内部控制报告(英文)

Financial information systems service providers and the internal control report Albert L. Nagy Department of Accountancy, John Carroll University, University Heights, Ohio, USA Abstract Purpose – The purpose of this paper is to examine if a conflict of interest arises when auditors opine on an internal control system that consists of an information system recently designed and implemented by their own firm. Design/methodology/approach – A sample of companies was selected that had a financial information design and implementation service (FISD) disclosure in 2000-2001 and a Section 404 internal control report issued in 2004-2005. Both descriptive statistics and logistic regression results provide insight into the relation between the type of internal control report issued and the FISD provider. Findings – After considering the type of auditor change (forced versus voluntary) and the timing of the consulting division split-offs, the results suggest that a material weakness internal control report is less likely if the same audit firm issued the internal control opinion and performed the FISD service. This result lends some support to the regulator’s concern that certain types of non-audit services (NAS) may cause auditors to audit their own work. Originality/value – This study contributes to the literature by examining if the performance of a certain type of NAS (FISD) resulted in auditors auditing their own work when opining on certain internal control systems. To the author’s knowledge, this is the first study of its type in relation to auditors auditing their own work. Keywords Financial information, Financial services, External auditing, Information systems, Legislation, United States of America Paper type Research paper Introduction Section 404 of the Sarbanes-Oxley Act (SOX) requires the auditor to opine on management’s assessment of the internal control over financial reporting (US Congress, 2002). Before SOX, audit firms generated significant revenues from designing and implementing the financial information systems of audit clients[1]. As such, for certain Section 404 internal control engagements, an audit firm issued an opinion on the effectiveness of an internal control system that consists of an information system that was recently designed and implemented by their own firm. This paper examines whether this apparent conflict of interest affects the type of internal control opinion issued by the audit firm. In 2000, the Securities and Exchange Commission (SEC) originally proposed a rule that would have prohibited auditors from performing certain non-audit services (NAS) for audit clients. In the proposal, the commission expressed a concern about certain NAS creating economic incentives and thus an inherent conflict of interest for the auditor that may impair their objectivity (SEC, 2000a). The American Institute of Certified Public Accountants (AICPA) and the large accounting firms strongly opposed this proposal by claiming that such rules would hurt the public interest and the auditing profession (SEC, 2000b). After intense debate, the SEC backed down from The current issue and full text archive of this journal is available at www.emeraldinsight.com/0268-6902.htm MAJ 23,6 596 Managerial Auditing Journal Vol. 23 No. 6, 2008 pp. 596-608 q Emerald Group Publishing Limited 0268-6902 DOI 10.1108/02686900810882129 prohibiting the identified NAS, but rather required SEC registrants to disclose in their annual proxy statements the amounts paid to their auditors for audit fees, financial information design and implementation services (FISD), and “other” non-audit fees. However, soon after the release of the final ruling, several extraordinary accounting scandals occurred (e.g. Enron, WorldCom) and triggered the SOX. SOX prohibits the same NAS that were listed in the SECs original proposal back in 2000. The required audit fees disclosure sparked an extensive body of research that examines the economic incentive effect of NAS on auditor independence. This research provides mixed results. None of these studies focus on whether certain types of NAS create a situation where the auditor audits his or her own work (i.e. the inherent conflict of interest concern stated by the SEC). This study fills this void by examining if a conflict of interest arises when an audit firm opines on an internal control system that consists of an information system that was recently designed and implemented by their own firm. In addition, this study examines if the type of auditor change (forced versus voluntary) affects the relation between the type of internal control report and the FISD provider. A sample of companies was selected that had an FISD disclosure in 2000-2001 and a Section 404 internal control report issued in 2004-2005. The descriptive statistics show that companies receiving their FISD service from Arthur Andersen (AA) were less likely to