The relationship between enterprise risk management and audit fees

(1)

The relationship between enterprise risk management and audit

fees

Name: Tjalle de Fouw

Student number: 11152273

Thesis supervisor: Georgios Georgakopoulos Date: 23 June 2017

Word count: 17,098

MSc Accountancy & Control, specialization Control

(2)

Statement of Originality

This document is written by student Tjalle de Fouw who declares to take full responsibility for the contents of this document.

I declare that the text and the work presented in this document is original and that no sources other than those mentioned in the text and its references have been used in creating it.

The Faculty of Economics and Business is responsible solely for the supervision of completion of the work, not for the contents.

(3)

Abstract

Despite increased interest in enterprise risk management (ERM) by academics and practitioners, there is an absence of empirical evidence regarding the effect of the level of quality of the ERM system. This research examines the influence ERM quality has on the amount of audit fees paid. A database study of 708 North American companies from 2010 to 2016 is used to perform an assessment of multivariate linear regression analyses and bootstrapping tests to examine the impact of ERM quality on the amount of audit fees paid. In contrary to the expectations, a significant positive relation is found between ERM quality and audit fees, indicating that companies with higher ERM quality demand a higher audit quality causing the audit fees to rise. Keywords; Enterprise risk management, ERM, audit fees, internal control, risk management, CRO.

(4)

1 Introduction

1.1 Motivation

There has been a continuing growth of interest in enterprise risk management (ERM). Since the early 2000’s an increasing number of organisations are considering the implementation of an ERM system or have implemented one. Since 2006 Standard & Poor (S&P) have developed an ERM rating for firms and began to consider ERM in their rating process (Hoyt & Liebenberg, 2011, pp. 795-796). Traditional risk management tends to separately manage risk in individual risk categories. ERM tends to go across these risk “silos” to manage risk in a holistic, integrated, enterprise-wide fashion.

Advocates argue that ERM can increase risk awareness that improves strategic and operational making, which results in decrease earnings and stock price volatility, increase capital efficiency, reduce external capital costs, and create a more efficient risk management system (e.g., see Beasley, Pagach, & Warr, 2008; Cumming & Hirtle, 2001; Hoyt & Liebenberg, 2011; Lam J., 2001; Meulbroek, 2002; Miccolis & Shah, 2000). A substantial amount of research has been done focussing on the determinants of implementing an ERM system with inconclusive results (e.g., see Beasley, Clune, & Hermanson, 2005; Hoyt & Liebenberg, 2003; Kaplan & Mikes, 2014; Pagach & Warr, 2010). An increasing number of scholar’s view ERM as the fundamental paradigm for managing the portfolio of risks confronting organizations (Hoyt & Liebenberg, 2011; Hoyt & Liebenberg, 2003; Lam, 2014; Nocco & Stulz, 2006; Beasley, Pagach, & Warr, 2008)

In contrary, opponents argue that ERM is not effective and it should not be implemented. Power (2009) argues that ERM decreases risk management quality due to it being flawed at the core elements such as risk appetite. He concludes that ERM can at its best provide limited security and in the worst case all of the security is illusory (Power, 2009). Others find that ERM does not increase firm value above traditional risk management (Lin, Wen, & Yu, 2012; McShane, Nair, & Rustambekov, 2011). In addition, Fraser et al. (2008) find that investors don’t see ERM as a value increasing aspect of the firm. Despite the increased interest in ERM by academics and practitioners, there is an absence of empirical evidence regarding the effect of the level of quality of the ERM system on certain company aspects. Hoyt and Liebenberg (2011) call for further research using a large sample, a more refined ERM measure to be able to measure the ERM quality, and identifying specific ways in which ERM contributes to firm value. In addition, Baxter et al. (2013) call for research that explores issues related to ERM quality in other industries

(6)

apart from the insurance industry. Finally, Kaplan and Mikes (2004) encourage future research to refine the contingency variables of ERM.

1.2 Research question

In this research, the relationship between ERM and the amount of audit fees is investigated. Prior research shows different results about the relationship between risk management tools and audit fees. Abbot et al. (2003) report a positive association between audit committee effectiveness and audit fees. This is because a more efficient audit committee demands more audit effort or a greater audit scope (Abbott, Parker, Peters, & Raghunandan, 2003, p. 29). However, Bell et al. (2001) find that the amount of audit fees increases when companies have a greater business risk (Bell, Landsman, & Shackelford, 2001, p. 43). This research aims to clarify this relationship. The research question that is to be answered in this study is;

Does an increase in ERM quality mitigates the amount of audit fees paid?

1.3 Contribution

As mentioned above there have been different results about the relationship between risk management tools and audit fees and the effect of ERM itself. There have been multiple studies investigating the relationship between ERM and other value indicators. For example, McShane et al. (2011) investigate whether higher ERM ratings, developed by S&P are associated with increases in firm value. Furthermore, Hoyt and Liebenberg (2003) have used the appointment of a Chief Risk Officer (CRO) as a proxy for ERM implementation. This being said little research has been done on the effect of ERM on the audit quality of the firms. Further research is warranted to better understand ERM implementation and diffusion patterns because results about the factors that influence the adoption and impact of ERM are still inconclusive (Kaplan & Mikes, 2014). This study aims to clarify the impact of ERM by focussing on the effect of the level of ERM quality on aspects associated with audit fees and other aspects associated with internal control and audit quality.

1.4 Structure

This paper is structured as follows; first of all the literature review will be discussed, aiming to identify gaps in the literature and create the theoretical framework on which the hypotheses are built. Second, the methodology is discussed, substantiating the sample and variable measurement. Followed by the findings from the empirical study, and ending with the conclusion of this study.

(7)

2 Literature review and hypotheses development

This paragraph discusses the relevant literature and theories on which the hypotheses are developed. First, the definition ERM and audit fees used in this research will be given together with the relevant literature and theory on which each of the hypotheses is based, followed by the hypotheses used in this research. Appendix A, Table of articles shows an overview of all the articles used in this paragraph.

2.1 Enterprise risk management 2.1.1 Definition ERM

There is no unified definition of ERM. Multiple committees have tried to capture ERM’s complex nature into a definition but all are different.

The Casualty Actuarial Society Committee on Enterprise Risk Management (2003) describes ERM as: “ERM is the discipline by which an organization in an industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization’s short- and long-term value to its stakeholders” (Casualty Actuarial Society Enterprise Risk Management Committee, 2003, p. 8). With this definition, the presumed link between a holistic approach to risk management and the organization’s value and performance is clearly noted (Gordon, Loeb, & Tseng, 2009, p. 302)

One of the most widely accepted definitions is the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) definition, e.g. see (Beasley, Clune, & Hermanson, 2005; Gordon, Loeb, & Tseng, 2009; Lin & Wu, 2006; Moeller, 2007; Pagach & Warr, 2011):

“a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives” (COSO, 2004, p. 2).

This definition is designed to achieve an entity’s objectives within four categories: 1) Strategic, high-level goals, aligned with and supporting its mission; 2) Operations, effective and efficient use of its resources; 3) Reporting, reliability of reporting; 4) Compliance, compliance with applicable laws and regulations (COSO, 2004, p. 3).

In 2016 COSO changed its definition of ERM to: “The culture, capabilities, and practices, integrated with strategy-setting and its execution, that organizations rely on to manage

(8)

risk in creating, preserving, and realizing value” (COSO, 2016, p. 10). This definition emphasizes on managing risk through: 1) Recognizing culture and capabilities; 2) Applying practices; 3) Integrating with strategy-setting and its execution; 4) Managing risk to strategy and business objectives; 5) Linking to creating, preserving, and realizing value (COSO, 2016, p. 10)

Both COSO (2004) and COSO (2016) expand upon, but do strongly incorporate COSO’s (1992) internal control framework. This framework is derived from the control theory. Therefore, both COSO (2004) and COSO (2016) are seen as heavily influenced by accounting and auditing norms of control.

Although COSO’s (2016) definition is the most recent one, this research will focus on the COSO (2004) definition because this definition is the most popular definition in the literature used in this research.

