Embed Size (px)
Citation preview
Internal Control Weaknesses and Client Risk Management
Randal Elder, Yan Zhang, Jian Zhou, and Nan Zhou∗
August 08, 2008
∗ Randal Elder is from Syracuse University ([email protected]); Yan Zhang is from SUNY – Binghamton ([email protected]); Jian Zhou is from SUNY – Binghamton ([email protected]); Nan Zhou is from HKUST and SUNY − Binghamton ([email protected]). We thank Jean Bedard, Denise Dickins, Weili Ge, Karla Johnstone, Ryan LaFond, Clive Lennox, and especially an anonymous reviewer for detailed and insightful suggestions that have significantly improved the paper. We also thank workshop participants at the 2007 American Accounting Association (AAA) Annual Meeting, the 2007 AAA Auditing Midyear Meeting, the 2007 International Conference on Accounting and Finance at Xiamen University, the 2006 Annual Conference on Financial Economics and Accounting at Georgia State University, the 2006 HKUST Summer Symposium on Accounting Research, Hofstra University, SUNY − Binghamton, SUNY – Buffalo, Syracuse University, and Zhejiang University for helpful comments.
Internal Control Weaknesses and Client Risk Management
Abstract
We study auditors’ client risk management in the first year of SOX 404 implementation, and find that there exists a pecking order among auditors’ strategies to manage control risk resulting from internal control weaknesses. We first examine the relations between internal control weaknesses and audit fee, audit fee increase, modified opinion, and auditor resignation, respectively, and establish that these are viable strategies to manage control risk on a stand-alone basis. When we investigate these strategies simultaneously, descriptive evidence suggests that there exists a pecking order among auditors’ client risk management strategies. Our ordered logit analyses document that, as the clients’ control risk increases, auditors are likely to respond in the order of audit fee adjustments, modified opinions, and auditor resignations. We further create an index based on the severity of auditors’ responses, and find that the degree of control risk is positively correlated with this auditor response index. Our comprehensive evidence suggests that auditors use an array of ordered strategies to manage client-related control risk.
Key Words: Internal control weaknesses; Client risk management; Audit fee and audit opinion; Auditor resignation JEL Classification: M42
1
Internal Control Weaknesses and Client Risk Management
1. Introduction
The Sarbanes-Oxley Act (SOX) of 2002 has changed the regulatory landscape for
the accounting profession, especially for auditors of public companies. The Public
Company Accounting Oversight Board (PCAOB) was created to monitor auditors’ work
directly. In addition, conflicts of interest are prohibited and civil- and criminal liabilities
are imposed for any violations. Consequently, SOX has substantially increased legal
liability for accountants. Before SOX, auditors would typically face liability only after a
client collapsed, but now they face significant legal consequences for any violations of
SOX. For example, a failure in PCAOB inspection could result in suspension or
termination of an auditor’s registration status, without which the auditor is prohibited
from performing audits of public companies. In an extreme case, an accountant could be
sentenced to 20 years for willfully destroying or altering documents (Wegman, 2005).
In this paper, we study how auditors manage control risk resulting from internal
control weaknesses. Since auditors now assume greater risk when performing audits of
public companies in this post-SOX era, such focus on client risk management has added
significance for public accounting firms. Specifically, client-related risk can be classified
into audit risk and client business risk. SAS No. 107 (AICPA, 2006) decomposes audit
risk into three components: inherent risk, control risk, and detection risk.1 In decisions
related to client risk management, auditors should focus on inherent risk and control risk,
1 SAS No. 107 (AICPA, 2006) also defines combined inherent risk and control risk as the risk of significant misstatement in the financial statements. SAS No. 107 replaced SAS No. 47 (AICPA, 1983) which first defined the audit risk model and its components.
2
because these two components equal the likelihood of error in clients’ accounts prior to
the auditors’ testing (Elder and Allen, 2003).
Information on a client’s control risk was not publicly available on a large scale
prior to the enactment of SOX.2 However, this has been dramatically changed, because
SOX has two sections specifically focusing on internal control disclosures. Effective for
all public firms for their fiscal years ending on or after August 29, 2002, Section 302
(SOX 302) requires a firm’s management to disclose significant internal control
deficiencies when they certify quarterly or annual financial statements. Section 404
(SOX 404) has two provisions. Section 404(a) requires management to provide an
assessment of internal control, and Section 404(b) requires auditors to provide an opinion
on management’s assessment. An accelerated filer must comply with SOX 404 for its
first fiscal year ending on or after November 15, 2004; a non-accelerated filer must
comply with SOX 404(a) for its first fiscal year ending on or after December 15, 2007,
and SOX 404(b) for its first fiscal year ending on or after December 15, 2009.3
One integral part of our analyses is to assess how auditors adjust their audit fees
in response to the changes in their assessments of control risk. We thus focus on the first
year of SOX 404 implementation, an external shock forcing internal control disclosures.
This setting enables us to obtain a large number of firms that are newly identified with
internal control weaknesses under SOX 404, enhancing the power of our test.4 Since
firms would adapt to this new reporting regime of internal control after the first year, the 2 Prior to SOX, firms were only required to disclose their internal control problems in 8-Ks when they changed auditors. SAS No. 60 required that the auditor communicate internal control deficiencies to the client’s audit committee. However, these communications were not generally publicly available (Krishnan, 2005). 3 Accelerated filers are public firms with an equity market capitalization of more than $75 million. 4 14% of our sample firms are identified with internal control weaknesses in the first year of SOX 404 implementation, whereas only 4% of our sample firms are identified with such weaknesses in the year prior to SOX 404 implementation.
3
number of firms with changes in internal control opinions would be small in subsequent
years.
Specifically, we name the first year of SOX 404 implementation as the 404
period, restricting it to fiscal years ending between November 15, 2004 and November
14, 2005 to be consistent with SOX 404. We define the 302 period similarly and restrict
it to fiscal years ending between November 15, 2003 and November 14, 2004. We find
that auditors use an array of strategies to manage client-related risk in the 404 period.
Interestingly, there exists a pecking order among auditors’ strategies to manage control
risk resulting from internal control weaknesses. As the level of control risk increases,
auditors respond by adjusting audit fees, issuing modified opinions, and resigning from
clients.
We first examine the relations between internal control weaknesses and audit fee,
audit fee increase, modified opinion, and auditor resignation, respectively. We find that
firms with internal control weaknesses are charged higher audit fees. When we separate
internal control weaknesses into company-level weaknesses and account-specific
weaknesses, we find that the audit fee premium for company-level weaknesses is
significantly higher than that for account-specific weaknesses. Compared with account-
specific weaknesses, company-level weaknesses are more extensive and pervasive and
thus more difficult to address in the audit. During the transition from the 302 period to
the 404 period, firms newly identified with internal control weaknesses under SOX 404
are encumbered with greater audit fee increases. Moreover, we find that firms with
internal control weaknesses are more likely to be flagged with a modified opinion.
Finally, we find that auditor resignations are more likely for firms with internal control
4
weaknesses. Based on these findings, we establish that audit fee adjustments, modified
opinions, and auditor resignations are viable strategies to manage control risk on a stand-
alone basis.
When we investigate these strategies simultaneously, descriptive evidence
suggests that there exists a pecking order among auditors’ client risk management
strategies. Our ordered logit analyses document that, as the clients’ control risk
increases, auditors are likely to respond in the order of audit fee adjustments, modified
opinions, and auditor resignations. We further create an index based on the severity of
auditors’ responses, and find that the degree of control risk is positively correlated with
this auditor response index. Our combined evidence suggests that auditors use an array
of ordered strategies to manage client-related control risk.
Our paper is related to the growing literature on internal control problems. One
strand of the literature focuses on the determinants of internal control problems.
Krishnan (2005) finds that audit committee independence and financial expertise are
associated with internal control problems before the enactment of SOX, and Zhang,
Zhou, and Zhou (2007) find that audit committee financial expertise is related to internal
control weaknesses after the enactment of SOX. Ge and McVay (2005) and Doyle, Ge,
and McVay (2007a) find that internal control weaknesses are more likely for firms that
are smaller, less profitable, more complex, growing rapidly, or undergoing restructuring.
Ashbaugh-Skaife, Collins, and Kinney (2007) find that firms with more complex
operations, recent changes in organization structure, more accounting risk exposure, and
less investment in internal control systems are more likely to disclose internal control
deficiencies. The other strand of the literature focuses on the consequences of internal
5
control problems. Doyle, Ge, and McVay (2007b) and Ashbaugh-Skaife, Collins,
Kinney, and LaFond (2008) find that firms with internal control problems tend to have
lower accruals quality. Ashbaugh-Skaife, Collins, Kinney, and LaFond (2006) and
Ogneva, Subramanyam, and Raghunandan (2007) show that internal control deficiencies
are positively related to firm risk and cost of equity capital. Our finding that internal
control weaknesses are an important determinant of auditors’ client risk management
strategies adds to the latter strand of literature.
Our paper is also related to research papers that study either the relation between
internal control problems and audit fees or the relation between internal control problems
and auditor turnover. Using internal client evaluation data from a public accounting firm,
Bedard and Johnstone examine audit risk factors in three studies of auditors’ client risk
management strategies prior to the enactment of SOX. Specifically, Johnstone and
Bedard (2003) study client acceptance, Johnstone and Bedard (2004) study client
dismissal, and Bedard and Johnstone (2004) study planned audit hours and billing rates.
Using internal control disclosures required under SOX, several contemporaneous papers
look at some aspects of the issues we examine. Raghunandan and Rama (2006), Hogan
and Wilkins (2008), and Hoitash, Hoitash and Bedard (2008) find that audit fees are
associated with internal control weaknesses; Hertz (2006) and Ettredge, Heintz, Li, and
Scholz (2006) find that auditor resignation is associated with internal control
weaknesses.5 Different from these papers that examine either audit fee or auditor
turnover on a stand-alone basis, our paper views audit fee, audit opinion, and auditor
resignation as a portfolio of strategies at the disposal of auditors in managing client-
5 Ashbaugh-Skaife, Collins, and Kinney (2007) find that auditor resignations are associated with internal control deficiencies prior to the enactment of SOX 404.
6
related risk, and establishes that there is a pecking order among these risk management
strategies. This pecking order evidence is new to the literature. In addition, we
document the relation between audit opinion and internal control weaknesses, a result
absent in the aforementioned papers.
The rest of the paper is organized as follows. Section 2 discusses the background
and proposes the hypotheses. Section 3 explains the data and describes the sample
selection procedures. Section 4 presents the empirical results. Section 5 concludes the
paper.
2. Background and hypotheses
2.1. Disclosure on internal control
SOX emphasizes internal control, which is defined as "a process, effected by an
entity's board of directors, management and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives," according to the COSO
framework.6 Under Securities Exchange Commission (SEC) Release No. 33-8124
(August 29, 2002), SOX 302 requires management to disclose significant deficiencies in
internal control when they certify quarterly or annual financial statements. Specifically,
the signing officers, responsible for internal control, have evaluated these internal
controls within the previous ninety days and reported in their findings: (1) a list of all
deficiencies in the internal controls and information on any fraud that involves employees
6 COSO stands for the Committee of Sponsoring Organizations of the Treadway Commission, which undertook an extensive study of internal control to establish a common definition that would serve the needs of companies, independent public accountants, legislators, and regulatory agencies, and to provide a broad framework of criteria against which companies could evaluate the effectiveness of their internal control systems. COSO published its Internal Control -- Integrated Framework in 1992.
