INVESTIGATING THE EFFECTS OF IT GOVERNANCE
ON EXTERNAL AUDIT QUALITY AND EFFICIENCY
Kasper Dekker; S2771977; MSc Accountancy & Control
ABSTRACT
This thesis investigates the relationship between the governance of information technology (IT governance) with the external audit quality and efficiency. The growing importance of complicated
IT systems, and the impact these systems have on firm activities, such as financial reporting and compliance, gave rise to IT governance. This dependency on effective IT systems, and governance of
these systems, is expected to influence the external audit in a positive way. In this thesis it is investigated if IT governance allows external auditors to offer higher quality audits, as the clients’ IT
systems are better governed and their use is better aligned with the strategic, financial reporting, and compliance related goals. A measurement construct has been used to assess whether an important
aspect of IT governance (the presence of a Chief Information Officer) is present within a firm, to compare this group with firms that do not have this aspect present. The effects on audit quality and efficiency is measured by a set of proxies related to these concepts, as adopted from previous studies.
The findings of this thesis cannot conclusively demonstrate that the supposed relationship between IT governance and audit quality and efficiency exists, as both hypotheses are rejected. These findings, however, are subject to certain limitations, as this thesis looked at certain geographical sectors of the world, and used a construct to measure IT governance which has not been previously
used.
Keywords: information technology governance, IT governance, external audit, audit quality,
audit efficiency
Supervisor: Prof. dr. E.W. Berghout Co-assessor: Drs. M. M. Bergervoet
Date: 18 June 2016 Word count: 10,343
TABLE OF CONTENTS
1 Introduction ________________________________________________________________ 1 2 Literature and Background ____________________________________________________ 3 2.1 Corporate Governance and Auditing _________________________________________ 3 2.2 IT Governance __________________________________________________________ 7 2.3 Hypothesis Development _________________________________________________ 11 3 Methodology ______________________________________________________________ 12 3.1 Data and Sample Selection ________________________________________________ 12 3.2 Audit Quality and Efficiency Measures ______________________________________ 13 3.3 IT Governance Constituents _______________________________________________ 15 3.4 Regression Models ______________________________________________________ 16 3.5 Validity and Reliability Issues _____________________________________________ 18 4 Results ___________________________________________________________________ 19 4.1 Descriptive Statistics ____________________________________________________ 19 4.2 Regression Results ______________________________________________________ 25 5 Discussion and Conclusion ___________________________________________________ 26 6 Research Limitations and Further Research ______________________________________ 28 7 References ________________________________________________________________ 28 8 Appendix _________________________________________________________________ 35 8.1 Data Collection and Analyses Steps _________________________________________ 35
1
1 INTRODUCTION
The continuous efforts towards further digitization and automation of business processes has led to an increasing set of complex information technology (IT) systems (Bowen, Cheung, & Rohde, 2007). The often overly complex systems implemented by firms do not always end up in success stories, resulting in immense losses (Bowen, Cheung, & Rohde, 2007). By one estimate, the top 500 firms lose $15 billion combined each year because of failed IT projects (Cohn & Robson, 2011).
IT has developed from being a separate function within a firm to a critical aspect crucial in the support, sustainability, and growth of the firm. The IT systems employed, however, constitute major investments and require proper management and governance, otherwise these systems will only impair the firm’s competitive position (Bowen, Cheung, & Rohde, 2007). As IT becomes increasingly more important, so does the need to effectively govern the decisions, policies, and expenditures made in this area. Management and governing bodies can no longer delegate, ignore, or avoid IT decisions, as firms are increasingly dependent on IT for survival and growth (De Haes & Van Grembergen, 2015). The growing importance of proper IT management, and the possible value generating aspect from these systems, gave momentum to IT governance.
There are numerous reasons for firms to try and implement these highly sophisticated systems, as they (might) allow for competitive advantage (Applegate, Austin, & Soule, 2008; Romney & Steinbart, 2012), enhanced reputation, trust, and reduced costs (Bowen, Cheung, & Rohde, 2007). Another important reason for more sophisticated IT systems is the fact that legislatures are enacting stricter corporate governance and financial regulation laws in response to corporate fraud such as with Enron and WorldCom. For example, in 2002, U.S. Congress passed the Sarbanes-Oxley act (‘SOX’) which requires publicly listed firms to reinforce IT-related internal control1 and corporate governance
because the data used in financial reporting are mainly based on IT systems (Lin, Guan, & Fang, 2010). The introduction of regulation (such as SOX) has contributed to the choice of firms to adopt more sophisticated systems, as management is held responsible for designing, establishing, and evaluating the internal controls necessary to produce accurate financial statements (Merhout & Havelka, 2008). Compliance with these regulations requires governance to conceptualize the important aspects of internal control within the IT context, an important aspect of IT governance (ITGI, 2004).
The increasing complexity of IT systems, such as Enterprise Resource Planning systems (ERP), is changing the way firms operate, and keeps raising the complexity level of the auditor’s work (AICPA,
1 SOX Section 404 requires public firms’ annual reports to include the firm’s own assessment of internal control over financial reporting, and an auditor's attestation (https://www.sec.gov/info/smallbus/404guide/intro.shtml)
2 1996). Professional standard setters for auditors state that auditors need to change their strategies in reaction to the all-encompassing changes in their clients’ Accounting Information System (AIS) systems (AICPA, 2001). The Public Company Accounting Oversight Board (PCAOB) and International Federation of Accountants (IFAC), for example, both explicitly state that auditors needs to obtain an understanding of how the firm uses IT and how IT affects the financial statements (IFAC, 2009; PCAOB, 2016). An example is the implementation of an ERP system within a major firm, which can increase audit-related risks and overall control risk for auditors (Hunton, Wright, & Wright, 2004). The aforementioned reasons point out that there is an ever growing demand for sophisticated IT systems within firms, which require proper IT governance, to ensure that the investments in IT will help achieve firm strategies, and result in compliance with the set of regulations and standards that have been introduced during this century. IT governance thus is an important aspect for both firm and auditor. Auditors will benefit from the successful design, establishment and evaluation of the internal controls, and their clients are able to further mitigate risks of material misstatements. The use of IT governance allows the auditor’s client to further align its strategic, compliance, and reporting objectives, and should increase the quality of the auditor’s work and create efficiency in the process. Accordingly, this thesis looks to answer the following research question: “Is the presence of IT
governance at audit clients associated with improved external audit quality and efficiency?”.
The aim of this thesis is to provide empirical support on the importance of IT governance for firms and help them in the choice to adopt IT governance methods to contribute to better IT/firm goal alignment, and thereby increasing external audit quality and efficiency. A quantitative research approach has been used to look at IT governance in a relatively large sample of U.S. listed firms for the fiscal year 2014. This thesis also seeks to contribute to the literature by considering a relatively large sample of firms and a range of audit quality and efficiency proxies to look at the relation with IT governance.
This thesis attempts to fill a piece of the gap between (academic) literature and practice by looking at the implementation of IT governance and the effects on the external auditor’s work. Attempts to fill the gap between literature and practice on IT governance has been the focus of researchers such as De Haes and Van Grembergen of the University of Antwerp, who, for example, have researched the Belgian financial services organizations for IT governance implementation (De Haes & Van Grembergen, 2008b). The concept of this research was inspired by a research performed by Pincus, Tian, Wellmeyer and Xu (2014), who looked at the presence of enterprise IT systems and the effects on the audit quality and efficiency.
