Appendix Appendix Appendix Appendix

(1)

Appendix

‘The creation

of the

Sox Acceptance Framework’

Barbara Hammink

University of Groningen

Faculty Management and Organization

(2)

Table of Contents Appendix

TABLE OF CONTENTS APPENDIX ... 2

APPENDIX 1 DATA COLLECTION METHODS... 3

APPENDIX 2 RESEARCH PLANNING... 4

APPENDIX 3 CONTROL ENVIRONMENT ... 5

APPENDIX 4 SECTION 302 ... 7

APPENDIX 5 SECTION 404 ... 8

APPENDIX 6 TITLES OF THE SARBANES-OXLEY ACT 2002 ... 8

APPENDIX 7 AUDITOR INDEPENDENCE ... 9

APPENDIX 8 SELF ASSESSMENT ...10

APPENDIX 9 RELIABILITY ANALYSIS ...16

(3)

Appendix 1 Data Collection Methods

Table A1 provides an overview of the different data methods and data sources that are used during the research (De Leeuw, 1996).

Sub Sub Sub

Sub----QuestionQuestionQuestionQuestion MethodMethod MethodMethod Data Source Data Source Data Source Data Source Chapter 2

Chapter 2 Chapter 2 Chapter 2

1. What is internal control? Desk research - COSO Report 1994

- Reports E&Y, Deloitte, KPMG and PWC

- Sara Lee Project Overview Chapter 3

2. What is the Sarbanes-Oxley Act 2002?

3. What is the Sarbanes-Oxley Act section 302? 4. What is the Sarbanes-Oxley Act section 404?

Desk research

- Journals / Articles/ Newspapers - Sarbanes-Oxley Act 2002 - Internet

- Reports E&Y, Deloitte KPMG & PwC

- Sara Lee Project overview Chapter 4

Chapter 4 Chapter 4 Chapter 4 5. What is the influence of the implementation of

the Sarbanes-Oxley Act 2002 on the internal control process?

Desk research - Journals / Articles/ Newspapers - Sarbanes-Oxley Act 2002 - Internet

Chapter 5 Chapter 5 Chapter 5 6. What theoretical insights of acceptance are

relevant to describe the acceptance of the changes resulting from the Sarbanes-Oxley Act 2002

Desk research - Journals / Articles/ Newspapers - Books - Internet Chapter 6 Chapter 6 Chapter 6 Chapter 6 7. How can the acceptance of the changes within

the internal control process resulting from the Sarbanes-Oxley Act 2002 be measured?

8. What are the results of measuring the user acceptance in a real life case?

Desk research Field research

- Journals / Articles/ Newspapers - Books

- Internet

- Survey: Self Assessment

(4)

Appendix 2 Research Planning

Table Appendix 2: Research Planning

May May May May June JuneJune

June Research FrameworkResearch Framework Research FrameworkResearch Framework

July JulyJuly

July COSOCOSO----FrameworkCOSOCOSOFrameworkFrameworkFramework

August August August August September September September September October October October October Empirical research Empirical research Empirical research Empirical research November November November November

Emperical research & results Emperical research & results Emperical research & results Emperical research & results Identify subject & Research Proposal Identify subject & Research ProposalIdentify subject & Research Proposal Identify subject & Research Proposal

Description Sox Description SoxDescription Sox Description Sox

Theory related to the Acceptance Theory related to the Acceptance Theory related to the Acceptance Theory related to the Acceptance

(5)

Appendix 3 Control Environment

The Control Environment component of the COSO framework consists of nine different factors that form the foundation for the other four components. This appendix gives an overview of these nine factors.

1. Integrity and Ethical Values

Ethical behaviour and management integrity are both a product of the organizational culture. Organizational objectives and the realisation of these objectives are based on preferences, judgements and management styles that are reflected by management’s integrity and commitment to ethical values. Top management sets the tone at the top and has a major influence on the integrity and ethical behaviour within the entire organization. By establishing ethical values top management must find a balance between the different needs of the organization, employees, suppliers, customers, competitors and the public. The design, diagnosis and monitoring of all the other internal control components is influenced by the integrity and ethical values of people.