disclose a Section 404 material weakness (MW) internal control report than those companies that received FISD services from another audit firm. This result is consistent with AA having developed an expertise in the FISD service industry. The descriptive statistics support this notion in that AA was the leading provider of FISD services (relative to audit fees) among the Big 5 firms. In addition, this study compares the MW internal control report rates among companies that had their FISD services provided by: . the same audit firm that opined on the internal control system; . a different auditor due to a forced auditor change (ex-AA client); and . a different audit firm due to a voluntary change. The descriptive statistics show a distinct difference among the accounting firms’ MW internal control report rates for these groups. A plausible explanation for the differences among the accounting firms may be due to the timing of when the Big 5 firms split off their consulting divisions. After considering the type of auditor change (forced versus voluntary) and the timing of the split offs, the results suggest that a MW internal control report is less likely if the same audit firm issued the internal control opinion and performed the FISD service. This result lends some support to the SECs concern that certain types of NAS may cause auditors to audit their own work. The logistic regression results support the conclusions derived from the descriptive statistics. Background The issue of whether non-audit relationships impair auditor independence is not new. In its 1957 annual report, the SEC expressed concern about the negative effect that the breadth of services provided by auditors may have on independence (SEC, 1957). Over the next 50 years, numerous studies and investigations were conducted by regulatory and quasi-regulatory bodies on the appropriateness of audit firms performing NAS for audit clients (e.g. Metcalf Subcommittee, the Cohen Commission, Public Oversight Board – POB, Treadway Commission)[2]. Financial information service providers 597 During the latter half of the twentieth century, accounting firms increasingly became multi-disciplinary organizations and entered into new types of business relations with their audit clients. Throughout this time period, several regulatory and quasi-regulatory bodies expressed concern that these NAS relationships were eroding away auditor independence (e.g. POB, AICPA, SEC, Government Accounting Office)[3]. Finally, in the late-1990s, the amount of NAS provided by audit firms reached a breaking point and prompted regulatory action by the SEC. In its proposing release, the commission noted that management advisory revenues for the Big Five in 1999 constituted around half of their total revenues, and that the six-year trend from 1993 to 1999 of these services showed an average annual growth rate of 26 percent (SEC, 2000a). The commission concluded that the prospect of significant amounts of NAS impairing auditor independence has come to pass, and thus proposed that auditors be prohibited from performing certain types of NAS for audit clients[4]. The proposal generated much controversy within the audit profession. The commission received over 3,000 comment letters on the issue, and most of the leading accounting organizations strongly opposed the ban of NAS (SEC, 2000b). Some common arguments from the opponents of the proposal were that: . audit quality will lessen because auditors obtain valuable client knowledge from the performance of NAS; . accounting firms will become less attractive to qualified personnel because it is the firms’ diversity of services that attracts the best and the brightest; and . no direct evidence exists that links NAS to an impairment of auditor’s independence. In its final ruling, the commission responds to each of these arguments. First, the commission states that the knowledge spillover argument is one without limitation that takes no account of the negative impact on audit quality from an independence impairment perspective (SEC, 2001). That is, if independence impairment is ignored, then one can argue that an auditor can gain valuable knowledge by keeping the books and preparing the financial statements of the audit client. Further, the commission notes that the argument assumes that all additions to an auditor’s knowledge about the client’s business are relevant to an audit, and that the knowledge will be transferred from the consultants to the auditors (SEC, 2001). Second, the commission is skeptical about the claim that the capacity to offer NAS is critical to the auditing profession’s ability to recruit and retain talented professionals. Their skepticism is based on statistics that show a steady decline in certain indicators of interest in the accountancy profession as a career choice during the same period of significant NAS growth (SEC, 2001). The commission calls