3 The outline of this thesis is as follows, section two (Literature and Background) will introduce important theoretic aspects of the subjects in question, such as IT governance in general, and introduces testable hypotheses. Section three (Methodology) explains the methods used to test the hypotheses. Section four (Results) will present the results of the tests conducted in clear format and reasons behind supporting or non-supporting findings. Finally section five (Discussion and Conclusion) offers conclusive remarks and describes the findings of this thesis.
2 LITERATURE AND BACKGROUND
2.1 CORPORATE GOVERNANCE AND AUDITING
The relationship -as described in the research question- requires understanding of several important theories and findings in prior literature. The basis of the tested relationship originates from corporate governance, which is an important concept within accounting research. It is essential to understand the relationship between corporate governance, IT governance, and accounting/auditing in order to be able to understand the hypothesis development for this thesis. Therefore this chapter starts with an in-depth overview on the concepts of corporate governance and the relationships with auditing.
Agency Theory and Corporate Governance
The following quote by Adam Smith (1776, p. 700) from his book ‘An Inquiry into the Nature and Causes of the Wealth of Nations’ shows that the subject of governance of firms is not something of recent development: “The directors of such companies, however, being the managers rather of other
people's money than of their own, it cannot well be expected, that they should watch over it with the same anxious vigilance with which the partners in a private copartnery frequently watch over their own .... Negligence and profusion, therefore, must always prevail, more or less in the management of the affairs of such a company.”. Smith puts emphasis on the asymmetry that exists between managers
and the owners (or shareholders) of the firm, and the need to monitor (watching over) the actions of management. This asymmetry is still one of the most important principles within the corporate governance literature.
Jensen and Meckling (1976) presented the “theory of the firm” in which they further analyzed the problems that occur with the separation between the manager (agents of the firm) and its outside equity and debt holders (principals of the firm). Jensen and Meckling (1976) define the relationship between agent and principal as “a contract under which one or more persons (the principal(s)) engage the
another person (the agent) to perform some service on their behalf which involves delegating some decision making authority to the agent”. The agent is believed to not always act in the best interest of
4 agent interests with that of the principal. Alignment can be established by using a set of incentives and by monitoring the agent’s activities. The activities incurred by principals to achieve better alignment can be described as agency costs, and include costs such as paying the agent for achieving shareholder related goals (incentives) or the costs for the set of monitoring systems (controls).
Several definitions of corporate governance exist, and the exact definition is still being debated by researchers. A few of these definitions of corporate governance have been found in the literature research for this thesis:
“Corporate governance is the system by which companies are directed and controlled” (The Committee on the Financial Aspects of Corporate Governance, 1992)
“Corporate governance deals with the ways in which suppliers of finance to corporations assure
themselves of getting a return on their investment” (Shleifer & Vishny, 1997)
“Corporate governance involves a set of relationships between a company’s management, its
board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined.” (OECD, 2004)
Gillan (2006) states that, irrespective of the particular definition used, corporate governance mechanisms (as a tool to reduce agency problems) are often viewed in one of two groups: mechanisms internal to firms, and those external to firms. According to Gillan (2006), the internal governance mechanisms includes Management (acting as shareholders’ agents, and have decision making authority on assets, finance, etc.) and the Board of Directors (‘BoD’, in charge with advising and monitoring management). The external governance mechanisms include the owners of the firm, being the debt and shareholders. Incorporating Jensen and Meckling (1976) their view on firms as a nexus of contracts into this model results into adding other (outside) participants. Figure 1 (adopted from Gillan, 2006) shows the firm as a nexus of contracts between the previously mentioned participants and adds important contracts with for example suppliers, employees, and customers.
5
Figure 1: Corporate governance as a nexus of contracts (Gillan, 2006, p. 3)
External Audit as Monitoring Mechanism
The profession of auditor -as described by Watts and Zimmerman (1983)- has long been self-regulated, as principals wanted to reduce agency problems (as described earlier) by monitoring the activities of the agents. However, financial reporting fraud and scandals over the last century (as mentioned in the introduction) have resulted in stronger regulations (such as SOX in 2002) for firms, requiring an independent audit by law for publicly listed U.S. firms. Regulations like SOX require firms to establish mechanisms focused at reducing agency losses, with emphasis on the publicly listed firms, as these firms have a greater separation between ownership and control, making the independent external audit even more important within corporate governance practices and for better (external) oversight on such firms.
The external audit (as part of the external monitoring aspect of corporate governance) provides an independent assessment of the accuracy and fairness of the financial statements, and assesses
whether the statements are in accordance with the generally accepted accounting principles (GAAP). An audit is described as “a systematic process of objectively obtaining and evaluating evidence
regarding assertions about economic actions and events to ascertain the degree of correspondence between these assertions and established criteria, and communicating the results to interested users”
(Hayes, Dassen, & Wallage, 2014). The function of auditing is to lend credibility (reasonable assurance) to the financial statements (Hayes, Dassen, & Wallage, 2014), and conclude that they are free of material mistakes.
The set of governance mechanisms that exist within corporate governance can be seen as checks and balances by principals to ensure that the agent acts in their best interest. The most important
6 mechanism for this thesis is the internal and external monitoring of the agents by auditors (hired by the firm’s BoD), to ensure that the claims made by management truly reflect the (financial) situation within the firm, reflected in the auditor’s opinion on the financial statements. Jensen and Meckling (1976) also mention the use of auditing as a method of controlling the behavior of the agent through monitoring.
Audit Quality and Audit Efficiency
The effectiveness and efficiency of the audit is commonly measured by two concepts, being audit quality and audit efficiency. Both concepts have been the major subject of academic research, which will be discussed in this section. The methods used to measure these two concepts will be given in the methodology section of this thesis.
Audit Quality
DeAngelo (1981) defines the quality of audit services as: “the market-assessed joint probability
that a given auditor will both (a) discover a breach in the client's accounting system, and (b) report the breach”. The probability to (a) discover a breach depends, according to DeAngelo, on the
technological capabilities, the audit procedures employed, and the extent of sampling (the competence of the auditor). The probability to (b) report a discovered breach is a measure of an auditor’s independence from the audit client (independence of the auditor) (Knechel & Sharma, 2012; PCAOB, 2013).