2. Incentives and Temptations

Organizational factors can influence unethical behaviour and thereby influence the likelihood of fraudulent and questionable financial reporting practices. Organizational members can act unethical simply because the organization gives them strong incentives and temptations to do so. This can be due to incentives as unrealistic performance targets, high performance dependent rewards, and upper and lower cut-offs on bonus plans. Temptations that can cause employees to engage in unethical behaviour are for example nonexistent or ineffective controls, high decentralization and a weak audit function. The stringent regulation of SOx tends to reduce these incentives and temptations by putting appropriate controls in place.

3. Providing and Communicating Moral Guidance

Another cause of fraudulent and questionable reporting practices is ‘ignorance’. This means that people involved with organizations that dealt with unreliable financial reporting either did not know what they were doing wrong or believed that they were acting in the organization’s best interest. Most of the time ignorance is the result of poor moral background or guidance. Top management must show a good example and should communicate the ethical values and behavioural throughout the organization. This can be realised by setting a code of conduct that addresses a variety of behavioural issues, as integrity and ethics, conflicts of interest, improper payments and etcetera. However, the existence of a code of conduct is not enough. Besides creating a clear understanding of the code, employees must also reflect the code in their behaviour. This can be best ensured by top managements actions and examples like giving penalties when the code is violated and encouraging employees to report violations. Management could ensure this by their actions and examples.

4. Commitment and Competence

Management must indicate the required level of competence and translate this into the necessary knowledge and skills that depends on an individual’s intelligence, training and experience. Taking the organization’s objectives, management strategies and plans for achieving objectives into consideration management can decide how well these tasks must be accomplished. After this they are able to put the right person at the right place.

5. Board of Directors and Audit Committee

The board of directors and the audit committee have a major influence on the control environment and the tone ate the top. This is due to their independence from management, experience and status. The board of directors is critical to effective internal control. To perform the necessary governance, guidance and

(6)

This factor is about the affect that management’s philosophy and operating style has on the way the organization is managed. This includes risk taking policies, attitude toward financial reporting, the conservative or aggressive selection from available alternative accounting principles, conscientiousness and conservatism that develops accounting estimates, attitude toward data processing and accounting functions and personnel.

7. Organizational Structure

Within the organizational structure the organizational objectives are planned, executed, controlled and monitored. Defining key areas of authority and responsibility and reporting relationship are significant aspects of the organizational structure that influences the effectiveness of the internal control process. The organizational structure must be developed suited to the specific need of an organization. This depends on the level of decentralization, its size and the nature of the activities. Within all structures activities are organized to carry out the strategies and realise the organization’s objectives.

8. Assignment of Authority and Responsibility

Organizational members must be aware of the degree to which their actions interrelate and contribute to the achievement of the objectives. This factor contains the degree of authority and responsibility for operating activities, and regards the realisation of relationships and authorization protocols. Initiatives are encouraged and limited by alignment of authority and accountability, which has a great influence on the control environment.

Human Resource Policies and Practices

‘Human resource practices send messages to employees regarding expected levels of integrity, evaluating behaviour and competence’, (COSO report, 1992). It concerns hiring qualified personnel, recruiting practices, education and training policies, rotation of personnel and promotions, competitive compensation programs and etcetera.

(7)

Appendix 4 Section 302

Corporate Responsibility For Financial Reports

(a) REGULATIONS REQUIRED.—The Commission shall, by rule, require, for each company filing periodic reports under section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m, 78o(d)), that the principal executive officer or officers and the principal financial officer or officers, or persons performing similar functions, certify in each annual or quarterly report filed or submitted under either such section of such Act that—

(1) the signing officer has reviewed the report;

(2) based on the officer’s knowledge, the report does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements made, in light of the circumstances under which such statements were made, not misleading;

(3) based on such officer’s knowledge, the financial statements, and other financial information included in the report, fairly present in all material respects the financial condition and results of operations of the issuer as of, and for, the periods presented in the report; (4) the signing officers—

(A) are responsible for establishing and maintaining internal controls;

(B) have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared;

(C) have evaluated the effectiveness of the issuer’s internal controls as of a date within 90 days prior to the report; and

(D) have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date;

(5) the signing officers have disclosed to the issuer’s auditors and the audit committee of the board of directors (or persons fulfilling the equivalent function)—

(A) all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer’s ability to record, process, summarize, and report financial data and have identified for the issuer’s auditors any material weaknesses in internal controls; and

(B) any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer’s internal controls; and

(6) the signing officers have indicated in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.