2.1.2 CRO appointment

Hoyt and Liebenberg (2003) measure a signal of ERM as CRO announcements because firms do not publicly announce the existence and implementation of ERM (Hoyt & Liebenberg, 2003, p. 42). Following Hoyt and Liebenberg (2003) Pagach and Warr (2010, 2011) and Desender and Lafuente (2009, 2011) also use CRO appointment as a proxy for ERM implementation. In addition, Kleffner et al. (2003) emphasize the importance of risk officers in adopting ERM (Kleffner, Lee, & McGannon, 2003). The CRO is typically appointed as a board member who reports directly to the CEO or CFO and often holds advanced degrees and experience (Thiessen, Hoyt, & Merkley, 2001).

Beasley et al. (2008) state that using the CRO variable as a proxy for ERM implementation does not capture the extent of ERM program implementation. However, in this research the appointment of a CRO shall also be used to find gaps in the literature and develop hypotheses, not to measure the quality of the ERM system.

2.1.3 ERM and its determinants

As mentioned above, ERM is a complex framework. To understand what firm’s implement ERM and to which stages they do so Beasley et al. (2005) surveyed 175 organisations. They find that the stage of implementation is positively related to the presence of a CRO, apparent support for ERM by CEO and CFO, having a big four auditors, board independence, and firms that operate in banking, education, and insurance industries. The results emphasize the importance of senior management and board leadership to successfully implement ERM, indicating the complexity of ERM (Beasley, Clune, & Hermanson, 2005). In addition, Desender and Lafuente (2009) find that,

(9)

apart from board independence and having big four auditors also the audit scope, ownership structure and audit fees are positively related to the level of ERM implementation (Desender & Lafuente, 2009). Pagach and Warr (2011) proxy for ERM implementation with CRO appointment and have similar results; they also find that entity size has significant influence (Pagach & Warr, 2011). In addition, Lin et al. (2012) find that insurers with greater geographical diversification are more likely to implement an ERM system (Lin, Wen, & Yu, 2012). Bertinetti et al. (2013) find the size of the entity and the company’s beta and profitability (ROA) of significance in their European sample (Bertinetti, Cavezzali, & Gardenal, 2013). Finally, Kleffner et al (2003) find that in their sample of 118 Canadian firms, 61 percent of the implementations of ERM involved influence of the risk manager, 51 percent involved encouragement by the board of directors, and 37 percent implemented ERM to comply with the Toronto Stock Exchange (TSE) guidelines. Moreover, they identified that the major deterrents for ERM implementation are overall resistance to change and unfavourable organisation structure, also emphasizing the importance of senior management and board leadership in implementing ERM (Kleffner, Lee, & McGannon, 2003).

2.1.4 ERM quality

Many measure ERM implementation with CRO appointment (e.g., see Desender & Lafuente, 2009; Desender & Lafuente, 2011; Hoyt & Liebenberg, 2003; Pagach & Warr, 2010; Pagach & Warr, 2011; Kleffner, Lee, & McGannon, 2003), but as Beasley et al. (2008) state this fails to measure the extent of the implementation. Since 2007 S&P has introduced a new rating for ERM of insurers in the U.S.. This rating has often been used as an indicator for ERM quality (e.g., see Baxter, Bedard, Hoitash, & Yezegel, 2013; Lin, Wen, & Yu, 2012; McShane, Nair, & Rustambekov, 2011) However, since the S&P rating only captures the ERM quality of U.S. insurance companies, Gordon et al. (2009) developed an ERM index (ERMI) to measure the firm’s ERM quality based on the four objectives of COSO (2004). In this research, this ERMI will be used to measure the ERM quality.

2.1.5 ERM and firm value and performance:

The relation between ERM and firm value and performance has been researched extensively, but results are still inconclusive. Meulbroek (2002) argues that implementing ERM and thereby shifting decision making from separated silos to a holistic approach; a firm can improve its efficiency in managing risk due to avoidance of duplication of risk management expenditure and improved coordination. This should provide a better overview of resource allocation and therefore improve capital efficiency and return on equity (Meulbroek, 2002). Based on this

(10)

theory, Hoyt and Liebenberg (2011) measure the effect of ERM on the firm value of publicly traded insurers. They identify ERM by searching for announcements done by companies in various databases. Using Tobin’s Q as a proxy for firm value, they construct a model with Tobin’s Q as a function of ERM use. This model gives a statistically and economically significant positive relation between firm value and the use of ERM is found, suggesting the use of ERM does increase firm value, (Hoyt & Liebenberg, 2011).

Bertinetti et al. (2013) measure the relation between ERM and firm value with CRO appointment as identification for ERM implementation and Tobin’s Q as a proxy for firm value. Their sample does not consist of U.S. insurers as is often the case (e.g., see Hoyt & Liebenberg, 2011; Baxter, Bedard, Hoitash, & Yezegel, 2013) but European companies from all industries. Their results are in line with those of Hoyt and Liebenberg (2011) suggesting their results can be generalized beyond insurance companies (Bertinetti, Cavezzali, & Gardenal, 2013).

In addition, Baxter et al. (2013) investigated the relation between ERM and firm value and performance in combination with the factors associated with high-quality ERM and whether ERM signals credibility to the financial market in financial services firms during the financial crisis. The factors associated with higher ERM quality are greater organisation complexity, fewer resource constraints, and better corporate governance. They find no relation between market performance before and during the crisis. However, companies with higher ERM quality had higher returns when the market rebounded. The market reacted to signals of higher ERM quality; especially a stronger response to earnings surprises for firms with higher ERM quality was measured. Overall, they find that ERM improves firm value and performance through enabling better control over management and aligning their behaviour with the strategic direction of the company (Baxter, Bedard, Hoitash, & Yezegel, 2013).

Nocco and Stulz (2006) discuss the benefits of ERM with the CRO of Nationwide Insurance teams. They argue that a well-designed ERM system where the risk management is truly holistic and so all material corporate risks are viewed and managed within this one system, can add value and generate competitive advantages on the long-run through its effect on both macro and micro levels. At the macro level, ERM enables higher management to identify, measure and limit the exposures faced by the firm. This can mitigate future unwanted outcomes such as a drop in the company’s credit rating. At a micro level, ERM adds value through ensuring that operating managers and employees own all risks and risk-return trade-offs are carefully evaluated. Operating managers are encouraged to focus on their own risk-return trade-offs by assigning risk-adjusted levels of expected return. Therefore, adding value and improving the performance of the entity (Nocco & Stulz, 2006).

(11)

Approaching this relation from a contingency perspective, Gordon et al. (2009) try to determine the key factors influencing the firm’s performance. They find that the influence of ERM is contingent upon an appropriate match between five factors affecting the firm: board of directors’ monitoring, firm size, firm complexity, industry competition and environmental uncertainty. Suggesting a contingency relation between a firm’s ERM system and its performance (Gordon, Loeb, & Tseng, 2009).

Not all studies find a positive relation between ERM and firm value and performance. McShane et al. (2011) find that firm value increases when firms implement more sophisticated traditional risk management (TRM) but do not increase further when firms achieve ERM. This could indicate that investing in ERM is not endlessly valuable. When a sophisticated risk management system has been achieved, it may cost more to manage the remaining risk than it may save (McShane, Nair, & Rustambekov, 2011).

Lin et al. (2012) find a strong negative relation between ERM implementation and firm value, with Tobin’s Q used as a proxy, and ROA. This might be caused by investors having difficulties to decipher the value of ERM because it complicates the risk management processes (Fraser, Schoening-Thiessen, & Simkins, 2008). Another reason might be that the market views ERM as a costly program which has little potential benefit compared to its costs (Beasley, Pagach, & Warr, 2008; Pagach & Warr, 2010). Furthermore, using the same sample from S&P as Baxter et al. (2013) and McShane et al. (2011), Lin et al. (2012) find that ERM implementation does not create value. Insurers with low ERM quality even show much lower ROA than firms that have not implemented ERM in 2007, suggesting that a bad ERM system design is detrimental to the firm. They do, however, also find that companies that have adopted ERM systems perform fewer reinsurance purchases and use more derivatives reducing reinsurance costs and costs of financial risk. Also, the asset portfolio becomes less volatile, signalling positive signs towards investors (Lin, Wen, & Yu, 2012).