The concept of measuring the quality of the audit has been examined extensively by academic research. Past studies have focused on the observable signals of the quality of the audit, as assessing the quality of an audit ex ante is difficult. The only outcome of the audit is the audit report, which is ex post, and mostly consists of a predefined template (Francis J. R., 2004). According to Francis (2004), audit quality can range from very low to very high audit quality. Francis (2004) also finds that the overall level of audit quality has been acceptable over the past 25 years, and that audit failures are infrequent, and audits are relatively low cost for the client. Audit failures occur on the lower end of the quality spectrum and result in potentially misleading financial statements for the users. DeAngelo (1981) suggests that the size of the audit firm positively affects the independence of the audit, and thus increases audit quality. Other research supports the notion that larger audit firms supply higher quality audits. Accordingly, Big 4 audit firms (KPMG, PwC, EY, and Deloitte) are sued relatively less frequently, and sanctioned less frequently (when controlling for client size) by the Securities and Exchange Commission (‘SEC’) (Palmrose, 1988; Feroz, Park, & Pastena, 1991). More related to IT is, for example, research by Pincus et al. (2014), who find that the auditor’s ability to audit complex
7 information systems environments affect the quality of the audits. Dechow and Mouritsen (2005) identifies that advanced enterprise system implementation help financial reporting and result in better assurance of accounting information. Furthermore, a survey by Nwankpa and Datta (2012) documented that auditors regard enterprise systems as a positive factor on audit quality.
Audit Efficiency
Pincus et al. (2014) define audit efficiency as: “the ability of auditors to gather sufficient
appropriate evidence to meet audit objectives while minimizing effort and time, and thus cost”. Within
this context, a highly efficient audit would be conducted when the lowest amount of effort and time is consumed by the auditor in his/her activities, whilst not compromising audit quality.
Evidence on the effects that IT systems have on the auditor’s work suggest that internal control monitoring technology improves internal control effectiveness, and thereby reducing audit fees and the likelihood of audit delays, and thus resulting in a higher audit efficiency (Masli, Peters, Richardson, & Sanchez, 2010). The link between audit effort and audit fee has been well-established by prior studies (Hogan & Wilkins, 2008; Bell, Landsman, & Shackelford, 2001; Bedard & Johnstone, 2006). All other things being equal, the presence of IT governance should result in lower audit fees.
Pincus et al. (2014) indicate that because auditors’ internal control assessment and substantive testing are primarily based on the risks that are associated with the client’s accounting information system, a lack of understanding of those systems by the auditor can significantly impact the quality and efficiency of the auditors’ work. Improvements by the audit client in his/her accounting information system allows for improvements in the evidence gathering process by the auditor, and hold the potential to increase the auditors’ assurance over management assumption and allows for timely auditing reporting (Kuhn & Sutton, 2010). Bronson et al. (2011) show that the recently enacted changes in accelerated reporting deadlines and changes in internal control attestation and documentation requirements created significant challenges for auditors, potentially resulting in more filing delays. Ettredge et al. (2006) find that the increase in audit and filing delays in the years after SOX was implemented led to concerns for both auditor and client. In response the PCAOB issued AS 5 (Public Company Accounting Oversight Board, 2007) which encourages auditors to create more efficiencies within the audit process if the auditor has determined that the quality of the internal control systems is high.
2.2 IT GOVERNANCE
The relationship between the audit as a monitoring mechanism of corporate governance, and the governance of IT has yet to be described, therefore this section is dedicated to explaining this
8 relationship. This section begins with a brief introduction to IT systems, their added value, and introduces the elements of IT governance.
IT Systems, Corporate Governance and IT Governance
As previously mentioned, the growing importance of proper IT management, and the possible value generating aspect from these systems, gave momentum to IT governance.
IT governance is related to concepts of corporate governance, as described in previous sections. IT governance was defined by the IT Governance Institute (ITGI) in the late 1990s as: “the organizational
capacity exercised by the board, executive management, and IT management to control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT.” (Van
Grembergen, 2002). The most important aspect of this definition is ensuring that the entity can achieve its business strategies by proper formulation and implementation of their IT strategy. The definition and scope of IT governance has been under constant development by institutions such as the ITGI, whose focus is set on assisting enterprise leaders in their responsibility to make IT successful in supporting the enterprise’s mission and goals (ITGI, 2016).
Prior research on IT governance has found several interesting findings and theories. De Haes, Van Grembergen and Debreceny (2013) state that a common problem within IT governance is the added value of the often large-scale investments in IT, and that whilst investments in IT can have huge upsides, these upsides can only be accomplished if all management levels are actively engaged, and proper management processes and governance is present. Particular focus has been set on demonstrating the relationship between business/IT alignment and firm performance. Past research concludes that there is a positive, significant, and impactful linkage between IT governance mechanisms and strategic alignment, and between strategic alignment and firm performance (Chan & Reich, 2007; Bergeron, Raymond, & Rivard, 2003; Chan, Huff, Barclay, & Copeland, 1997; Sabherwal & Chan, 2001; Wu, Straub, & Liang, forthcoming). Several prominent IT governance researchers also emphasize that to make sure that corporate governance matters are covered, IT needs to be governed properly first. Corporate governance and IT governance should not be considered separately, but rather IT governance needs to be integrated into the overall governance structure (ITGI, 2003; Peterson, 2003; Duffy, 2002; Weill & Ross, 2004; De Haes & Van Grembergen, 2008b). Furthermore, De Haes and Van Grembergen (2008b) emphasize that IT governance best practices are different in different types of industries, whereas the financial services industry is considered the most highly dependent upon IT, which requires this industry to have a solid and broad IT governance framework implemented. The financial services industry is also one of the first industries to use IT and
9 as such is already more matured in these domains (Chiasson & Davidson, 2005). The latter is also confirmed by research of the IT Governance Institute (ITGI, 2006), which showed that the financial services industry is leading with 31% in having implemented IT governance.
IT Governance Elements: Structures, Processes, and Relational Mechanisms
Assessing the relative level of IT governance within a firm requires knowledge on the elements that form a successful IT governance system. Previous research showed that organizations can deploy IT governance by using a holistic mixture of various structures, processes, and relational mechanisms (Weill & Ross, 2004; Van Grembergen, 2004; De
Haes & Van Grembergen, 2009). This holistic mixture and important aspects of IT governance are discussed next. Emphasis is put on the structures aspect of IT governance, as it forms the theoretical basis for the measurement construct used in this thesis.
Structures
The structures aspect of IT governance consists of clearly set up organizational units and roles dedicated to making IT decisions, which are discussed between business and IT management levels for decision making (Peterson, 2003). This can be seen as a blueprint of how the governance framework will be structurally organized. An important example is the presence of a position within the management team that caries the responsibility of articulating and managing the IT strategy and aligning this with the overall strategy. This idea of “IT leadership” is usually found in the presence of a Chief Information Officer (CIO) position within the management team and has the role to ensure that the IT vision is clearly understood by managers throughout the organization. This high level focus of IT governance is confirmed in the definition of the concept. With this definition it is made clear that the key differentiating factors for successful IT governance lies in the involvement of board and executive and senior management (De Haes & Van Grembergen, 2008b; Wilkon & Chenhall, 2010). The involvement and support of senior management towards IT has also been emphasized in prior literature, and is consistently mentioned as an important factor for any successful organizational activity (Rockart & Scott-Morton, 1984; Jackson, 1986; Raghunathan & Raghunathan, 1990; Luftman, Papp, & Brier, 1999; Bowen, Cheung, & Rohde, 2007). A study by Luftman et al. (1999) found that senior management support for IT was the most important enabler of business and IT alignment. Preston et al. (2008) show that having a CIO within the organization with structural power and a good
Definition of IT governance: “the organizational capacity exercised by the board, executive management, and IT management to control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT”
10 relationship between the CIO and the other members of the top management team positively contributes to the CIO’s strategic decision making authority, which positively affects the perceived contribution of IT to firm performance. Ferguson et al. (2013) proposes that a highly positioned IT function within the organization will positively influence the level of effective IT governance. Thus, these studies reflect on the importance of support of the executive team in the implementation of effective IT governance.