7
who are involved with internal activities; (2) any significant changes in internal controls
or related factors that could have a negative impact on the internal controls. 7
Under SEC Release No. 33-8238 (June 5, 2003), Section 404(a) requires
management to provide an assessment of internal control, and Section 404(b) requires
auditors to provide an opinion on management’s assessment. Specifically, issuers are
required to disclose information concerning the scope and adequacy of the internal
control structure and procedures for financial reporting in their annual reports. This
statement shall also include an assessment of the effectiveness of such internal controls
and procedures. The registered auditing firm shall, in the same report, attest to and report
on the effectiveness of the internal control structure and procedures for financial
reporting. While an accelerated filer must comply with SOX 404 for its first fiscal year
ending on or after November 15, 2004 under SEC Release No. 33-8392 (February 24,
2004), a non-accelerated filer must comply with SOX 404(a) – management’s assessment
requirement – for its first fiscal year ending on or after December 15, 2007 under SEC
Release No. 33-8760 (December 5, 2006), and SOX 404(b) – the auditor’s attestation
requirement – for its first fiscal year ending on or after December 15, 2009 under SEC
Release No. 33-8934 (June 26, 2008).8
7 The actual implementation of SOX 302 is different from the original rules stated here. Ashbaugh-Skaife, Collins, and Kinney (2007) argue that the reporting of internal control problems under SOX 302 is voluntary, whereas Doyle, Ge, and McVay (2007a) find that the actual SOX 302 disclosures tend to stress the changes in internal control. 8 In SEC Release No. 33-8238 (June 5, 2003), an “accelerated filer”, defined in the original Exchange Act Rule 12b-2, referred to a U.S. company that has equity market capitalization over $75 million and has filed an annual report with the SEC. According to SEC Release No. 33-8618 (September 22, 2005), prior to December 1, 2005, “accelerated filer” status did not directly affect a foreign private issuer filing its annual reports on Form 20-F or 40-F, even though the definition of “accelerated filer” did not expressly exclude foreign private issuers by its terms. After December 1, 2005, a foreign private issuer meeting the accelerated filer definition, and filing its annual report on Form 20-F or Form 40-F, became subject to the internal control reporting requirements under SOX. SEC Release No. 33-8644 (December 21, 2005) amended the Exchange Act Rule 12b-2 definition of an “accelerated filer” to create a new category of accelerated filer, the “large accelerated filer,” for issuers with equity market value of $700 million or more,
8
2.2. Client-related risk
Client-related risk can be classified into audit risk and client business risk. Audit
risk is the risk that the auditor will fail to draw attention to a material misstatement,
deficiency, abuse, or other unacceptable matter in an audit, and thus issue an incorrect
audit opinion, whereas client business risk is “the risk that the client’s economic
condition will deteriorate in either the short term or long term” (Johnstone, 2000).
SAS No. 107 (AICPA, 2006) decomposes audit risk into three components:
inherent risk, control risk, and detection risk. Inherent risk is the perceived level of risk
that a material misstatement may occur in a client’s financial statements in the absence of
internal control procedures. Control risk is the perceived level of risk that a material
misstatement in the client’s financial statements will not be detected and corrected by
management’s internal control procedures. Detection risk is the perceived level of risk
that a material misstatement in the client’s financial statements will not be detected by the
auditor. Because inherent risk and control risk equal the likelihood of error in clients’
accounts prior to the auditors’ testing (Elder and Allen, 2003), we focus on these two
components of audit risk, as they are most relevant to the auditors’ client risk
management decisions.
2.3. Conceptual framework
Johnstone and Bedard (2003) propose a conceptual model of client acceptance.
An auditor evaluates a client’s audit risk and business risk and the associated audit fee
and re-defined the term “accelerated filer” to include an issuer with equity market value of $75 million or more, but less than $700 million. A complete list of SOX 404 compliance dates for various types of firms is summarized in a table on page 10 of SEC Release No. 33-8934 (June 26, 2008).
9
from the engagement.9 When the risk/return is at an acceptable level, the auditor prices
audit risk and client business risk into the audit fee; when the risk/return is at an
unacceptable level, the auditor abandons the high-risk client.
We extend the Johnstone and Bedard model and propose a framework of client
risk management. In this framework, we consider three client risk management
strategies: (1) audit fee adjustments, (2) modified opinions, and (3) auditor resignations.
(1) and (3) are from Johnstone and Bedard (2003), and (2) is from Krishnan and Krishnan
(1996) and Blacconiere and DeFond (1997) who find that auditors are more likely to
issue modified opinions or going-concern opinions for firms with higher litigation risk or
bankruptcy risk. We further propose that there exists a pecking order among an auditor’s
responses to client-related risk. When the risk is low, the auditor responds by increasing
the audit fee; when the risk is intermediate, the auditor responds by issuing a modified
opinion; when the risk is high, the auditor responds by resigning from the client.
2.4. Hypothesis development
We develop our hypotheses around our conceptual framework. We first focus on
individual strategies, and try to establish that they are viable strategies to manage risk on
a stand-alone basis. We then consider the strategies simultaneously and try to establish
that there exists a pecking order among these strategies.
9 In addition to audit risk and client business risk, Johnstone and Bedard also discuss auditor business risk, which is defined as “the risk that the auditor firm will suffer loss resulting from the engagement,” and measure it with a dummy variable, which is equal to one if a client is a public company, and zero if a client is a private company. We do not consider auditor business risk in our study since our sample includes only public companies, although we note that whether a company is public is not the only source of auditor business risk.
10
The extant literature on client risk management largely focuses on client business
risk and related legal liability risk. The relation between audit fee and client business risk
is well-documented. For example, Hill, Ramsey, and Simon (1994) find that client
business risk is positively related to audit fees in the savings and loan industry from 1983
to 1988. Bell, Landsman, and Shackelford (2001) find that high business risk increases
the number of audit hours, but not the fee per hour. Seetharaman, Gul, and Lynn (2002)
find that U.K. auditors charge higher fees for their services when their clients access
U.S.-, but not non-U.S., capital markets, suggesting that audit fees reflect differences in
litigation risk across different liability regimes.
Recently, Ashbaugh-Skaife, Collins, Kinney, and LaFond (2006) find that firms
with internal control deficiencies have higher idiosyncratic risk. The higher the
idiosyncratic risk, the more likely a firm will experience a large drop in stock price,
which typically triggers shareholder class-action lawsuits. This suggests that firms with
internal control weaknesses have additional exposure to litigation risk, and are more
likely to inflict damages to their auditors’ reputation. Because auditor reputation is used
as an important collateral to ensure high-quality audits (DeAngelo, 1981), auditors have
incentives to either increase the audit fee to take this idiosyncratic risk into account or
withdraw from such clients, if the increase in audit fee cannot justify the increase in risk.
Although audit risk factors are found to be more important in audit firm portfolio
management decisions than are financial risk factors (Johnstone and Bedard, 2004), few
studies on client risk management examine the audit risk factors, because proxies for
such variables were not publicly available. Using internal client evaluation data from a
public accounting firm, Johnstone and Bedard (2003, 2004) and Bedard and Johnstone
11
(2004) examine audit risk factors when they study auditors’ client risk management
strategies. In particular, Bedard and Johnstone (2004) find that planned audit personnel
hours and planned hourly billing rates are higher for firms with weak internal controls.
Because the product of planned audit personnel hours and planned hourly billing rates is
equal to total audit fee, we have the following hypothesis.
Hypothesis 1: Audit fees are higher for firms with internal control weaknesses than for firms without such weaknesses.
Although audit fees are destined to increase substantially for all accelerated filers
due to SOX 404 compliance, firms with internal control weaknesses are expected to
experience greater audit fee increases, because auditors will conduct more testing and
spend more resources to manage the control risk to acceptable levels for these firms.
Thus, we propose the following hypothesis.
Hypothesis 2: Audit fee increases are greater for firms newly identified with internal control weaknesses in the 404 period.
We are afforded with a unique opportunity to test Hypothesis 2, because of our
focus on the first year of SOX 404 implementation. As a self-reporting system by
management, SOX 302 does not require supporting documentation or independent
examination. On the contrary, SOX 404 requires both documentation and independent
auditor examination. Because auditors need to perform independent testing of internal
controls under SOX 404, we expect that audit fees under the SOX 404 regime will be
greater than audit fees under the SOX 302 regime. Because firms are subject to outside
scrutiny from independent auditors under SOX 404, we expect that more firms will be
identified with internal control weaknesses as they transition from the SOX 302 regime to
the SOX 404 regime. For these firms who are newly identified with internal control
12
weaknesses, we expect them to experience a greater increase in audit fees, because of the
extra risk and additional testing related to internal control weaknesses.
In addition to charging firms with internal control weaknesses higher audit fees,
auditors can also manage clients’ internal control risk by exercising more caution and
issuing modified opinions to such firms. Following Bradshaw, Richardson, and Sloan
(2001), we define modified audit opinion as an indicator variable that takes a value of
zero for a standard unqualified opinion and a value of one for any other modified opinion,
including qualified, adverse, or unqualified with explanatory language.10 Krishnan and
Krishnan (1996) find that auditors are more likely to issue modified opinions for firms
with higher litigation risk, and Blacconiere and DeFond (1997) find that auditors render
going-concern reports to the savings and loans that are most likely to fail ex ante.
Moreover, Francis and Krishnan (1999), Bartov, Gul, and Tsui (2000), and Bradshaw,
Richardson, and Sloan (2001) find that modified audit opinions are influenced by
earnings management, though Butler, Leone, and Willenborg (2004) argue that the
documented relation between modified opinions and abnormal accruals in these papers
rests only with companies with going-concern opinions or under financial distress. Since
these findings indicate that audit opinions are sensitive to various sources of risk, we
propose the following hypothesis.
Hypothesis 3: Auditors are more likely to issue modified opinions for firms with internal control weaknesses than for firms without such weaknesses.
10 COMPUSTAT has six codes for the audit opinion: 0 = unaudited, 1 = unqualified, 2 = qualified opinion, 3 = no opinion, 4 = unqualified with explanatory language, and 5 = adverse. We do not have any firm with an audit opinion code of zero in our sample.
13
Risk reduction is often the reason for auditor resignation.11 Krishnan and
Krishnan (1997) find that litigation risk motivates auditors to resign from their clients.
Shu (2000) finds that auditor resignation is positively related to increased client legal
exposure. Johnstone and Bedard (2003) find that client acceptance likelihood is reduced
in the presence of audit risk, client business risk, and auditor business risk; Johnstone and
Bedard (2004) find that riskier clients are dropped from an audit firm’s client portfolio
and newly accepted clients are less risky than the auditor’s continuing clients. Therefore,
we have the following hypothesis.
Hypothesis 4: Auditors are more likely to resign from firms with internal control weaknesses than from firms without such weaknesses.
If Hypotheses 1-4 are confirmed, we will be able to establish that audit fee
adjustments, modified opinions, and auditor resignations are viable strategies to manage
control risk on a stand-alone basis. We are interested in learning whether there is a
pecking order among an auditor’s responses to client-related risk. Following our
conceptual framework, we hypothesize that the severity of the auditor response is
increasing in control risk. Specifically, we have the following hypothesis.