In addition, Pagach and Warr (2010) do not find any sign of ERM improving firm value and performance based on their sample of CRO appointments. They give three possible reasons for their results. First of all, their data might be too noisy or their tests too weak. Meaning that they might have failed to find changes in the company’s performance and that the adoption of ERM might actually be beneficial. Second, their test might be too short to measure the benefits from ERM that emerge over an extended period of time. Although this is highly unlikely since their sample consists of data from 1992 to 2004. If it takes longer than twelve years to reap the benefits, it might not be worth it to implement ERM at all. The third and the most disconcerting

(12)

cause is that ERM is not having any significant effect on the company’s performance. Suggesting that ERM is not effective in creating value for the firm (Pagach & Warr, 2010).

The results on the relation between ERM and firm value and performance are inconclusive. Both positive (e.g., see Baxter, Bedard, Hoitash, & Yezegel, 2013; Bertinetti, Cavezzali, & Gardenal, 2013; Hoyt & Liebenberg, 2011; Nocco & Stulz, 2006) and negative relations (e.g., see Lin, Wen, & Yu, 2012; McShane, Nair, & Rustambekov, 2011; Pagach & Warr, 2010) are measured, sometimes on the same samples with the same models. Nonetheless, most extensively performed researches seem to find a positive relation (e.g., see Baxter, Bedard, Hoitash, & Yezegel, 2013; Hoyt & Liebenberg, 2011). ERM seems to be effective in increasing firm value through mitigating risk; therefore, it is expected to decrease the amount audit fees paid.

2.1.6 ERM and risk management

Another relation that has been researched extensively but still has inconclusive results is that between ERM implementation and the risk management quality of the firm. Lin and Wu (2006) state that, to implement an effective enterprise-wide internal control system based on risk analysis, every company should implement and ERM system. They also state that ERM is an effective way to handle section 404 of the Sarbanes-Oxley Act of 2002 which requires management and independent auditors to report on the effectiveness of internal control over financial reporting. This is achieved by analysing risk across all processes with as ultimate goal the creation of value (Lin & Wu, 2006).

In addition, Hoyt and Liebenberg (2003) find that after the wave of corporate governance scandals early 2000’s, firms are inclined to implement an ERM system to reduce information asymmetry regarding the firm’s current and expected risk profile. They argue that appointing a CRO and implementing an ERM system helps to communicate the firm’s risk profile to external stakeholders and reduce the costs associated with the shift towards better risk management (Hoyt & Liebenberg, 2003).

Kaplan and Mikes (2014) do not find that ERM improves risk management in every situation. They argue that given the evolving nature of risk control, it is unclear what will ultimately be the definition of ERM and that at this point, ERM is not yet applicable to all organisations. This uncertainty causes the ERM framework do be insufficient and in need for a more contingent perspective (Kaplan & Mikes, 2014).

(13)

A critic of ERM is Power (2009). He suggests that ERM is flawed at the core elements. The concept of risk appetite is impoverished and was part of the intellectual failure at the heart of the financial crisis. It is a concept which boards and senior management do not understand and focus too much on the metrics. Furthermore, ERM is subject to the logic of audit trail, operating as a boundary preserving model instead of challenging, therefore failing to address complex realities of interconnectedness. He concludes that ERM can at its best provide limited security and in the worst case all of the security is illusory. Finally, he provides an alternative for ERM; Business continuity management (BCM), which in his opinion adds greater depth to the going concern because it was developed outside the accounting field (Power, 2009).

2.2 Audit fees

The audit fee is the price paid by a company to an independent and qualified auditing firm for performing an external audit. The external audit’s objective is to determine whether the company has prepared the accounting records accurate and complete, the records are according to the generally accepted accounting principles (GAAP), and the income statement presents the company’s results and financial situation fairly. Francis (2004) finds that for 5500 US large publicly listed companies the annual audit fees are 0.04% of the market value on average in 2002-2003 which is $3.4 billion in total (Francis, 2004, pp. 348-349). Because this is a relatively significant amount of money, research towards audit fees has been done extensively in relation to other factors such as audit quality and internal control problems.

2.2.1 Relation audit fees and audit quality

Palmrose (1986) researched the relation between auditor size and the amount of audit fees paid. Based on a questionnaire sent to 1186 American companies in November 1981 she finds that the big eight auditing firms ask significant higher audit fees than non-big eight firms. This can be explained by either a higher audit quality or monopoly pricing by the big eight firms. The only significantly reason is the relation between the higher audit quality performed by the big eight auditing firms (Palmrose, 1986).

Francis (2004) reviews empirical research between 1979 and 2004, mainly from the United States, about audit quality. His findings are consistent with Palmrose (1986) finding that a higher audit fee implies a higher audit quality. Either because the auditor spends more effort in the audit, or the auditor charges higher billing rates because of greater expertise.

Based on this literature, higher audit fees would indicate a higher level of audit quality; therefore, a positive relation between ERM quality and audit fees would be expected.

(14)

2.2.2 Audit fees and internal control problems

The audit itself is meant to discover control problems within the organisation. For example, Jensen and Mackling (1976) state in their research towards agency cost and ownership structure that external audits are a control mechanism. They approach the relationship between managers and owners from an agency perspective. For the owners of a company, it is not feasible to completely protect their selves from the management’s decisions that are not in the owner’s best interest via restrictions and provisions made by the owners. This would be too expensive and would limit management’s ability to make optimal decisions. Auditing the company via an external party gives insight into the control problems and choices of management (Jensen & Meckling, 1976). This is supported by Kreutzfeldt and Wallace (1986), they find empirical evidence that external audits in environments with weaker control tend to relate to the audit revealing greater error rates (Kreutzfeldt & Wallace, 1986).

Hoitash et al. (2008) and Raghunandan and Rama (2006) follow Jensen and Meckling (1976) their statement by measuring the effect of disclosed internal control problems on the amount of audit fees under the Sarbanes-Oxley Act (SOX). They both find that more control problems, indicating lower risk management quality, are positively associated with higher audit fees. This indicates that auditing firms can detect control problems (Hoitash, Hoitash, & Bedard, 2008; Raghunandan & Rama, 2006).

Not only measured control problems are associated positively associated with audit fees, but also perceived business risk is positively associated with audit fees. Bell et al. (2001) analysed the relationship between auditors’ perceived business risk and audit fees. Based on a survey from a large international auditing firm, they find that the auditing firm increases the amount of auditing hours when perceived business risk is higher. The hourly billing rate stayed the same (Bell, Landsman, & Shackelford, 2001)

These findings suggest that more control problems and the business risk increasing the amount of audit fees. Therefore, a negative relation between ERM quality and audit fees is expected.

2.2.3 Audit fees and audit committee

Another relation that has been studied extensively is the relation between audit fees and audit committee, but results have been inconclusive. Abbott et al. (2003) observe that audit committees of which the members are independent and have at least one financial expert among them are associated with higher audit fees. However, the frequency of committee meetings is found not to be significantly associated with audit fees. As an explanation, they give that they did not include

(15)

the number of hours spent in these meetings making it an incomplete variable. The results indicate that a higher quality of audit committee either sets a higher standard for the external audit, or does not improve the internal control- and risk management- quality (Abbott, Parker, Peters, & Raghunandan, 2003).

Going deeper into the relationship between the audit committee and the audit fees Collier and Gregory (1996) find that the presence of an audit committee is positively related to size- related audit fees, but the relationship with risk- and complexity related audit fees is negative. The writers expected the audit committee to prevent a reduction in the audit fees so that the quality of the audit stays intact. Therefore, the first hypothesis was found true. They also expected the audit committee to be effective in monitoring internal control and therefore reducing the risk- and complexity- related audit fees. Although these hypotheses were not found to be true at the 5% level, an alternative asset- based model does suggest a negative relationship between the presence of the audit committee and risk- and complexity- related audit fees. Concluding, the writers expect the audit committee to be at least partially effective in preventing a reduction in audit fees (Collier & Gregory, 1996).