Processes
Processes within IT governance consist of a formalized set of procedures for strategic IT decision making and monitoring. These procedures should ensure that daily activities within the firm are consistent with the procedures set by management and provides input back for decision making (Peterson, 2003). Bowen et al. (2007) state that IT governance should be seen as a continuous process, which provides transparent IT decision making, clear accountabilities, and acceptable and actionable IT measurements. Examples of IT governance processes are the use of advanced planning and goal achievement measuring systems, such as a Balanced Scorecard (Kaplan & Norton, 1992) and the COBIT framework (ITGI, 2007). These systems should allow management to integrate business processes with IT decisions, and implement and monitor the system effectiveness (Weill & Ross, 2004).
Relational Mechanism
The relational mechanisms consist of the active involvement and collaboration of top management, IT management and overall business management on IT decision communication, and include announcements, advocates, channels, education efforts, and active participation and collaboration between principle stakeholders (Peterson, 2003). Whilst structures and processes include the formalization of the organizational structure and daily work procedures, the relational mechanisms are aimed at aligning the mindsets and work methods within the firm towards the common goals set to align IT with the strategic goals. Firms can, for example, organize informal meetings between business and IT management to talk about general activities and directions (De Haes & Van Grembergen, 2009). Relational mechanisms are important for IT governance, as it is crucial for attaining and sustaining IT alignment, even when the correct structures and processes are present (De Haes & Van Grembergen, 2009).
Case studies indicate that most organizations are leveraging a mix of these elements, and that not one single approach exists applicable to all firms (De Haes & Van Grembergen, 2015). The mixture of elements selected by firms is based on their industry, size, culture, et cetera. Case studies also show
11 that organizations tend to find it much easier to implement structure in the firm, as opposed to processes. De Haes and Grembergen (2015) emphasize that structures, however cannot be effective without supporting processes or relational mechanisms.
Figure 2 shows the IT governance framework with examples within those elements.
Figure 2: IT governance framework (De Haes & Van Grembergen, 2008b)
2.3 HYPOTHESIS DEVELOPMENT
The research question, as given in the introduction, was defined as: “Is the presence of IT
governance at audit clients associated with improved external audit quality and efficiency?”. The
previously discussed findings in the literature section show that the external monitoring function (as part of corporate governance) of the auditor can be affected by the level of IT governance implemented by the client. Together, the improved alignment of IT goals with strategic, compliance, and reporting goals by using IT governance concepts by firms should enable auditors to perform its audit in a more effective and efficient way, thus improving the audit quality and audit efficiency. This leads to the following hypotheses:
Hypothesis 1 (H1): There is a positive relationship between the presence of IT governance elements and the external audit quality.
Hypothesis 2 (H2): There is a positive relationship between the presence of IT governance elements and the external audit efficiency.
IT Governance Framework
Structures
• Roles and responsibilities • IT organization structure • CIO on Board • IT strategy committee • IT steering committee(s) Processes • Strategic Information Systems Planning • IT Balanced Scorecard • SLAs
• COBIT and ITIL
• IT alignment / governance maturity models
Relational Mechanisms
• Active participation and collaboration between principle stakeholders • Partnership rewards and
incentives
• Business/IT co-location • Cross-functional
business/IT training and rotation
12 The following conceptual model can be drawn to illustrate the relationship:
Figure 3: Conceptual model of the relationship
3 METHODOLOGY
3.1 DATA AND SAMPLE SELECTION
In order to examine the hypotheses in this thesis, a quantitative research approach was chosen. Past research on IT governance has mostly been focused on a qualitative approach and looked at the actual implementation and configurations of aspects of IT governance by different types of firms, and the effects of these configurations. The choice for a quantitative research approach was made for this thesis, as it allows for extensive analysis on a large set of firms. The chosen research approach allows for a comparison on the effects of the independent variable (IT governance) on the dependent variables (audit quality and efficiency).
Data for this thesis is collected from several databases. The financial statement data is collected from COMPUSTAT2, the audit related data is collected from Audit Analytics3, and the board structure of the firms is collected from Orbis4. A clear requirement is the availability of all the relevant data to
compute each of the proxies to measure the relation between variables. The dataset covers the fiscal year 2014, as the dataset from Orbis includes the most recent information on board structures for the measurement of the independent variable, which will be further explained in the following sections.
The data gathered has been limited to U.S. publicly listed firms. The choice to limit the geographic area to the U.S. has been made because it is the largest economy in the world with large amounts of
2 COMPUSTAT is a comprehensive database managed by S&P (Standard & Poor’s) Global Market Intelligence. The database offers insight on financial and industry data, research, news and analytics to investment professionals, government agencies, corporations, and universities worldwide.
3 Audit Analytics, as managed by Ives Group Inc., is used by researchers around the world for market intelligence, due diligence, compliance monitoring and trend analysis on auditing and compliance.
4 Orbis is a database offered by Bureau van Dijk (BvD) and includes extensive information on around 200 million firms world-wide.
IT Governance
Audit Quality
Audit Efficiency Independent variable: Dependent variables:
13 publicly (audited) available data on its listed firms. Furthermore, the issuance of SOX in the U.S. allows for a more in-depth analysis, as it requires firms to report on important aspects of the variables. In summary, the analysis was done on 2,324 unique, publicly listed, U.S. firms over the year 2014.
The following sections will further dissect the elements of this thesis into measurable variables, which are collected from the previously mentioned datasets, and used for the statistical analyses.
3.2 AUDIT QUALITY AND EFFICIENCY MEASURES Audit Quality Measures
The measurement of audit quality can be done in both input and output measures. The audit quality input measures include client engagement- and auditor-specific measures, examples of which are the auditor-specific characteristics (Gul, Wu, & Yang, 2013), the technical competency of an engagement team, the extent to which the audit was performed in accordance with GAAP, etc. Although these input measures are important contributors to audit quality, the actual measurement of these factors is difficult, as they are largely unobservable and of proprietary nature (Pincus, Tian, Wellmeyer, & Xu, 2014). Therefore, the choice of measuring audit quality has been set on audit quality outputs, which are more readily observable. The audit quality output measures look at the effectiveness of the audit and range the audit quality between low and high in terms of negative or positive outcomes. An example of a negative outcome of an audit/low quality audit is a failure to discover internal control material weaknesses in misstatement years. A positive outcome, for the audit quality of an audit, would be the signaling that a client is not a going concern.
Several outcome related audit quality measures have been selected to measure the level of audit quality in this thesis, which will be explained in this section.
Going concern (GC)
The audit report is one of the most observable outputs of the audit that provides measures of audit quality. Carson et al. (2013), for example, looked at the reactions by users on a going concern opinion of the financial reports and found that going concern opinions indicate higher audit quality. Other studies also document this same relationship between higher quality audits and the likelihood that the auditor identifies going concern problems and the eventual going concern opinion given (Chen, Sun, & Wu, 2010; Reichelt & Wang, 2010; Francis & Yu, 2009). Accordingly, the occurrence of a going concern opinion signals high audit quality for the tested relationship in this thesis. It is predicted that there is a positive relationship between going concern opinions and IT governance.
