By: Jacob Z. Haislip Coauthored with : Adi Masli Vernon J. Richardson J. Manuel Sanchez The Impact...

By: Jacob Z. Haislip

Coauthored with :

Adi Masli Vernon J. Richardson

J. Manuel Sanchez

The Impact of SOX Information Technology Material Weaknesses on Corporate

Governance: Evidence from CEO, CFO and BOD Turnover and Changes in IT Knowledge

Research Questions• Do firms that report IT related material weaknesses:

• experience greater levels of turnover of executives and directors than firms that report non-IT related material weaknesses?

• replace (appoint) more executives (directors) with IT knowledge than firms that report non-IT related material weaknesses?

• make more IT upgrades and IT management changes than firms that report non-IT related material weaknesses?

Background/Motivation• IT serves as the foundation of an effective system of internal

controls over financial reporting (Hunton et al. 2008; Kobelsky et al. 2008; Li et al. 2010a; Masli et al 2010).

• IT is “inextricably linked to the overall financial reporting process and need to be assessed, along with other important processes, for compliance with the Sarbanes-Oxley Act” (ITGI 2006).

Background/Motivation• Li et al. (2010b) and Johnstone et al. (2010) find increased turnover of

executives and directors for material weakness firms.

• A line of research emphasizes the importance of IT in financial reporting and documents the severity of IT weaknesses (Masli et al. 2010, Klamm and Watson 2009, Li et al. 2010a).

• Due to the role IT plays both in controls and the financial reporting process, IT material weaknesses can permeate through the entire financial reporting structure thus they are potentially more hazardous than non-IT material weaknesses.

Hypotheses• H1: The likelihood of management and director

turnover is greater for firms that report IT material weaknesses in internal control than for firms that report non-IT material weaknesses.

• H2: Firms that report IT internal control material weaknesses are more likely to make IT governance changes than firms that report non-IT internal control material weaknesses.

Hypotheses• H3: Firms that report IT internal control material

weaknesses are more likely to hire executives and directors with IT knowledge than firms that report non-IT internal control material weaknesses.

• H4: Firms that report IT internal control material weaknesses are more likely to make IT initiative changes than firms that report Non-IT internal control material weaknesses.

Hypotheses• H5: The turnover and remediation efforts are greatest

for firms reporting the Data Processing Integrity subcategory of IT internal control material weaknesses.

Sample Selection• We use Audit Analytics to identify firms that report material weaknesses from

2004-2006, and use the 404 reports to identify the IT-related material weaknesses. We also select a random sample of non-IT weakness firms.

• We collect information for all of our firms using Audit Analytics, Annual COMPUSTAT (financial statement variables), CRSP, I/B/E/S, Thomson Reuters, and SEC filings (DEF 14A, 10-K, etc.) for one year prior and two years past the weakness year.

• After eliminating any observations that are missing data, our final sample contains 578 firm year observations, of which 289 are IT material weakness firm year observations.

Panel B: Descriptive statistics for executive and director turnover

IT Weakness Firms Non-IT Weakness Firms

n= 289 n= 289 p-valueVariables Mean Median Mean Median DiffCEO Turnover 0.491 0 0.349 0 0.001CFO Turnover 0.754 1 0.522 1 <0.001Chairman Turnover 0.225 0 0.104 0 <0.001Director Turnover 0.751 1 0.595 1 <0.001

Panel C: Descriptive statistics for change in IT governance variables

IT Weakness Firms Non-IT Weakness Firms

n= 289 n= 289 p-valueVariables Mean Median Mean Median DiffCEO IT Knowledge 0.059 0 0.02 0 0.019CFO IT Knowledge 0.142 0 0.045 0 <0.001Chairman IT Knowledge 0.17 0 0.045 0 0.001Director IT Knowledge 0.197 0 0.135 0 0.044Financial IT Upgrade 0.474 0 0.058 0 <0.001Accounting IT Upgrade 0.304 0 0.031 0 <0.001

Table 3 – Descriptive Statistics

Research Design• To test H1 we run the following Logit regression:

Turnoveri = β0 + β1 IT Weaknessi,t + β2 Number of Weaknesses + β3LnAssets i,t + β4Leveragei,t + β5BTMi,t + β6ROAi,t + β7Lossi,t + β8Institutional Holdingsi,t + β9Analysti,t + β10Restatementi,t-1,t,t+1 + β11Board Sizei,t + β12Board Independencei,t + β13CEO Chairman + β14Automatei,t + β15Transformi,t + β16High Techi,t + β17Low Tech.

• We run the above regression using different dependent variables for turnover. For all of our turnover variables we measure turnover if it occurs in the year of the weakness or either of the two years following the weakness (Similar to Desai et al. 2006 and Collins et al. 2009).