(b) FOREIGN REINCORPORATIONS HAVE NO EFFECT.—Nothing in this section 302 shall be interpreted or applied in any way to allow any issuer to lessen the legal force of the statement required under this section 302, by an issuer having reincorporated or having engaged in any other transaction that

(8)

of enactment of this Act.

Appendix 5 Section 404

Management Assessment Of Internal Controls

(a) RULES REQUIRED- The Commission shall prescribe rules requiring each annual report required by section 13 of the Securities Exchange Act of 1934 (15 U.S.C. 78m) to contain an internal control report, which shall—

(1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and

(2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the

effectiveness of the internal control structure and procedures of the issuer for financial reporting. (b) INTERNAL CONTROL EVALUATION AND REPORTING- With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement.

Appendix 6

Appendix 6 Appendix 6 Titles of the Sarbanes

Titles of the Sarbanes

Titles of the Sarbanes----Oxley Act 2002

Titles of the Sarbanes

Oxley Act 2002

The Act requires new levels of auditor independence; personal accountability for CEOs and CFOs; additional accountability of corporate Boards; increased civil and criminal penalties for securities violations; increased disclosure regarding executive compensation; insider trading and financial statements; and certification of internal audit work by external auditors. These provisions are translated in to the SOx legislation that is arranged into the following 11 titles:

I. Public Company Accounting Oversight Board VII. Studies & Reports

II. Auditor Independence VIII. Corporate & Criminal Fraud accountability

III. Corporate Responsibility IX. White-Collar Crime Penalty Enhancements

IV. Enhanced Financial Disclosures X. Corporate Tax Returns

V. Analyst Conflicts of Interest XI. Corporate Fraud And Accountability

VI. Commission Resources And Authority

These titles are divided into 69 sections. Sections 302 (title III) and 404 (title IV) are usually considered to be the most important for organizations. The two Sections have the biggest impact on organizations and come together with major changes within the internal control process. Section 302 and 404 are inextricably linked to each other and compromise the public accounting aspects of SOx. The certification requirements of Section 302 form the foundation for restoring investor trust. Section 404 builds on this foundation by ensuring that management assesses the effectiveness of the internal control process that support the reliability of financial reporting. Internal controls over financial reporting addresses by Section 404 are a subset of the disclosure controls and procedures addressed by Section 302 (Protiviti). Together the Sections ensure that the required information is initiated, processed, recorded, and reported.

(9)

Appendix 7 Auditor independence

According to the Rule 2.01 of regulation S-X of the SEC, the external auditor must be independent both in fact and appearance. This is based on the assumption that the auditor can not audit his or her own work (Provititi). The SEC Release 33-8183: ‘Strengthening the Commission’s Requirements Regarding Auditor Independence’, states the following: ‘…we believe that designing and implementing internal accounting and risk management control impairs the accountant’s independence because it places the accountant in the role of management’. Auditors should be careful not to do anything that can impair their independence and objectivity. They are aloud to help gathering the required information as long as management directs the process and is responsible for documenting controls (McConnel jr. & Banks, 2003).

(10)

Appendix 8 Self Assessment

At the beginning of April I started my internship within Sara Lee International at the Sarbanes-Oxley department. My research intends to create a better understanding of the acceptance of the changes within the internal control process resulting from the implementation of the Sarbanes-Oxley Act 2002 (SOx). This self assessment is used to acquire more insight in the determinants of and the acceptance of these changes. The results of the assessment will be used to evaluate the validity and reliability of the measurement tool that is created during my research. You would be of great help to me if you would like to answer the questions that are presented on the following pages. This research will be completed in November and when preferred I will send you a copy of my research. Based on the results of this assessment further research will be conducted in the near further. In this way the quality of the internal control process can be improved Instructions:

This Self Assessment will takes on the average 25 minutes

The questions can be simply answered by marking the right answer. Answers are all based on the following 1-5 scale:

1. a very strong extent 2. a strong extent 3. a normal extent 4. a weak extent 5. a very weak extent

Please be as criticalcriticalcritical as possible: Answering with a normal extent should be, when possible, reduced critical to a minimal extent. This will improve the results of my research and thereby the quality and utility of my research

Respondents are part of two OpCo’s, namely DE and DECs

Results will be processed anonymous anonymous anonymous anonymous and therefore nobody will or can be referred by name within the research

At the end of the assessment an empty page is addressed that can be used for additional comments on a specific question or in general.