In contrary to previous named research, Goddard and Masters (2000) find no empirical evidence of change in audit fees due to audit committees. They do measure an increase in audit fees in the years 1993 and 1994, but this has diminished by 1995. The only consistent measure in their sample appears to be a small reduction in audit fees for complex companies. This is caused by the improvement in internal control due to the audit committee (Goddard & Masters, 2000).

In contrary to Abbott et al. (2003) Goodwin-Stewart and Kent (2006) find that more frequent committee meetings are related to higher audit fees. They examined in an Australian setting whether the presence of an audit committee, the characteristics of this committee and performing internal audits are associated with higher audit fees. The results do not only indicate that frequent committee meetings are related to higher audit fees but also the presence of an audit committee and increased use of internal audit. Going deeper in the audit committee characteristics they find that increased committee expertise is associated with higher audit fees only when meeting frequency and member independence are low. These results are consistent with audit committees demanding higher audit quality and a complementary relationship between committee expertise, independence, and frequency in enhancing audit committee effectiveness. Furthermore, the results suggest that firms with large internal audit functions also engage in a higher overall level of monitoring and risk management, therefore, increasing the audit fee (Goodwin-Stewart & Kent, 2006).

(16)

In contrary to Goodwin-Stewart and Kent (2006) Felix et al. (2001) find that more extensive internal audit lowers the audit fee. Instead of demanding a higher audit quality, they argue that the internal audit can contribute to the external audit, lowering the audit fee (Felix, Gramling, & Maletta, 2001).

Continuing on the relation between the audit committee and audit fees, Carcello et al. (2002) find a positive relationship between audit fees and board independence, diligence, and expertise. Indicating a similar relation as most of the above research between audit committee quality and audit fees (Carcello, Hermanson, Neal, & Riley, 2002).

The results on the relation between the audit committee and audit fees are inconclusive. A positive relation is found on the basis of the audit committee demanding a better audit quality and therefore extending the external audit (e.g., see Abbott, Parker, Peters, & Raghunandan, 2003; Carcello, Hermanson, Neal, & Riley, 2002; Collier & Gregory, 1996; Goodwin-Stewart & Kent, 2006). A negative relation is found when looking at the audit committee improving internal control and risk management and therefore decreasing the amount of work for the auditors (e.g., see Bell, Landsman, & Shackelford, 2001; Hoitash, Hoitash, & Bedard, 2008; Raghunandan & Rama, 2006). Furthermore, the effect of internal audit is inconclusive as well. Internal audits seem to either increase audit fees by demanding a higher quality or decrease audit fees by contributing to the external audit (e.g., see Felix, Gramling, & Maletta, 2001; Goodwin-Stewart & Kent, 2006).

2.3 Audit fees and ERM quality

According to Desender and Lafuente (2011), external and internal auditors have the same concerns; that a proper internal control system is in place. Therefore, external auditors should be able to rely on the work of internal auditors. An ERM system can assist external auditors with the audit by helping to understand the internal control system that has been set up by the internal auditors, reducing the time external auditors spend on the audit and therefore reduce the audit fees. The quality of the implemented ERM system will thus have a significant influence on the amount of audit fees (Desender & Lafuente, 2011, pp. 6-7). The same authors have found a complementary relationship between ERM quality and audit fees in their research to the influence of company characteristics on ERM in 2009 (Desender & Lafuente, 2009).

In the past decades, there has been a lot of discussion about the effect of ERM quality indicators and the amount of audit fees paid. A negative relation between ERM quality indicators and audit fees has been found in; lesser internal control problems, a stronger internal control

(17)

system, better performed internal audits, and lower perceived business risk being significantly related to a lower amount of audit fees paid (Bell, Landsman, & Shackelford, 2001; Felix, Gramling, & Maletta, 2001; Hoitash, Hoitash, & Bedard, 2008; Raghunandan & Rama, 2006). However, Goddard and Masters (2000) find that the negative relationship between a stronger internal control system and audit fees is only effective for a short period of time. Eventually, the effect diminishes and even disappears (Goddard & Masters, 2000).

In contrary with Felix et al. (2001), Goodwin-Stewart and Kent (2006) find a positive relation between internal audit quality and audit fees, arguing that setting a higher standard for the internal audit demands a higher external audit quality causing the external auditors to spend more time on the audit (Goodwin-Stewart & Kent, 2006).

Other research also finds a positive relation between ERM quality indicators and audit fees in; higher board quality and demanding a higher external audit quality being significantly related to a higher amount of audit fees paid (Carcello, Hermanson, Neal, & Riley, 2002; Francis, 2004; Palmrose, 1986)

The relation between the audit committee and audit fees is still somewhat inconclusive. Abbott et al. (2003) find that a better quality audit committee is positively related with the amount of audit fees paid. Whereas, Collier and Gregory (1996) and Goddard and Masters (2000) find no significant positive relationship between the presence of an audit committee and the amount of audit fees paid (Abbott, Parker, Peters, & Raghunandan, 2003; Collier & Gregory, 1996; Goddard & Masters, 2000). Based on the literature of ERM quality and audit fees, I hypothesise that there is a negative relation between ERM quality and audit fees because ERM seems to mitigate risk by improving the internal control system and it helps external auditors to work more efficient. This forms the first hypothesis:

H1: There is a negative relation between audit fees and ERM quality

2.4 Earnings volatility and ERM quality

Higgs and Skantz (2006) find a positive relation between earnings volatility and the amount of audit fees paid. Therefore, the effect of ERM on earnings volatility shall be researched in order to control for any results measured on audit fees actually being caused by the effect of ERM on earnings volatility.

The relation between the ERM quality and earnings volatility has, to the best of my knowledge, not been researched yet. Previous research is mainly focused on the effect of having

(18)

an ERM system implemented on earnings volatility, and if earnings volatility is a determinant to implement ERM, rather than the effect of the ERM quality on earning volatility.

Hoyt and Liebenberg (2003) hypothesise, based on Miccolis and Shah (2000) their statement; that firms can benefit from ERM by decreasing earnings and stock-price volatility, reducing external capital costs, increasing capital efficiency, and creating synergies between different risk management activities, that firms with higher earnings volatility are more likely to appoint a CRO and therefore implement an ERM system. However, their findings show no significant results supporting this hypothesis (Hoyt & Liebenberg, 2003; Miccolis & Shah, 2000). In contrary, Pagach and Warr (2011) do find significant results that companies that are more volatile are more likely to adopt ERM, also using CRO appointment as a proxy for ERM implementation (Pagach & Warr, 2011). Furthermore, Beasley et al. (2008) find that shareholders of large nonfinancial firms with greater earnings volatility react favourably to the implementation of ERM (Beasley, Pagach, & Warr, 2008).

In addition, Cumming and Hirtle (2001) and Meulbroek (2002) find that implementing ERM decreases the agency costs due to a better insight in the company’s recourse allocation and activities. This insight can then provide better information about future earnings, giving the management the chance to act upon this expectation, lowering the earnings volatility (Cumming & Hirtle, 2001; Meulbroek, 2002)

Finally, Pagach and Warr (2010) find that implementing ERM causes a reducing in earnings volatility in some firms but not al. They give no reasons why there might be a difference in the effect of ERM implementation between firms (Pagach & Warr, 2010). They also only focus on the implementation of ERM, not on the effect of ERM quality on earnings volatility, which might be an explanation why there are different effects measured between firms. Based on the literature of ERM implementation and earnings volatility, I hypothesise that there is a negative relation between ERM quality and earnings volatility because ERM gives better insight into future risks which gives management the chance to act. This forms the second hypothesis:

H2: There is a negative relation between ERM quality and earnings volatility

2.5 Environmental uncertainty and ERM quality

Environmental uncertainty is the amount of unpredictability of future events affecting the organisation. A higher environmental uncertainty creates more difficulties for the organisation, but the appropriate response to this risk differs depending on the environmental uncertainty facing the firm (Gordon, Loeb, & Tseng, 2009, pp. 303-304). As Bell et a. (2001) find is the

(19)

amount of audit fees paid positively related to a firm’s risk. The effect of ERM quality on environmental uncertainty will be measured to mitigate the effect of ERM quality on audit fees actually caused by ERM lowering a firm its environmental uncertainty.

