By: Jacob Z. Haislip Coauthored with : Adi Masli Vernon J. Richardson J. Manuel Sanchez The Impact...
Transcript of By: Jacob Z. Haislip Coauthored with : Adi Masli Vernon J. Richardson J. Manuel Sanchez The Impact...
By: Jacob Z. Haislip
Coauthored with :
Adi Masli Vernon J. Richardson
J. Manuel Sanchez
The Impact of SOX Information Technology Material Weaknesses on Corporate
Governance: Evidence from CEO, CFO and BOD Turnover and Changes in IT Knowledge
Research Questions• Do firms that report IT related material weaknesses:
• experience greater levels of turnover of executives and directors than firms that report non-IT related material weaknesses?
• replace (appoint) more executives (directors) with IT knowledge than firms that report non-IT related material weaknesses?
• make more IT upgrades and IT management changes than firms that report non-IT related material weaknesses?
Background/Motivation• IT serves as the foundation of an effective system of internal
controls over financial reporting (Hunton et al. 2008; Kobelsky et al. 2008; Li et al. 2010a; Masli et al 2010).
• IT is “inextricably linked to the overall financial reporting process and need to be assessed, along with other important processes, for compliance with the Sarbanes-Oxley Act” (ITGI 2006).
Background/Motivation• Li et al. (2010b) and Johnstone et al. (2010) find increased turnover of
executives and directors for material weakness firms.
• A line of research emphasizes the importance of IT in financial reporting and documents the severity of IT weaknesses (Masli et al. 2010, Klamm and Watson 2009, Li et al. 2010a).
• Due to the role IT plays both in controls and the financial reporting process, IT material weaknesses can permeate through the entire financial reporting structure thus they are potentially more hazardous than non-IT material weaknesses.
Hypotheses• H1: The likelihood of management and director
turnover is greater for firms that report IT material weaknesses in internal control than for firms that report non-IT material weaknesses.
• H2: Firms that report IT internal control material weaknesses are more likely to make IT governance changes than firms that report non-IT internal control material weaknesses.
Hypotheses• H3: Firms that report IT internal control material
weaknesses are more likely to hire executives and directors with IT knowledge than firms that report non-IT internal control material weaknesses.
• H4: Firms that report IT internal control material weaknesses are more likely to make IT initiative changes than firms that report Non-IT internal control material weaknesses.
Hypotheses• H5: The turnover and remediation efforts are greatest
for firms reporting the Data Processing Integrity subcategory of IT internal control material weaknesses.
Sample Selection• We use Audit Analytics to identify firms that report material weaknesses from
2004-2006, and use the 404 reports to identify the IT-related material weaknesses. We also select a random sample of non-IT weakness firms.
• We collect information for all of our firms using Audit Analytics, Annual COMPUSTAT (financial statement variables), CRSP, I/B/E/S, Thomson Reuters, and SEC filings (DEF 14A, 10-K, etc.) for one year prior and two years past the weakness year.
• After eliminating any observations that are missing data, our final sample contains 578 firm year observations, of which 289 are IT material weakness firm year observations.
Panel B: Descriptive statistics for executive and director turnover
IT Weakness Firms Non-IT Weakness Firms
n= 289 n= 289 p-valueVariables Mean Median Mean Median DiffCEO Turnover 0.491 0 0.349 0 0.001CFO Turnover 0.754 1 0.522 1 <0.001Chairman Turnover 0.225 0 0.104 0 <0.001Director Turnover 0.751 1 0.595 1 <0.001
Panel C: Descriptive statistics for change in IT governance variables
IT Weakness Firms Non-IT Weakness Firms
n= 289 n= 289 p-valueVariables Mean Median Mean Median DiffCEO IT Knowledge 0.059 0 0.02 0 0.019CFO IT Knowledge 0.142 0 0.045 0 <0.001Chairman IT Knowledge 0.17 0 0.045 0 0.001Director IT Knowledge 0.197 0 0.135 0 0.044Financial IT Upgrade 0.474 0 0.058 0 <0.001Accounting IT Upgrade 0.304 0 0.031 0 <0.001
Table 3 – Descriptive Statistics
Research Design• To test H1 we run the following Logit regression:
Turnoveri = β0 + β1 IT Weaknessi,t + β2 Number of Weaknesses + β3LnAssets i,t + β4Leveragei,t + β5BTMi,t + β6ROAi,t + β7Lossi,t + β8Institutional Holdingsi,t + β9Analysti,t + β10Restatementi,t-1,t,t+1 + β11Board Sizei,t + β12Board Independencei,t + β13CEO Chairman + β14Automatei,t + β15Transformi,t + β16High Techi,t + β17Low Tech.
