Presentation is loading. Please wait.

Presentation is loading. Please wait.

By: Jacob Z. Haislip Coauthored with : Adi Masli Vernon J. Richardson J. Manuel Sanchez The Impact of SOX Information Technology Material Weaknesses on.

Published byCory Sims Modified over 9 years ago

Similar presentations

Presentation on theme: "By: Jacob Z. Haislip Coauthored with : Adi Masli Vernon J. Richardson J. Manuel Sanchez The Impact of SOX Information Technology Material Weaknesses on."— Presentation transcript:

1 By: Jacob Z. Haislip Coauthored with : Adi Masli Vernon J. Richardson J. Manuel Sanchez The Impact of SOX Information Technology Material Weaknesses on Corporate Governance: Evidence from CEO, CFO and BOD Turnover and Changes in IT Knowledge

2 Research Questions Do firms that report IT related material weaknesses: experience greater levels of turnover of executives and directors than firms that report non-IT related material weaknesses? replace (appoint) more executives (directors) with IT knowledge than firms that report non-IT related material weaknesses? make more IT upgrades and IT management changes than firms that report non-IT related material weaknesses?

3 Background/Motivation IT serves as the foundation of an effective system of internal controls over financial reporting (Hunton et al. 2008; Kobelsky et al. 2008; Li et al. 2010a; Masli et al 2010). IT is “inextricably linked to the overall financial reporting process and need to be assessed, along with other important processes, for compliance with the Sarbanes-Oxley Act” (ITGI 2006).

4 Background/Motivation Li et al. (2010b) and Johnstone et al. (2010) find increased turnover of executives and directors for material weakness firms. A line of research emphasizes the importance of IT in financial reporting and documents the severity of IT weaknesses (Masli et al. 2010, Klamm and Watson 2009, Li et al. 2010a). Due to the role IT plays both in controls and the financial reporting process, IT material weaknesses can permeate through the entire financial reporting structure thus they are potentially more hazardous than non-IT material weaknesses.

5 Hypotheses H1: The likelihood of management and director turnover is greater for firms that report IT material weaknesses in internal control than for firms that report non-IT material weaknesses. H2: Firms that report IT internal control material weaknesses are more likely to make IT governance changes than firms that report non-IT internal control material weaknesses.

6 Hypotheses H3: Firms that report IT internal control material weaknesses are more likely to hire executives and directors with IT knowledge than firms that report non-IT internal control material weaknesses. H4: Firms that report IT internal control material weaknesses are more likely to make IT initiative changes than firms that report Non-IT internal control material weaknesses.

7 Hypotheses H5: The turnover and remediation efforts are greatest for firms reporting the Data Processing Integrity subcategory of IT internal control material weaknesses.

8 Sample Selection We use Audit Analytics to identify firms that report material weaknesses from 2004-2006, and use the 404 reports to identify the IT-related material weaknesses. We also select a random sample of non-IT weakness firms. We collect information for all of our firms using Audit Analytics, Annual COMPUSTAT (financial statement variables), CRSP, I/B/E/S, Thomson Reuters, and SEC filings (DEF 14A, 10-K, etc.) for one year prior and two years past the weakness year. After eliminating any observations that are missing data, our final sample contains 578 firm year observations, of which 289 are IT material weakness firm year observations.

9 Panel B: Descriptive statistics for executive and director turnover IT Weakness FirmsNon-IT Weakness Firms n= 289 p-value VariablesMeanMedianMeanMedianDiff CEO Turnover0.49100.34900.001 CFO Turnover0.75410.5221<0.001 Chairman Turnover0.22500.1040<0.001 Director Turnover0.75110.5951<0.001 Panel C: Descriptive statistics for change in IT governance variables IT Weakness FirmsNon-IT Weakness Firms n= 289 p-value VariablesMeanMedianMeanMedianDiff CEO IT Knowledge0.05900.0200.019 CFO IT Knowledge0.14200.0450<0.001 Chairman IT Knowledge0.1700.04500.001 Director IT Knowledge0.19700.13500.044 Financial IT Upgrade0.47400.0580<0.001 Accounting IT Upgrade0.30400.0310<0.001 Table 3 – Descriptive Statistics

