THE IMPACT OF THE SARBANES OXLEY ACT ON THE FINANCIAL REPORTING PROCESS: EXPERIENCES OF DIRECTORS Jeffrey Cohen Carroll School of Management Boston College Colleen Hayes School of Accounting & Business Information Systems The Australian National University Ganesh Krishnamoorthy Northeastern University Gary S Monroe Australian School of Business The University of New South Wales Arnie Wright Northeastern University 31 January 2009 We thank the participants at the 2008 Asia-Pacific Conference and the 2008 Australian National University ANCAAR Forum for their helpful comments and suggestions. Our special thanks are extended to the directors who participated in the study and therefore made it possible.
Transcript
THE IMPACT OF THE SARBANES OXLEY ACT ON THE FINANCIALREPORTING PROCESS: EXPERIENCES OF DIRECTORS
Jeffrey CohenCarroll School of Management
Boston College
Colleen HayesSchool of Accounting & Business Information Systems
The Australian National University
Ganesh KrishnamoorthyNortheastern University
Gary S MonroeAustralian School of Business
The University of New South Wales
Arnie WrightNortheastern University
31 January 2009
We thank the participants at the 2008 Asia-Pacific Conference and the 2008 AustralianNational University ANCAAR Forum for their helpful comments and suggestions. Ourspecial thanks are extended to the directors who participated in the study and therefore madeit possible.
THE IMPACT OF THE SARBANES OXLEY ACT ON THE FINANCIALREPORTING PROCESS: EXPERIENCES OF DIRECTORS
ABSTRACT
Our study provides insights into the impact of the Sarbanes Oxley Act (2002) on the financialreporting and auditing process from the experiences of US directors. The study involvedinterviewing 22 directors and, therefore, provides an important perspective on the impact ofthe legislation on the management – external auditor – audit committee relationship from theexperiences of audit committee members and members of the board. The researchcorroborates and extends that of Cohen et al. (2008), who interviewed auditors, anotherimportant party in the financial reporting process, on this issue. Further, this studycomplements Beasley et al. (2007) who interviewed audit committee members on the auditcommittee oversight process. Using a semi-structured questionnaire adapted from Cohen etal. (2008) we find overall that directors’ experiences indicate the legislation has had apositive impact on the strength of the relationship between the audit committee and theexternal auditor, and, similarly, the monitoring role of the board. The strength of thisrelationship is integral to maintaining a proper balance of power in the management –external auditor relationship. The positive impact is attributable to the enhanced expertise,experience, diligence, commitment to transparency, scepticism and authority of the auditcommittee (board). The legislation has also led to substantial improvement in the scope andlevel of responsibility and status of internal auditors. The strengthening of internal controls,the alignment of interests in the management – external auditor – audit committeerelationship, and the enhanced effectiveness of the audit committee were identified as havingled to improved financial reporting quality. However, the directors report some negativeconsequences associated with the reforms not identified by auditors in Cohen et al. (2008).Many directors considered that the attention to compliance and the associated growth inbureaucracy that have accompanied the gains in the monitoring role of the audit committee(board) has been excessive and come at a price in terms of less time being dedicated to otherresponsibilities. The financial cost of compliance was also cited as a burden, and, somerespondents called into question whether the legislation has resulted in an excessive focus oncompliance to the detriment of other activities of governance. Importantly, directors’experiences regarding the enhanced expertise, and diligence and power of the auditcommittee corroborate those reported by auditors in the Cohen et al. study (2008) as well asthose in the Beasley et al. (2007) study.
The clarification is seated in agency theory, specifically the separation of the decision
management (initiation and implementation) and decision control (ratification and
monitoring) (Fama & Jensen, 1983) dimensions of the financial reporting decision system.
The Section 302 certification provisions consolidate management’s responsibility for
decision management, including the CEO. The responsibility for decision control on the
other hand lies with the audit committee and the external auditor. The audit committee has
the exclusive authority to appoint, terminate, compensate and oversee the work of the auditor
(Section 302). The auditor in turn has the duty of reporting to the audit committee. As a
result, the external auditor’s relationship to the firm is now anchored to the “audit committee
instead of where it was previously, with management” (Cox, 2006, p. 830). The audit
committee also has the responsibility of overseeing the role of the auditor in monitoring the
7
discretionary decision making of management regarding the choice of accounting methods,
and again the external auditor is accountable to the committee in that respect (Section 204).
The specialization of decision control is intended to prevent management dominating
the financial reporting decision system i.e., decision control. However, the effectiveness of
the strategy ultimately hinges on the effectiveness of the audit committee in exercising
control. To that end, SOX mandates audit committee structural attributes, including
independent directors, financial expertise and financial resources, intended to facilitate its
functional effectiveness.
Using an interview approach, Cohen et al. (2002) examined the experiences of
auditors in their interactions with audit committees and boards pre-SOX. Auditors at that time
reported that audit committees were largely ineffectual in overseeing the financial reporting
process with insufficient expertise, authority, power, and diligence. They also reported that
auditors often included management as part of the rubric of “corporate governance” in the
sense that without management’s support, strong governance in protecting the interests of
shareholders and other stakeholders was not possible. Cohen et al. (2008) extends this earlier
study by examining whether auditors’ experiences with audit committees and boards have
changed significantly post SOX. Importantly, auditors report substantially greater audit
committee expertise, power and diligence than in the prior study. One issue of concern,
however, is that auditors often note that management still has significant influence in the
auditor appointment/termination decision. Further, Cohen et al. (2008) and Beasley et al.
(2007) also report that the audit committee frequently does not actively participate in helping
to resolve auditor-management accounting disputes, preferring instead to be informed of the
outcome on the matter. Cohen et al. (2008) call for additional research capturing the
experiences of members of the audit committee and the board as well as management to
8
triangulate the findings in identifying a consensus of the affects of SOX and issues for
consideration.