• We run the above regression using different dependent variables for turnover. For all of our turnover variables we measure turnover if it occurs in the year of the weakness or either of the two years following the weakness (Similar to Desai et al. 2006 and Collins et al. 2009).
• We specifically examine turnover for:• CEO• CFO• Directors• Chairperson of the Board
Research Design• To test H2, H3, and H4 we run the following Logit regression:
IT Governance Changei or Major IT Initiativesi= α0 + α1 IT Weaknessi,t + α2 Number of Weaknesses + α3
LnAssets i,t + α4ROAi,t + α5Avg Sales Growthi,t + α6Leveragei,t + α7Uncertaintyi,t + α8Automatei,t + α9Transformi,t + α10High Techi,t + α11Low Techi,t + α12Foreigni,t + α13Merger i,t + α14Restructuringi,t + α15Product Differentiationi,t + α16Cost Leadershipi,t.
• We vary our dependent variable depending on which IT governance change we are interested in. These variables include:• CEO IT Knowledge• CFO IT Knowledge• Director IT Knowledge• Chairperson IT Knowledge• IT Upgrades
Table 4. IT Material Weaknesses and Turnover
Panel A. Executive and director turnover
Model 1 Model 2 Model 3 Model 4 Model 5 Model 6
Variables Pred CEO Turnover
CFO Turnover
Director Turnover
CEO Turnover
CFO Turnover
Director Turnover
IT Weakness + 0.338** 0.738*** 0.982***
(0.047) (0.000) (0.000)
IT Weakness Classification
Data Processing Integrity + 0.438** 0.629** 0.733***
(0.047) (0.014) (0.005)
System Access and Security + -0.516 -0.021 0.014
(0.968) (0.528) (0.481)
System Structure and Usage + 0.156 -0.258 0.082
(0.318) (0.738) (0.408)
The control variables are suppressed.
Model c2 42.29 61.35 65.47 43.58 55.00 54.51
Pseudo R2 0.067 0.111 0.101 0.069 0.104 0.087
Correctly Classified 0.634 0.692 0.688 0.634 0.697 0.689
Panel B. Type of director turnover
Model 1 Model 2 Model 3 Model 4
Variables Pred Chairman of BOD Turnover
Independent Director Turnover
Chairman of BOD Turnover
Independent Director Turnover
IT Weakness Firm + 0.966*** 0.951***
(0.001) (0.000)
IT Weakness Classification
Data Processing Integrity + 1.169*** 0.679***
(0.000) (0.004)
System Access and Security + -0.476 0.132
(0.922) (0.315)
System Structure and Usage + -0.199 0.009
(0.687) (0.489)
The control variables are suppressed.
Model c2 38.73 57.36 43.13 50.26
Pseudo R2 0.098 0.099 0.101 0.087
Correctly Classified 0.847 0.643 0.846 0.657
The control variables are suppressed.