• We specifically examine turnover for:• CEO• CFO• Directors• Chairperson of the Board

Research Design• To test H2, H3, and H4 we run the following Logit regression:

IT Governance Changei or Major IT Initiativesi= α0 + α1 IT Weaknessi,t + α2 Number of Weaknesses + α3

LnAssets i,t + α4ROAi,t + α5Avg Sales Growthi,t + α6Leveragei,t + α7Uncertaintyi,t + α8Automatei,t + α9Transformi,t + α10High Techi,t + α11Low Techi,t + α12Foreigni,t + α13Merger i,t + α14Restructuringi,t + α15Product Differentiationi,t + α16Cost Leadershipi,t.

• We vary our dependent variable depending on which IT governance change we are interested in. These variables include:• CEO IT Knowledge• CFO IT Knowledge• Director IT Knowledge• Chairperson IT Knowledge• IT Upgrades

Table 4. IT Material Weaknesses and Turnover

Panel A. Executive and director turnover

Model 1 Model 2 Model 3 Model 4 Model 5 Model 6

Variables Pred CEO Turnover

CFO Turnover

Director Turnover

CEO Turnover

CFO Turnover

Director Turnover

IT Weakness + 0.338** 0.738*** 0.982***

(0.047) (0.000) (0.000)

IT Weakness Classification

Data Processing Integrity + 0.438** 0.629** 0.733***

(0.047) (0.014) (0.005)

System Access and Security + -0.516 -0.021 0.014

(0.968) (0.528) (0.481)

System Structure and Usage + 0.156 -0.258 0.082

(0.318) (0.738) (0.408)

The control variables are suppressed.

Model c2 42.29 61.35 65.47 43.58 55.00 54.51

Pseudo R2 0.067 0.111 0.101 0.069 0.104 0.087

Correctly Classified 0.634 0.692 0.688 0.634 0.697 0.689

Panel B. Type of director turnover

Model 1 Model 2 Model 3 Model 4

Variables Pred Chairman of BOD Turnover

Independent Director Turnover

Chairman of BOD Turnover

Independent Director Turnover

IT Weakness Firm + 0.966*** 0.951***

(0.001) (0.000)


Data Processing Integrity + 1.169*** 0.679***

(0.000) (0.004)

System Access and Security + -0.476 0.132

(0.922) (0.315)

System Structure and Usage + -0.199 0.009

(0.687) (0.489)


Model c2 38.73 57.36 43.13 50.26

Pseudo R2 0.098 0.099 0.101 0.087

Correctly Classified 0.847 0.643 0.846 0.657


Table 5. IT Material Weaknesses and Changes to IT Governance


Variables Pred Any Change to IT Governance

Count of IT Governance

Changes

Any Change to IT Governance

Count of IT Governance

Changes

IT Weakness Firm + 1.211*** 1.157***

(0.000) (0.000)


Data Processing Integrity + 0.840*** 0.610***

(0.001) (0.004)

System Access and Security + 0.303 0.282

(0.132) (0.125)

System Structure and Usage + -0.310 -0.103

(0.808) (0.635)

Model c2 102.46 145.03 86.60 120.08

Pseudo R2 0.149 0.095 0.129 0.079

Correctly Classified 0.676 0.659


Table 6. IT Material Weaknesses and Executive IT Knowledge


Variables Pred CEO IT Knowledge

CFO IT Knowledge

CEO IT Knowledge

CFO IT Knowledge

IT Weakness Firm + 0.821* 0.845**

(0.075) (0.011)


Data Processing Integrity + 0.437 -0.154

(0.249) (0.620)


(0.646) (0.133)

System Structure and Usage + 0.152 -0.040

(0.411) (0.532)

Model c2 51.16 50.75 58.47 42.52

Pseudo R2 0.183 0.140 0.174 0.129



Table 7. IT Material Weaknesses and Board of Directors IT Knowledge


Variables Pred Chairman IT Knowledge

Director IT Knowledge

Chairman IT Knowledge

Director IT Knowledge

IT Weakness Firm + 0.725** 0.211

(0.011) (0.217)


Data Processing Integrity + 0.581* -0.358

(0.065) (0.824)


(0.884) (0.142)

System Structure and Usage + 0.449 0.143

(0.142) (0.367)

Model c2 65.92 50.03 64.19 51.99

Pseudo R2 0.163 0.102 0.103 0.104



Table 8. IT Material Weaknesses and other Major IT Initiatives

Model 1 Model 2 Model 3 Model 4 Model 5 Model 6

Variables Pred IT Upgrade Financial IT Upgrade

Accounting IT Upgrade IT Upgrade Financial IT

UpgradeAccounting IT

Upgrade

IT Weakness Firm + 2.036*** 2.484*** 2.617***

(0.000) (0.000) (0.000)


Data Processing Integrity + 1.237*** 1.393*** 1.556***

(0.000) (0.000) (0.000)

System Access and Security + 0.600** 0.599** 0.171

(0.017) (0.021) (0.297)

System Structure and Usage + -0.274 -0.319 -0.355

(0.793) (0.821) (0.834)

Model c2 114.21 117.81 78.28 99.07 102.39 76.78

Pseudo R2 0.222 0.273 0.256 0.183 0.215 0.199Correctly Classified 0.775 0.812 0.843 0.777 0.793 0.854