14
Restatements (RESTATE)
The unqualified opinion, given by the auditor, lends credibility (reasonable assurance) to the financial statements, that they are free of material misstatements. The restatement of these financial statements due to ex post identified material misstatements that should have been detected by the auditor, is a clear indication that the auditor’s opinion was incorrect, thus resulting in a lower audit quality indicator. This relationship between low audit quality and restatements is supported by prior research (Chin & Chi, 2009; Stanley & DeZoort, 2007). Accordingly, there should be fewer restatements for firms that are actively engaged in IT governance, indicating higher audit quality.
Material weaknesses (MW)
Another output measure for audit quality has come in existence since the introduction of SOX in 2002. SOX Section 404 requires firms to include a statement regarding, and auditors separately assess the effectiveness of, firms’ internal control over financial reporting (SEC, 2003). Section 404 requires auditors to disclose whether material weaknesses are present in the firm’s set of internal control. Whereas material weaknesses are signals that can indicate a possibility to material misstatements. A reported material weakness by the auditor can help in assessing the quality of the audit by examining whether a material weakness disclosure is reported by the auditor in the year when a misstatement occurs (Rice & Weber, 2012) or in any year leading up to a restatement announcement. Prior literature also acknowledges that when restatements are a clear indicator of poor accounting quality (Hribar & Jenkins, 2004), and that indicator is associated with weaknesses in set of internal control (Ashbaugh-Skaife, Collins, & Kinney, 2007; Doyle, Ge, & McVay, 2007), then signs from the auditor would imply that material weakness disclosures should be reported in a period when there is a financial statement misstatement or in subsequent years in advance of the restatement. Thus, a reported material weakness in years before a restatement announcement indicates higher audit quality, as the auditor was accurate in assessing the weakness before the restatement. Rice and Weber (2012) found that a large number of material weaknesses are not reported in a timely manner. For this thesis, the occurrence of a material weakness disclosure should be more frequent with better IT governance. Accordingly, a positive relation is expected between IT governance and material weaknesses.
Internal Control Effectiveness (IC_EFF)
As with the previous described output measure (MW), the auditor’s opinion on the effectiveness of the internal controls within the audit clients’ firm is a signal of high audit quality. The presence of material weaknesses signals the auditor that the client does not have an effective set of internal control. Under SOX and PCAOB standards, the auditor should reflect on the effectiveness of internal control, and give an opinion. A signal that the internal control is not effective reflects higher audit quality. It is
15 expected that an ineffective set of internal control is more easily detected with IT governance present within the audit client’s firm.
Audit Efficiency Measures
The measurement of audit efficiency is also based on output measures that reflect the extent and timing of the auditors’ work, being the amount charged for the work (audit fees) and the filing delays recorded. Professional standards and prior literature defines audit efficiency as: “the ability of auditors
to gather sufficient appropriate evidence to meet audit objectives while minimizing effort and time, and thus cost” (PCAOB, 2007; Arens & Loebbecke, 1998). It is expected that IT governance affects
the efficiency of auditors’ work, the proxies for audit effort (as measured by the amount of audit fees charged) and audit time (report delay) should reflect this effect.
Filing Delay (DELAY)
The importance of timeliness of the audit report is recognized by auditors and regulators, and this importance is supported in academic literature (Bamber, Bamber, & Schoderbek, 1993; Ettredge, Li, & Sun, 2006). In this thesis, efficiencies are examined in the timeliness of auditor’s work. If IT governance positively influences efficiency, then the likelihood of delays in clients’ filing of their Form 10-K should be reduced. A lower probability of 10-K filing delays is expected with IT governance present.
Audit Fees (FEES)
It is recognized in prior studies that the there is a clear link between the degree of audit effort and the total amount of audit fees (Hogan & Wilkins, 2008; Bell, Landsman, & Shackelford, 2001; Bedard & Johnstone, 2006). The presence of IT governance should therefore result in lower audit fees, as it allows for more efficient audits. In this thesis, audit fees are used as a proxy for audit effort.
3.3 IT GOVERNANCE CONSTITUENTS
The presence of IT governance itself is not directly measurable, or accessible from a dataset. There is not a requirement for firms to report on the active involvement in IT governance and its constituents, making it tough to analyze the sample to determine if constituents of IT governance are implemented or not. Although direct measurement is difficult, indirect measurement is possible by adopting a proxy. In this thesis a proxy is chosen to reflect whether or not an audit client has implemented constituents of IT governance, resulting in one variable: ITG_variable, this variable equals one (1) if the firm has implemented a constituents of IT governance, and zero (0) otherwise.
As previously mentioned, one of the most important constituent of IT governance is the presence of a CIO within the firm, as the CIO drives and directs IT governance. The CIO is the leader for the
16 concept of IT governance, as he/she is held accountable for the effective governance of the set of information systems (part of Structures). Thus the presence of a CIO a self-chosen construct and measurable concept for this thesis.
3.4 REGRESSION MODELS
The regression models for this thesis relates the dependent variables (audit quality and efficiency measures) to the independent variable (IT governance). Several equations have been used in this thesis from previous research to relate the IT governance measure to the audit quality and efficiency measures. Following previous research, appropriate control variables have been added that vary across the dependent variables.
The first equation (1) is used to estimate the effects of one of the dependent variables, being the going concern (GC) opinions given by the auditor. IT governance should be associated with higher audit quality, the issuance of a going concern opinion should reflect higher audit quality. The following equation (1) can be computed:
𝐺𝐶𝑖 = 𝛼 + 𝛾(𝐼𝑇𝐺 𝑣𝑎𝑟𝑖𝑎𝑏𝑙𝑒𝑖) + 𝛽(𝐶𝑜𝑛𝑡𝑟𝑜𝑙 𝑠𝑒𝑡 1𝑖) + 𝜀𝑖
where subscript i equals the index firm, and
GC = going concern, measure that equals one if the firm received a going concern opinion in 2014, or zero otherwise (Audit Analytics);
ITG variable = the presence of a CIO as a measure adopted in this thesis to assess whether IT governance practices are present;
Control set 1 = a set of control variables as follows:
SIZE = firm size, the natural logarithm (log) of the firm’s equity market value (Compustat: CSHO*PRCC_F);
ZSCORE_DUM = one if Altman’s Z-score is ≤ 1.81, and zero otherwise;
INDUSTRY = industry dummy, one if SIC between 6000 and 6799, zero otherwise.
The set of control variables are included into the equation, following previous research. A control has been included for SIZE as large client firms are expected to have more stable and predictable operations, resulting in higher audit quality (Dechow & Dichev, 2002). A dummy variable has been added to control for financial distress (ZSCORE_DUM) since firms with a high likelihood of financial distress are likely candidates for a going concern opinion (Pincus, Tian, Wellmeyer, & Xu, 2014). An industry control variable is included (INDUSTRY) to control for the difference in the extent to which
17 firms implement IT governance aspects, as the financial sector (SIC 6000-6799) has the highest adoption rate compared to other industries. A probit regression analysis is used, as the value of GC can only assume two values, a one or a zero (binary).