A major objective of our study is to gain insight into the impact of the functional and
structural provisions on the experiences of the audit committee and the board, including their
relationship with the external auditor. Based on the foregoing discussion, our study is guided
by the following research question:
Research question: What are directors’ experiences with respect to the financialreporting process in the Post-SOX environment?
3. RESEARCH METHOD
Consistent with Cohen et al. (2008) a semi-structured interview approach was used to
address the research question. The voluntary participation of directors was sought through
personal contacts. Twenty two very experienced directors were interviewed in four cities:
Boston, Los Angeles, Chicago and New York. Twenty of the directors had served as audit
committee members, 16 of those in the SOX era. Eleven of the 22 directors had served as
audit committee chair at some point in time. All had experience in serving on at least one or
more of the audit and nominations and/or governance committees (see Table 1). The
companies represented spanned a broad spectrum of the economy including finance, mining,
manufacturing, retail trade, services, information technology, and bio-medical.
INSERT TABLE 1 about here
The interviews were conducted over a four week period in 2007 by one of the
researchers in the offices of the participants, with the exception of one interview that was
conducted by telephone. The interviews varied in length from 30 to 60 minutes and were
recorded verbatim. As discussed, one of the primary objectives of the current study is to
9
triangulate the findings with those of Cohen et al. (2008), which examined auditors’
experiences of the impact of SOX. The interview questions were based on those used in that
study; however, additional questions were added based on the SOX literature. Importantly,
the questions focused on participants’ experiences; therefore, questions were prefaced by the
phrase “in your experiences”. Prior to conducting the interviews, the interview questions
were reviewed by two experienced directors, resulting in minor changes. A copy of the
interview instrument was sent to the participants prior to the interviews being conducted.
The participants were advised that we were interested in their individual experiences
as a director and that there “are no right or wrong answers”. The transcription and the coding
of the interview data were framed by the interview questions. The coding categories were
adapted from the coding scheme used in Cohen et al. (2008). Independent coding by two of
the researchers was used to ensure the reliability of the coding (Miles and Huberman, 1994).
Differences in coding were discussed between the two coders and, where possible, reconciled
by the two coders. Any unreconciled differences in coding were resolved by a third
researcher.
4.0 RESULTS
The discussion of the results is framed by the following issues: the definition of
corporate governance; auditor appointment and termination; audit committee interactions; the
expertise and power of the audit committee; the board; the internal auditor; management
certification; and, finally, other issues. Quotations taken from the participants’ responses are
shown in italics. Our results are compared with the findings of Cohen et al. (2008) and
Beasley et al. (2007) and analyzed from the perspectives of agency and institutional theory,
where applicable.
10
Definition of Corporate Governance
The interviews began by asking participants their definition of corporate governance.
The primary purpose of the question was to provide a basis for understanding and analyzing
the participants’ responses to the remaining questions. However, it is important to reflect on
the nature of the responses in light of the fact that, using the words of one of the participants,
it is one of those terms that is somewhat amorphous, and that it is an evolving term, not least
of all as a result of SOX. The definitions were either broad in scope, embracing the
relationship between the board, management and shareholders, or were framed from the
perspective of the monitoring role of the board. Task specific responsibilities included
establishing and maintaining ethical standards, ensuring financial and organizational health
and managing risk. Approximately one quarter of the participants indicated that management
was part of corporate governance. The definitions of 17 (77%) of the directors were framed
from the perspective of the oversight role of the board in discharging its responsibilities as
the representatives of shareholders, and in certain cases other stakeholders. The oversight role
is generally compatible with an agency view of the role of the board of directors.
In comparison, Cohen et al. (2008) reports auditors’ definitions predominately
focused on the board (67%) and the management (67%). The percentage of directors
including management in their definition of corporate governance is considerably lower than
that reported by auditors both pre-SOX and SOX eras (Cohen et al. 2002, 2008). Cohen et al.
(2008) suggest that a frequent reference to management may be consistent with
management’s continued influence in the corporate governance process. Cohen et al. (2002)
hold that the inclusion of management in the rubric of corporate governance arose in the
sense that auditors considered that effective corporate governance was not possible without
the co-operation of management.
11
The corporate governance – management co-operation association perspective may
also be held by directors. Beasley et al (2007 12) refer to the importance of “management
commitment to sound governance” in the willingness of prospective audit committee
members to serve on a company and, therein, allowing them to implement a monitoring
(agency) role. The directors in the current study also emphasized the need for the audit
committee – external auditor – management relationship to be conducted in a co-operative
spirit. Importantly, the inclusion of management in the rubric of corporate governance in that
sense is positive, i.e., management’s co-operation is a necessary condition for the agency
view of the role of corporate governance to take effect in practice in the Sox era. The lower
percentage of directors including management in their definition of corporate governance
may indicate that directors now believe that management is not a basic component of
corporate governance as SOX vests the power with the board. However, they recognize that
co-operation with management is important for successful corporate governance.
Auditor Appointment and Termination
Participants were asked to identify who, in substance, had the most influence over the
appointment of the auditor and to provide the percentage influence of the stakeholders
involved. This was the first of a series of questions that are fundamental to evaluating the
strength of the relationship between the audit committee and the external auditor, which has
as its corollary in the balance of power between management and the external auditor. Most
(82%) of the directors identified the audit committee as having the greatest influence, with
64% indicating that management (CEO and/or CFO) has significant influence in
appointment and dismissal decisions with respect to auditors. One of the directors who
indicated that the power was with the audit committee stated: Well, clearly the audit
committee has, the chairman of the audit committee has a great deal of influence. Another
12
with a similar view stated: The audit committee, no question. Now, there are conversations
between the chairman of the audit committee and the chief financial officer and the CEO, but
I think at the end of the day in most public companies that I’m familiar with, the decision is
the audit committee’s. Another director stated: It is at least 90 per cent the audit committee so
management has some impact. We just changed auditors and it was a discussion that came
up among the audit committee, but it was recommended by management. But all the decision
rights were the independent directors on the audit committee. One of the participants who
identified management as having the most influence over the appointment of the auditor did
so in circumstances where the company has a policy of putting the external audit to tender
every 5 years, and that process is run by management. So I think they have the most influence
because they set up the way it is done. We only get to see two or three of the finalists,
probably two, and they will have been screened by management, so they have a lot of
influence.