Table 9. Remediation of Weaknesses: The Influence of IT Governance Changes DV =Change in # of Weaknesses from t to t+2 Pred Model 1 Model 2 Model 3 Model 4IT Knowledge Changes Any IT Knowledge Change - -0.745**

(0.048)CEO IT Knowledge - -0.169 -0.064 -0.034

(0.391) (0.409) (0.484)CFO IT Knowledge - -1.004* -0.930* -0.909*

(0.070) (0.089) (0.072)Chairman IT Knowledge - 0.426 0.423 0.409

(0.694) (0.695) (0.725)Director IT Knowledge - -0.945* -0.913* -0.900**

(0.058) (0.065) (0.045)Audit Committee IT Knowledge - 0.885 0.915 0.911

(0.561) (0.560) (0.588)Major IT Initiatives Financial IT Upgrade - -0.318 -0.314

(0.230) (0.225)IT management - -0.234

(0.364)

F Statistics 2.946 1.909 1.971 1.582

Adjusted R2 0.136 0.151 0.154 0.154


Conclusions and Implications for Practice

• We find that IT weakness firms have higher levels of turnover and IT governance changes, suggesting that firms recognize the need to make changes to correct the weaknesses.

• Executives and directors should recognize the importance IT plays both within financial reporting and the internal controls surrounding financial reporting.

• Hiring an executive or director that understands IT can help decrease the likelihood of material weaknesses.

IT WeaknessesFirm and Year Text from SOX 404 Report Control Issue Control Category

Online Resources Corporation 2007

“the Company’s procedures for the supervisory review of the performance by Company personnel of manual controls associated with account analysis and the verification of the accuracy of electronic spreadsheets that support financial reporting were ineffective. This material weakness resulted in deficiencies in the operation of controls not being detected timely and in multiple errors in the Company’s preliminary 2007 financial statements, including errors in revenue, interest expense, and share based compensation.”

Spreadsheet(s), lack of controls over

Data Processing Integrity

TRC Companies 2006

“The Company did not adequately design controls to maintain appropriate segregation of duties in its manual and computer-based business processes which could affect the Company’s purchasing controls, the limits on the delegation of authority for expenditures, and the proper review of manual journal entries”

Segregation of duties not implemented in system

Access and Security

Digimarc Co 2004 “Implementation of the new accounting system also was flawed because some of our accounting, finance and operations employees were not properly trained in the use of the new accounting system.”

Insufficient training on system.

Structure and Usage

IT WeaknessesQuality Dimension Identifier Definitions*

Data processing integrity

IT PROCESS The extent to which data is correct and reliable.

System Access and Security IT SECURITY The extent to which:

data is available, or easily and quickly retrievable

access to data is restricted appropriately to maintain its security.

System Structure and Usage

IT STRUCTURE The extent to which data is:

easily comprehended

presented in the same format

IT KnowledgeAn executive (board member) is said to have IT Knowledge if he/she has prior experience as a CIO (or other IT related management positions), has previously worked in an IT/technology firm, or has IT related degrees such as computer science or management information systems.

CEO IT Knowledge (Vitria Technology)M. Dale Skeen, Ph.D., is 51 years old, co-founded Vitria in 1994 and has been our Chief Executive Officer since April 2004. Dr. Skeen has also served as Chief Technology Officer and as a director since Vitria’s inception. From 1986 to 1994, Dr. Skeen served as Chief Scientist at Teknekron Software Systems, now TIBCO, Inc., a software company. From 1984 to 1986, Dr. Skeen was a research scientist at IBM’s Almaden Research Center. From 1981 to 1984, Dr. Skeen was on the faculty at Cornell University. Dr. Skeen holds a B.S. in Computer Science from North Carolina State University and a Ph.D. in Computer Science on Distributed Database Systems from the University of California, Berkeley.

IT Upgrades

Financial IT Upgrade (Richardson Electronics LTD)The Company is in the application development stage of implementing certain modules of enterprise resource management software (PeopleSoft). Accounting IT Upgrade (Adelphia Communications)With respect to the access to financial applications and data material weakness described above, subsequent to December 31, 2004, we have substantially completed our remediation efforts. We have implemented controls, including policies and procedures that govern security and access to our IT systems, programs and data, including those supporting our financial data relating to property and equipment and our general ledger and financial reporting applications. Non-Financial IT Upgrade (Actividentity Corp.)To meet these challenges we implemented a new customer relationship management system in fiscal 2005, and are continuing the process of modifying and refining it to better meet our needs.

Any upgrade to the IT is included in the general IT upgrade. Upgrades specific to the financial functions of the firm are included in the Financial upgrades. Accounting upgrades are financial upgrades that specifically mention changes to the accounting information systems. All other IT upgrades are included in the Non-Financial upgrades.

By: Jacob Z. Haislip Coauthored with : Adi Masli Vernon J. Richardson J. Manuel Sanchez The Impact...

Documents

Transcript of By: Jacob Z. Haislip Coauthored with : Adi Masli Vernon J. Richardson J. Manuel Sanchez The Impact...