohamm@bentley.edu)

Markus, M., & Jacobson, D. (2010). Business Process Governance. The International Handbook on Business Process Management (pp. 199-220). New York, NY: Springer

Good business process governance is necessary for the success of business processes, which in turn are essential for business success. The term business process governance refers to the direction, coordination, and control of individuals, groups, or organizations that are at least to some extent autonomous: that is, not directly subject to the same hierarchical authority. Business process governance comprises a variety of mechanisms that may be impersonal (e.g., laws or rules) or personal (i.e., administered by individuals who may or may not have formally designated responsibility or accountability for governance). All governance mechanisms have pros and cons; some mechanisms are more effective (and more costly) than others. The challenge is to design a cost-effective governance structure, which usually consists of several mechanisms working in combination. This chapter describes various governance mechanisms, identifies their advantages and disadvantages, and provides examples that reveal how governance mechanisms contribute to business process success.

For more information, please contact: Lynne Markus (MLMARKUS@bentley.edu) or Dax Jacobson (DJacobson@bentley.edu).

Abdolmohammadi, M. (2009). Factors Associated with Use and Compliance with the IIA Standards: A Study of Anglo-culture CAEs. International Journal of Auditing, 13 (1, March): 27-42.

Chief audit executives (CAEs) are required to use and comply with The International Standards for the Professional Practice of Internal Auditing (standards). However, this study finds that 13.5 percent of CAEs in Anglo-culture countries do not use the standards. Furthermore, of those who use the Standards a significant number fail to comply with specific standards. Multivariate tests of data from CAEs in this study show that “length of IIA membership” and “internal auditing certification” are positively associated with use. Other significant variables are “superseded by local/government regulations or standards,” “not perceived as value added by management/board” and “compliance not expected in the country” that are inversely related to use,  The length of training is also positively associated with compliance, while other significant variables are internal audit certification, “standards are too costly,” “not perceived as value added by management/board” and “inadequate internal audit staff” that are negatively associated with compliance. The paper ends with a discussion of the implications of these results for practice and research.

For additional information contact the author: Ali Abdolmohammadi (mabdolmo@bentley.edu)

Bierstaker, J., Hunton, J., Thibodeau J. (2009). Do Client-Prepared Internal Control Documentation and Business Process Flowcharts Help or Hinder and Auditor’s Ability to Identify Missing Controls? Auditing: A Journal of Practice and Theory, 28 (1), 79-94.

Experimental findings from experienced auditor participants indicate that when auditors are evaluating the effectiveness of a client’s internal control system for a significant business process, they should be provided with a flowchart of the business process under examination, but they should complete their internal control design evaluation before reading client-prepared internal control documentation.

For additional information contact Jim Hunton (jhunton@bentley.edu)

Hoitash, R., Hoitash, U. (2009). The Role of Audit Committees in Managing Relationships with External Auditors after SOX: Evidence from the US. Managerial Auditing Journal, 24 (4), 368-397.

Recent US reforms aimed at strengthening audit committees and their structure assign independent audit committees the responsibility to appoint, dismiss, and compensate auditors. We examine the association between audit committee characteristics and auditors' compensation and dismissals following the enactment of SOX. We observe that stronger audit committees demand higher level of assurance and are less likely to dismiss their auditors. Further, we find increase in auditor independence as measured by reduced board involvement and less dismissals following unfavorable audit opinion. Our overall results suggest that increased audit committee roles and independence after SOX contribute to auditor independence and audit quality.

For additional information contact Rani Hoitash (rhoitash@bentley.edu)

Hoitash, R., Hoitash, U., Bedard, J. C. (2009). Evidence from the U.S. on the effect of auditor involvement in assessing internal control over financial reporting. International Journal of Auditing, 13 (2), 105-125.

Securities regulators around the world are considering the costs and benefits of alternative policies for providing information to financial markets on corporate internal control. These policy options differ on the level of auditor involvement, among other dimensions. We examine the association of relative auditor involvement and auditor characteristics with Section 302 internal control disclosures made by US “non-accelerated filers” from 2003-2005. We find more material weaknesses disclosed in the fourth quarter, when there is relatively more auditor involvement, relative to the first three quarters. Clients of larger audit firms have higher disclosure rates (although they are likely less risky due to more stringent client acceptance standards), but this difference is due to fourth quarter disclosures. Audit firms with Section 404 experience also have greater material weakness disclosure, implying process improvement associated with knowledge sharing across engagements. Collectively, our results shed light on ways to increase the effectiveness of internal control regulation.