10 Research Design To test H1 we run the following Logit regression: Turnover i = β 0 + β 1 IT Weakness i,t + β 2 Number of Weaknesses + β 3 LnAssets i,t + β 4 Leverage i,t + β 5 BTM i,t + β 6 ROA i,t + β 7 Loss i,t + β 8 Institutional Holdings i,t + β 9 Analyst i,t + β 10 Restatement i,t-1,t,t+1 + β 11 Board Size i,t + β 12 Board Independence i,t + β 13 CEO Chairman + β 14 Automate i,t + β 15 Transform i,t + β 16 High Tech i,t + β 17 Low Tech. We run the above regression using different dependent variables for turnover. For all of our turnover variables we measure turnover if it occurs in the year of the weakness or either of the two years following the weakness (Similar to Desai et al. 2006 and Collins et al. 2009). We specifically examine turnover for: CEO CFO Directors Chairperson of the Board

11 Research Design To test H2, H3, and H4 we run the following Logit regression: IT Governance Change i or Major IT Initiatives i = α 0 + α 1 IT Weakness i,t + α 2 Number of Weaknesses + α 3 LnAssets i,t + α 4 ROA i,t + α 5 Avg Sales Growth i,t + α 6 Leverage i,t + α 7 Uncertainty i,t + α 8 Automate i,t + α 9 Transform i,t + α 10 High Tech i,t + α 11 Low Tech i,t + α 12 Foreign i,t + α 13 Merger i,t + α 14 Restructuring i,t + α 15 Product Differentiation i,t + α 16 Cost Leadership i,t. We vary our dependent variable depending on which IT governance change we are interested in. These variables include: CEO IT Knowledge CFO IT Knowledge Director IT Knowledge Chairperson IT Knowledge IT Upgrades

12 Table 4. IT Material Weaknesses and Turnover Panel A. Executive and director turnover Model 1Model 2Model 3Model 4Model 5Model 6 VariablesPred CEO Turnover CFO Turnover Director Turnover CEO Turnover CFO Turnover Director Turnover IT Weakness+0.338**0.738***0.982*** (0.047)(0.000) IT Weakness Classification Data Processing Integrity+0.438**0.629**0.733*** (0.047)(0.014)(0.005) System Access and Security+-0.516-0.0210.014 (0.968)(0.528)(0.481) System Structure and Usage+0.156-0.2580.082 (0.318)(0.738)(0.408) The control variables are suppressed. Model c242.2961.3565.4743.5855.0054.51 Pseudo R20.0670.1110.1010.0690.1040.087 Correctly Classified 0.6340.6920.6880.6340.6970.689

13 Panel B. Type of director turnover Model 1Model 2Model 3Model 4 VariablesPred Chairman of BOD Turnover Independent Director Turnover Chairman of BOD Turnover Independent Director Turnover IT Weakness Firm+ 0.966***0.951*** (0.001)(0.000) IT Weakness Classification Data Processing Integrity+ 1.169***0.679*** (0.000)(0.004) System Access and Security+ -0.4760.132 (0.922)(0.315) System Structure and Usage+ -0.1990.009 (0.687)(0.489) The control variables are suppressed. Model c238.7357.3643.1350.26 Pseudo R20.0980.0990.1010.087 Correctly Classified 0.8470.6430.8460.657

14 The control variables are suppressed. Table 5. IT Material Weaknesses and Changes to IT Governance Model 1Model 2Model 3Model 4 VariablesPred Any Change to IT Governance Count of IT Governance Changes Any Change to IT Governance Count of IT Governance Changes IT Weakness Firm+1.211***1.157*** (0.000) IT Weakness Classification Data Processing Integrity+0.840***0.610*** (0.001)(0.004) System Access and Security+0.3030.282 (0.132)(0.125) System Structure and Usage+-0.310-0.103 (0.808)(0.635) Model c2102.46145.0386.60120.08 Pseudo R20.1490.0950.1290.079 Correctly Classified 0.676 0.659

15 The control variables are suppressed. Table 6. IT Material Weaknesses and Executive IT Knowledge Model 1Model 2Model 3Model 4 VariablesPred CEO IT Knowledge CFO IT Knowledge CEO IT Knowledge CFO IT Knowledge IT Weakness Firm+0.821*0.845** (0.075)(0.011) IT Weakness Classification Data Processing Integrity+0.437-0.154 (0.249)(0.620) System Access and Security+-0.2150.554 (0.646)(0.133) System Structure and Usage+0.152-0.040 (0.411)(0.532) Model c251.1650.7558.4742.52 Pseudo R20.1830.1400.1740.129 Correctly Classified 0.9620.9090.9610.911