The second equation (2) is used to estimate the effects on the restatements, material weaknesses in misstatement years, and one of the audit efficiency measures, being the filing delays. The following equation (2) can be computed:
𝑅𝐸𝑆𝑇𝐴𝑇𝐸𝑖/𝑀𝑊𝑖/𝐼𝐶_𝐸𝐹𝐹𝑖/𝐷𝐸𝐿𝐴𝑌𝑖
= 𝛼 + 𝛾(𝐼𝑇𝐺 𝑣𝑎𝑟𝑖𝑎𝑏𝑙𝑒𝑖) + 𝛽(𝐶𝑜𝑛𝑡𝑟𝑜𝑙 𝑠𝑒𝑡 1𝑖) + 𝜂(𝑁𝑈𝑀_𝑆𝐸𝐺𝑖) + 𝜀𝑖
where subscript i equals the index firm, and
RESTATE = indicator that equals one if a firm’s annual earnings are restated in 2014, zero otherwise (Audit Analytics);
MW = indicator that equals one if one or more material weaknesses are reported in 2014, zero otherwise (Audit Analytics);
IC_EFF = indicator that equals one if the auditor has concluded that an effective set of internal controls was present in 2014;
DELAY = indicator that equals one if a firm files its Form 10-K late in 2014, zero otherwise (Audit Analytics);
ITG variables = the presence of a CIO as a measure adopted in this thesis to assess whether IT governance practices are present;
Control set 1 = see equation 1 control set;
NUM_SEG = the number of business segments a firm has in 2014 (Compustat Segment Data).
As well as incorporating the control set of equation 1, NUM_SEG is added as a control variable in this equation. The complexity of the operations (NUM_SEG) is taken into consideration, as firm complexity may be associated with a greater likelihood of restatements, material weaknesses, and a possible delay as it requires more time to complete an audit for these firms. Again, a probit regression analysis is used for these variables, as they are binary.
Lastly, the third equation (3) is used to estimate the effects on the audit fees. The equation is based on previous research (Venkataraman, Weber, & Willenborg, 2008; Lyon & Maher, 2005; Choi, Kim, Liu, & Simunic, 2009; Hay, Knechel, & Wong, 2006).
18 𝐹𝐸𝐸𝑆𝑖 = 𝛼 + 𝛾(𝐼𝑇𝐺 𝑣𝑎𝑟𝑖𝑎𝑏𝑙𝑒𝑖) + 𝛽(𝐶𝑜𝑛𝑡𝑟𝑜𝑙 𝑠𝑒𝑡 3𝑖) + 𝜀𝑖
where subscript i equals the index firm, and
FEES = natural logarithm of the average audit fees paid to the auditor over
the year t, …, t-4
ITG variables = the presence of a CIO as a measure adopted in this thesis to assess whether IT governance practices are present;
Control set 3 = set of control variables, including ZSCORE_DUM and industry dummies, as previously defined, plus the following variables;
ASSETS = the natural logarithm of total assets in 2014 (Compustat: AT);
GC = indicator variable equals one if a firm’s auditor issued a going
concern opinion in 2014, and zero otherwise (Audit Analytics);
BIG4 = indicator variable that equals one if a firm is audited by a Big 4 auditor, and zero otherwise (Audit Analytics);
RECEIVABLES = accounts receivables / total assets in 2014 (Compustat: RECT/AT);
LEVERAGE = total liabilities / total assets in 2014 (Compustat: LT/AT).
An additional set of control variables (Control set 3) is added for this equation to reflect on the difficulty in auditing (RECEIVABLES, ASSETS) and auditor quality (BIG4, GC). FEES is analyzed using an Ordinary Least Squared (linear) regression analysis.
3.5 VALIDITY AND RELIABILITY ISSUES
Several issues concerning the validity and reliability of the methods used in this study need to be addressed. As the assessment of a level of IT governance within a firm is tough, a construct is developed within this thesis to measure if IT governance elements are adopted. The presence of a CIO within a firm, although grounded by previous research as one of the most important aspect of IT governance, does not allow for the most accurate assessment of the complete concept of IT governance. Thus, the assessment of IT governance in this study has low construct validity, as it is a self-proposed construct which has not been previously used to measure the presence of IT governance. Furthermore, the historical data concerning the presence of a CIO within a firm was only accessible for the year 2014/2015. The choice has been made to use the latest available data on the sample their board members to assess the presence of a CIO, being from the year 2015. This data was then used to presume that the position was also filled in the year of 2014, being the year of analysis, as all audited data is relevant to that year. Also, generalizability issues occur when choices are made for certain
19 geographical areas or types of firms. The choice to limit the analyses to U.S. publicly listed firms thus influences generalizability for the results of this thesis.
4 RESULTS
4.1 DESCRIPTIVE STATISTICS
This section is dedicated to presenting the results of the performed analyses on the gathered data. The analyses were performed on a dataset of 2,324 unique publicly listed U.S. firms. A significant amount of firms had to be dropped from the dataset (decrease from around 10,460 firms to 2,324), as some of the information on key variables were missing. Furthermore, the continuous variables were winsorized to account for outliers within the 1st and 99th percentile, and normal distribution is checked.
The variables used in the analysis, their definition, and source are shown in table 1.
Table 1: Variable overview, description, and sources
Variable Description Source
ITG variable IT Governance Measure: the presence of a CIO as an indicator measure adopted in this thesis to assess whether IT governance practices are present;
Orbis
GC Going Concern: measure that equals one if the firm received a going concern opinion in 2014, or zero otherwise;
Audit Analytics
SIZE Firm Size: the natural logarithm (log) of the firm’s equity market value; Compustat
ZSCORE_DUM Score Indicator: indicator that equals one if Altman (1968) model Z-score is ≤ 1.81, and zero otherwise;
Compustat
INDUSTRY Industry Dummy: indicator that equals one if SIC between 6000 and 6799, zero otherwise;
Compustat
RESTATE Restatement: indicator that equals one if a firm’s annual earnings are restated in 2014, zero otherwise;
Audit Analytics
MW Material Weaknesses: indicator that equals one if one or more material weaknesses are reported in 2014, zero otherwise;
Audit Analytics
IC_EFF Internal Control Effectiveness: indicator that equals one if the auditor has concluded that an effective set of internal controls was present in 2014;
Audit Analytics
DELAY Reporting Delay: indicator that equals one if a firm files its Form 10-K late in 2014, zero otherwise;
20
NUM_SEG Number of business segments a firm has in 2014; Compustat
FEES Audit Fees: natural logarithm of the average audit fees paid to the auditor over the year t, …, t-4;
Audit Analytics
ASSETS Assets: natural logarithm of total assets in 2014; Compustat
BIG4 Big 4 Auditor: indicator variable that equals one if a firm is audited by a Big 4 auditor, and zero otherwise;
Audit Analytics
RECEIVABLES Receivables: calculated as accounts receivables / total assets in 2014; Compustat
LEVERAGE Leverage: calculated as total liabilities / total assets in 2014. Compustat
The dataset covers all U.S. industries, resulting in a diverse sample that covers 48 industries (resulting from the Fama & French Industry Classification analysis on US SIC codes), as shown in table 2.