Research on the relation between ERM quality and environmental uncertainty has been scarce although the importance of considering the environmental uncertainty confronting an organization when designing management control systems is well established in the accounting literature (e.g., see Chenhall, 2003, Evans, Lewis, & Patton, 1986, Gordon & Miller, 1976, Gordon & Narayanan, 1984, Gordon, Loeb, & Tseng, 2009, and Mia & Chenhall, 1994). Gorden et al. (2009) find that the firm performance is dependent on a proper alignment between the environmental uncertainty facing an organisation and the ERM system. This is in line with Hoyt and Liebenberg (2003) their argument that firms facing higher uncertainty will value ERM more (Gordon, Loeb, & Tseng, 2009; Hoyt & Liebenberg, 2003). In addition, Baxter et al. (2013) find that firms with higher ERM quality had higher returns during the rebound period of the financial crisis (Baxter, Bedard, Hoitash, & Yezegel, 2013), indicating that firms with higher ERM quality respond better to uncertainties. Concluding, because the quality of the ERM system is influenced by the environmental uncertainty facing the firm, and organisations facing more uncertainty value ERM more, I hypothesise that a higher ERM quality will mitigate the environmental uncertainty. This forms the third hypothesis:

H3: There is a negative relation between ERM quality and environmental uncertainty

2.6 Financial leverage and ERM quality

According to Bell et al. (2001), the amount of financial leverage can influence an auditor’s level of perceived business risk which is positively related to the amount of audit fees paid. The effect of ERM quality on financial leverage will be measured to mitigate the effect of ERM quality on audit fees actually caused by ERM lowering a firm its financial leverage.

Results on the effect of an implemented ERM system on leverage are still somewhat inconclusive and lack information about the effect of the quality of the ERM system on leverage. Hoyt and Liebenberg (2003) find that the relation between firms engaging in ERM and leverage was positive and significant. This indicates that firms that are highly leveraged are more likely to engage in ERM than other firms operating in the same industry of the same size. This is in line with the finding of Cumming and Hirtle (2001) and Meulbroek (2002) that agency costs can be reduced by implementing ERM. Highly leveraged firms have higher agency costs because of the incentive differences between shareholder and debtholders and are therefore more inclined to

(20)

engage in ERM (Cumming & Hirtle, 2001; Hoyt & Liebenberg, 2003; Meulbroek, 2002). In contrary, Beasley et al. (2008) find that shareholders of nonfinancial firms that are less leveraged compared to firms of the same size in the same industry react favourably to the implementation of ERM. This might be because the shareholders of less leveraged firms can benefit more of the results of the company (Beasley, Pagach, & Warr, 2008).

Pagach and Warr (2010) find inconclusive results about the relation between an implemented ERM system and leverage. They find no significant changes in the amount of leverage after firms have implemented an ERM system (Pagach & Warr, 2010). However, Hoyt and Liebenberg (2011) do find significant results that companies with ERM programs are less leveraged than companies without ERM program. Suggesting that firms engaged in ERM may want lower probability to financial distress and do so by lowering financial risk (Hoyt & Liebenberg, 2011).

In addition, Bertinetti et al. (2013) find that highly leveraged firms engaged in ERM have a lower firm value than less leveraged firms (Bertinetti, Cavezzali, & Gardenal, 2013). Since ERM quality and firm value is positively related, this could indicate that highly leveraged firms have lower ERM quality. This forms the fourth hypothesis:

(21)

3 Research methodology

This paragraph discusses the sample, variables, and methods used in this paper. First, the data gathered and the final sample will be discussed and substantiated. Followed by an explanation of the variables used and how they are calculated.

3.1 Sample

This research is based on quantitative data gathered from the databases Audit Analytics, COMPUSTAT, and CSRP. All of which are accessible via the Wharton Research Data Services (WRDS) database. The data is linked to the linking table provided by WRDS that creates the opportunity to link and merge data from Audit Analytics, COMPUSTAT, and CRSP. Baxter et al. (2013) find that firms that implemented ERM did better when the market rebounded from the financial crises in their sample from 2006 till 2009. I will go further on their research with a sample from 2010 till 2016 to see the effects of ERM after the financial crisis. Most research on ERM is done on companies from the U.S. and Canada (e.g., see Baxter, Bedard, Hoitash, & Yezegel, 2013; Beasley, Clune, & Hermanson, 2005; Bell, Landsman, & Shackelford, 2001; Gordon, Loeb, & Tseng, 2009; Hoyt & Liebenberg, 2011; Lin, Wen, & Yu, 2012), but executed in a different timeframe or from a different perspective. I will also use only companies from the U.S. and Canada to improve comparability of the results. Also, following Hoyt and Liebenberg (2011) all Standard Industrial Classification codes (SIC codes) will be used in order to control for industrial differences.

Table 1 shows how the final sample is derived from the databases; Audit Analytics, CRSP, and COMPUSTAT fundamentals annual and segments (non-historical). The initial sample consisted of all North American companies between 2010 and 2016 in the database

COMPUSTAT. Of this sample, one hundred observations are deleted because of incomplete company information. To calculate the number of lines of business a company is active as a control variable, following McShane et al. (2011), the segments database and fundamentals annuals are merged, and the amount of individual SIC codes per company per year is calculated. This results in deleting 44,636 observations because of missing information about the lines of business. Next, the data is merged with the CRSP database for the yearly beta to calculate the systematic risk that will be used as a control variable, following Hoyt and Liebenberg (2011) and McShane et al. (2011), deleting 28,516 observations. The last database added is Audit Analytics for the audit fees paid each year by the companies, resulting in the loss of 2,339 observations. To calculate the environmental uncertainty 6,862 observations missing data about capital

(22)

expenditures and research and development expenses are deleted, following (Gordon, Loeb, & Tseng, 2009). Next, 821 observations are deleted because of missing information about the liabilities of the company and market value of the equity, needed to calculate the leverage as Hoyt and Liebenberg (2011). To calculate the coefficient of variation, each company must be at least measure in two years. Therefore, the companies that have a single observation are deleted, resulting in 79 companies. Finally, 158 and 112 observations are deleted because of missing information to be able to calculate the earnings volatility and environmental uncertainty. This results in the final sample 3,851 observations of 708 different companies in the U.S. and Canada between 2010 and 2016. Table 2 gives an overview of the industry distribution of the sample. In paragraph 4.1 the process of winsorizing extreme values will be discussed.

Table 1 Sample selection

Description Firms Obs.

Initial amount 15,306 87,474

Incomplete company data - 100

Segments 7,339 44,636

Beta 5,566 28,516

Audit fees 475 2,339

Capital expenditures 13 1,748

R&D 933 5,114

Liabilities and equity 136 821

Single observations 79 79

Earnings volatility 23 158

Environmental Uncertainty 34 112

Final sample 708 3,851

Table 2 Industry distribution of the sample.

Industry Number of companies Percentage

Manufacturing 448 63.28

Services 115 16.24

Retail Trade 70 9.89

Wholesale Trade 20 2.82

Transportation & Public Utilities 18 2.54

Mining 18 2.54

Finance, Insurance, & Real Estate 16 2.26

Construction 3 0.42

(23)

3.2 Variables and measurement

In this research four different models are used, one model for each hypothesis. Each model tests the effect of the ERM quality (the independent variable) on a dependent variable. The ERM quality will be measured using the enterprise risk management index (ERMI), creating the opportunity to measure the effect of ERM on the other dependent variables.