Those directors who nominated management as having the greatest influence
represented companies that had concentrated equity ownership. A general theme that
emerged from the interviews, was that the level of influence of management must be
evaluated in the context of the cultural ethos of the organization and how the board (audit
committee) perceives its role, i.e., in an agency (monitoring) capacity or otherwise. Returning
to the circumstance referred to above where the corporation has a policy of putting its
external audit to bid every 5 years, the director concerned allocated 80% to management and
20% to the board with respect to their influence on the appointment of the auditor. However,
the participant also emphasised the importance of putting that 20% into context as per the
following excerpt of the interview:
Boards of directors serve a very ritualistic (role). And if they are good, they alter theway management behaves day-in-day-out. So that by the time they get to the board it looksquite ritualistic . . . But my belief is that if they have done that well and you have often
13
enough interacted that ritualistic meaning, management will do a better job in the day to daywork. So when I say 80/20, the 20 is really important, because it frames the way managementwill look at the problem the next time it comes around.
This response highlights the fact that the strength of the monitoring role of the board
ultimately relies on the extent to which it provides an effective check and balance to
management (Lipton and Lorsch, 1992, citing the Cadbury Committee).
Auditors’ experiences, as reported by Cohen et al. (2008), in some ways mirror
those of directors but in other ways differ. Although the auditors in that study agreed that
both management and the audit committee had considerable influence over the
appointment and termination of auditors, the respondents perceived that management had
more influence over the process than the audit committee. In contrast, the directors in our
study perceived that the audit committee had the dominant influence. The directors’
responses in our study are consistent with Section 301 (2) of SOX, which vests the audit
committee with the responsibility of appointing the external auditor. Overall, higher
levels of management influence on the auditor appointment/termination decision in both
instances is attributed to firm specific characteristics – in the case where the CEO is also
the chair of the board, and in the case of the directors, where equity ownership is
concentrated.
Management has the capacity to affect the role of audit committee (board) through its
power to select and compensate its members (Baysinger and Hokinson, 1990). Therefore, the
directors were asked what influence if any the CEO had on the selection of board members
who serve on the audit committee. The overwhelming sentiment was that the overriding
authority was exercised by the nominations committee, with several directors identifying that
situation as being different to the way things were in the past. However, nearly all
acknowledged that the CEO had a role to play in the selection of the audit committee. As
mentioned earlier, the need to consult with the CEO was emphasised in the context of the
14
need for the ongoing audit committee – external auditor – management relationship to be
conducted in a co-operative spirit, reflected in the following response:
The answer is that it’s a shared decision. . . . In the end it’s the board processes thatcount, but when I recruit a new board member… I have as part of the interview process thatthey interview the CEO and the CFO. And if they are not comfortable, I need to stop and saywell do I really want to drive somebody in they’re not comfortable with.
Audit Committee Interactions
The next set of questions concerned the interaction between the audit committee and
the external auditor. The questions provide insight not only into the strength of the
relationship between the auditor and the audit committee but also into contemporary audit
processes.
The first question asked the participants what specific changes, if any, had occurred
with respect to the effectiveness of the typical audit committee of a public company in
fulfilling its fiduciary responsibilities in the financial reporting process post-SOX. An
overwhelming majority of the directors stated that there had been a major change in the
effectiveness of the audit committee because the bar has been raised on several dimensions
reflected in the following excerpts drawn from a broad cross-section of respondents, all of
which are indicative of a heightened agency approach to financial reporting:
the meetings are longer. They are more frequent; more expertise; a stronger sense ofownership on the part of the audit committee; a stronger desire for transparency; better andmore frequent communication with the internal and external auditors; more skepticism; thechairman of the audit committee has much more of a direct relationship with the outsideauditors; deeper questioning . . . more rigour; the advanced materials are more fulsome; andmore accountability. I think there has been an improvement. I think that the audit committeesare asking more questions. They are asking for a paper trail and documentation.
One director stated: I think the effectiveness in terms of financial reporting has
probably gone up. I think we are paying a lot more attention to quote “how we report
things”.
One of the directors stated:
15
There has been actually quite a bit of change because the requirements for financialexpertise has had a marked change in the way audit committees function, because I thinkaudit committees in general did not necessarily have particular experts on them. They shouldhave, but some boards didn’t have much financial expertise. So the requirement of financialexpert has had an important impact. The whole SOX 404 controls has had . . . an impact andthen there has been a kind of increased emphasis on . . . risk analysis I think if you go backfive years ago the audit committee was narrowly looking at financial things. Now the auditcommittee is looking at the financial audit, it is looking at the control compliance audit.
This statement is consistent with Beasley et al. (2007) as many of the audit
committee members they interviewed identified “willingness to ask probing questions” (p.
31) as the most important trait an audit committee member can possess.
The source of change was attributed by one participant to the fact that the relationship
with the independent auditor now belongs to the audit committee. That didn’t happen before.
It was with the CFO. Another director also attributed the rigour of the relationship to the
change in attitude of the audit firms, and the role of SOX in that respect:
The relationship of the audit committee to the outside auditing firm has changed substantiallybecause of the way the auditing firms . . . view their responsibilities and the changes thathave occurred in how they conduct themselves in the client’s office, the questions theyanswer, the multitude of government checks and balances Sarbanes-Oxley has put in.