Table 2: Industry Distribution (Following Fama & French Industry Classifications)
SIC 48 Industry Frequency Percent
1 Agriculture 4 0.17
2 Food Products 22 0.95
3 Candy & Soda 11 0.47
4 Beer & Liquor 7 0.30
5 Tobacco Products 4 0.17
6 Recreation 15 0.65
7 Entertainment 26 1.12
8 Printing and Publishing 9 0.39
9 Consumer Goods 29 1.25 10 Apparel 7 0.30 11 Healthcare 59 2.54 12 Medical Equipment 91 3.92 13 Pharmaceutical Products 257 11.06 14 Chemicals 53 2.28
15 Rubber and Plastic Products 15 0.65
16 Textiles 6 0.26
17 Construction Materials 36 1.55
18 Construction 26 1.12
19 Steel Works Etc. 26 1.12
20 Fabricated Products 5 0.22
21 Machinery 71 3.06
22 Electrical Equipment 33 1.42
23 Automobiles and Trucks 40 1.72
24 Aircraft 9 0.39
25 Shipbuilding, Railroad Equipment 6 0.26
21
27 Precious Metals 9 0.39
28 Non-Metallic and Industrial Metal Mining 15 0.65
29 Coal 5 0.22
30 Petroleum and Natural Gas 172 7.40
31 Utilities 73 3.14 32 Communication 74 3.18 33 Personal Services 21 0.90 34 Business Services 341 14.67 35 Computers 52 2.24 36 Electronic Equipment 99 4.26
37 Measuring and Control Equipment 40 1.72
38 Business Supplies 22 0.95
39 Shipping Containers 5 0.22
40 Transportation 71 3.06
41 Wholesale 77 3.31
42 Retail 43 1.85
43 Restaurants, Hotels, Motels 36 1.55
44 Banking 21 0.90 45 Insurance 38 1.64 46 Real Estate 18 0.77 47 Trading 189 8.13 48 Other 32 1.38 Total 2,324 100
The dataset was analyzed on the presence of the independent variable (IT governance) as measured by the presence of a CIO within the firm. Of the total of 2,234 firms analyzed, 305 (13.12%) reported the presence of a CIO within the firm, as shown by table 3.
Table 3: Sample ITG Distribution
ITG variable Frequency Percentage Cum.
Non-ITG (0) 2,019 86.88 86.88
ITG (1) 305 13.12 100
22 The following table (4) summarizes the descriptive statistics per variable.
Table 4: Summary Statistics (ITG versus Non-ITG)
ITG Non-ITG ITG vs Non-ITG
Variable Freq. Mean Median Std. Dev. Freq. Mean Median Std. Dev. Mean
Difference Median Difference Dep. Variables GC 305 0.0066 0.0000 0.0808 2019 0.1342 0.0000 0.3410 -0.1277 * N/A RESTATE 305 0.0951 0.0000 0.2938 2019 0.1075 0.0000 0.3098 -0.0124 N/A MW 305 0.1565 0.0000 0.1947 2019 0.0393 0.0000 0.3634 0.1172 * N/A IC_EFF 305 0.9607 1.0000 0.1947 2019 0.8430 1.0000 0.3639 0.1177 * N/A DELAY 305 0.0426 0.0000 0.2023 2019 0.1407 0.0000 0.3478 -0.0980 * N/A FEES 305 14.8763 14.9116 1.1229 2017 13.2795 13.4465 1.4627 1.5968 * 1.4651 Control Set 1 SIZE 305 8.2824 8.3531 1.7974 2019 5.6762 5.9278 2.3478 2.6062 * 2.4253 ZSCORE_DUM 305 0.2918 0.0000 0.4553 2019 0.3695 0.0000 0.4828 -0.0777 * N/A INDUSTRY 305 0.0951 0.0000 0.2938 2019 0.1174 0.0000 0.3220 -0.0223 N/A Control Set 2 NUM_SEG 305 3.1639 3.0000 2.1181 2019 2.0674 1.0000 1.6210 1.0966 * 2.0000 Control Set 3 ASSETS 305 7.4418 8.0000 1.0366 2019 5.3342 5.6639 2.1796 2.1075 * 2.3361 BIG4 305 0.8984 1.0000 0.3027 2019 0.5671 1.0000 0.4956 0.3312 * N/A RECEIVABLES 305 0.1406 0.1011 0.1293 2019 0.1325 0.0935 0.1398 0.0081 0.0075 LEVERAGE 305 0.6356 0.6185 0.2402 2019 0.8489 0.5352 1.7655 -0.2133 * 0.0832 * p<0.01 = Significance level, based on t-tests (continuous variables) and chi-square statistics (indicator variables). GC, RESTATE, MW, IC_EFF, DELAY, and BIG4 are indicator variables, FEES, SIZE, ZSCORE_DUM, NUM_SEG, ASSETS, RECEIVABLES, and LEVERAGE are continuous variables. Continuous variables have been checked for variance equivalence. Levene’s test is employed for unequal variances, which was the case for all variables except for RECEIVABLES.
23 As shown in table 4 the mean comparisons between ITG vs. non-ITG firms show that GC occurs less in ITG firms (0.0066) than in non-ITG firms (0.1342), a difference of -0.1277, which is significantly lower. The total number of GC for ITG firms is only 2 out of 305 firms, whereas non-ITG firms reported 271 GC for a total of 2,019 firms. The number of restatements (RESTATE) is not significantly lower between the two groups, with ITG firms on 0.0951 and non-ITG on 0.1075, a difference of -0.0124 is reported between the two. A total of 29 out of 305 firms reported a restatement, whereas 217 out of 2019 firms reported a restatement in 2014. The mean occurrence of a material weakness reported (MW) is 0.1565 for ITG firms, versus 0.0393 for non-ITG firms, which is significantly lower, with a difference of 0.1172. Again, 12 out of 305 ITG firms reported one or more material weakness, whereas 316 out of 2,019 non-ITG firms did as well. For the effective internal controls (IC_EFF) a significant difference of 0.1177 is found. 12 out of 305 firms reported ineffective internal controls, whereas 317 out of 2,019 firms reported it for the non-ITG group. The mean number of filing delays for ITG firms was 0.0426, which is significantly lower than 0.1407 for non-ITG firms. A total number of 13 out of 305 firms with ITG filed for a delay, versus 284 out of 2,019 filed for non-ITG firms. The audit fees (FEES) for non-ITG firms was significantly higher (14.8763) versus the audit fee for non-ITG firms (13.2795).
Correlation results between the variables are reported in table 5, on the next page.
The correlation matrix shows that ITG (ITG_Variable) is negatively correlated with GC, MW, and
DELAY, whilst a positive correlation is reported with IC_EFF and FEES. The correlation RESTATE
with ITG_Variable is not significant. Furthermore, the correlation matrix shows high correlations between several variables, such as the presence of an effective internal control (IC_EFF) and reported material weaknesses (MW), which is obvious and follows the predicted pattern, as material weaknesses are a result of ineffective internal controls. Highly correlated variables have been analyzed for multicollinearity by assessing the variance inflation factor (VIF). For FEES (as an OLS regression analysis is used for this variable) no changes have been based on the high correlation, as the VIF analysis did not prove this to be necessary (no VIF above the value of 10).