upon the profession to restore the historic attractiveness of auditing as a profession and convince the best and brightest professionals that it offers excellent long-term career opportunities. Third, the commission responds to the lack of evidence argument by referring to an extensive body of research and comments that document investor concerns about NAS potentially impairing auditor independence. The commission also states that their approach to auditor independence must be prophylactic. That is, the regulator’s mission is not to pick up the pieces of a stock market crash, but to prevent one (SEC, 2001). Based on these conclusions, the commission justifies their proposal to ban certain types of NAS. MAJ 23,6 598 After facing intense pressure from the accounting profession, corporations and congress, the commission backed down from prohibiting the identified NAS. Instead, registrants were required to disclose in their annual proxy statements the amounts paid to their auditors for audit fees, FISD, and “other” non-audit fees. The separate FISD fee disclosure suggests that regulators perceive this type of NAS as particularly worrisome in the auditor’s ability to maintain independence in fact and appearance. The disclosure requirement was short-lived because soon after the issuance of the SECs final ruling in 2001, SOX was issued in 2002. SOX prohibited the same NAS that were listed in the original SEC proposal. Section 404 of SOX requires the external auditor to attest on management’s assessment of the effectiveness of the company’s internal control over financial reporting. The financial information system is an important component of the internal control system, and as mentioned above, the accounting firms generated significant revenues from FISD services in the time period leading up to the passage of SOX. As such, for certain engagements, auditors opined on an internal control system that consists of a financial information system that was recently designed and implemented by their own firm. The auditor may not evaluate this internal control system with the same critical eye and concern that they would for financial information systems designed and implemented by another firm or by the client. This study examines if auditors face a conflict of interest (i.e. audit their own work) when they opine on an internal control system that consists of an information system that was recently designed and implemented by their own audit firm. The demise of AA occurred during the time period of this study. Over 1,000 companies (AA clients) were forced to change auditors following the indictment of AA in early 2002 (Barton, 2005). These forced auditor changes occurred between this study’s measurement periods (FISD disclosure period (2000-2001) and the internal control report period (2004-2005)), and thus the majority of observations that have different audit firms perform the FISD service and opine on the internal control system will be ex-AA clients. The type of auditor change (forced versus voluntary) may have an effect on the relation between the FISD provider and the type of MW internal control report issued. Therefore, this study measures forced and voluntary auditor change effects separately. Prior research An extensive body of research examines whether the economic incentive created by NAS affects auditor’s independence. The research provides mixed results. Frankel et al. (2002) find a positive relation between NAS and abnormal accruals, but several following studies dispute these findings. Ashbaugh et al. (2003) adjust discretionary accruals for firm performance and find no significant relation between NAS and performance adjusted accruals, and Larcker and Richardson (2004) and Reynolds et al. (2004) find that the positive NAS and abnormal accrual relation only exists for a small subset of companies. In an unrelated study, Chung and Kallapur (2003) find no statistically significant relation between their client importance measures and abnormal accruals. Other studies provide mixed results regarding the NAS and auditor independence issue. Brandon et al. (2004) provide evidence of a negative relation between NAS and the client’s bond rating. Kinney et al. (2004) find a significant negative (positive) relation between tax services (unspecified services) and financial statement restatements. Financial information service providers 599 Higgs and Skantz (2006) provide limited evidence of a negative relation between NAS and earning response coefficients. All of this research focuses on the economic incentive aspect of the NAS issue. That is, profitable NAS may cause auditors to acquiesce with the client and in turn impair their independence. Unlike previous research, this study focuses on the conflict of interest aspect of NAS by empirically examining whether the past performance of a certain type of NAS (FISD) results in auditors auditing their own