Both of the foregoing responses emphasise the cultural dimension of corporate governance,
i.e., that “corporate governance is affected by the relationships among participants in the
governance system” (OECD, 2004, p. 12).
However, three participants stated that there had been no change in the effectiveness
of the committee because, in the words of one of the participants, the audit committee was
extremely effective before hand and is no more effective today. The same participant went on
to state, however, that the exception today is the fact that the committee now takes three
times as long to be as effective as it used to. The sense of over-kill was echoed by many other
participants, and in one instance not only in relation to the audit committee but also
management and the auditing firms.
16
The tenor of the relationship between the audit committee and the external auditor
was also addressed by a number of the participants in responding to an additional question
eliciting the directors’ observations of the changes in the relationship in the past 5 years. The
responses varied. The perception of one of the directors was of a greater sensitivity of the
audit firm to the needs of the client. Others, however, described the relationship as being
more formal, less interactive, more technical, more adversarial, and as having a greater focus
on compliance. The focus on compliance was often cited as coming at the expense of
efficiency. This situation is typified by the following response referring to the role of the
audit committee:
I think the effectiveness in terms of financial reporting has probably gone up. I thinkthe effectiveness of being a good audit committee has gone down. One participant describedthe relationship as a double edged sword, going on to say: on the one hand there is muchmore communication going on between the auditors and the audit committee. But there isalso, you know, managements are frustrated with the way auditors are treating them in thelast 4 or 5 years because . . . the work that auditors have has increased dramatically becauseof SOX 404 certification. And so the frustrations that management have, one the timelinesswith which things are getting done and the staff quality . . . there is more variance I thinkwith this. Number two, costs have escalated dramatically.
Auditors’ experiences (Cohen et al., 2008) indicate that audit committees have
become stronger since SOX in terms of greater financial expertise, power, authority, and
diligence. Further, their interactions with the audit committee have gone from infrequent
meetings (two per year) that were passive to frequent meetings (average 5.6 per year) where
there is an active dialogue occurring. With respect to audit committee - auditor interactions,
one director responded that:
They have gone way up. We used to have an audit committee meeting for about twohours on the day of a board meeting. But the audit committee now meets for probably about 8hours the day before the board meeting. And that time is spent mainly with the outsideauditors are always there. And the chairman of the audit committee chair probably talks withthe lead guy on the accounting firm, I would guess, for 5 or 10 hours between meetings. Andthat was never much the case.
17
Beasley et al. (2007) also report enhanced audit committee diligence in their
interactions with the external auditor in the SOX era. Cohen et al. (2008) report that many
auditors indicated that the increased interaction has resulted in a greater focus by the audit
committee on matters related to the audit process. One of the directors in our study
commented: So we are always discussing with them what they have been doing and what the
management internal auditing group has been doing to assist them. Another director stated:
One of the major things that gets discussed is tone at the top, especially when you’re dealing
with this 404 compliance.
The participants were also asked whether the audit committee played a role in
helping resolve contentious accounting and financial reporting issues between the auditor and
the management. A majority of the directors (58%) believed that the audit committee did play
a role in resolving these issues. First, one of the participants stated that it was not so much
that (we have) disagreed around an issue, saying instead that the contentions have been more
about whether (the auditor) had the right people or . . . enough people really able to
legitimately audit what goes on with some of the financial practices, etcetera. The participant
attributed the latter to the SOX era, and the collapse of Arthur Andersen. A small number of
the remaining 21 participants demonstrated sensitivity to the use of the word contentious, but
at the same time all stated that the audit committee helped to resolve important accounting
issues. One of the respondents indicated that the role of the audit committee was very slight,
going on to say that the truth is there rarely are contentious accounting issues anymore
because everybody is scared to object to anything. However, other participants disagreed as
exemplified in the following response:
The answer is they are right up to their eyeballs. I mean mostly the contentious issuesare trying to figure out what the hell the issue is and what the facts are that the issues – Imean if management is too conservative or too aggressive and that is flagged by the auditcommittee or by the auditor, the audit committee will be all over the issue and they may beover it anyway because if there is substantial disagreement between the auditor and
18
management or the audit report that is an issue that has to be properly disclosed. I mean youwork hard to get those things squared away.
One participant also attributed the increased role of the audit committee in that respect
to the fact that in many cases it now has the skills to be an active participant in the discussion
of these problems. And it has the experience to recommend solutions it may have seen in
similar cases.
The directors were also asked about their experiences with the role that the audit
committee played with respect to establishing and maintaining effective internal controls
under Section 404. The unanimous response was that the audit committee played a major role
in that respect, and in most instances that was different to the way things were pre-SOX. This
finding is consistent with the experiences of auditors (Cohen et al., 2008) where 88 percent of
the auditors concurred that the audit committee was playing a major role with respect to
controls.
Expertise and Power of the Audit Committee
On the specific attributes of the audit committee arising out of SOX, the directors
were asked whether they considered that the audit committee had sufficient financial
expertise to effectively deal with financial reporting, auditing and internal control related
issues. Twenty one (95%) of the participants answered ‘yes’. Some participants were of the
opinion that smaller firms may be disadvantaged in that respect in responding to a second
part of the question which asked specifically whether size, industry or other factors had a role
to play. The reasons given were the lack of availability of financial experts and the financial
resources needed to purchase the expertise.