3.2.1 Dependent variables 3.2.1.1 Audit fees

The dependent variable of the first model is the amount of audit fees paid. Consistent with most research (e.g., see Abbott, Parker, Peters, & Raghunandan, 2003; Carcello, Hermanson, Neal, & Riley, 2002; Felix, Gramling, & Maletta, 2001; Goddard & Masters, 2000; Goodwin-Stewart & Kent, 2006; Palmrose, 1986; Raghunandan & Rama, 2006) the natural logarithm (LN) of audit fees will be used. The variable concerns the fees paid to the audit for executing the external audit in a certain year as stated in the Audit Analytics database. This gives the following model;

I. 𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙 = 𝛽𝛽0 + 𝛽𝛽1 ∗ 𝑙𝑙𝐸𝐸𝐸𝐸𝑙𝑙 + 𝛽𝛽2 ∗ 𝑆𝑆𝑙𝑙𝑆𝑆𝑙𝑙 + 𝛽𝛽3 ∗ 𝑙𝑙𝐼𝐼𝑙𝑙𝑙𝑙𝑆𝑆𝑙𝑙𝐸𝐸𝐼𝐼 + 𝛽𝛽4 ∗ 𝑆𝑆𝐼𝐼𝑆𝑆𝐸𝐸𝑙𝑙𝑆𝑆𝑆𝑆 + 𝛽𝛽5 ∗ 𝐶𝐶𝐶𝐶𝐸𝐸𝐶𝐶𝐶𝐶𝑙𝑙𝐶𝐶𝑙𝑙𝑙𝑙𝐼𝐼 + 𝛽𝛽6 ∗ 𝑙𝑙𝐶𝐶𝐶𝐶𝑙𝑙𝐼𝐼𝑙𝑙𝐸𝐸𝐼𝐼 + 𝜀𝜀

3.2.1.2 Earnings volatility

The second dependent variable is the earnings volatility. To operationalize the earnings volatility Hoyt and Liebenberg (2003) use the coefficient of variation of earnings before interest and taxes (EBIT) for three years prior to ERM implementation. They, however, research the determinants of ERM implementation. This research focusses on the effect of ERM implementation on other aspects. Therefore, the coefficient of variation of EBIT after ERM implementation will be used instead of prior to the implementation. The information of the EBIT is retrieved from COMPUSTAT fundamentals annual. The coefficient of variation will be calculated with:

𝐶𝐶𝐶𝐶(𝐶𝐶) =�∑ (𝑆𝑆 𝑡𝑡− 𝑆𝑆̅)2 6 7 𝑡𝑡=1 |𝑧𝑧̅| Where; �∑ (𝑍𝑍𝑡𝑡−𝑍𝑍�)2 6 7

𝑡𝑡=1 is the standard deviation of the EBIT of the company, and |𝑧𝑧̅| is the mean

(24)

This gives the second model;

II. 𝑐𝑐𝑐𝑐𝑙𝑙𝑙𝑙𝐸𝐸𝐼𝐼𝑙𝑙𝐼𝐼𝑐𝑐𝑆𝑆𝐶𝐶𝐶𝐶𝐶𝐶 = 𝛽𝛽0 + 𝛽𝛽1 ∗ 𝜇𝜇𝑙𝑙𝐸𝐸𝐸𝐸𝑙𝑙 + 𝛽𝛽2 ∗ 𝑆𝑆𝑙𝑙𝑆𝑆𝑙𝑙 + 𝛽𝛽3 ∗ 𝑙𝑙𝐼𝐼𝑙𝑙𝑙𝑙𝑆𝑆𝑙𝑙𝐸𝐸𝐼𝐼 + 𝛽𝛽4 ∗ 𝑆𝑆𝐼𝐼𝑆𝑆𝐸𝐸𝑙𝑙𝑆𝑆𝑆𝑆 + 𝛽𝛽5 ∗ 𝐶𝐶𝐶𝐶𝐸𝐸𝐶𝐶𝐶𝐶𝑙𝑙𝐶𝐶𝑙𝑙𝑙𝑙𝐼𝐼 + 𝛽𝛽6 ∗ 𝑙𝑙𝐶𝐶𝐶𝐶𝑙𝑙𝐼𝐼𝑙𝑙𝐸𝐸𝐼𝐼 + 𝜀𝜀

3.2.1.3 Environmental uncertainty

To measure the environmental uncertainty, Kern (1992) and Gordon et al. (2009) shall be followed, using a combination of three metrics; (1) Market; Coefficient of variation of sales, (2) Technological; Coefficient of variation of the sum of R&D and capital expenditures, divided by total assets, and (3) Income; Coefficient of variation of net income before taxes. All of which are gathered from the COMPUSTAT database. For each firm, the coefficient of variation is calculated each year over the 2010-2016 period based on the first differences. This is calculated by the following formula;

𝑙𝑙𝑙𝑙 = log(� 𝐶𝐶𝐶𝐶(𝐶𝐶𝑘𝑘)) 3 𝑘𝑘=1 Where: 𝐶𝐶𝐶𝐶(𝐶𝐶𝑘𝑘) = �∑7 (𝑍𝑍𝑘𝑘,𝑡𝑡−𝑧𝑧�𝑘𝑘)2₆ 𝑡𝑡=1 |𝑍𝑍��|𝑘𝑘 and 𝑆𝑆𝑘𝑘,𝑡𝑡= �𝐶𝐶𝑘𝑘,𝑡𝑡− 𝐶𝐶𝑘𝑘,𝑡𝑡−1�

𝐶𝐶𝑘𝑘.𝑡𝑡 =uncertainty k in year t. 𝐶𝐶𝐶𝐶(𝐶𝐶𝑘𝑘)= coefficient of variation of uncertainty k, t represents the

years 2010-2016, k represents the market, technological, or income uncertainty, and 𝑆𝑆�� is the 𝑘𝑘

mean of changes over five years of uncertainty k. The absolute value of 𝑆𝑆�� is used as the 𝑘𝑘

denominator to avoid the case where a negative 𝑆𝑆̅ turn an uncertain situation into a certain situation (Gordon, Loeb, & Tseng, 2009, p. 308).

The third model is shown in the equation below;

III. 𝑙𝑙𝑙𝑙 = 𝛽𝛽0 + 𝛽𝛽1 ∗ 𝜇𝜇𝑙𝑙𝐸𝐸𝐸𝐸𝑙𝑙 + 𝛽𝛽2 ∗ 𝑆𝑆𝑙𝑙𝑆𝑆𝑙𝑙 + 𝛽𝛽3 ∗ 𝑙𝑙𝐼𝐼𝑙𝑙𝑙𝑙𝑆𝑆𝑙𝑙𝐸𝐸𝐼𝐼 + 𝛽𝛽4 ∗ 𝑆𝑆𝐼𝐼𝑆𝑆𝐸𝐸𝑙𝑙𝑆𝑆𝑆𝑆 + 𝛽𝛽5 ∗ 𝐶𝐶𝐶𝐶𝐸𝐸𝐶𝐶𝐶𝐶𝑙𝑙𝐶𝐶𝑙𝑙𝑙𝑙𝐼𝐼 + 𝛽𝛽6 ∗ 𝑙𝑙𝐶𝐶𝐶𝐶𝑙𝑙𝐼𝐼𝑙𝑙𝐸𝐸𝐼𝐼 + 𝜀𝜀

3.2.1.4 Leverage

The fourth dependent variable is the leverage of the firm. Leverage is the ratio of the book value of total assets to the book value of total liabilities. The more leveraged a firm is, the more financial risk it is taking because it takes on more debt to increase return on equity. Following Hoyt and Liebenberg (2011, pp. 805-808) the leverage is calculated as book value of the liabilities divided by the market value of equity;

(25)

𝐶𝐶𝑙𝑙𝐶𝐶𝑙𝑙𝐸𝐸𝑙𝑙𝑐𝑐𝑙𝑙 =_{𝐶𝐶 ∗ 𝑐𝑐𝑏𝑏𝑐𝑐𝑐𝑐𝑏𝑏𝑙𝑙 𝑙𝑙ℎ𝑣𝑣𝑎𝑎𝑣𝑣𝑙𝑙 𝑏𝑏𝑣𝑣𝑙𝑙𝑙𝑙𝑙𝑙𝑣𝑣𝑙𝑙𝑜𝑜𝑙𝑙𝑙𝑙𝑜𝑜}𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏 𝑐𝑐𝑣𝑣𝑙𝑙𝑣𝑣𝑣𝑣 𝑙𝑙𝑙𝑙𝑣𝑣𝑏𝑏𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑙𝑣𝑣𝑙𝑙

This information is retrieved from the database COMPUSTAT. The fourth model is shown in the equation below;

