Marcy L. Shepardson scite author profile

We use incremental and joint implementation of multiple SOX‐based control effectiveness disclosure and audit mandates to assess relative performance of alternatives for small U.S. public companies. Using data from several low‐ and high‐effort management disclosure and audit regimes implemented from 2003 to 2008, we find substantial and statistically significant increases in material weakness disclosure rates for small firms undergoing initial SOX 404(b) internal control audits, but find quantitatively and statistically similar increases for initial management reports of small firms exempt from such audits. As to audit cost, fees more than double for initial 404(b) audits in 2004 and remain high, while 404(b)‐exempt firms’ fees grow about 10% annually. Our results support the view that, for small firms, management internal control reports and traditional financial audits may be a cost effective disclosure alternative to full application of SOX 404(b). Also, our results suggest that, even without management reports on internal control, analysis of the cause of known accounting mistakes may yield substantial material weakness disclosures.

show abstract

Do SOX 404 Control Audits and Management Assessments Improve Overall Internal Control System Quality?

Schroeder

Shepardson²

2015

View full text Add to dashboard Cite

We address whether SOX 404(b) internal control audits under two auditing standards regimes and SOX 404(a) management assessments are associated with improved internal control system quality, an important and largely unstudied potential benefit. In 2013, the PCAOB disclosed that 15 percent of inspected control audits were ineffective, suggesting that the current control auditing standard may not be sufficient to induce implementation of high-quality control systems. We use an indirect measure of internal control system quality—future unaudited accruals quality—to proxy for internal control quality because sustained internal control improvements should be exhibited in future quarterly financial reports unaltered by contemporaneous financial statement audits. We find that internal control audits initially provided internal control quality benefits. After the 2007 auditing standards change, internal control quality deteriorated for ICFR audited versus unaudited firms. Finally, we find limited evidence that management assessments affect internal control quality. Results indicate that recent PCAOB concerns may have merit. Data Availability: Data are publicly available from the sources identified in the text.

show abstract

Integration of Internal Control and Financial Statement Audits: Are Two Audits Better than One?

Bhaskar

Schroeder

Shepardson

2018

View full text Add to dashboard Cite

The quality of financial statement (FS) audits integrated with audits of internal controls over financial reporting (ICFR) depends upon the quality of ICFR information used in, and its integration into, FS audits. Recent research and PCAOB inspections find auditors underreport existing ICFR weaknesses and perform insufficient testing to address identified risks, suggesting integrated audits—in which substantial ICFR testing is required—may result in lower FS audit quality than FS-only audits. We compare a 2007–2013 sample of small U.S. public company firm-years receiving integrated audits (accelerated filers) to firm-years receiving FS-only audits (non-accelerated filers) and find integrated audits are associated with higher likelihood of material misstatements and discretionary accruals, consistent with lower FS audit quality. We also find evidence of (1) auditor judgment-based integration issues, and (2) low-quality ICFR audits harming FS audit quality. Overall, results suggest an important potential consequence of integrated audits is lower FS audit quality. Data Availability: Data are publicly available from the sources identified in the text.

show abstract

Reflections on a Decade of SOX 404(b) Audit Production and Alternatives

Kinney

Martin

Shepardson

2013

View full text Add to dashboard Cite

SYNOPSIS Since passage of the quickly finalized Sarbanes-Oxley Act during July 2002, audit production in the U.S. has been substantially expanded by mandated internal control audits. The control audit mandate is unique to the U.S. and costly to apply, yet little is known about the conduct of control audits or the efficacy of lower-cost alternatives. This paper reflects our overall knowledge about control audit production and observation of a consistent message across public and limited non-public archival data, analytical studies, and numerous personal experiences of audit practitioners. Our primary observation is that, absent any financial misstatement, auditors find it difficult to identify material weaknesses in control design. Conversely, when auditors know about misstatements they can, and do, detect related material weaknesses and thereby identify most public companies found by mandated control audits to have ineffective controls. Thus, it appears possible to exploit this observation to identify and publicly disclose most companies with weak controls without incurring the cost of full internal control audits. We believe that U.S. markets could benefit from more transparency about the current U.S. audit production process and from informed debate about the best mechanism design for balancing the needs of all parties interested in internal control quality disclosure.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.