Eight-five percent of the participants also indicated that an audit committee financial
expertise could vary along industry lines. One of the participants added that when you are
19
dealing with derivatives and hedging, nobody will say that they’re an expert in that. Another
participant stated that whether an audit committee had sufficient expertise was a function of
how complicated your business model is rather than size or industry. Two participants also
raised the issue of whether, in the words of one of them, the pendulum has swung too far on
the matter of financial expertise possibly adversely affecting audit committee effectiveness
and therefore the quality of financial reporting with respect to the exercise of judgement. A
problem with respect to the skills and mindset of those most likely to meet the definition of a
financial expert was identified by some of the directors. In the words of one of the directors,
the problem with CFOs and auditor are they are rules-based people, they aren’t judgement
based people. The implications for financial reporting are evident in the following response
of one of the directors:
...the real value in financial reporting oversight of audit comes from connectingbusiness issues with financial reporting issues. Because technical financial reporting issuesare going to be handled correctly by the management and the auditors . . . the auditcommittee can bring no competitive advantage in that respect. But where you have judgment .. . in a clause, in a case clause or in policy choices and that judgement centres on knowingsomething about the business, board members can bring it, add value. Now if you have toomany people that are ex directors and ex CFOs they usually try to replicate what themanagement or the auditors have done rather than bring a new perspective, which is abusiness perspective that says that given what I see is going on in the industry or . . . that Imake of this business, should we be . . . putting more reserves or should we be following thiscapitalisation policy . . . the kinds of questions . . . you need less technical knowledge for it,but more business savviness and then connecting the business savviness with financialreporting . . . so there are still issues there.
The same sentiment was expressed by another director who stated that the problem with
CFOs and auditors are they are rules-based people, they aren’t judgement-based people.
On the matter of whether the audit committee has sufficient power and authority from
the board to confront management in dealing with contentious financial reporting, auditing
and internal control related issues, 20 of the 22 directors answered yes. One participant stated
that in his experience the audit committee did not have sufficient independence from the
board in that respect, i.e., that it would go to the board before approaching management.
20
As noted previously, auditors also reported overwhelmingly that SOX era audit
committees have sufficient expertise and power to accomplish their responsibilities (Cohen et
al., 2008). Further, auditors note audit committees are considerably more diligent and aware
of the role they play in the financial reporting process.
The current study explores audit committee appointments in more depth than Cohen
et al. (2008), in that participants were also asked how board members are specifically selected
to serve on the audit committee. Consistent with Beasley et al. (2007) the most frequently
cited selection criterion was financial expertise. To that end, one of the participants in our
study stated that he considered the question ought to be the other way around . . . I think it’s,
now let’s get somebody to serve on the audit committee and we will nail them to the board,
despite the fact that the financial expertise criterion is framed as a disclosure requirement
only. Another director stated: Most companies actually have a little difficulty and need
somebody who satisfies the letter of the law to be the financial expert. So first it is “are you
legally a financial expert”? Another stated” We have to meet our interpretation of what the
financially sophisticated criteria are. So you look for former CEOs, they meet it, or former
CFOs meet it, or CPAs meet it. The participant also stated that he considered that the negative
of all this is we usually have rotation of the board members, of the committee membership.
That I think is diminishing because to get somebody on the audit committee who is qualified
you don’t want him to go anywhere else. So that is changing the picture a little bit.
The negative impact of the financial expertise criterion on the skills set of the board as
a whole is also reflected in the fact that two of the directors stated that in the companies they
are associated with, post-SOX, new board members, who do not possess the requisites skills,
are no longer appointed to the audit committee. Consistent with Beasley et al. (2007), other
attributes identified as important selection criteria were independence and time to serve. The
participants in our study also acknowledged the need to establish a balanced portfolio of
21
skills on the audit committee. Here, one of the directors, while acknowledging the need for
the depth of the skills set of an audit committee to match the size and complexity of the
organization, stated that beyond the need for financial expertise, in his experience there was
also a need for legal expertise with respect to the issue of compliance and, in addition, people
who have a good understanding of financial markets. The participant stated that on the audit
committees he serves on they had more expertise in relation to all three areas than they had
pre-SOX, and that they also have a CEO who has more the big picture expertise.
The Board
The next set of questions asked what specific changes, if any had occurred with
respect to the effectiveness of the board in fulfilling its fiduciary responsibilities relating to
the financial reporting process. While 50 percent of the auditors in Cohen et al. (2008)
identified a significantly greater role for the board, in our study, 91 percent of the directors in
our study were of the opinion that the board has taken a more proactive role over the last five
years. The nature of the positive changes identified by the participants essentially mirrored
those factors identified earlier, in relation to the same question dealing with the audit
committee, and are reflected in the following cross-section of excerpts from the responses:
I think they pay a lot more attention than they used to; I would say directors are moreaware; The boards are very interested in listening to the audit committee’s report andmaking sure that the audit committee has appropriate resources, appropriate expertise andall that stuff; There is much more awareness; Today they are very much more engaged . . .they’re more independent . . . they’re experienced, they’re more expert and they’re morediligent; Hell it is much more inquisitive than it was before. It has heightened the sense ofresponsibility.
The responses are consistent with the factors that prior literature identifies as the
determinants of audit committee (board) effectiveness e.g., composition, authority, resources
and diligence (e.g., DeZoort et al., 2002; Cohen et al. 2004). One of the participants stated
that boards are also focused on their own effectiveness. They’re doing a lot of internal
22
reviews, doing evaluations of their own processes and other individuals. Beasley et al. (2007)
also provide evidence of audit committees benchmarking their performance against best
practices in the post-SOX era.
However, as with the audit committee, several participants in our study stated that the
enhanced monitoring role of the board, with respect to financial reporting, had come at the
expense of board efficiency with respect to other responsibilities, as reflected in the following
response:
So I think they pay a lot more attention than they used to. But that means they arepaying less attention to what they used to. If you are a kind of cynic, you might think theyused not to do anything, and so now they are paying attention to it. I think a lot of goodboards used to worry about the future of the company, and now they’re spending a lot of timetalking about how we’re reporting what happened. It (SOX) has shortened the time horizonpeople have. It’s got them into details that they never used to get into.
Another director stated:
If you have only got a finite period of time, that means you are spending less timedoing what you used to do, which I thought was ... looking at how management was actuallyrunning the business and I think that’s a downside of Sarbanes Oxley. Before I leave thatcompletely, I think the net result of Sarbanes Oxley has been very good. There are a lot ofpeople more conscious of things. But we are now at the point where we are spending a lot oftime on window dressing.