work. Recently, several studies have researched issues associated with the Section 404 internal control reporting requirement. Zhang et al. (2007) find that internal control weakness disclosures are more likely when audit committees have less financial expertise and the auditor is more independent. Ge and McVay (2005) provide evidence that a MW disclosure is positively (negatively) associated with business complexity (firm size and profitability). Raghunandan and Rama (2006) find that audit fees are significantly higher for clients with a MW disclosure. Ettredge et al. (2006) show that the presence of a MW is associated with longer audit delays. This study contributes to this line of research by examining the relation between the providers of FISD services and the type of Section 404 internal control report issued. Sample The SEC required companies to disclose fee data in proxy statements filed on or after February 5, 2001. The initial sample for this study consists of companies that engaged their auditor to perform FISD services during 2000 and/or 2001 per the audit analytics database. This is the first year of the FISD fee disclosure (2000) and the last full year that auditors were allowed to perform such services for audit clients (2001). Next, the type of the first internal control report issued for the sampled companies was gathered from audit analytics. Accelerated filers (public float of $75 million or more) implemented the Section 404 requirements for fiscal year ending after November 15, 2004. Thus, the time period of the internal control reports is from November 30, 2004 to November 30, 2005. The initial sample consists of 512 companies that had a non-zero FISD disclosure in 2000 or 2001. Audit analytics did not have internal control report data for 175 of these companies. After omitting these 175 companies, the final sample consists of 337 companies. Descriptive statistics Table I presents some descriptive statistics about the sampled observations. Panel A shows the amount of FISD fees and audit fees earned by audit firm. The statistics reveal that AA had the highest number of FISD disclosures (90) and earned the second highest amount of FISD revenue (US$150.54 million). PwC earned the highest amount of FISD revenue (US$377.82 million) and had the second highest number of FISD disclosures (84). A comparison of the FISD/audit fees ratios reveals that AA stands atop the Big 5 firms with the highest ratio (1.50), and PwC is a clear second with a ratio of 1.29. The remaining three firms (EY, Deloitte, and KPMG) all have significantly lower ratios than the top two firms (0.97, 0.72, and 0.61, respectively). The non-Big 5 audit firms (other) consist of relatively smaller engagements than those of the Big 5 firms. The non-Big 5 audit firms generated less than 1 percent of the total disclosed FISD revenues for the period (US$6.04/773.89), and the average FISD fees disclosure for the non-Big 5 group is US$0.43 million ($6.04/14) versus a $2.38 million (US$767.85/323) average for the Big 5 firms. The FISD/audit fee ratio for MAJ 23,6 600 P a n el A : 2 0 0 0 -2 0 0 1 F IS D fe es a n d a u d it fe es by a u d it or A u d it or N u m b er of F IS D d is cl os u re s F IS D fe es (i n m il li on s) A u d it fe es (i n m il li on s) F IS D /a u d it fe es P w C 84 $3 77 .8 2 $2 92 .6 4 1. 29 E Y 34 60 .2 8 62 .2 9 0. 97 D el oi tt e 69 12 5. 24 17 2. 87 0. 72 K P M G 46 53 .9 7 88 .9 6 0. 61 A A 90 15 0. 54 10 0. 57 1. 50 O th er 14 6. 04 3. 83 1. 58 T ot al s 33 7 77 3. 89 72 1. 16 1. 07 P a n el B : ty pe of in te rn a l co n tr ol re po rt s by F IS D pr ov id er F IS D p ro v id er (i n re sp ec t to th e IC re p or t is su er ) N u m b er of ob se rv at io n s N u m b er of M W re p or ts P er ce n ta g e S am e au d it or 22 2 42 19 D if fe re n t au d it or (n ot A A ) 25 8 32 A A 90 9 10 T ot al s 33 7 59 18 P a n el C : n u m be r of M W re po rt s by a u d it or a n d F IS D pr ov id er F IS D p ro v id er IC re p or t S am e fi rm D if fe re n t- n ot A A A A A u d it or T ot al N o M W P er ce n t T ot al N o M W P er ce n t T ot al N o M W P er ce n t P w C 75 14 19 4 0 0 15 2 13 E Y 32 4 13 4 0 0 27 2 7 D el oi tt e 63 11 17 6 1 17 21 1 5 K P M G 43 10 23 5 2 40 21 2 10 O th er 9 3 33 6 5 83 6 2 33 T ot al s 22 2 42 19 25 8 32 90 9 10 Table I. Descriptive statistics Financial information service providers 601 this group (1.58) reveals that FISD revenues swamped the relatively low-audit fee revenues for the 14 sampled observations. Panel B presents the number and type of internal control reports by provider of the FISD service. Overall, when combining the different auditor and AA groups, the MW internal control report rate for companies that had different auditors issue the internal control opinion and perform the FISD service is lower than the MW internal control report rate for companies that had the same auditor perform these fu