Hypothesis 5: As the level of control risk increases, auditors respond in the order of (1) audit fee adjustments, (2) modified opinions, and (3) auditor resignations.
SOX offers us a unique opportunity to study auditors’ client risk management
strategies using public information and test the above hypotheses, because the internal
control disclosures provide us with a standardized and objective measure of control risk,
a key component of audit risk. In our study of auditors’ client risk management
11 We focus only on auditor resignation, since auditor dismissal is initiated by a client and hence not a tool for an auditor to reduce risk. Our results on auditor resignation are robust when we control for auditor dismissal in our multinomial logit analyses in Table 6.
14
strategies, we focus on this newly available public information on internal control. Our
proxy measures for firm control risk include an internal control weakness indicator
variable and the type of internal control weakness.
3. Sample and methodology
3.1. Sample selection
We retrieve SOX 404 internal control disclosures, audit fees, and auditor changes
from AuditAnalytics, the Altman Z-Scores from Research Insight, and the rest of the
variables from COMPUSTAT. The internal control dataset provided by AuditAnalytics
covers all SEC registrants who have disclosed their assessments of internal controls over
financial reporting in electronic filings since November 2004. The data have been
principally extracted from the following form types: 10-K, 10-K/A, 20-F and 40-F.
Table 1 describes the sample selection procedures. The sample firms consist of
those with internal control information and other necessary variables for our 404 period
with fiscal years ending between November 15, 2004 and November 14, 2005.12 There
were 3,737 firm SEC filings on internal control between November 1, 2004 and
December 31, 2005 in AuditAnalytics.13 After excluding 181 firms not in
COMPUSTAT,14 we exclude 105 foreign firms, 71 subsidiaries, and 149 mutual funds,
trusts, and Real Estate Investment Trusts. We also exclude 26 firms without information
12 We require that the internal control variables and other variables pertain to fiscal years ending from November 15, 2004 to November 14, 2005. Since there is no fiscal year related to the auditor change variable, we classify an auditor change into the 404 period if the announcement was made between November 15, 2004 and November 14, 2005. 13 We exclude 6 duplicate observations. 14 AuditAnalytics only provides ticker symbols for sample firms. We retrieve the Cusip information for our sample firms from COMPUSTAT. We first merge our initial sample with COMPUSTAT by the ticker symbol, and hand-adjust any incorrect matches. We then manually search through COMPUSTAT to locate the Cusip information for firms without ticker symbols or firms that cannot be matched to COMPUSTAT by the ticker symbol.
15
on market value of equity, since we need such information to determine whether a firm is
an accelerated filer. We further exclude firms without audit related information in
AuditAnalytics and other necessary information in COMPUSTAT for fiscal years ending
between November 15, 2004 and November 14, 2005. Specifically, we exclude three
firms with missing SOX 404 internal control disclosures, two firms with missing
information on audit fee, 29 firms with missing necessary information for computing
leverage, sales growth, or return-on-assets, 380 firms with missing audit opinions, 274
firms with missing Z-Scores, and 167 firms with missing necessary information in
computing discretionary accruals. We further exclude 44 non-accelerated filers whose
equity market capitalizations were less than $75 million at the end of the most recently
completed second fiscal quarter before their fiscal years ending between November 15,
2004 and November 14, 2005. Our final sample consists of 2,306 firms.
3.2. Methodology
Following our conceptual framework and hypotheses, we model an auditor’s
response to risk as a function of control risk, inherent risk, client business risk, and a set
of control variables. When we study auditors’ strategies on a stand-alone basis in the first
part of our analyses, the auditor’s response takes the form of audit fee, audit fee change,
modified opinion, and auditor resignation. When we study auditors’ strategies on a
combined-basis in the second part of our analyses, the auditor’s response draws from a
portfolio of strategies in the order of audit fee adjustment, modified opinion, and auditor
resignation, depending on different risk levels.
16
Control risk is the perceived level of risk that a material misstatement in a client’s
financial statements will not be detected and corrected by the management’s internal
control procedures. We use two measures of internal control weaknesses to capture this
concept. The first is an internal control weakness dummy variable (ICW) which is equal
to one if a firm is identified with at least one internal control weakness, and the second is
a pair of dummy variables capturing account-specific weaknesses (ICWACCT) and
company-level weaknesses (ICWCOMP), respectively. Specifically, we follow the
classification scheme in Doyle, Ge, and McVay (2007b, pg. 1148-49 and 1167) to code
weaknesses into these two mutually exclusive categories. ICWCOMP, the dummy
variable for company-level weaknesses is equal to one if the firm has either weaknesses
related to “ineffective control environment” or “management override” in the disclosure
or weaknesses related to at least three account-specific problems; ICWACCT, the dummy
variable for account-specific weaknesses, is equal to one if the firm has weaknesses
related to less than three account-specific problems.15 Based on this construction, we can
see that company-level weaknesses represent more extensive or pervasive offenses, and
account-specific weaknesses represent less extensive or pervasive offenses. In other
words, company-level weaknesses are more severe and pose more audit difficulties.
We control for inherent risk, a component of audit risk. Following previous
literature such as Xie, Davidson, and DaDalt (2003), we use discretionary accruals
(DTACC) to measure financial reporting quality, and hence inherent risk. We further
control for client business risk. Since client business risk is “the risk that the client’s
economic condition will deteriorate in either the short term or long term” (Johnstone,
15 AuditAnalytics lists the number of internal control weaknesses and summarizes the nature of these different weaknesses.
17
2000), we control for leverage (LEV), return on assets (ROA), loss (LOSS) (Johnstone
and Bedard, 2003 and 2004; Francis, Reichelt, and Wang, 2005), and the Altman Z-Score
(ZSCORE) (Reynolds and Francis, 2001; Ashbaugh-Skaife, Collins, and Kinney, 2007).
LEV is the ratio of total debts to total assets, ROA is income before extraordinary items
divided by average total assets, LOSS is an indicator variable that is equal to one if there
is a loss in the current year, and ZSCORE is used to measure financial distress with a
lower Z-Score indicating greater distress risk (Altman, 1968).
4. Empirical results
4.1. Univariate analyses
Table 2 provides the variable means and medians for all firms, ICW firms and
non-ICW firms, respectively. In addition, it also provides the mean and median
comparisons of the variables for ICW firms and non-ICW firms. 14.3% of sample firms
disclose internal control weaknesses, including 10.5% with account-specific weaknesses
and 3.8% with company-level weaknesses. In addition, 32% of sample firms have
modified audit opinions and 1.9% have auditor resignations. The mean (median) audit
fee is $2,322,920 ($1,209,190), and the mean (median) audit fee change from the 302
period to the 404 period is $1,132,693 (656,400).16 The mean (median) firm size
measured by total assets is $3,366 ($600) million.
The implementation of SOX 404 leads to a substantial increase in the audit fee.
For example, Advanced Micro Devices Inc. disclosed the following in its 2005 proxy
statement.
16 The mean (median) non-audit fee change from the 302 period to the 404 period is -146,007 (-22,000). This results from the SOX provisions that limit an auditor’s ability to provide non-audit services to its audit clients.
18
Audit fees of Ernst & Young LLP during the 2004 and 2003 fiscal years were associated with the annual audit of our consolidated financial statements, statutory audits required internationally, reviews of our quarterly reports filed with the Securities and Exchange Commission and fees related to other regulatory filings. In addition, in 2004, audit fees included those fees related to Ernst & Young LLP's audit of the effectiveness of the Company's internal control pursuant to Section 404 of the Sarbanes-Oxley Act. Audit fees for 2004 were $10.4 million, $7 million of which were Sarbanes-Oxley Act Section 404 fees. Audit fees for 2003 were $2.6 million.
As we can see, the SOX 404 fee is $7 million for Advanced Micro Devices, resulting in a
300% increase in the audit fee. Without the SOX 404 fee, the audit fee would have been
$3.4 million, representing a more modest increase of 31% over that in 2003.
The mean (median) audit fee for ICW firms is higher than that for non-ICW
firms. The difference becomes significant after we control for size in our multivariate
analysis in Table 3. The median audit fee increase for ICW firms is significantly greater
than that for non-ICW firms. Modified opinions were received by 46% of the ICW firms
and 29% of the non-ICW firms. The difference between these two groups is significant
at the 1% level, implying that auditors are more likely to flag ICW firms with modified
opinions. Auditors resigned from 8.8% of the ICW firms, compared to 1% of the non-
ICW firms. The difference between these two groups is significant at the 1% level,
suggesting that ICW is related to auditor resignation. For example, Myers Industries Inc.
disclosed that it received the resignation from Ernst & Young on April 13, 2005, and
hired KPMG as its new auditor on June 9, 2005. The following is an excerpt from its 8-K
filed on June 9, 2005.
As disclosed in the Company's Form 10-K/A filed on May 2, 2005, management concluded that the Company's disclosure controls and procedures were not effective as of December 31, 2004 due to material weaknesses identified in the business segment reporting process, the financial statement close process and the income tax process. E&Y issued an adverse opinion on the effectiveness of internal controls over financial reporting because of these material weaknesses as of December 31, 2004.
19
We analyze the relation between auditor resignation and internal control weaknesses
more rigorously in Table 6.
For both mean and median, ICW firms tend to have significantly poorer
performance, higher distress risk and smaller total assets. They are also significantly
more likely to incur a loss and use non-Big 4 auditors. Our univariate results on ROA,
LOSS, and firm size are consistent with those in Ge and McVay (2005) and Doyle, Ge,
and McVay (2007a), as they find that internal control weaknesses are more likely for
firms that are smaller and less profitable.
4.2. Audit fee and internal control weaknesses
4.2.1. Audit fee
We use the Ordinary Least Square (OLS) model to test the relation between audit
fee and internal control weaknesses in Table 3. Specifically, we model the natural
logarithm of audit fee (AUDFEE) as a function of audit risk (control risk and inherent
risk), client business risk, and a set of control variables. Equation (1) presents the
specifications for Model 1 that uses an ICW dummy. All variable definitions are in the
Appendix. For firm i in year t,
)1(4)()(
)(15
1110987
6543210
itj
ititit
ititititititit
INDUSTRYBIGBUSLOGSALEGRTALOG
ZSCORELOSSROALEVDTACCICWAUDFEELOG
εββββ
βββββββ
∑=
++++++
++++++=
We expect the coefficient on ICW to be positive, because a firm with weak
internal controls has a greater amount of risk and thus requires more testing from its
auditor (Arens, Elder, and Beasley, 2006). For example, for any significant account or
20
any phase of financial operations in which controls are weak, the auditors need to expand
the nature and extent of their tests of the account balances. Moreover, part of the audit
fee is the SOX 404 fee, which will certainly be higher when a weakness exists. Because
auditors expend more resources for firms with internal control weaknesses, they need to
charge higher audit fees to cover their additional costs.