Internal Auditors
The directors were asked whether in their experiences the role of internal auditors had
changed in the last 5 years, and, if so, how. Almost all (95 percent) of the participants stated
that the role of the internal audit had increased in terms of its scope, level of responsibility
and status. The responses taken as a whole demonstrated various ways in which the role had
changed and they are reflected, in part, in the following excerpts taken from a cross section of
the interviews:
Yes, it has changed. I think that the internal audit function is taken moreseriously. I think at times in the past it was kind of like a necessary evil. Youchecked the box to say you have it. But, in our particular case it has been much
23
upgraded. We have substantially higher quality people. More disciplined. Moreprofessional. Much, much better. You wouldn’t even recognize them as the twogroups.
Yes. I think the internal audit role has become more powerful. I think that thestature of the internal audit manager has been raised. They have been elevatedto effectively a higher level of management than they were before.
There are two things to me. One, it has gained in importance so much. Thesecond thing is it has gained some separation that it didn’t have before . . . inmany ways it was looked at as an adjunct to the audit functions of the companyor the executive function. . . . And now what’s happened in the past 5 years isthe audit committee has separated themselves, and set themselves up as anindependent entity much more than they were.
These results are similar to the responses Cohen et al. (2008) had with auditors where 83
percent perceived that there had been a greater role for internal auditors
The final question on the impact of SOX on internal audit asked the directors whether
the nature of the relationship between the internal and external auditor had changed over the
past 5 years and, if so, how. Of the 19 participants who had experience with this issue, 17
considered it had changed, but in varying degrees, directions, and in nature, as reflected in the
following excerpts from separate interviews:
It is less collegial. Because the internal auditor is really nervous about beingtricked. I believe they are more arms length. I mean they used to be pretty co-operative and they world share each other. So the internal guys are now a littlemore nervous about initially telling the outside guys. They go through the auditcommittee more than they used to.
There’s just much more reliance being placed by the independent auditors onthe internal auditors and . . . part of that’s because of what’s happened withSarbanes-Oxley, it’s also just because other things have happened. I mean, thewhole thing has been ratcheted up.
I think they see themselves much more as equals now . . . I think, because wehave beefed up our internal capabilities, in many cases our people are asexperienced and degreed, if you know what I mean, as those they are meeting,with the external auditor. So they see one another much more as equals.
24
Cohen et al. (2008) also found auditors overwhelmingly reported (85%) that the role
of the internal audit function has changed over the past five years and reliance on the internal
auditors has increased considerably. In particular, auditors note internal audit has played a
significant role in overseeing and testing internal controls as required by SOX section 404.
Beasley et al. (2007, p. 26) also report that “audit committee interactions with internal audit
has increased” in the post-SOX era.
Management Certification
The next set of questions concerned participant experiences of the impact of the CEO
(CFO) certification on, first, the integrity of the financial reporting and, second the audit
process. Sixty-four percent of respondents felt that the requirement had a positive influence
on the integrity of financial reporting. However, the responses taken as a whole were
polarised, as reflected in the following quotations, beginning with the case for the negative
So here I think none. I think all of us to the best of our ability before looked atthe financial reports of our companies and said “that’s fairly presented”. Asthings have become more sophisticated, as we were just saying, obviously wehave had to become somewhat more sophisticated too. We have had to ask a fewmore questions, What’s the basis for this number? What underlies, and whatmodel did you value that on? So, it’s become more complicated. But none-the-less I think we all looked at those numbers and signed off on them as the rightnumbers, in good faith. So, I think it has created a lot of pressure and a lot ofheadlines, and, again, I think it’s added the government’s case in marginalcases. But, I don’t think, in general, that it’s had a difference in the majority ofcases.
At the other end of the spectrum a second participant stated that he considered the legislative
provision to be perhaps one of the most important changes that has taken place in aligning
the incentives of all parties in the audit process. The participant went on to say:
So, now the CEO also wants a good audit and previously it used to be like, youknow, passing the buck kind of mentality, whereas now in a sense, you know,I’m on the hook, you’re on the hook and the audit committee is on the hook. So,all three of us have to coordinate and kind of make sure that, you know, we do
25
this right. So, in that sense I think it has been a very positive thing because it’screated more a team mentality between the management, external auditors andthe audit committee.
The latter response may be contrasted with the assertion by another participant that
from my own experience the people that I have worked with before and no, I do not doubt their
integrity or honesty and so signing a piece of paper is superfluous. The responses of all
participants to the questions are framed by their own experiences, and in that respect may be
viewed, in part, from the perspective that the impact of the certification, would depend on the
company and how closely they complied with some of the requirements of Sarbanes Oxley
prior to Sarbanes Oxley.
A common theme that emerged from the question was that fact that CEO (CFO)
certification had, in the words of one the participants, been pushed . . . down through the
organization so you’ve got every level sort of doing their due diligence. The participant also
added that he considered that aspect to be a fine part of Sarbanes Oxley. The participant also
attributed the dramatic cost of Section 404 to the failure to take a risk-based approach to its
implementation – a consequence that Langevoort (2007) identifies as an example of the social
construction of SOX. Finally, one of the participants who had substantial direct experience
with non-US stock exchanges stated that the CEO certification was particularly unpopular with
non-US CEOs.
On the question of the impact of CEO certification on the audit, the majority (65 %) of
the participants considered that it had not had any impact in that respect. Others, however,
considered that the impact lay in the heightened interest of the CEO in the audit and the fact
that it had the effect of bringing more people into the process. Again, it is pushing the
ownership down in the organization.
The experiences of auditors (Cohen et al. 2008) on the impact of CEO/CFO
certification appear to closely mirror those of directors. About two-thirds indicated certification
26
has had a positive impact on the integrity of the financial reports. In contrast, only 20%
believed that the requirement ultimately had an effect on the audit process.