16 The control variables are suppressed. Table 7. IT Material Weaknesses and Board of Directors IT Knowledge Model 1Model 2Model 3Model 4 VariablesPred Chairman IT Knowledge Director IT Knowledge Chairman IT Knowledge Director IT Knowledge IT Weakness Firm+0.725**0.211 (0.011)(0.217) IT Weakness Classification Data Processing Integrity+0.581*-0.358 (0.065)(0.824) System Access and Security+-0.4710.400 (0.884)(0.142) System Structure and Usage+0.4490.143 (0.142)(0.367) Model c265.9250.0364.1951.99 Pseudo R20.1630.1020.1030.104 Correctly Classified 0.8730.8260.8750.831

17 The control variables are suppressed. Table 8. IT Material Weaknesses and other Major IT Initiatives Model 1Model 2Model 3Model 4Model 5Model 6 VariablesPredIT Upgrade Financial IT Upgrade Accounting IT Upgrade IT Upgrade Financial IT Upgrade Accounting IT Upgrade IT Weakness Firm+2.036***2.484***2.617*** (0.000) IT Weakness Classification Data Processing Integrity+1.237***1.393***1.556*** (0.000) System Access and Security +0.600**0.599**0.171 (0.017)(0.021)(0.297) System Structure and Usage +-0.274-0.319-0.355 (0.793)(0.821)(0.834) Model c2 114.21117.8178.2899.07102.3976.78 Pseudo R2 0.2220.2730.2560.1830.2150.199 Correctly Classified 0.7750.8120.8430.7770.7930.854

18 Table 9. Remediation of Weaknesses: The Influence of IT Governance Changes DV =Change in # of Weaknesses from t to t+2 Pred Model 1Model 2Model 3Model 4 IT Knowledge Changes Any IT Knowledge Change - -0.745** (0.048) CEO IT Knowledge - -0.169-0.064-0.034 (0.391)(0.409)(0.484) CFO IT Knowledge - -1.004*-0.930*-0.909* (0.070)(0.089)(0.072) Chairman IT Knowledge - 0.4260.4230.409 (0.694)(0.695)(0.725) Director IT Knowledge - -0.945*-0.913*-0.900** (0.058)(0.065)(0.045) Audit Committee IT Knowledge - 0.8850.9150.911 (0.561)(0.560)(0.588) Major IT Initiatives Financial IT Upgrade - -0.318-0.314 (0.230)(0.225) IT management - -0.234 (0.364) F Statistics 2.9461.9091.9711.582 Adjusted R2 0.1360.1510.154 The control variables are suppressed.

19 Conclusions and Implications for Practice We find that IT weakness firms have higher levels of turnover and IT governance changes, suggesting that firms recognize the need to make changes to correct the weaknesses. Executives and directors should recognize the importance IT plays both within financial reporting and the internal controls surrounding financial reporting. Hiring an executive or director that understands IT can help decrease the likelihood of material weaknesses.

20

21 IT Weaknesses Firm and YearText from SOX 404 ReportControl IssueControl Category Online Resources Corporation 2007 “the Company’s procedures for the supervisory review of the performance by Company personnel of manual controls associated with account analysis and the verification of the accuracy of electronic spreadsheets that support financial reporting were ineffective. This material weakness resulted in deficiencies in the operation of controls not being detected timely and in multiple errors in the Company’s preliminary 2007 financial statements, including errors in revenue, interest expense, and share based compensation.” Spreadsheet(s), lack of controls over Data Processing Integrity TRC Companies 2006 “The Company did not adequately design controls to maintain appropriate segregation of duties in its manual and computer- based business processes which could affect the Company’s purchasing controls, the limits on the delegation of authority for expenditures, and the proper review of manual journal entries” Segregation of duties not implemented in system Access and Security Digimarc Co 2004“Implementation of the new accounting system also was flawed because some of our accounting, finance and operations employees were not properly trained in the use of the new accounting system.” Insufficient training on system. Structure and Usage

22 IT Weaknesses Quality DimensionIdentifierDefinitions * Data processing integrity IT PROCESS The extent to which data is correct and reliable. System Access and SecurityIT SECURITY The extent to which:  data is available, or easily and quickly retrievable  access to data is restricted appropriately to maintain its security. System Structure and UsageIT STRUCTUREThe extent to which data is:  easily comprehended  presented in the same format