(11)

SOx Controls

Perceived usefulness Perceived usefulness Perceived usefulness Perceived usefulness

1. SOx controls have enabled me to accomplish my internal control activities more quickly.

1 2 3 4 5 2. SOx controls improved the quality of my internal control activities. 1 2 3 4 5 3. SOx controls have made my internal control activities easier to perform. 1 2 3 4 5 4. SOx controls have enhanced the effectiveness of my internal control activities 1 2 3 4 5 5. SOx controls are useful for performing my internal control activities 1 2 3 4 5 6. I am aware of the reason of the changed internal controls resulting from SOx 1 2 3 4 5 7. I am aware of the objective of the changed internal controls resulting from

SOx

1 2 3 4 5 8. I am aware of the consequences of not properly carry out SOx controls 1 2 3 4 5 9. (Top) Management motivates and inspires me to perform SOx controls 1 2 3 4 5

10. (Top) Management performs their SOx controls properly 1 2 3 4 5

Perceived ease of use Perceived ease of use Perceived ease of use Perceived ease of use

11. Within my job there is sufficient time to perform SOx controls 1 2 3 4 5 12. How to perform my SOx controls is clear and understandable to me 1 2 3 4 5

13. SOx controls are easy to perform 1 2 3 4 5

14. Learning how to perform SOx controls is easy for me 1 2 3 4 5

15. Skills necessary to carry out SOx controls are easy to acquire 1 2 3 4 5 16. Support (help) regarding the performance of SOx controls is there when

needed

1 2 3 4 5 17. SOx controls are consistent with my past internal control activities 1 2 3 4 5

18. I am able to perform SOx controls properly 1 2 3 4 5

19. I have confidence in the changes within the internal controls resulting from SOx

1 2 3 4 5 20. Information necessary to perform my SOx controls can be acquired easily 1 2 3 4 5

(12)

Attitude towards SOx Attitude towards SOx Attitude towards SOx Attitude towards SOx

21. SOx controls are a good idea 1 2 3 4 5

22. SOx controls are beneficial to the organization 1 2 3 4 5

23. SOx controls are important within my job 1 2 3 4 5

24. SOx controls are needed/necessary within the internal control process 1 2 3 4 5 Acceptance of SOx

Acceptance of SOxAcceptance of SOx Acceptance of SOx

25. I wish to perform my SOx controls properly 1 2 3 4 5

26. The organization enforces me to perform my SOx controls properly 1 2 3 4 5 27. Performing SOx controls is part of my routine operating activities 1 2 3 4 5

Documentation Requirements

28. The documentation of SOx control activities has enabled me to accomplish my internal control activities more quickly.

1 2 3 4 5 29. The documentation of SOx control activities improved the quality of my

internal control activities.

1 2 3 4 5 30. The documentation of SOx control activities has made my internal control

activities easier to perform.

1 2 3 4 5 31. The documentation of SOx control activities enhanced the effectiveness of my

internal control activities

1 2 3 4 5 32. The documentation of SOx control activities is useful for performing my

1 2 3 4 5 33. I am aware of the reason why SOx control activities must be documented 1 2 3 4 5 34. I am aware of the objective of the documentation of SOx control activities 1 2 3 4 5 35. I am aware of the consequences of not properly documenting SOx control

activities

1 2 3 4 5 36. (Top) Management motivates and inspires me to document SOx control

activities

1 2 3 4 5 37. (Top) Management document SOx control activities properly 1 2 3 4 5

(13)

38. Within my job there is sufficient time to document SOx control activities 1 2 3 4 5 39. How SOx control activities must be documented is clear and understandable to

me

1 2 3 4 5

40. The documentation of SOx control activities is easy 1 2 3 4 5

41. Learning how to document SOx control activities is easy for me 1 2 3 4 5 42. Skills necessary to document SOx control activities are easy to acquire 1 2 3 4 5 43. Support (help) regarding the documentation of SOx control activities is there

when needed

1 2 3 4 5 44. The documentation of SOx control activities is consistent with my past