We control for other sources of client-related risk. We use discretionary accruals
(DTACC) to measure financial reporting quality and thus proxy for the firm’s inherent
risk. We expect that the audit fee is positively related to discretionary accruals, as
auditors will charge higher audit fees for firms with poor financial reporting quality. We
use leverage (LEV), return on assets (ROA), loss (LOSS), and Z-Score (ZSCORE) to
capture client business risk. Consistent with Francis, Reichelt, and Wang (2005), we
expect firms with high leverage (LEV), losses (LOSS), and poor performance (ROA) to
pay higher audit fees. We also expect that low Z-Score firms to pay higher audit fees.
We further control for other variables related to the audit fee variable. We expect
that audit fees will be higher for large clients and thus control for size, measured as the
natural logarithm of total assets (TA). Since prior studies show that the former Big 8
firms are able to charge a premium for their perceived high-quality services (e.g., Francis,
1984; Francis and Stokes, 1986; and Palmrose, 1986), we introduce a Big 4 dummy
variable (BIG4), indicating whether a firm is audited by a Big 4. Following Francis,
Reichelt, and Wang (2005), we control for the natural log of the number of business
segments (BUS), as audit fees will be higher for clients with complex operations. Audit
fees may also be related to sales growth (SALEGR), which is equal to the change in sales
divided by the sales in the previous year. On the one hand, firms with strong sales
21
growth are expected to pay higher fees, since there is more demand for audit work. On
the other hand, firms with strong sales growth are expected to pay lower fees, since these
firms are performing well and pose less risk for auditors. Therefore, the sign for the
coefficient on sales growth is ambiguous.
Finally, following Johnstone and Bedard (2003) and Francis, Reichelt, and Wang
(2005), we control for industry effects based on the Fama and French (1997) 48-industry
classification. We set the cutoff points at five percent of total observations and introduce
the industry dummies for computers, retail, pharmaceutical products, electronic
equipment, and business services to our regression models in Tables 3-6 and 9-10. The
coefficients on these dummy variables are not reported in Tables 3-6 and 9-10 for the
sake of brevity.17
Consistent with Hypothesis 1, we find that audit fees are significantly higher for
ICW firms at the 1% level.18 Bedard and Johnstone (2004) find that planned audit
personnel hours and planned hourly billing rates are significantly higher for firms with
weak internal controls. Since the product of planned audit personnel hours and planned
hourly billing rates is equal to the total audit fee, our results are consistent with those in
Bedard and Johnstone (2004). For client risk variables, audit fees are significantly
smaller for high ROA firms, and greater for firms with losses and high distress risk.
However, the coefficients on LEV are negative, contrary to our expectation. For control
variables, audit fees are significantly higher for large firms, firms with a large number of
business segments, and Big 4 clients.
17 We later report in the robustness check section that our results are similar to those reported in Tables 3-6 and 9-10 if we exclude these industry dummy variables from our regression models. 18 In unreported tests, we do not find any relation between non-audit fees and ICW, suggesting that ICW, a measure of control risk, is priced only into the audit fee.
22
We replace ICW with ICWACCT and ICWCOMP in Model 2, and find that the
coefficients on ICWACCT and ICWCOMP are significantly positive at the 1% level.
The coefficient on ICWCOMP is significantly larger than that on ICWACCT, suggesting
that auditors charge greater audit fees for company-level weaknesses, the more severe
type of offenses, than for account-specific weaknesses, the less severe type of offenses.
We will elaborate on this point in the next paragraph.
We further measure the economic significance of our results. Following prior
literature, such as Lyon and Maher (2005), we estimate an audit fee premium associated
with an ICW indicator variable to be )1( −ae , where a is the coefficient on the ICW
indicator variable. Since the coefficient on the ICW indicator variable is 0.33 in Model 1,
the audit fee premium for ICW firms over non-ICW firms is 39.1%. The premium’s
magnitude appears to be in line with the findings in prior studies. For example,
Seetharaman, Gul, and Lynn (2002) find that the audit fee premium for U.K. companies
listed on U.S. stock exchanges is 20%; Lyon and Maher (2005) find that the audit fee
premium for firms that reported payments of bribes is 43%.
We use the coefficients on ICWACCT and ICWCOMP from Model 2, and find
that the audit fee premium for account-specific weaknesses is 31.0%, and that for
company-level weaknesses is 64.9%. By testing the difference between the coefficient
on ICWACCT and that on ICWCOMP in Model 2 (Greene, 2000; pg. 284), we find that
the audit fee premium for company-level weaknesses is significantly higher than that for
account-specific weaknesses at the 1% level. Our result is consistent with the finding in
Doyle, Ge, and McVay (2007b) that accruals quality is affected by company-level
weaknesses rather than by account-specific weaknesses. Consequently, auditors charge
23
greater audit fees for company-level weaknesses to compensate for the risk associated
with poor accruals quality.
4.2.2. Audit fee change
In this section, we study how auditors adjust their audit fees in response to the
changes in their risk assessments. We use the Ordinary Least Square (OLS) model to test
the relation between audit fee change and change in internal control weakness opinions in
Table 4. Specifically, we model audit fee change as a function of changes in audit risk
(control risk and inherent risk), change in client business risk, and change in a set of
control variables in Equation (2). For firm i in year t,
)2(14
109876
543210
itj
jitititit
itititititit
INDUSTRYBUSCGSALEGRCGTACGZSCORECG
LOSSCGROACGLEVCGDTACCCGICWCGAUDFEECG
εβββββ
ββββββ
++++++
+++++=
∑=
ICWCG used in Model 1 is a variable representing the change in internal control
weakness opinions from the 302 period to the 404 period. Because AuditAnalytics
contains only SOX 404 internal control disclosures, we use the internal control dataset
compiled by Doyle, Ge, and McVay (2007b) for the 302 period.19 The dependent
variable is the audit fee change (AUDFEECG), the difference in audit fee between the
302 period and the 404 period divided by the audit fee for the 302 period. We define
other independent variables used in Table 4 in a similar fashion and provide the details in
the Appendix. The sample size for Table 4 is 2,189, because we need auditing and
19 Available at either Weili Ge’s Website at Washington or Sarah McVay’s website at Utah. For the 302 period, we start with the Doyle, Ge, and McVay (2007b) dataset, and make sure that the internal control disclosures are for fiscal years or fiscal quarters ending between November 15, 2003 and November 14, 2004 by searching through the SEC filings. If an observation is from 8-K, we require that the 8-K filing date is between November 15, 2003 and November 14, 2004. We then read through the excerpts of internal control disclosures in their dataset and, in many instances, the original disclosures in 10-K, 10-Q, or 8-K to code the number of weaknesses and the types of weaknesses.
24
financial information for both the 302 period and the 404 period. From our sample of
2,306 firms, we first exclude 38 firms with missing auditing and financial information in
the 302 period. We then exclude one outlier (Tetra Technologies Inc with a leverage
change of 7,286), based on the standard SAS procedure in our regression analyses. We
finally exclude 76 firms with zero leverage and two firms with zero sales growth in the
302 period, because we cannot calculate changes for these variables.
Confirming Hypothesis 2, we find that audit fee increases are greater for firms
newly identified with internal control weaknesses in the 404 period.20 The coefficient on
ICWCG in Model 1 is significantly positive at the 1% level. Because auditors need to
perform independent testing of internal controls under SOX 404, audit fees in the 404
period ($2.3 million on average) are significantly higher than those in the 302 period
($1.2 million on average). Because firms are subject to outside scrutiny from
independent auditors under SOX 404, significantly more firms are identified with ICW in
the 404 period (14%) than those in the 302 period (4%). During the transition from the
SOX 302 regime to the SOX 404 regime, we find that firms newly identified with ICW
experience a greater increase in audit fees, because of the ICW related risk and additional
testing. For other variables, the coefficients on LOSSCG and TACG are significantly
positive. LOSSCG is a change in the LOSS indicator variable, and TACG is the change
in total assets divided by the total assets in the 302 period. Our results thus suggest that
firms will experience an audit fee increase, if they turn from a profit situation in the 302
20 We have 43 sample firms that are identified with internal control weaknesses in the 302 period and with no such weaknesses in the 404 period. The interpretation would be reversed for these firms.
25
period to a loss situation in the 404 period or if they grow in size from the 302 period to
the 404 period.21
We replace ICWCG with similarly defined ICWACCTCG and ICWCOMPCG in
Model 2. The coefficient on ICWCOMPCG is larger than that on ICWACCTCG,
indicating that the audit fee increase is greater for firms newly identified with company-
level weaknesses than for those newly identified with account-level weaknesses. Again,
a larger increase in audit fees is used to compensate for the exposure to a greater level of
risk.
4.3. Modified audit opinion and internal control weaknesses
We use the logit model to test the relation between modified audit opinion and
internal control weaknesses in Table 5. Specifically, we model modified audit opinion as
a function of audit risk (control risk and inherent risk), client business risk, and a set of
control variables. Equation (3) presents the specifications for Model using an ICW
dummy. The modified audit opinion variable (OPINION) is equal to one, if the firm’s
audit opinion code is between 2 and 5, and zero otherwise. All other variable definitions
are in the Appendix. For firm i in year t,
)3(4)(14
109876
543210
itj
jitititit
itititititit
INDUSTRYBIGSALEGRTALOGZSCORE
LOSSROALEVDTACCICWOPINION
εβββββ
ββββββ
++++++
+++++=
∑=
21 Our results in Table 4 remain unchanged when we add four dummy variables to capture the different types of auditor changes among the Big 4 and non-Big 4 auditors. These four dummy variables represent auditor changes from a Big 4 to another Big 4, a Big 4 to a non-Big 4, a non-Big 4 to a Big 4, and a non-Big 4 to another non-Big 4.
26
Since auditors are more likely to issue modified opinions for firms with high
litigation risk (Krishnan and Krishnan, 1996) or render going concern opinions for firms
with bankruptcy risk, we hypothesize that ICW firms are more likely to be flagged with
modified audit opinions than non-ICW firms. We control for discretionary accruals
(DTACC), a proxy for inherent risk. While Francis and Krishnan (1999), Bartov, Gul,
and Tsui (2000), and Bradshaw, Richardson, and Sloan (2001) suggest that modified
audit opinions are influenced by earnings management, Butler, Leone, and Willenborg
(2004) find that the documented relation between modified opinions and abnormal
accruals in these papers rests only with firms with going-concern opinions. We further
control for leverage (LEV), return on assets (ROA), loss (LOSS), and Z-Score
(ZSCORE) to capture the impact of client business risk. We expect that firms with high
leverage, losses, and low Z-Scores are more likely to receive modified opinions, whereas
firms with high return on assets are less likely to receive modified opinions. Finally, we
control for size (LOG(TA)) and sales growth (SALEGR).
We find that ICW firms are significantly more likely to be flagged with modified
audit opinions than non-ICW firms. The marginal effect indicates that an ICW firm has a
21.8% increase in the likelihood of receiving a modified opinion. The coefficient on
discretionary accruals is insignificant. This is consistent with Butler, Leone, and
Willenborg (2004) who find that modified opinions are not influenced by discretionary
accruals for firms without going concern opinions, because the super majority of our
sample firms does not have going concern opinions according to AuditAnalytics. In
addition, high leverage firms and high distress risk, as well as large firms, are more likely
to be flagged with modified opinions.
27
We replace ICW with ICWACCT and ICWCOMP in Model 2 and find similar
results. Interestingly, the coefficient on ICWCOMP is smaller than that on ICWACCT.