23 IT Knowledge An executive (board member) is said to have IT Knowledge if he/she has prior experience as a CIO (or other IT related management positions), has previously worked in an IT/technology firm, or has IT related degrees such as computer science or management information systems. CEO IT Knowledge (Vitria Technology) M. Dale Skeen, Ph.D., is 51 years old, co-founded Vitria in 1994 and has been our Chief Executive Officer since April 2004. Dr. Skeen has also served as Chief Technology Officer and as a director since Vitria’s inception. From 1986 to 1994, Dr. Skeen served as Chief Scientist at Teknekron Software Systems, now TIBCO, Inc., a software company. From 1984 to 1986, Dr. Skeen was a research scientist at IBM’s Almaden Research Center. From 1981 to 1984, Dr. Skeen was on the faculty at Cornell University. Dr. Skeen holds a B.S. in Computer Science from North Carolina State University and a Ph.D. in Computer Science on Distributed Database Systems from the University of California, Berkeley.

24 IT Upgrades Financial IT Upgrade (Richardson Electronics LTD) The Company is in the application development stage of implementing certain modules of enterprise resource management software (PeopleSoft). Accounting IT Upgrade (Adelphia Communications) With respect to the access to financial applications and data material weakness described above, subsequent to December 31, 2004, we have substantially completed our remediation efforts. We have implemented controls, including policies and procedures that govern security and access to our IT systems, programs and data, including those supporting our financial data relating to property and equipment and our general ledger and financial reporting applications. Non-Financial IT Upgrade (Actividentity Corp.) To meet these challenges we implemented a new customer relationship management system in fiscal 2005, and are continuing the process of modifying and refining it to better meet our needs. Any upgrade to the IT is included in the general IT upgrade. Upgrades specific to the financial functions of the firm are included in the Financial upgrades. Accounting upgrades are financial upgrades that specifically mention changes to the accounting information systems. All other IT upgrades are included in the Non-Financial upgrades.

Download ppt "By: Jacob Z. Haislip Coauthored with : Adi Masli Vernon J. Richardson J. Manuel Sanchez The Impact of SOX Information Technology Material Weaknesses on."

Similar presentations

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.
Problem 10-21 Friggle Corp. is a leasing and property management company located in Alberta. It provides financing to organizations wishing to purchase.

Problem Friggle Corp. is a leasing and property management company located in Alberta. It provides financing to organizations wishing to purchase.
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
The Impact of IT Material Weaknesses on Corporate Governance Discussant Comments Elaine Mauldin Elaine Mauldin University of Missouri.

The Impact of IT Material Weaknesses on Corporate Governance Discussant Comments Elaine Mauldin Elaine Mauldin University of Missouri.
Is the Outcome of a Securities Class Action a Reliable Signal of Accounting Irregularity? Nana Y. Amoah Old Dominion University Alex P. Tang Morgan State.

Is the Outcome of a Securities Class Action a Reliable Signal of Accounting Irregularity? Nana Y. Amoah Old Dominion University Alex P. Tang Morgan State.
Auditing Concepts.

Auditing Concepts.
INTERNAL CONTROL COMPONENT Pertemuan_6 Mata Kuliah: CSP402, IT Governance Tahun Akademik : 2012/2013 SAS 78 / COSO Describes the relationship between the.

INTERNAL CONTROL COMPONENT Pertemuan_6 Mata Kuliah: CSP402, IT Governance Tahun Akademik : 2012/2013 SAS 78 / COSO Describes the relationship between the.
Auditing Computer Systems

Auditing Computer Systems
The Islamic University of Gaza

The Islamic University of Gaza
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
SAS 112 – The Year After Presented by Chris Ray Partner - KPMG LLP KPMG LLP.

SAS 112 – The Year After Presented by Chris Ray Partner - KPMG LLP KPMG LLP.
Seminar in Accounting & Society SOX – Section 404 April 23, 2008.

Seminar in Accounting & Society SOX – Section 404 April 23, 2008.
Audit Planning and Analytical Procedures Chapter 8.

Audit Planning and Analytical Procedures Chapter 8.
The Impact of Information Technology Material Weaknesses on Corporate Governance: Evidence from Executive and Director Turnover, and IT Governance Changes.

The Impact of Information Technology Material Weaknesses on Corporate Governance: Evidence from Executive and Director Turnover, and IT Governance Changes.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 16-1.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
SAS 112 Update Chapter 9 Presented by Chris Ray, Partner KPMG LLP KPMG LLP.

SAS 112 Update Chapter 9 Presented by Chris Ray, Partner KPMG LLP KPMG LLP.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Similar presentations

Ads by Google