IV. 𝐶𝐶𝑙𝑙𝐶𝐶𝑙𝑙𝐸𝐸𝑙𝑙𝑐𝑐𝑙𝑙 = 𝛽𝛽0 + 𝛽𝛽1 ∗ 𝑙𝑙𝐸𝐸𝐸𝐸𝑙𝑙 + 𝛽𝛽2 ∗ 𝑆𝑆𝑙𝑙𝑆𝑆𝑙𝑙 + 𝛽𝛽3 ∗ 𝑙𝑙𝐼𝐼𝑙𝑙𝑙𝑙𝑆𝑆𝑙𝑙𝐸𝐸𝐼𝐼 + 𝛽𝛽4 ∗ 𝑆𝑆𝐼𝐼𝑆𝑆𝐸𝐸𝑙𝑙𝑆𝑆𝑆𝑆 + 𝛽𝛽5 ∗ 𝐶𝐶𝐶𝐶𝐸𝐸𝐶𝐶𝐶𝐶𝑙𝑙𝐶𝐶𝑙𝑙𝑙𝑙𝐼𝐼 + 𝛽𝛽6 ∗ 𝑙𝑙𝐶𝐶𝐶𝐶𝑙𝑙𝐼𝐼𝑙𝑙𝐸𝐸𝐼𝐼 + 𝜀𝜀

3.2.2 Independent variables 3.2.2.1 ERMI

To operationalise ERM quality Gordon et al. (2009) developed an ERMI. In this research, an alternation of the ERMI will be used to measure the ERM quality of the sample. The ERMI consists of four categories consistent with the four pillars of ERM from COSO; strategy, operation, reporting, and compliance. Each category has its own equation to show how effective an organisation is in achieving its objectives. Thus, the ERMI is the sum of four equations;

𝑙𝑙𝐸𝐸𝐸𝐸𝑙𝑙 = 𝑆𝑆𝑙𝑙𝑎𝑎𝑣𝑣𝑙𝑙𝑣𝑣𝑜𝑜𝑆𝑆 + 𝐶𝐶𝑂𝑂𝑣𝑣𝑎𝑎𝑣𝑣𝑙𝑙𝑙𝑙𝑏𝑏𝑙𝑙 + 𝐸𝐸𝑣𝑣𝑂𝑂𝑏𝑏𝑎𝑎𝑙𝑙𝑙𝑙𝑙𝑙𝑜𝑜 + 𝐶𝐶𝑏𝑏𝑐𝑐𝑂𝑂𝑙𝑙𝑙𝑙𝑣𝑣𝑙𝑙𝑐𝑐𝑣𝑣 Strategy

Porter (2008) defines strategy as the way a position itself relative to its competition. With its strategy, a company is trying to gain competitive advantages over other firms in the same industry (Porter, 2008). If a firm developed a good strategy, it gains more competitive advantages, lowering the firm’s overall risk, and thus increases its performance.

All companies in the same industry compete for the same sales opportunities. Therefore, when a firm has more sales compared to the rest of the industry, measured with the two-digit SIC code, it is safe to assume it developed a better strategy than its competitors. Hence, if a firm has developed a successful strategy is measured by the number of times its sales deviate from the mean sales of the industry (Gordon, Loeb, & Tseng, 2009, p. 310). This gives the following equation;

𝑆𝑆𝑙𝑙𝑎𝑎𝑣𝑣𝑙𝑙𝑣𝑣𝑜𝑜𝑆𝑆𝑡𝑡 =𝑆𝑆𝑣𝑣𝑙𝑙𝑣𝑣𝑙𝑙𝑖𝑖,𝑡𝑡_{𝜎𝜎𝑆𝑆𝑣𝑣𝑙𝑙𝑣𝑣𝑙𝑙}− 𝜇𝜇𝑆𝑆𝑣𝑣𝑙𝑙𝑣𝑣𝑙𝑙𝑡𝑡

Where; 𝑆𝑆𝑣𝑣𝑙𝑙𝑣𝑣𝑙𝑙𝑖𝑖,𝑡𝑡= sales of company i in year t, 𝜇𝜇𝑆𝑆𝑣𝑣𝑙𝑙𝑣𝑣𝑙𝑙𝑡𝑡= average industry sales in year t, and

(26)

Operations

According to Banker et al. (1989), the productivity of a firm can be measured by its input relative to its output within the firms’ operational process (Banker, Datar, & Kaplan, 1989). Amit and Wernerfelt (1990) find a negative relationship between a company’s operational efficiency and corporate risk. Indicating that a higher operating efficiency lower a firm’s overall risk of failure, and therefore increase the performance and value (Amit & Wernerfelt, 1990). Consistent with Gordon et al. (2009) and Kiymaz (2006) the operational efficiency will be measured as follows;

𝐶𝐶𝑂𝑂𝑣𝑣𝑎𝑎𝑣𝑣𝑙𝑙𝑙𝑙𝑏𝑏𝑙𝑙𝑙𝑙𝑡𝑡 =_{𝑙𝑙𝑏𝑏𝑙𝑙𝑣𝑣𝑙𝑙 𝑣𝑣𝑙𝑙𝑙𝑙𝑣𝑣𝑙𝑙𝑙𝑙}𝐼𝐼𝑣𝑣𝑙𝑙 𝑙𝑙𝑣𝑣𝑙𝑙𝑣𝑣𝑙𝑙𝑡𝑡 𝑡𝑡

Reporting

The reporting aspect of the ERMI consists of the reporting reliability of the company. According to Gordon et al. (2009), high reporting quality decreases a firm’s overall risk of failure, and thus increases its performance and value. Auditors give their opinion on de reporting quality in the auditors’ report. The opinion of qualified auditors will be used to measure a firm’s reporting quality, gathered from the COMPUSTAT database. If this opinion is unqualified, the auditor’s opinion will be set to 1. An unqualified opinion with additional language is set to 0 and an adverse opinion to -1. Thus;

𝐸𝐸𝑣𝑣𝑂𝑂𝑏𝑏𝑎𝑎𝑙𝑙𝑙𝑙𝑙𝑙𝑜𝑜𝑡𝑡 = 𝑙𝑙𝑣𝑣𝑜𝑜𝑙𝑙𝑙𝑙𝑏𝑏𝑎𝑎′𝑙𝑙 𝑏𝑏𝑂𝑂𝑙𝑙𝑙𝑙𝑙𝑙𝑏𝑏𝑙𝑙𝑡𝑡

Compliance

According to Gordon et al. (2009), when companies increase compliance with laws and regulations, the overall risk of failure decreases, and thus increases firm performance and value (Gordon, Loeb, & Tseng, 2009). In addition, Keefe et al. (1994) find a positive relationship between audit fees and compliance with generally accepted accounting principles (GAAP) (Keefe, King, & Gaver, 1994). Thus, the compliance of firms is measured by the amount of audit fees paid relative to the total assets of the company. This gives the following equation;

𝐶𝐶𝑏𝑏𝑐𝑐𝑂𝑂𝑙𝑙𝑙𝑙𝑣𝑣𝑙𝑙𝑐𝑐𝑣𝑣𝑡𝑡= _{𝑙𝑙𝑏𝑏𝑙𝑙𝑣𝑣𝑙𝑙 𝑣𝑣𝑙𝑙𝑙𝑙𝑣𝑣𝑙𝑙𝑙𝑙}𝑙𝑙𝑣𝑣𝑜𝑜𝑙𝑙𝑙𝑙 𝑓𝑓𝑣𝑣𝑣𝑣𝑙𝑙𝑡𝑡 𝑡𝑡

Because the coefficient of variation is a single measure for each company over multiple years, the average ERMI of a company will be introduced to be able to compare the relationship between the dependent and independent variables. The table below gives an overview of the hypotheses and expected relations.

(27)

Table 3 Variables and Hypotheses

Hyp. Independent Dependent Expected sign

H1 ERMI Audit fees -

H2 µERMI Earnings volatility -

H3 µERMI Environmental uncertainty -

H4 ERMI Financial leverage -

3.2.3 Control variables

To investigate the interrelations between the above-mentioned variables, it is necessary to control the research for the most important external variables. This setting of this research is influenced by several factors that could influence a firms’ risk management or earnings, such as the size of the firm, the industry it is operating in, and the complexity of the company.