The marginal effects indicate that a firm with account-specific weaknesses has a 23.2%
increase in the likelihood of receiving a modified opinion and that a firm with company-
level weaknesses has a 19.0% increase in the likelihood of receiving such an opinion.
Given that modified opinions tend to be based on account-related issues, auditors likely
do not have the latitude to provide modified opinions to larger issues, such as “tone at the
top.”22 Thus, auditors are more likely to issue modified opinions to firms with the less
severe account-specific weaknesses, suggesting that auditors use the modified opinion
strategy when they are exposed to a lower level of risk.23
4.4. Auditor resignation and internal control weaknesses
We study the relation between auditor resignation and internal control weaknesses
in Table 6. Since auditor turnover can be initiated by either the auditor or the client, we
control for auditor dismissal, and perform a multinomial logit regression analysis that
permits separate coefficient estimates for auditor dismissal and auditor resignation by
using firms without auditor changes as the reference group.
Johnstone and Bedard (2004) identify audit risk and client business risk as
determinants of audit firm portfolio management decisions. We are particularly
interested in the internal control aspect of audit risk. Since ICW firms are likely to have
greater audit risk than non-ICW firms, we expect that audit firms are more likely to stop
22 We thank an anonymous referee for this insight. 23 Table 6 finds that auditors are more likely to tender their resignations to firms with the more severe company-level weaknesses. Table 8 presents further evidence that auditors tend to use different strategies to manage different levels of control risk.
28
serving those ICW firms, due to risk avoidance. We control for other sources of client-
related risk and include discretionary accruals (DTACC). Again, auditors are more likely
to resign from clients with high discretionary accruals, so as to avoid risk. We use
leverage (LEV), return on assets (ROA), loss (LOSS), and Z-Score (ZSCORE) to capture
client business risk. Consistent with the argument for DTACC, auditors are more likely
to resign from clients with high leverage, losses, and low Z-Scores. We expect that
auditors are less likely to shy away from high ROA firms (Johnstone and Bedard, 2004).
Following Johnstone and Bedard (2004), we include the natural logarithm of audit
fee as a control variable in our logit model. Audit firms are less likely to resign from
clients, if audit fees are large. Following Landsman, Nelson, and Rountree (2005), we
include two other control variables. We control for the natural logarithm of size (TA)
and predict that auditor resignations are less likely for large firms, because DeAngelo
(1981) argues that large clients incur higher costs of auditor changes. We also control for
sales growth (SALEGR) because high growth clients may face higher litigation risk
(Stice, 1991). However, we do not provide a directional prediction on this variable.
Model 1 presents the results from the multinomial logit regressions using the ICW
dummy variable. The choice variables are auditor resignation, auditor dismissal, and
continuous auditor appointment, respectively. Auditor resignation (RESIGNATION) is
one if a firm’s auditor resigned from the firm, and auditor dismissal (DISMISSAL) is one
if a firm dismissed its auditor.24 We find that auditor resignations are significantly more
likely for ICW firms, confirming Hypothesis 4. The marginal effect indicates that an
24 Auditor dismissal is introduced as a control. Our results on auditor dismissal are consistent with the prior literature on audit opinion shopping (Chow and Rice, 1982; Smith, 1986). When we run logit regressions using auditor resignation as the only choice variable, our results on auditor resignation are similar to those reported in Table 6.
29
ICW firm has a 3.2% increase in the likelihood to experience auditor resignation. Our
result on auditor resignation is consistent with that in Bedard and Johnstone (2004), as
they find that clients with control risk are more likely to be classified in the auditor’s
discontinued client portfolio. In both periods, we find that auditor resignations are
significantly less likely for large firms and more likely for loss firms. While the
coefficient on audit fee is not significant, the coefficient on ROA is positive, contrary to
our expectation.
We replace ICW with ICWACCT and ICWCOMP in Model 2, and find that the
coefficients on ICWACCT and ICWCOMP are significantly positive at the 1% level. In
particular, the coefficient on ICWCOMP is larger than that on ICWACCT. The marginal
effects indicate that a firm with account-specific weaknesses has a 1.9% increase in the
likelihood to experience auditor resignation and a firm with company-level weaknesses
has a 9.5% increase in the likelihood to experience auditor resignation. Auditor
resignations are more likely for firms with the more severe company-level weaknesses,
suggesting that auditors use the resignation strategy when they are exposed to a higher
level of risk.
4.5. Pecking order analyses
4.5.1. Descriptive analyses
In the previous sections, we have established that audit fee adjustments, modified
opinions, and auditor resignations are viable strategies on a stand-alone basis. We now
study these strategies simultaneously. Table 7 presents the Pearson correlations for
internal control weakness variables and auditor response strategies. The sample size is
30
2,163 for Tables 7-10. Since we focus on auditors’ responses to control risk, we exclude
131 auditor dismissal firms from the full sample of 2,306 firms. We then exclude one
firm with missing audit fee information in the 302 period. We finally exclude 11 auditor
resignation firms with modified opinions, because these opinions may be issued by their
replacement auditors.
ICW is significantly related to increasing audit fees (FEECHG), issuing modified
opinions (OPINION), and tendering auditor resignations (RESIGN). Interestingly,
ICWACCT is significantly correlated with FEECHG and OPINION, but ICWCOMP is
significantly correlated to FEECHG and RESIGN. While auditors increase audit fees for
all types of weaknesses, they tend to use resignations for the more severe company-level
weaknesses and issue modified opinions for the less severe account-specific weaknesses.
These findings suggest that there is a pecking order among auditors’ risk management
strategies.
The correlation between FEECHG and OPINION is significantly negative at the
5% level, suggesting that FEECHG and OPINION may be substitutes. We also examine
the 297 ICW firms from the sample of 2,163 firms used in Tables 7-10, and classify them
into one group with modified opinions and another group without modified opinions.
Out of these 297 ICW firms, the average audit fee increase for 132 firms with modified
opinions is 173% and that for 165 firms without modified opinions is 203%. These
findings provide additional evidence that FEECHG and OPINION may be substitutes.
Since firms who resign from the clients no longer assess audit fees and issue opinions, the
correlations between RESIGN and FEECHG and between RESIGN and OPINION are
not applicable.
31
We follow the preliminary findings in Table 7 and further investigate whether
auditors’ risk management strategies have a pecking order of audit fee adjustments,
modified opinions, and auditor resignations. We first sort our sample into three mutually
exclusive groups: (1) firms with no auditor resignations and no modified opinions, (2)
firms with modified opinion but no auditor resignations, and (3) firms with auditor
resignations.25 We refer to Group 1 as the Fee Adjustment Group and assign a value of 1,
Group 2 as the Modified Opinion Group and assign a value of 2, and Group 3 as the
Resignation Group and assign a value of 3. Note that 3 is the most severe response,
whereas 1 is the least severe response.
Table 8 presents the descriptive evidence by comparing the proportion of internal
control weaknesses, including account-specific weaknesses and company-level
weaknesses, for each strategy group. ICW are found in 9.8% of the firms in Group 1,
19.8% of the firms in Group 2, and 61.8% of the firms in Group 3. There is an increasing
trend in the proportion of ICW firms from Group 1 to Group 3. The difference between
Groups 2 and 1 and that between Groups 3 and 2 are significant at the 1% level,
suggesting that there is a pecking order in client risk management strategies. Auditors
are likely to raise audit fees when dealing with a portfolio of clients with low control risk
on average, issue modified opinions when dealing with a portfolio of clients with
intermediate control risk on average, and tender their resignations when dealing with a
portfolio of clients with high control risk on average.
We further separate ICW into ICWACCT and ICWCOMP. Over 74%
(0.073/0.098) of ICW firms in the Fee Adjustment Group and 80% (0.159/0.198) of such
25 As we discuss in the following paragraph, we exclude 11 auditor resignation firms with modified opinions, because these opinions may be issued by their replacement auditors.
32
firms in the Modified Opinion Group have account-specific weaknesses, whereas 71%
(0.441/0.618) of ICW firms in the Resignation Group have company-level weaknesses.
These findings again suggest that there exists a pecking order in auditors’ client risk
management strategies. Auditors tend to increase audit fees and issue modified opinions
to manage control risk resulting from the less severe account-specific weaknesses and use
resignations to manage control risk resulting from the more severe company-level
weaknesses. This message is consistent with our findings in Tables 5 and 6, adding
credence to our results.
4.5.2. Ordered logit analyses
Table 9 employs the ordered logit regression. The auditor response as a dependent
variable is assigned a value of 1 for the Fee Adjustment Group, 2 for the Modified
Opinion Group, and 3 for the Resignation Group. Model 1 presents the results from the
ordered logit regressions using the ICW dummy variable. The coefficient on ICW is
significant at the 1% level. Because the auditor attestation requirement in SOX 404
exposes auditors to control risk, auditors manage this risk by using a set of ordered
strategies. Loss firms and high distress risk firms, as well as large firms, are more likely
to trigger severe responses. The sign for the coefficient on ROA is contrary to our
prediction.
We replace ICW with ICWACCT and ICWCOMP in Model 2, and find the
coefficients on ICWACCT and ICWCOMP to be significantly positive. Thus, our
combined evidence from Models 1 and 2 suggests that there exists a pecking order among
auditor’s client risk management strategies. As the clients’ control risk increases,
33
auditors are likely to respond in the order of audit fee adjustments, modified opinions,
and auditor resignations.
4.5.3. Auditor response index
We follow the group classification schedule in Section 4.5.1, and create an index
based on the severity of auditors’ responses. Groups 1, 2, and 3 are the audit fee
adjustment, modified opinion, and auditor resignation groups, respectively. We first sort
all our sample firms by group numbers from 1 to 3, and then sort all firms within each
group by the audit fee increase variable in ascending order. Based on this order, we
calculate the fractional ranks for these firms and let the auditor response index be the
fractional rank value. According to our construction, a large index value represents a
more severe response from the auditor and vice versa.
We perform OLS regressions of the auditor response index over internal control
weaknesses and other control variables in Table 10. Consistent with our ordered logit
analyses, we exclude auditor dismissal firms and auditor resignation firms with modified
opinions, when we construct the auditor response index. Model 1 presents the regression
results using the ICW dummy variable. The coefficient on ICW is significant at the 1%
level, again suggesting the existence of pecking order. High leverage firms, large firms,
and Big 4 firms are more likely to trigger severe responses. The coefficient on ROA is
inconsistent with our prediction.
We replace ICW with ICWACCT and ICWCOMP in Model 2, and find that
ICWACCT and ICWCOMP are each significantly associated with this auditor response
index at the 1% level. The combined evidence from pecking order analyses in Models 1
34
and 2 suggests that auditors draw from a set of ordered strategies to manage client-related
control risk.
4.6. Robustness checks
(1) We perform all the analyses in Tables 2-3 and 5-10 for the 302 period in an
earlier version. While the results are somewhat weaker, they are very similar to
those reported in Tables 2-3 and 5-10.
For all models in Tables 3-6 and 9-10, we perform the following tests:
(2) We replace the ICW dummy with the number of internal control weaknesses.
(3) We replace total assets with either sales or market value of equity as of
December 31, 2004 as a measure of size.
(4) We include 44 non-accelerated filers in our analyses.