Table 5. IT Material Weaknesses and Changes to IT Governance
Model 1 Model 2 Model 3 Model 4
Variables Pred Any Change to IT Governance
Count of IT Governance
Changes
Any Change to IT Governance
Count of IT Governance
Changes
IT Weakness Firm + 1.211*** 1.157***
(0.000) (0.000)
IT Weakness Classification
Data Processing Integrity + 0.840*** 0.610***
(0.001) (0.004)
System Access and Security + 0.303 0.282
(0.132) (0.125)
System Structure and Usage + -0.310 -0.103
(0.808) (0.635)
Model c2 102.46 145.03 86.60 120.08
Pseudo R2 0.149 0.095 0.129 0.079
Correctly Classified 0.676 0.659
The control variables are suppressed.
Table 6. IT Material Weaknesses and Executive IT Knowledge
Model 1 Model 2 Model 3 Model 4
Variables Pred CEO IT Knowledge
CFO IT Knowledge
CEO IT Knowledge
CFO IT Knowledge
IT Weakness Firm + 0.821* 0.845**
(0.075) (0.011)
IT Weakness Classification
Data Processing Integrity + 0.437 -0.154
(0.249) (0.620)
System Access and Security + -0.215 0.554
(0.646) (0.133)
System Structure and Usage + 0.152 -0.040
(0.411) (0.532)
Model c2 51.16 50.75 58.47 42.52
Pseudo R2 0.183 0.140 0.174 0.129
Correctly Classified 0.962 0.909 0.961 0.911
The control variables are suppressed.
Table 7. IT Material Weaknesses and Board of Directors IT Knowledge
Model 1 Model 2 Model 3 Model 4
Variables Pred Chairman IT Knowledge
Director IT Knowledge
Chairman IT Knowledge
Director IT Knowledge
IT Weakness Firm + 0.725** 0.211
(0.011) (0.217)
IT Weakness Classification
Data Processing Integrity + 0.581* -0.358
(0.065) (0.824)
System Access and Security + -0.471 0.400
(0.884) (0.142)
System Structure and Usage + 0.449 0.143
(0.142) (0.367)
Model c2 65.92 50.03 64.19 51.99
Pseudo R2 0.163 0.102 0.103 0.104
Correctly Classified 0.873 0.826 0.875 0.831
The control variables are suppressed.
Table 8. IT Material Weaknesses and other Major IT Initiatives
Model 1 Model 2 Model 3 Model 4 Model 5 Model 6
Variables Pred IT Upgrade Financial IT Upgrade
Accounting IT Upgrade IT Upgrade Financial IT
UpgradeAccounting IT
Upgrade
IT Weakness Firm + 2.036*** 2.484*** 2.617***
(0.000) (0.000) (0.000)
IT Weakness Classification
Data Processing Integrity + 1.237*** 1.393*** 1.556***
(0.000) (0.000) (0.000)
System Access and Security + 0.600** 0.599** 0.171
(0.017) (0.021) (0.297)
System Structure and Usage + -0.274 -0.319 -0.355
(0.793) (0.821) (0.834)
Model c2 114.21 117.81 78.28 99.07 102.39 76.78
Pseudo R2 0.222 0.273 0.256 0.183 0.215 0.199Correctly Classified 0.775 0.812 0.843 0.777 0.793 0.854
Table 9. Remediation of Weaknesses: The Influence of IT Governance Changes DV =Change in # of Weaknesses from t to t+2 Pred Model 1 Model 2 Model 3 Model 4IT Knowledge Changes Any IT Knowledge Change - -0.745**
(0.048)CEO IT Knowledge - -0.169 -0.064 -0.034
(0.391) (0.409) (0.484)CFO IT Knowledge - -1.004* -0.930* -0.909*
(0.070) (0.089) (0.072)Chairman IT Knowledge - 0.426 0.423 0.409
(0.694) (0.695) (0.725)Director IT Knowledge - -0.945* -0.913* -0.900**
(0.058) (0.065) (0.045)Audit Committee IT Knowledge - 0.885 0.915 0.911
(0.561) (0.560) (0.588)Major IT Initiatives Financial IT Upgrade - -0.318 -0.314
(0.230) (0.225)IT management - -0.234
(0.364)
F Statistics 2.946 1.909 1.971 1.582
Adjusted R2 0.136 0.151 0.154 0.154
The control variables are suppressed.