First of all, it seems plausible that the firm size influences a company’s overall risk of failure. McShane and Cox (2009) for instance, find that larger firms have greater market power and economies of scale, and lower insolvency risk. In addition, Beasley et al. (2005) and Hoyt and Liebenberg (2011) find that bigger firms are more inclined to adopt and ERM system. Therefore, following Hoyt and Liebenberg (2003) and McShane et al. (2011), the first control variable introduced is the firm size. This will be measured with the LN of the total assets of a company in a given year (Hoyt & Liebenberg, 2003; McShane, Nair, & Rustambekov, 2011).

Companies through different industries are subject to different regulatory and market aspects. These differences could create different results concerning the ERM quality of the companies (Hoyt & Liebenberg, 2011, p. 799). In addition, Gordon et al. (2009) argue that firms with greater industry competition value their ERM system more. The industry variable is used in order to control for these differences. Different industries are measured with the first two digits of the SIC code.

The systematic risk facing an organisation can influence the earnings volatility and environmental uncertainty of a company (Gordon, Loeb, & Tseng, 2009; Hoyt & Liebenberg, 2011). Also, the systematic risk might influence the level of ERM quality across different industries. Therefore, following McShane et al. (2011), systematic risk will be controlled by using the company’s beta in a given year.

Another factor that might influence the firm’s overall risk of failure is its complexity. Doyle et al. (2007) and Ge and McVay (2005) find that material weakness in a firm its internal control system is positively related to its complexity (Doyle, Ge, & McVay, 2007; Ge & McVay, 2005). Moreover, Gordon et al. (2009) state that greater firm complexity will cause more

(28)

difficulties in developing management control systems and less information integration (Gordon, Loeb, & Tseng, 2009). In addition, Hoyt and Liebenberg (2011) find that firms with greater complexity are more inclined to implement an ERM system (Hoyt & Liebenberg, 2011). To control for firm complexity, McShane et al. (2011) will be followed. Firm complexity is operationalized by the amount of lines of business a company is active in. This is measured by the number of individual SIC codes in which a firm operates in a given year. The data is gathered from the database COMPUSTAT segments.

In order to control for regulatory, market, and currency differences, following Baxter et al. (2013), the final control variable will be the country the company operates. This will be operationalised by introducing the dummy variable DCOUNTRY which gives 1 if the company operates in the U.S. and 0 if it operates in Canada. The table below provides an overview of all the variables used, their definition, and source.

Table 4 List of variables

Name Definition Source

lnAUDITFEE Natural logarithm of audit fees paid in a certain year Audit Analytics cvEARNINGSVOL Coefficient of variation of yearly EBIT COMPUSTAT EU The logarithm of the variation coefficient of market, _{technology, and income} COMPUSTAT LEVERAGE Book value of liabilities divided by the market value _{of equity} COMPUSTAT ERMI Sum of strategy, operations, reporting, and _compliance Audit Analytics, _COMPUSTAT µERMI Average of ERMI of a company Audit Analytics, _COMPUSTAT Strategy Sales of company industry in year t divided by the standard deviation of i in year t minus average sales of

sales in industry COMPUSTAT

Operations Net sales divided by total assets COMPUSTAT

Reporting Dummy variable, 1 if unqualified opinion, 0 if _{unqualified with additional language} Audit Analytics Compliance Audit fees divided by total assets Audit Analytics SIZE Natural logarithm of total assets in a certain year COMPUSTAT

INDUSRTY Two-digit SIC code COMPUSTAT

SYSRISK Company beta CRSP

COMPLEXITY Number of primary SIC codes a company is _operating COMPUSTAT DCOUNTRY Dummy variable for country, 1 if U.S., 0 if Canadian COMPUSTAT

(29)

4 Findings

4.1 Descriptive statistics

Linear regression is based on the assumptions of ordinary least squares (OLS), which have to be met for the outcome of the regression to be valid. Before performing the regression, these assumptions will be tested and the data transformed to meet the assumptions, which are; continuous dependent variables, independent variable consists of two or more measures, independence of observations, adequate sample size, no univariate or multivariate outliers, multivariate normality, linear relationship between dependent- and independent variables, the is homogeneity of variance, and there is no multicollinearity.

First of all, dummy variables for the control variable ‘INDUSTRY’ are added. This resulted in dummy DIN1-DIN8. To start the analyses in SPSS, the first step is to test the initial assumptions and detect the outliers. The outliers are transformed by winsorizing the data. This way instead of removing the outliers in the data set, the observations of values >99% and <1% are transformed to the closest value that is not seen as an outlier. Winsorizing can improve accuracy more than removing the outliers as the observations are still dealt with, in less extreme values. The variables cvEARNINGVOL and LEVERAGE are winsorized for the percentage of 95% and 5% as they had more extreme values.

After that Skewness and Kurtosis gave been tested to detect variables for their normality of distribution. The only variable that needed transformation is LEVERAGE, because it was positively skewed. The variable has been transformed using the natural logarithm, creating the variable LN_LEVERAGE. Independent variables with an abnormal distribution have not been transformed since the models used make no assumptions about the distribution of the independent variables. Since the control variables, are treated as independent variables in the analyses they have also not been transformed.

Table 5 below presents the descriptive statistics of the untransformed variables. The reported mean of the ERMI is 1.89 with a standard deviation of 1.25, a maximum value of 6.71, and a minimum value of -0.42. The mean is thus, as expected, rather low on the spectrum because most firms will have trouble or lack of interest to implement an effective ERM system, while some excel in managing their risk or simply face a small amount of risks. The MEAN_ERMI its value is close to those of the ERMI as expected since the only difference is the measure per year. What might be worth noticing is that the minimum of the ERMI is negative and that of the MEAN_ERMI is positive, which could indicate that since 2010 firms that did not

(30)

have an ERM system or a poorly designed ERM system improved their risk management actively.

Comparing these results with Hoyt and Liebenberg (2003) no significant differences are reported. Their values for earnings volatility and leverage are comparable to these. However, size differs somewhat from these results, but when looking at their later research from 2011, they report a mean of 6.59 which is comparable to 7.61. Looking at the results of McShane et al. (2011), they report comparable means on the systematic risk and complexity. Gordon et al. (2009) report a higher mean for environmental uncertainty. This could be caused by a difference in the sample. They gathered the companies based on the proxy statements containing ‘risk management’ and comparable search terms. This sample consists of all companies in America. There could be a difference between the companies gathered because companies that face a small amount of environmental uncertainty might not mention risk management in their proxy statements.

When looking at the descriptive statistics, the importance of control variables is emphasized. cvEARNINGVOL, EU, and LEVERAGE all have high standard deviations compared to their means which indicates that there is a high fluctuation of the value of the variables and could be a mediator for the analysis. These fluctuations within the sample can be controlled between different observations with the proper control variables.

Table 5 Untransformed descriptive statistics

Variable N Mean Std. Deviation Minimum Maximum

ERMI 3851 1.8918 1.2513 -0.4241 6.7079 MEAN_ERMI 3851 1.8930 1.1966 0.0022 6.6829 lnAUDITFEE 3851 14.5726 1.3333 11.4076 17.4152 cvEARNINGVOL 3851 0.2372 0.4380 -0.8083 1.2141 EU 3851 0.0189 0.3627 -0.6570 1.1559 LEVERAGE 3851 0.6960 0.6683 0.0602 2.6684 SIZE 3851 7.6109 2.2027 2.3600 12.3216 SYSRISK 3851 1.1646 0.5772 -0.1194 2.9269 COMPLEXITY 3851 2.0370 1.3565 1.0000 11.0000 DCOUNTRY 3851 0.9910 0.0949 0.0000 1.0000 DIN1 3851 0.0260 0.1606 0.0000 1.0000 DIN2 3851 0.0220 0.1469 0.0000 1.0000 DIN3 3851 0.0040 0.0643 0.0000 1.0000 DIN4 3851 0.0190 0.1382 0.0000 1.0000 DIN5 3851 0.6660 0.4719 0.0000 1.0000 DIN6 3851 0.0970 0.2962 0.0000 1.0000 DIN7 3851 0.1370 0.3437 0.0000 1.0000 DIN8 3851 0.0280 0.1659 0.0000 1.0000

The relationship between enterprise risk management and audit fees