(5) We winsorize discretionary accruals, leverage, and return on assets at the 1%
and 99% levels to minimize the impact of extreme values.
(6) We exclude the industry dummy variables used in Tables 3-6 and 9-10.
In all these cases, our results are robust to these alternative specifications, adding
credence to our findings.
5. Conclusions
Using several measures of clients’ control risk based on their recent public
internal control disclosures under SOX 404, we study how auditors manage their client-
related risk. We find that there exists a pecking order among auditors’ strategies to
manage control risk resulting from internal control weaknesses. We first examine the
35
relations between internal control weaknesses and audit fee, audit fee increase, modified
opinion, and auditor resignation, respectively, and establish that these are viable
strategies to manage control risk on a stand-alone basis. When we investigate these
strategies simultaneously, descriptive evidence suggests that there exists a pecking order
among auditors’ client risk management strategies. Our ordered logit analyses confirm
that, as the clients’ control risk increases, auditors are likely to respond in the order of
audit fee adjustments, modified opinions, and auditor resignations. We further create an
index based on the severity of auditors’ responses, and find that the degree of control risk
is positively correlated with this auditor response index. Our comprehensive evidence
suggests that auditors use an array of ordered strategies to manage client-related control
risk.
36
Appendix Variable Definitions
Dependent variables: AUDFEE: Total audit fee NON-AUDFEE: Total non-audit fee TOTFEE: Total fee OPINION: 1 if the firm received a modified opinion (Audit opinion code is
between 2 and 5 for #149); 0 otherwise, following Bradshaw, Richardson, and Sloan (2001).
AUDCHG: 1 if the firm changed auditor; 0 otherwise RESIGNATION: 1 if the firm’s auditor resigned; 0 otherwise DISMISSAL: 1 if the firm dismissed its auditor; 0 otherwise INDEX: Auditor response index. Please see the text for details. Audit risk variables: ICW: 1 if the firm has internal control weaknesses; 0 otherwise ICWACCT: Account-specific weakness. 1 if the firm has weaknesses related to less
than three account-specific problems; 0 otherwise, following Doyle, Ge, and McVay (2007b).
ICWCOMP: Company-level weakness. 1 if the firm has either weaknesses related to “ineffective control environment” or “management override” in the disclosure or weaknesses related to at least three account-specific problems; 0 otherwise, following Doyle, Ge, and McVay (2007b).
DTACC: Residual from TOTACCi,t = β0(1/TAi,t-1) + β1(ΔSALESi,t - ΔARi,t) / TAi,t-1 + β2(PPEi,t / TAi,t-1 ), following Kothari, Leone, and Wasley (2005). Note that TOTACC = [EBEI(#123) – (CFO(#308) – EIDO(#124))] / lagged total assets, following Hribar and Collins (2002); ΔSALES is the change in a firm’s sales revenue (#12); ΔAR is the change in accounts receivable (#2); PPE is gross property, plant, and equipment (#7); and TA is total assets (#6). The regression is estimated for firms in a given two-digit SIC code each year
Client business risk variables: LEV: Ratio of total debts, both short-term (#34) and long-term (#9), to total
assets (#6) ROA: Income before extraordinary items (#18) divided by average total
assets (#6) LOSS: 1 if the firm incurred losses (#172) in the current fiscal year; 0
otherwise ZSCORE Altman (1968) Z-Score measure of financial distress risk
37
Control variables: TA: Total assets (#6), in millions SALEGR: Sales growth is the difference in sales (#12) between year t and
year t-1 over sales (#12) in year t-1 BUS: Number of business segment (Compustat segment file) BIG4: 1 if the firm’s auditor is a Big4 (#149); 0 otherwise Change variables: AUDFEECG: Change in audit fee from the 302 period to the 404 period divided
by the audit fee in the 302 period ICWCG: Change in the ICW dummy variable from the 302 period to
the 404 period ICWCOMPCG: Change in the dummy variable for company-level material
weaknesses from the 302 period to the 404 period ICWACCTCG: Change in the dummy variable for account-specific material
weaknesses from the 302 period to the 404 period DTACCCG: Change in discretionary accruals from the 302 period to the
404 period divided by the discretionary accruals in the 302 period
LEVCG: Change in leverage from the 302 period to the 404 period divided by the leverage in the 302 period
ROACG: Change in return on assets from the 302 period to the 404 period divided by the return on assets in the 302 period
LOSSCG: Change in the LOSS dummy variable from the 302 period to the 404 period
ZSCORECG: Change in ZSCORE from the 302 period to the 404 period divided by the ZSCORE in the 302 period
TACG: Change in totals assets from the 302 period to the 404 period divided by the totals assets in the 302 period
SALEGRCG: Change in sales growth from the 302 period to the 404 period divided by the sales growth in the 302 period
Note: COMPUSTAT item numbers are in parentheses. The 302 period is for fiscal years ending between November 15, 2003 and December 14, 2004 during which firms were governed by SOX 302, and the 404 period is for fiscal years ending between November 15, 2004 and December 14, 2005 during which firms were governed by SOX 404. We require all variables (except for AUDCHG and the change variables) pertain to fiscal years ending between November 15, 2003 and November 14, 2004 for the 302 period, and to fiscal years ending from November 15, 2004 to December 14, 2005 for the 404 period. Since there is no fiscal year related to AUDCHG, the auditor change variable, we classify an auditor change into the 302 period, if the announcement was made between November 15, 2003 and November 14, 2004, and into the 404 period if the announcement was made between November 15, 2004 and November 14, 2005. The change variables capture the changes in these variables from the 302 period to the 404 period.
38
References
Altman, E., 1968. Financial ratios, discriminant analysis, and the prediction of corporate bankrupcy. Journal of Finance 23: 589–609.
American Institute of Certified Public Accountants (AICPA). 1983. Audit Risk and
Materiality in Conducting an Audit. Statement on Auditing Standards No. 47. New York, NY: AICPA.
_____. 1988. Reports on Audited Financial Statements. Statement on Auditing Standards
No. 58. New York, NY: AICPA. _____. 1988. Communication of Internal Control Structure Related Matters Noted in an
Audit. Statement on Auditing Standards No. 60. New York, NY: AICPA. _____. 2006. Audit Risk and Materiality in Conducting an Audit. Statement on Auditing
Standards No. 107. New York, NY: AICPA. Arens, A., R. Elder and M. Beasley. 2006. Auditing and Assurance Services: An
Integrated Approach. Upper Saddle River, NJ: Prentice-Hall. Ashbaugh-Skaife, H., D. Collins, and W. Kinney. 2007. The discovery and consequences
of internal control deficiencies prior to SOX-mandated audits. Journal of Accounting and Economics, 44 (1-2): 166-192.
Ashbaugh-Skaife, D. Collins, W. Kinney, and R. LaFond. 2006. The effect of internal
control deficiencies on firm risk and cost of capital. Working Paper, University of Wisconsin, University of Iowa, University of Texas, and MIT.
_____. 2008. The effect of SOX internal control deficiencies and their remediation on
accrual quality. The Accounting Review 83 (1): 217-250. Asbaugh, H., R. LaFond and B. Mayhew. 2003. Do non-audit services compromise
independence? Further evidence. The Accounting Review 78 (2): 611-639. Bartov, E., F. Gul, and J. Tsui. 2000. Discretionary-accruals models and audit
qualifications. Journal of Accounting and Economics 30: 421-452. Becker, C., M. DeFond, J. Jiambalvo, and K. R. Subramanyam. 1998. The effect of audit
quality on earnings management. Contemporary Accounting Research 15 (1): 1-24 Bedard, J., and K. Johnstone. 2004. Earnings manipulation risk, corporate governance
risk, and auditors’ planning and pricing decisions. The Accounting Review 79: 277-304.
39
Bell, T., W. Landsman and D. Shackelford. 2001. Auditors’ perceived business risk and audit fees: Analysis and evidence. Journal of Accounting Research 39 (June): 35-44.
Blue Ribbon Committee (BRC). 1999. Report and Recommendations of the Blue Ribbon
Committee on Improving the Effectiveness of Corporate Audit Committees. Stamford, CT: BRC.
Blacconiere, W. G. and M. DeFond. 1997. An investigation of independent audit
opinions and subsequent independent auditor litigation of publicly-traded failed savings and loans. Journal of Accounting and Public Policy 16 (4): 415-454.
Bradshaw, M., S. Richardson, and R. Sloan. 2001. Do analysts and auditors use
information in accruals? Journal of Accounting Research 39 (1): 45-73. Butler, M., A. Leone, and M. Willenborg. 2004. An empirical analysis of auditor
reporting and its association with abnormal accruals. Journal of Accounting and Economics 37: 139-165.
Chang, J., and N. Hwang. 2003. The impact of retention incentives and client business
risks on auditors’ decisions involving aggressive reporting practices. Auditing: A Journal of Practice and Theory 22 (2): 207-218.
Chow, C., and S. Rice. 1982. Qualified audit opinions and auditor switching. The
Accounting Review 57: 326-335. Chung, H., and S. Kallapur. 2003. Client importance, non-audit services and abnormal
accruals. The Accounting Review 78 (4): 931-955. DeAngelo, L. 1981. Auditor independence, “low balling”, and disclosure regulation.
Journal of Accounting and Economics 3: 113-127. DeBerg, C., S. Kaplan, and K. Pany. 1991. An examination of some relationships
between non-audit services and auditor change. Accounting Horizons 5: 17-28. DeFond, M.L. and K.R. Subramanyam. 1998. Auditor changes and discretionary
accruals. Journal of Accounting and Economics 25 (February): 35-67. Doyle, J., W. Ge, and S. McVay. 2007a. Determinants of weakness in internal control
over financial reporting. Journal of Accounting and Economics, 44 (1-2): 193-223. _____. 2007b. Accruals quality and internal control over financial reporting. Accounting
Review, 82 (5): 1141-1170. Elder, R., and R. Allen. 2003. A longitudinal field investigation of auditor risk
assessments and sample size decisions. The Accounting Review 78 (4): 983-1002.
40
Ettredge, M., J. Heintz, C. Li, and S. Scholz. 2006. Auditor realignments accompanying implementation of SOX 404 reporting requirements. Working paper, University of Kansas.
Fama, E., and K. French. 1997. Industry cost of equity. Journal of Financial Economics 43 (2): 153-193.
Francis, J. 1984. The effect of audit firm size on audit prices: A study of the Australian market. Journal of Accounting and Economics 6 (2): 133-151.
Francis, J., and D. Stokes. 1986. Audit prices, product differentiation, and scale economies: Further evidence from the Australian audit market. Journal of Accounting Research 24 (2): 383-393.
Francis, J., and J. Krishnan. 1999. Accounting accruals and auditor reporting conservatism. Contemporary Accounting Research 16: 135-165.
Frankel, R., M. Johnson, and K. Nelson. 2002. The relation between auditor’s fees for non-audit services and earnings quality. The Accounting Review (Supplement): 71-105.
Ge, W., and S. McVay. 2005. The disclosure of material weaknesses in internal control
after the Sarbanes-Oxley Act. Accounting Horizon 19 (3): 137-158. Greene, W. 2000. Econometric Analysis. Upper Saddle River, NJ: Prentice-Hall Henniger, W.G. 2001. The association between auditor litigation and abnormal accruals.