24
Table 5: Summary Statistics and Correlations of Variables (Matrix)
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12) (13) (14) (15) Mean 0.131 0.117 0.106 0.141 0.858 0.128 13.489 6.018 0.359 2.211 5.611 0.611 0.134 0.114 0.821 St.Dev 0.338 0.322 0.308 0.348 0.349 0.334 1.521 2.447 0.480 1.734 2.185 0.488 0.138 0.318 1.649 ITG_Variable (1) 1.000 GC (2) -0.134 * 1.000 RESTATE (3) -0.014 0.031 1.000 MW (4) -0.114 * 0.424 * 0.130 * 1.000 IC_EFF (5) 0.114 * -0.427 * -0.125 * -0.991 * 1.000 DELAY (6) -0.099 * 0.441 * 0.111 * 0.500 * -0.506 * 1.000 FEES (7) 0.355 * -0.506 * 0.054 * -0.356 * 0.360 * -0.390 * 1.000 SIZE (8) 0.360 * -0.524 * 0.010 -0.371 * 0.371 * -0.391 * 0.826 * 1.000 ZSCORE_DUM (9) -0.055 * 0.354 * 0.025 0.204 * -0.206 * 0.221 * -0.229 * -0.365 * 1.000 NUM_SEG (10) 0.214 * -0.181 * 0.029 -0.114 * 0.112 * -0.087 * 0.440 * 0.356 * -0.080 1.000 ASSETS (11) 0.326 * -0.580 * 0.040 -0.393 * 0.394 * -0.401 * 0.864 * 0.859 * -0.298 * 0.408 * 1.000 BIG4 (12) 0.229 * -0.383 * 0.068 * -0.303 * 0.304 * -0.326 * 0.702 * 0.643 * -0.219 * 0.230 * 0.657 * 1.000 RECEIVABLES (13) 0.020 0.033 0.015 0.047 * -0.042 * 0.093 * -0.071 * -0.151 * -0.104 * 0.061 * -0.117 * -0.124 * 1.000 INDUSTRY (14) -0.024 -0.068 * -0.005 -0.067 * 0.068 * 0.060 * 0.006 0.011 -0.206 * -0.028 * 0.106 * 0.027 0.063 * 1.000 LEVERAGE (15) -0.044 * 0.437 * 0.040 0.040 -0.251 * 0.299 * -0.269 * -0.302 * 0.244 * -0.081 * -0.322 * -0.192 * 0.164 * -0.024 1.000
25
4.2 REGRESSION RESULTS
Regression analyses have been performed to test the hypotheses of the relationship between audit quality and efficiency and the ITG variable. As previously stated, the indicator variables (GC,
RESTATE, MW, IC_EFF, DELAY) have been analyzed by using the probit regression model and the
continuous variable (FEES) by using an OLS model. For most dependent variables the regression analyses do not support H1 or H2, as p-values are below significance levels (p<0.05), as shown in table 6.
Table 6: Regression Results
GC (1) RESTATE (1) MW (1) IC_EFF (1) DELAY (1) FEES (2) ITG_Variable -0.047 -0.224 -0.024 0.024 0.008 0.171 *** (0.037) (0.021) (0.028) (0.028) (0.025) (0.044) SIZE -0.05 *** 0.003 -0.045 *** 0.045 *** -0.047 *** 0.166 *** (0.002) (0.003) (0.003) (0.003) (0.003) (0.012) ZSCORE_DUM 0.07 *** 0.022 0.028 -0.029 * 0.030 * 0.219 *** (0.011) (0.014) (0.014) (0.015) (0.014) (0.033) INDUSTRY -0.268 0.001 -0.054 * 0.054 * 0.023 -0.188 *** (0.020) (0.021) (0.024) (0.024) (0.023) (0.045) NUM_SEG 0.005 0.001 -0.002 0.004 * 0.085 *** (0.004) (0.005) (0.005) (0.004) (0.009) ASSETS 0.322 *** (0.014) GC -0.103 (0.056) BIG4 0.654 *** (0.038) RECEIVABLES 0.598 *** (0.104) LEVERAGE -0.007 (0.009) N 2,324 2,324 2,324 2,324 2,324 2,322
t statistics in parentheses, * p<0.05, ** p<0.01, *** p<0.001 = Significance level, based on PROBIT analyses for indicator variables, and OLS for continuous variable (2). PROBIT analyses were followed by analyses on marginal effects of the variable (1).
For GC, as previously stated, the regression analysis does not support H1 or H2, with a P-value of 0.208. The number of restatements (RESTATE) shows negative coefficient (-0.123), but insignificant (p=0.278), just as MW (-0.129, p=0.399), IC_EFF (0.131, p=0.391), and DELAY (0.047, p=0.760).
FEES, however, shows a positive coefficient of 0.171 and significant (p=0.000), but does not support
either hypotheses, as H2 hypothesized a lower fee for ITG firms. For FEES a separate OLS regression has been performed to check if the highly correlated variables, as previously described, influenced the
26 outcome. Although the correlating variables did show influence on the regression, the results still point towards a positive and significant outcome, not supporting H2.
5 DISCUSSION AND CONCLUSION
In this section the findings of this thesis are summarized, discussed, and conclusions are drawn. The relationship between the findings within this thesis and those of previous research is given in an attempt to clarify why the results turned out the way they did.
The research question, as given in the introduction, was defined as: “Is the presence of IT
governance at audit clients associated with improved external audit quality and efficiency?”. This
research question was then split into two hypotheses, being H1: “There is a positive relationship
between the presence of IT governance elements and the external audit quality.”, and H2: “There is a positive relationship between the presence of IT governance elements and the external audit efficiency”. Both hypotheses were testable by adopting a set of proxies as previously defined in other
research, being GC, RESTATE, and MW for H1, and DELAY and FEES for H2.
The number of reported going concern opinions by auditors was expected to increase with the presence of ITG, as this indicated higher audit quality. The results of the performed analysis on GC, however, shows a negative relation between the ITG_Variable and the given going concern opinions by auditors. This finding shows that there is no support for H1, as less GC are reported with ITG (within this sample). A possible explanation is the presence of ITG influencing overall governance practices in a positive way, thereby resulting in less going concern opinions, as firms are governed better. Pincus et al. (2014) reported a similar outcome for this variable when looking at the effects of enterprise systems on going concern opinions.
The presence of ITG was predicted to lower the amount of restatements (RESTATE), signaling higher audit quality. There was a small difference in means between the ITG and non-ITG group, but insignificant. The negative, but insignificant, coefficient for RESTATE show that there is slight difference between the two groups within this sample, but it cannot be assumed that this will hold up for the population.
ITG was predicted to increase the amount of material weaknesses (MW) found by auditors, as reported by an indicator variable, indicating higher audit quality. A significant mean difference was found between the two groups, with ITG firms having higher reported material weaknesses by auditors. However, MW is negatively correlated and shows a negative, insignificant, coefficient. For IC_EFF, ITG firms reported a higher amount of effective set of internal controls, as was predicted for higher