Other Issues
The remaining interview questions went beyond those posed by Cohen et al. (2008) to
address cost - benefit related issues of SOX and whether SOX had affected corporate risk
taking. The first question asked the directors whether they considered the awareness of the
board regarding their responsibilities and exposure to liability surrounding the financial
reporting process had changed in the last 5 years. Consistent with the findings of prior studies
(e.g., Linck et al 2008) almost all of the participants (91%) said yes. The participant who
answered “no” stated that he did not consider that the awareness of the board regarding their
responsibilities and exposure had increased for the following reason:
I remember discussions 10 and 15 years ago where we were paranoid about our ownexposure and our responsibility and the risk of shareholder suites and what it would do toour reputations. If anything has changes it is the fear of going to jail. It is not the legalresponsibility, exposure, personal reputation, we have always worried about those things.
Two other questions asked whether, irrespective of cost, they thought that SOX has led
to an improvement in the quality of financial reporting and to rate the cost-benefit associated
with implementation of the legislation on a ten-point scale (described below). There was
overwhelming agreement (84%) that SOX had positively affected the quality of financial
reporting. However, there was considerable variation in the perceived strength of the impact
as reflected in the following cross section of responses: Yes. Absolutely. No question about it;
Yes. But not as much as people think; maybe; and possibly.
The factors identified as the source of improvement in financial reporting mirrored
responses to earlier questions including the alignment of interests in the management –
external auditor – audit committee relationship;, the strengthening of internal controls;, and
27
the enhanced effectiveness in the monitoring role of the audit committee and the board.
However, at the same time all acknowledged the financial burden of complying with SOX.
In relation to the second (rating) question, the number 1 on the scale was anchored by
the descriptor “costs far exceed benefits”, 5 “benefits equal costs”, and 10 “benefits far
exceed costs”. The mean response on the scale was 5.81 which suggests a slightly favourable
opinion on the part of the directors that the benefits exceeded the costs. A small number of
participants were not willing to provide an assessment, considering the jury to be still out on
the issue and that the benefits were difficult to quantify.
Another question asked the directors whether SOX had impacted corporate risk-taking.
Half of the directors indicated that, yes, SOX had affected corporate risk-taking. However,
they didn’t necessarily believe this was a negative consequence as reflected in the following
comments:
In a minor way that there now in most companies is a risk analysis, a broader riskanalysis than pure financial risk and that probably has been improved indirectly by SOX. Ithink accounting risks and being conservative about accounting and reporting and there areless, you know, there are less risks rather than there used to be. . . . The risks that companiesaren’t taking any more are the sort of risks related to potential fraud and that sort of stuff.Which are risks that they didn’t want to take before, it just wasn’t on the radar. I mean, butdo companies take thoughtful business risk in the same way they did before? Sure, butthere’s more, if you’re looking at an acquisition, you would spend a lot more time looking atthe Sarbanes-Oxley issues in the other company than you did before. So you try to reducethat risk.
Some directors, however, thought that reduced risk-taking was a negative consequence
of SOX, for example, one director stating, It has caused corporations to be more cautious
and that is not all a good thing.
5. CONCLUSION
The primary purpose of this study was to extend the Cohen et al. (2008) study
conducted with auditors by providing evidence of US directors’ experiences of the impact of
the Sarbanes Oxley Act on the financial reporting process, specifically the audit committee
28
(board) – management – external auditor relationship, internal audit, and CEO (CFO)
certification. The results provide substantial evidence of enhanced improvement in audit
committee (board) effectiveness that is attributable to both the functional and structural
provisions of SOX and the institutionalisation of the relevant SOX mandates. The magnitude
of the change is, however, subject to the extent to which there was a gap between rhetoric and
reality pre-SOX. The enhanced improvement in the monitoring role of the audit committee
(board) with respect to financial reporting was cited by some respondents as being at the
expense of time being spent on other responsibilities as well as a substantial financial burden.
Comparing the responses of the directors to that of the auditors in Cohen et al. (2008),
we see significant convergence but also some noteworthy differences. Importantly, directors’
experiences regarding the enhanced expertise and diligence of the audit committee
corroborate those reported by auditors in Cohen et al. (2008). However, in contrast to Cohen
et al. (2008), the directors’ experiences indicate that audit committees played a more
important role in the resolution of accounting disputes than indicated by auditors. Further, the
directors were much less likely than the auditors to include management as part of their
definition of corporate governance. Finally, some directors perceived that the cost of
compliance was a burden and that the reforms may have had the unintended consequence of
creating an overly bureaucratic monitoring role for the audit committee and the board to the
detriment of some of their other roles and responsibilities.
The strength of the qualitative method employed in the study is its ability to capture
the experiences of insiders on the impact of Sarbanes Oxley. The data obtained provided
depth of response but cannot be said to be statistically representative. However, while the
number of participants is relatively small in number, they represent a broad spectrum of the
economy and collectively provide both depth and breadth of information in relation to the
research question addressed.
29
REFERENCES
Agarwal, R. and R. Williamson. 2006. Did new regulations target the relevant corporategovernance attributes? Available at: htt:/papers.ssrn.com/abstract=859264.
Ashbaugh-Skaife, H., D. W. Collins, W. R. Kinney and R. LaFond. 2007. The effect of Soxinternal control deficiencies on firm risk and cost of equity. Available at:http://papers.ssrn.com/abstract=896760.
Asthana, S., S. Balsam and S. Kim. 2004. The effect of Enron, Andersen and Sarbanes-Oxleyon the market for audit services. Working paper. Temple University.
Bargeron, L., K. Lehn and C. J. Zutter. 2008. Sarbanes-Oxley and corporate risk-taking.Available at: http://ssrn.com/abstract=1104063.