The Accounting Review 76 (January): 111-126. Hertz, K. 2006. The impact of SOX on auditor resignations and dismissals. Working
paper, University of Washington. Hill, J., R. Ramsay, and D. Simon. 1994. Audit fees and client business risk during the
S&L Crisis: Empirical evidence and directions for future research. Journal of Accounting and Public Policy 13: 185-203.
Hogan, C., and M. Wilkins. 2008. Evidence on the audit risk model: Do auditors increase
audit effort in the presence of internal control deficiencies? Contemporary Accounting Research 25 (1): 219-242.
Hoitash, R., U. Hoitash, and J. Bedard. 2008. Internal Control Quality and Audit Pricing under the Sarbanes-Oxley Act. Auditing: A Journal of Practice and Theory 27 (1), 105-126. Hribar, P., and D. W. Collins. 2002. Errors in estimating accruals: Implications for
empirical research. Journal of Accounting Research 40 (1): 105-34. Johnstone, K. 2000. Client-acceptance decisions: Simultaneous effects of client business
risk, audit risk, auditor business risk, and risk adaptation. Auditing: A Journal of Practice and Theory 19 (1): 1-25.
41
Johnstone, K., and J. Bedard. 2003. Risk management in client acceptance decisions. The
Accounting Review 78 (4): 1003-1026. Johnstone, K.M., and J. C. Bedard. 2004. Audit firm portfolio management decisions.
Journal of Accounting Research 42 (4): 659-690. Kothari, S.P., A. Leone, and C. Wasley. 2005. Performance matched discretionary
accrual measures. Journal of Accounting and Economics 39 (1): 163-197.
Krishnan J. 2005. Audit committee quality and internal control: An empirical analysis. The Accounting Review 80 (2): 649-675.
Krishanan, J., and J. Krishnan. 1996. The role of economic trade-offs in the audit opinion decision: An empirical analysis. Journal of Accounting, Auditing, & Finance 11 (Fall): 565-586.
_____. 1997. Litigation risk and auditor resignations. The Accounting Review 72 (October): 539-560.
Landsman, W., K. Nelson, and B. Rountree. 2005. An empirical analysis of big N
auditor switches. Working paper, University of North Carolina, Chapel Hill. Lyon, J., and M. Maher. 2005. The importance of business risk in setting audit fees:
Evidence from cases of client misconduct. Journal of Accounting Research 43 (1): 133-151.
Ogneva, M., Subramanyam, K., and K. Raghunandun. 2007. Internal control weaknesses
and cost of equity: Evidence from SOX Section 404 disclosures. The Accounting Review 82 (5): 1255-1297.
Palmrose, Z. 1986. Audit fees and auditor size: Further evidence. Journal of
Accounting Research 24 (1): 97-110. Public Company Accounting Oversight Board (PCAOB), 2004. An Audit of Internal
Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements. Auditing Standard No. 2. Washington, D.C.: PCAOB.
Raghunandan, K., and D. Rama. 2006. SOX Section 404 material weakness disclosures
and audit fees. Auditing: A Journal of Practice and Theory 25 (1): 99-114. Reynolds, K., and J. Francis. 2001. Does size matter? The influence of large clients on
office-level auditor reporting decisions. Journal of Accounting and Economics 30: 375-400.
Seetharaman, A., F. Gul, and S. Lynn. 2002. Litigation risk and audit fees: Evidence from
UK firms cross-listed on US markets. Journal of Accounting and Economics 33 (1): 91-115.
42
Securities Exchange Commission (SEC). August 29, 20002. Certification of Disclosure
in Companies’ Quarterly and Annual Reports. Release No. 33-8124. Washington, D.C.: SEC.
_____. June 5, 2003. Management's Report on Internal Control over Financial
Reporting and Certification of Disclosure in Exchange Act Periodic Reports. Release No. 33-8238. Washington, D.C.: SEC.
_____. February 24, 2004. Management's Report on Internal Control over Financial
Reporting and Certification of Disclosure in Exchange Act Periodic Reports. Release No. 33-8392. Washington, D.C.: SEC.
_____. September 22, 2005. Management's Report on Internal Control Over Financial
Reporting and Certification of Disclosure in Exchange Act Periodic Reports of Companies that Are Not Accelerated Filers. Release No. 33-8618. Washington, D.C.: SEC.
_____. December 21, 2005. Revisions to Accelerated Filer Definition and Accelerated
Deadlines for Filing Periodic Reports. Release No. 33-8644. Washington, D.C.: SEC. _____. December 15, 2006. Internal Control Over Financial Reporting in Exchange Act
Periodic Reports of Non-Accelerated Filers and Newly Public Companies. Release No. 33-8760. Washington, D.C.: SEC.
_____. June 26, 2008. Internal Control Over Financial Reporting in Exchange Act
Periodic Reports of Non-Accelerated Filers. Release No. 33-8934. Washington, D.C.: SEC.
Shu, S. 2000. Auditor resignations: clientele effects and legal liability. Journal of
Accounting and Economics 29 (2): 173-205. Smith, D. 1986. Auditor ‘subject to’ opinions, disclaimers, and auditor changes.
Auditing: A Journal of Practice and Theory 6 (fall): 95-108. Stice, J. 1991. Using financial and market information to identify pre-engagement factors
associated with lawsuits against public accountants. The Accounting Review 66 (July): 516-533.
Wegman, J. 2005. The Sarbanes-Oxley Act and accountant liability. Proceedings of the
Academy of Legal, Ethical and Regulatory Issues 9 (2): 47-51. White, H., 1980. A heteroskedasticity-consistent covariance matrix estimator and a direct
test for heteroskedasticity. Econometrica 48: 817-838.
43
Xie, B., W. Davidson, and P. DaDalt. 2003. Earnings management and corporate governance: the role of the board and the audit committee. Journal of Corporate Finance 9: 295-316.
Zhang, Y., J. Zhou, and N. Zhou. 2007. Audit committee quality, auditor independence,
and internal control weaknesses. Journal of Accounting and Public Policy, 26 (3): 300-327.
44
Table 1. Sample selection criteria Sample characteristics Number of firms
Total firms with internal control disclosures in AuditAnalytics November 1, 2004 to December 31, 2005
3,737
Excluding firms not in Compustat (excluding 2 duplicates) (181) Excluding foreign firms (105) Excluding subsidiaries (71) Excluding mutual funds, trusts, and REITs (149) Excluding firms without information on market value of equity (26) Excluding firms with no SOX 404 internal control disclosure (3) Excluding firms with missing information on audit fee (2) Excluding firms with missing necessary information in computing leverage, sales growth, or return-on-assets
(29)
Excluding firms with missing audit opinion (380) Excluding firms with missing Z-Scores (274) Excluding firms with missing necessary information in computing discretionary accruals
(167)
Excluding non-accelerated filers (44)
Final sample firms 2,306
The sample firms consist of those with internal control information and other necessary variables for fiscal years ending between November 15, 2004 and November 14, 2005. We begin with 3,737 firms that have internal control disclosures in AuditAnalytic from November 1, 2004 to December 31, 2005. We exclude firms not in COMPUSTAT, foreign firms, subsidiaries, and mutual funds, trusts, and REITS. We also exclude firms with missing information on market value of equity, as this information is needed to determine accelerated filer status. We further exclude firms without audit related information and other necessary information for fiscal years ending between November 15, 2004 and November 14, 2005. We finally exclude non-accelerated filers because these firms need not comply with SOX 404. Data in parentheses indicate the number of firms removed from the full set to obtain the final sample of 2,306 firms.
45
Table 2. Comparison between firms with internal control weaknesses and firms without internal control weaknesses This table provides mean and median comparisons between firms with internal control weaknesses (ICW firms) and firms without internal control weaknesses (non-ICW firms). We use the two-sample t-test to test the differences in mean and the Wilcoxon rank sum test to test the differences in median. All variable definitions are in the Appendix. *, **, and *** denote two-tailed significance at the 10, 5, and 1 percent levels, respectively.
Full Sample ICW
Non-ICW
ICW vs. Non-ICW
Variables Mean (Median)
Mean (Median)
Mean (Median)
Mean Diff (Median Diff)
ICW 0.143 (0.00)
1.00 (1.00)
0.00 (0.00)
1.00*** (1.00)***
ICWACCT 0.105 (0.00)
0.730 (1.00)
0.00 (0.00)
(0.73)*** (1.00)***
ICWCOMP 0.038 (0.00)
0.270 (0.00)
0.00 (0.00)
0.27*** (0.00)***
AUDFEE 2,322,920 (1,209,190)
2,402,863 (1,344,660)
2,309,569 (1,198,550)
93,294 (146,110)
AUDFEECG 1,132,693 (656,400)
1,218,068 (800,000)
1,118,766 (643,334)
99,302 (156,666)**
NONAUDFEE 664,058 (220,336)
478,308 (184,900)
695,079 (224,759)
-216,771*** (-39,859)***
TOTFEE 2,986,978 (1,468,837)
2,881,171 (1,534,232)
3,004,648 (1,457,489)
-123,477 (76,743)
OPINION 0.32 (0.00)
0.46 (0.00)
0.29 (0.00)
0.17*** (0.00)***
AUDCHG 0.076 (0.00)
0.16 (0.00)
0.06 (0.00)
0.10*** (0.00)***
DISMISSAL 0.057 (0.00)
0.076 (0.00)
0.05 (0.00)
0.03 (0.00)*
RESIGN 0.019 (0.00)
0.088 (0.00)
0.01 (0.00)
0.08*** (0.00)***
DTACC –0.02 (–0.01)
-0.02 (-0.01)
-0.02 (-0.01)
0.00 (0.00)
LEV 0.20 (0.16)
0.20 (0.12)
0.20 (0.17)
0.00 (-0.05)
ROA 0.01 (0.05)
-0.03 (0.01)
0.01 (0.05)
-0.04*** (-0.04)***
LOSS 0.25 (0.00)
0.41 (0.00)
0.22 (0.00)
0.19*** (0.00)***
TA 3,366 (600)
1,528 (346)
3,672 (660)
-2,144*** (-314)***
SALEGR 0.23 (0.13)
0.20 (0.10)
0.24 (0.13)
-0.04 (-0.03)***
BUS 2.23 (1.00)
2.26 (1.00)
2.22 (1.00)
0.04 (0.00)
BIG4 0.93 (1.00)
0.86 (1.00)
0.94 (1.00)
-0.08*** (0.00)***
ZSCORE 5.53 (3.71)
3.84 (2.95)
5.81 (3.84)
-1.97*** (-0.89)***
N 2,306 330 1,976
46
Table 3. Regression analyses on the relation between audit fees and the disclosure of internal control weaknesses
Variable Model 1 Model 2 Intercept 10.43
(137.27)*** 10.42
(137.61)*** ICW 0.33
(9.32)***
ICWACCT 0.27 (7.05)***
ICWCOMP 0.50 (7.20)***
DTACC 0.17 (1.36)
0.17 (1.39)
LEV -0.15 (-2.46)**
-0.15 (-2.38)**
ROA -0.26 (-3.84)***
-0.26 (-3.72)***
LOSS 0.11 (3.10)***
0.11 (3.05)***
ZSCORE
-0.003 (-2.84)***
-0.003 (-2.79)***
LOG(TA) 0.49 (55.97)***
0.49 (55.88)***
SALEGR -0.02 (-0.97)
-0.02 (-1.09)
LOG(BUS) 0.13 (7.01)***
0.13 (6.96)***
BIG4 0.36 (6.55)***
0.37 (6.80)***
Adjusted R2 69.11% 69.23% N 2,306 2,306
This table presents the regression results between the natural logarithm of audit fee and audit risk variables, client business variables, and control variables. The White (1980) heteroskedasticity-consistent t statistics are reported in parentheses. In our regression models, we use dummy variables to control for industries (computers, retail, pharmaceutical products, electronic equipment, and business services) with more than 5 percent of the total sample observations, but do not report the coefficients on these industry dummies for brevity. The industry classification follows Fama and French (1997). All variable definitions are in the Appendix. *, **, and *** denote two-tailed significance at the 10, 5, and 1 percent levels, respectively.