Conclusions and Implications for Practice
• We find that IT weakness firms have higher levels of turnover and IT governance changes, suggesting that firms recognize the need to make changes to correct the weaknesses.
• Executives and directors should recognize the importance IT plays both within financial reporting and the internal controls surrounding financial reporting.
• Hiring an executive or director that understands IT can help decrease the likelihood of material weaknesses.
IT WeaknessesFirm and Year Text from SOX 404 Report Control Issue Control Category
Online Resources Corporation 2007
“the Company’s procedures for the supervisory review of the performance by Company personnel of manual controls associated with account analysis and the verification of the accuracy of electronic spreadsheets that support financial reporting were ineffective. This material weakness resulted in deficiencies in the operation of controls not being detected timely and in multiple errors in the Company’s preliminary 2007 financial statements, including errors in revenue, interest expense, and share based compensation.”
Spreadsheet(s), lack of controls over
Data Processing Integrity
TRC Companies 2006
“The Company did not adequately design controls to maintain appropriate segregation of duties in its manual and computer-based business processes which could affect the Company’s purchasing controls, the limits on the delegation of authority for expenditures, and the proper review of manual journal entries”
Segregation of duties not implemented in system
Access and Security
Digimarc Co 2004 “Implementation of the new accounting system also was flawed because some of our accounting, finance and operations employees were not properly trained in the use of the new accounting system.”
Insufficient training on system.
Structure and Usage
IT WeaknessesQuality Dimension Identifier Definitions*
Data processing integrity
IT PROCESS The extent to which data is correct and reliable.
System Access and Security IT SECURITY The extent to which:
data is available, or easily and quickly retrievable
access to data is restricted appropriately to maintain its security.
System Structure and Usage
IT STRUCTURE The extent to which data is:
easily comprehended
presented in the same format
IT KnowledgeAn executive (board member) is said to have IT Knowledge if he/she has prior experience as a CIO (or other IT related management positions), has previously worked in an IT/technology firm, or has IT related degrees such as computer science or management information systems.
CEO IT Knowledge (Vitria Technology)M. Dale Skeen, Ph.D., is 51 years old, co-founded Vitria in 1994 and has been our Chief Executive Officer since April 2004. Dr. Skeen has also served as Chief Technology Officer and as a director since Vitria’s inception. From 1986 to 1994, Dr. Skeen served as Chief Scientist at Teknekron Software Systems, now TIBCO, Inc., a software company. From 1984 to 1986, Dr. Skeen was a research scientist at IBM’s Almaden Research Center. From 1981 to 1984, Dr. Skeen was on the faculty at Cornell University. Dr. Skeen holds a B.S. in Computer Science from North Carolina State University and a Ph.D. in Computer Science on Distributed Database Systems from the University of California, Berkeley.
IT Upgrades
Financial IT Upgrade (Richardson Electronics LTD)The Company is in the application development stage of implementing certain modules of enterprise resource management software (PeopleSoft). Accounting IT Upgrade (Adelphia Communications)With respect to the access to financial applications and data material weakness described above, subsequent to December 31, 2004, we have substantially completed our remediation efforts. We have implemented controls, including policies and procedures that govern security and access to our IT systems, programs and data, including those supporting our financial data relating to property and equipment and our general ledger and financial reporting applications. Non-Financial IT Upgrade (Actividentity Corp.)To meet these challenges we implemented a new customer relationship management system in fiscal 2005, and are continuing the process of modifying and refining it to better meet our needs.
Any upgrade to the IT is included in the general IT upgrade. Upgrades specific to the financial functions of the firm are included in the Financial upgrades. Accounting upgrades are financial upgrades that specifically mention changes to the accounting information systems. All other IT upgrades are included in the Non-Financial upgrades.