Baysinger, B and R. E. Hoskisson. 1990. The composition of boards of directors and strategiccontrol: Effects on corporate strategy. The Academy of Management Review. January:72 – 86.
Beasley, M. J., J. Carcello, D. Hermanson, and T. Neal. 2007. The audit committee oversightprocess. Contemporary Accounting Research Conference, Montreal, Canada.
Bedard, J. 2006. Sarbanes Oxley internal control requirements and earnings quality. Workingpaper. University of Laval.
Coates, J. C. IV. 2007. The goals and promise of the Sarbanes-Oxley Act. Journal ofEconomic Perspectives. Vol. 21. No. 1. Winter: 91-116.
Cohen, D. 2005. Trends in earnings management and informativeness of earningsannouncements in the pre- and post-Sarbanes Oxley Periods. Available athttp://www.ssrn.com/abstracts.
Cohen, J., G. Krishnamoorthy and A. Wright. 2002. Corporate governance and the auditprocess. Contemporary Accounting Research (Winter): 573-594.
Cohen, J. G. Krishnamoorthy and A. Wright. 2004. The corporate governance mosaic andfinancial reporting quality. Journal of Accounting Literature. 23: 87-152.
Cohen, J., G. Krishnamoorthy and A. Wright. 2008. Corporate governance in the postSarbanes-Oxley era: Auditors’ Experiences. Working Paper. Northeastern Universityand Boston College.
Cox, J. D. 2005-2006. The role of empirical evidence in evaluating the wisdom of theSarbanes-Oxley Act. University of San Francisco Law Review. 823-844.
DeZoort, F. T., D. R. Hermanson, D. S. Archambeault and S. A. Reed. 2002. Auditcommittee effectiveness: a synthesis of the empirical audit committee literature. Journalof Accounting Literature. 21: 38-75.
Eisenberg, M. A. 1999. Corporate law and social norms. Columbia Law Review. 1253-1292.
Fama, E. F. and M. C. Jensen. 1983. Separation of ownership and control. Journal of Lawand Economics. 301-325.
Galindo-Dorado, R. 2005. The echoing effects of the Sarbanes-Oxley act: Are the high costsof its implementation worth it? Available at: http://ssrn.com.abstract=728439.
Gendron Y., J. Bedard and M. Gosselin. 2004. Getting inside the blackbox: A field study ofpractices in “effective” audit committees. Auditing: A Journal of Practice and Theory,23 (March): 153-171.
Gendron, Y. and J. Bedard. 2006. On the constitution of audit committee effectiveness.Accounting, Organizations and Society, 31 (April): 211-239.
Griffin, P. A., and D. H. Lont. 2003. An analysis of the audit fees following the passage ofSarbanes-Oxley. Working paper. University of California and University of Otago.
Hill. J. 2008. Evolving ‘rules of the game’ in corporate governance reform. InternationalJournal of Corporate Governance. 28.
Hoitash, R., A. Markelevich, and C. A. Barragato. 2005. Auditor fees, abnormal fees andaudit quality before and after the Sarbanes-Oxley Act. Working paper.
Langevoort, D. C. 2007. The social construction of Sarbanes-Oxley. Michigan Law Review.June, 105, 8: 1817-1855.
Linck, J. S., J. M. Netter and T. Yang. 2008. The effects and unintended consequences of theSarbanes-Oxley Act on the supply and demand for directors. Available at:http://www.ssrn/abstract=902665.
Lipton, M. and J. W. Lorsch. 1992. A modest proposal for improved corporate governance.The Business Lawyer. November: 59-76.
Meyer, J. W. and B. Rowan. 1977. Institutionalized organizations: formal structure as mythand ceremony. The American Journal of Sociology. Vol. 83, No. 2, September: 340-363.
Miles, M. and M. Huberman. 1994. Qualitative data analysis (2nd ed.). Thousand Oaks, CA:Sage.
Mitchell, L. E. 2003. The Sarbanes-Oxley Act and the reinvention of corporate governance?Villanova Law Review. 1189-1215.
Organization for Economic Co-operation and Development. 2004. OECD Principles ofCorporate Governance.
Perino, M. A. 2002. Enron’s legislative aftermath: Some reflections on the deterrence aspectsof the Sarbanes-Oxley act of 2002. Available at: http://www.law.columbia.edu/law-economicstudies.
Piotroski, J. D. and S. Srinivasan. 2008. Regulation and bonding: The Sarbanes-Oxley actand the flow of international listings. Available at:http://ssrn.com/abstract=956987.
Public Oversight Board. 1994. Strengthening the professionalism of the independent auditor:from the Advisory panel on Auditor Independence. Report to the Public OversightBoard of the SEC Practice Section, AICPA.
Romano, R. 2005. The Sarbanes-Oxley act and the making of quack corporate governance.The Yale Law Journal. May, 114, 7: 1521 – 1611.
Sarbanes Oxley Act of 2002. Available at: www.findlaw.com.
Scott, R. W. 2008. Institutions and organisations (3rd ed.). Sage.
Spira, L. F. 1999. Ceremonies of governance: Perspectives on the role of the audit committee.Journal of Management and Governance. 3 (3): 231-260.
Turley, S. and M. Zaman. 2004. The corporate governance effects of audit committees.Journal of Management and Governance. 8: 305-332.
Turley, S. and M. Zaman. 2007. Audit committee effectiveness: Informal processes andbehavioural effects. Accounting, Auditing and Accountability Journal. 20 (5,Forthcoming).
Watts, R. L. 2003. Conservatism in accounting part 1: Explanations and implications.Accounting Horizons. September, 17, 3: 207-221.
Zhang I. X. 2007. Economic consequences of the Sarbanes-Oxley Act of 2002. Journal ofAccounting and Economics. 44.
Zhu, H. and K. Small. Has Sarbanes-Oxley led to a chilling in the U.S. cross-listing market?The CPA Journal. March, 77, 3: 32-37.