47
Table 4. Regression analyses on the relation between audit fee change and change in internal control weakness opinions
Variable Model 1 Model 2 Intercept 1.31
(41.11)*** 1.32
(41.30)*** ICWCG 0.50
(5.52)***
ICWACCTCG 0.34 (3.91)***
ICWCOMPCG 0.93 (4.77)***
DTACCCG 0.00 (0.49)
0.00 (0.37)
LEVCG 0.002 (1.12)
0.002 (1.00)
ROACG -0.00 (-0.23)
-0.00 (-0.05)
LOSSCG 0.20 (3.23)***
0.19 (3.14)***
ZSCORECG
0.005 (1.57)
0.005 (1.27)
TACG 0.32 (3.86)***
0.31 (3.86)***
SALEGRCG -0.00 (-1.51)
-0.00 (-1.42)
BUSCG -0.06 (-1.28)
-0.05 (-1.02)
Adjusted R2 4.82% 5.73% N 2,189 2,189
This table presents the regression results between the audit fee changes and changes in audit risk variables, client business variables, and control variables. The White (1980) heteroskedasticity-consistent t statistics are reported in parentheses. In our regression models, we control for industry dummies, but do not report the coefficients on these industry dummies for brevity. See Table 3 for more details. The sample size for Table 4 is 2,189, because we need auditing and financial information for both the 302 period and the 404 period. From our sample of 2,306 firms, we first exclude 38 firms with missing auditing and financial information in the 302 period. We then exclude one outlier (Tetra Technologies Inc with a leverage change of 7,286) based on the standard SAS procedure in our regression analyses. We finally exclude 76 firms with zero leverage and two firms with zero sales growth in the 302 period because we cannot calculate changes for these variables. All variable definitions are in the Appendix. *, **, and *** denote two-tailed significance at the 10, 5, 1 percent levels, respectively.
48
Table 5. Logit analyses on the relation between audit opinion and the disclosure of internal control weaknesses
Variable Model 1 Model 2 Intercept -3.23
(99.31)*** -3.22
(98.58)*** ICW 0.98
(50.61)***
ICWACCT 1.02 (44.57)***
ICWCOMP 0.84 (11.17)***
DTACC -0.16 (0.07)
-0.16 (0.08)
LEV 0.45 (2.93)*
0.44 (2.84)*
ROA 0.17 (0.13)
0.16 (0.12)
LOSS 0.12 (0.60)
0.12 (0.63)
ZSCORE -0.06 (20.85)***
-0.06 (21.01)***
LOG(TA) 0.37 (106.31)***
0.37 (105.45)***
SALEGR -0.12 (1.04)
-0.11 (0.97)
BIG4 0.11 (0.21)
0.09 (0.16)
Pseudo R2 13.37% 13.39% N 2,306 2,306
This table presents the logit regression results between audit opinion and audit risk variables, client business variables, and control variables. The χ2 statistics are reported in the parentheses. In our regression models, we control for industry dummies, but do not report the coefficients on these industry dummies for brevity. See Table 3 for more details. All variable definitions are in the Appendix. *, **, and *** denote two-tailed significance at the 10, 5, and 1 percent levels, respectively.
49
Table 6. Multinomial logit analyses of the relation between auditor change and the disclosure of internal control weaknesses
Variable Model 1 Model 2 Resignation Dismissal Resignation Dismissal INTERCEPT -4.40
(1.95) -5.77
(10.38)*** -3.64 (1.33)
-5.67 (9.95)***
ICW 2.20 (40.82)***
0.32 (1.74)
ICWACCT 1.59 (14.26)***
0.21 (0.55)
ICWCOMP 3.07 (55.58)***
0.63 (2.45)
DTACC 0.69 (0.21)
0.82 (0.72)
0.90 (0.35)
0.84 (0.75)
LEV 0.88 (2.08)
0.17 (0.16)
0.96 (2.33)
0.18 (0.19)
ROA 1.66 (4.26)**
0.21 (0.14)
1.77 (4.62)**
0.21 (0.15)
LOSS 0.94 (5.90)**
-0.09 (0.11)
0.92 (5.41)**
-0.09 (0.11)
ZSCORE
0.00 (0.00)
0.00 (0.09)
0.00 (0.00)
0.00 (0.08)
LOG(AUDFEE) 0.25 (0.78)
0.35 (4.69)**
0.17 (0.35)
0.34 (4.40)**
LOG(TA) -0.76 (13.49)***
-0.29 (7.18)***
-0.69 (10.75)***
-0.28 (6.91)***
SALEGR 0.09 (0.56)
-0.21 (0.82)
0.03 (0.05)
-0.21 (0.85)
Pseudo R2 8.60% 9.45% N 2,306 2,306
This table presents the multinomial logit regression results. We use firms without auditor changes as our reference group, and obtain separate coefficient estimates for auditor resignation and auditor dismissal. The χ2 statistics are reported in the parentheses. In our regression models, we control for industry dummies, but do not report the coefficients on these industry dummies for brevity. See Table 3 for more details. All variable definitions are in the Appendix. *, **, and *** denote two-tailed significance at the 10, 5, and 1 percent levels, respectively.
50
Table 7. Pearson correlation table for internal control weakness variables and auditor response strategies
ICW ICWACCT ICWCOMP FEECHG OPINION RESIGN ICW 1.00 0.84
(0.00) 0.48
(0.00) 0.16
(0.00) 0.12
(0.00) 0.18
(0.00) ICWACCT 1.00 -0.06
(0.00) 0.08
(0.00) 0.13
(0.00) 0.03
(0.14) ICWCOMP 1.00 0.16
(0.00) 0.01
(0.62) 0.27
(0.00) FEECHG 1.00 -0.04
(0.05) NA
OPINION 1.00
NA
RESIGN 1.00
Total N = 2,163
This table presents the Pearson correlations for internal control weakness variables and auditor response strategies. NA stands for “not applicable.” Since firms who resign from clients no longer assess audit fees and issue audit opinions, we designate the correlations between RESIGN and FEECHG and between RESIGN and OPINION as NA. The p-values are presented in the parentheses. The sample size is 2,163 for Tables 7-10. Since we focus on auditors’ responses to control risk, we exclude 131 auditor dismissal firms from the full sample of 2,306 firms. We then exclude one firm with missing audit fee information in the 302 period. We finally exclude 11 auditor resignation firms with modified opinions, because these opinions may be issued by their replacement auditors. All variable definitions are in the Appendix.
51
Table 8. Proportion of firms with internal control weaknesses in each auditor response group
Variable Group 1 Audit Fee
Adjustment
Group 2 Modified Opinion
Group 3 Auditor
Resignation
Difference between Groups 2 and 1
Difference between Groups
3 and 2 ICW 0.098 0.198 0.618 0.100*** 0.419***
ICWACCT 0.073 0.159 0.176 0.086*** 0.017
ICWCOMP 0.025 0.039 0.441 0.014 0.402***
Total N = 2,163
1,463 666 34
This table presents the proportion of firms with internal control weaknesses, including account-specific weaknesses and company-level weaknesses, for each auditor response group. The rows for ICWACCT and ICWCOMP are italicized to emphasize that the summation of these two rows is equal to the ICW row. We use the two-sample t-test to test the differences in mean between Groups 2 and 1 and between Groups 3 and 2, respectively. The sample size for this table is the same as that for Table 7. All variable definitions are in the Appendix. *, **, and *** denote two-tailed significance at the 10, 5, and 1 percent levels, respectively.
52
Table 9. Ordered logit analyses of the relation between auditor responses and the disclosure of internal control weaknesses
Variable Model 1 Model 2 Intercept 1 -3.02
(89.18)*** -3.09
(91.23)*** Intercept 2 -6.67
(317.76)*** -6.75
(319.22)*** ICW 1.18
(73.78)***
ICWACCT 1.02 (44.26)***
ICWCOMP 1.77 (49.72)***
DTACC -0.05 (0.01)
-0.05 (0.01)
LEV 0.44 (2.86)*
0.47 (3.20)*
ROA 0.74 (2.12)
0.77 (2.28)
LOSS 0.38 (5.79)**
0.37 (5.65)***
ZSCORE
-0.05 (13.80)***
-0.05 (13.38)***
LOG(TA) 0.31 (75.61)***
0.31 (75.22)***
SALEGR -0.01 (0.01)
-0.02 (0.06)
BIG4 0.15 (0.43)
0.22 (0.92)
Pseudo R 2 10.24% 10.45% N 2,163 2,163
This table presents the ordered logit regression results between auditor responses in the order of audit fee adjustments, modified opinions, and auditor resignations and audit risk variables, client business variables, and control variables. The χ2 statistics are reported in the parentheses. In our regression models, we control for industry dummies, but do not report the coefficients on these industry dummies for brevity. See Table 3 for more details. The sample size for this table is the same as that for Table 7. All variable definitions are in the Appendix. *, **, and *** denote two-tailed significance at the 10, 5, and 1 percent levels, respectively.
53
Table 10. Regression analyses on the relation between the auditor response index and the disclosure of internal control weaknesses
Variable Model 1 Model 2 Intercept 0.30
(8.36)*** 0.30
(8.21)*** ICW 0.19
(10.55)***
ICWACCT 0.16 (8.22)***
ICWCOMP 0.26 (7.68)***
DTACC -0.07 (-1.04)
-0.07 (-1.05)
LEV 0.09 (3.15)***
0.10 (3.24)***
ROA 0.09 (1.84)*
0.09 (1.96)**
LOSS 0.01 (0.69)
0.01 (0.67)
ZSCORE
-0.001 (-1.31)
-0.001 (-1.24)
LOG(TA) 0.01 (2.51)**
0.01 (2.50)**
SALEGR 0.01 (1.43)
0.01 (1.32)
BIG4 0.09 (3.53)***
0.10 (3.79)***
Adjusted R2 8.29% 8.57% N 2,163 2,163
This table presents the regression results between the auditor response index and audit risk variables, client business variables, and control variables. The auditor response index, defined in the text, captures the severity of auditor responses with a higher index value indicating a more severe auditor response. The White (1980) heteroskedasticity-consistent t statistics are reported in parentheses. In our regression models, we control for industry dummies, but do not report the coefficients on these industry dummies for brevity. See Table 3 for more details. The sample size for this table is the same as that for Table 7. All variable definitions are in the Appendix. *, **, and *** denote two-tailed significance at the 10, 5, and 1 percent levels, respectively.