For additional information contact Rani Hoitash (rhoitash@bentley.edu)

Hoitash, U., Hoitash, R., Bedard, J. C. (2009). Corporate Governance and Internal Control over Financial Reporting: A Comparison of Regulatory Regimes. The Accounting Review, 84 (3), 839-867.

This study examines the association between corporate governance and disclosures of material weaknesses (MW) in internal control over financial reporting. We study this association using MW reported under Sarbanes-Oxley Sections 302 and 404, deriving data on audit committee financial expertise from automated parsing of member qualifications from their biographies. We find that a lower likelihood of disclosing Section 404 MW is associated with relatively more audit committee members having accounting and supervisory experience, as well as board strength. Further, the nature of MW varies with the type of experience. However, these associations are not detectable using Section 302 reports. We also find that MW disclosure is associated with designating a financial expert without accounting experience, or designating multiple financial experts. We conclude that board and audit committee characteristics are associated with internal control quality. However, this association is only observable under the more stringent requirements of Section 404.

For additional information contact Rani Hoitash (rhoitash@bentley.edu)

Smith, E., Johnstone K., Bedard, J. (2009). How good is your audit firm? Directorship, June/July, 64-67.

Audit firms may soon be required by regulators to divulge information about the activities of their firms that is relevant to measuring audit quality. This paper updates public company directors about the background of this possible regulatory initiative, and its possible implications for audit committees.

For additional information contact Jean Bedard (jbedard@bentley.edu)

Hunton, J., Mauldin, E., Wheeler, P. (2008) Functional and Dysfunctional Effects of Continuous Monitoring. The Accounting Review, 83 (6): 1551-1570.

In an experimental setting, experienced managers respond to being continuously monitored by internal auditing and the findings suggest that continuous monitoring yielded the functional effect of reducing earnings management; however, an unexpected dysfunctional effect simultaneously emerged—the managers became overly risk averse.

For additional information contact Jim Hunton (jhunton@bentley.edu)

Jenkins, G., Deis, D., Bedard J., Curtis, M. (2008). Accounting firm culture and governance: A research synthesis. Behavioral Research in Accounting, 20 (1): 45-74.

This paper summarizes research related to accounting firm culture and governance. While perennially important, this topic has immediacy due to the intention of the Public Company Accounting Oversight Board (PCAOB) to consider revisions of the current U.S. interim auditing standards on quality control. Our purposes are to bring together several disparate lines of research on this broad topic in order to identify specific areas of insufficient research. We review literature related to the roles of culture and subcultures within audit firms, and the relation between culture and audit quality. We also consider governance and control mechanisms, including policies related to consultation, independent monitoring boards, ethics training and acculturation. Throughout the paper, we offer suggestions for future research based on the current status of the literature and the recent environmental changes in the auditing profession.

For additional information contact the author: Jean Bedard (jbedard@bentley.edu)

Hunton, J., Rose, J. (2007) Can Directors’ Self-Interests Affect Accounting Choices?Accounting, Organizations and Society, 33 (7 and 8): 783-800.

Findings from an experiment that included experienced audit committee members indicate that directors holding multiple directorships are less likely to accept an auditor’s restatement recommendation than directors with a single directorship due to the potential adverse effects of restatements on their reputation capital.

For additional information contact Jim Hunton (jhunton@bentley.edu)

Thibodeau, J.C., Packwood, T.R. (2007). A Risk-Based Approach to Achieving Audit Committee Effectiveness. Bank Accounting and Finance, December, 39-42.

The risk assessment and management system described in this article is a practical and efficient tool that can be used by audit committee members to help demonstrate that they have met their fiduciary responsibility to shareholders. Importantly, the tool helps to satisfy both business and regulatory requirements. The combined report identifies and monitors more than 250 risks. The comprehensive nature of the report enables board and audit committee members to efficiently review and monitor policy compliance, areas requiring additional focus, areas requiring follow-up questions and explicit action plans.

Check the website to download a copy:

http://www.bankaccountingandfinance.com/RecentIssues.htm#December2007

Or, contact the author:  Jay Thibodeau (jthibodeau@bentley.edu)