1 2 3 4 5

45. I am able to document SOx control activities properly 1 2 3 4 5

46. I have confidence in the necessity of the documentation of SOx control activities

1 2 3 4 5 47. Information necessary to document SOx control activities is easy to acquire 1 2 3 4 5

48. The documentation of SOx control activities is a good idea 1 2 3 4 5 49. The documentation of SOx control activities is beneficial to the organization 1 2 3 4 5 50. The documentation of SOx control activities is important within my job 1 2 3 4 5 51. The documentation of SOx control activities is needed/necessary within the

internal control process

1 2 3 4 5 Acceptance of SOx

52. I wish to document SOx control activities properly 1 2 3 4 5

53. The organization enforces me to () document SOx control activities properly 1 2 3 4 5 54. The documentation of SOx control activities is part of my routine operating

activities

1 2 3 4 5

(14)

Testing Requirements

55. The testing of my SOx controls has enabled me to accomplish my internal control activities more quickly.

1 2 3 4 5 56. The testing of my SOx controls improved the quality of my internal control

activities.

1 2 3 4 5 57. The testing of my SOx controls have made my internal control activities easier

to perform.

1 2 3 4 5 58. The testing of my SOx controls enhanced the effectiveness of my internal

control activities

1 2 3 4 5 59. The testing of my SOx controls is useful for performing my internal control

activities

1 2 3 4 5 60. I am aware of the reason of why my SOx controls must be tested 1 2 3 4 5 61. I am aware of the objective of the testing of my SOx controls 1 2 3 4 5 62. I am aware of the consequences of not testing my SOx controls properly 1 2 3 4 5 63. (Top) Management motivates and inspires me to accept and support the testing

of my SOx controls

1 2 3 4 5 64. (Top) Management supports the testing of my SOx controls 1 2 3 4 5

Percei Percei Percei

Perceived ease of useved ease of useved ease of useved ease of use

65. Within my job there is sufficient time for testing my SOx controls 1 2 3 4 5 66. The testing of my SOx controls is clear and understandable to me 1 2 3 4 5

67. Supporting the testing of my SOx controls is easy 1 2 3 4 5

68. Learning how to support the testing of my SOx controls is easy for me 1 2 3 4 5 69. Skills necessary to support the testing of my SOx controls are easy to acquire 1 2 3 4 5 70. Additional support (help) regarding the testing of my SOx controls is there

when needed

1 2 3 4 5 71. The testing of my SOx controls is consistent with my past internal control

activities

1 2 3 4 5 72. I am able to support the testing requirements resulting from SOx 1 2 3 4 5 73. I have confidence in the necessity of the testing of my SOx controls 1 2 3 4 5 74. Information necessary to support the testing of my SOx controls is easy to

acquire

(15)

75. The testing of my SOx controls is a good idea 1 2 3 4 5

78. The testing of my SOx controls is beneficial to the organization 1 2 3 4 5 79. The testing of my SOx controls is important within my job 1 2 3 4 5 80. The testing of my SOx controls is needed/necessary within the internal control

process

81. I wish to support the testing of my SOx controls 1 2 3 4 5

82. The organization enforces me to support the testing of my SOx controls 1 2 3 4 5 83. The testing of my SOx controls is part of my routine operating activities 1 2 3 4 5

(16)

Appendix 9

Appendix 9 Appendix 9 Reliability Analysis

Reliability Analysis

9A. SOx Tot

9A. SOx Total Perceived Usefulness

al Perceived Usefulness

Case Processing Summary Case Processing Summary Case Processing Summary Case Processing Summary Reliability StatisticsReliability StatisticsReliability StatisticsReliability Statistics

N % Valid 18 100,0 Excluded(a ) 0 ,0 ases Total 18 100,0

a Listwise deletion based on all variables in the procedure.

ItemItemItemItem----TTTTotal Statisticsotal Statisticsotal Statisticsotal Statistics Scale Mean if Item Deleted Scale Variance if Item Deleted Corrected Item-Total Correlation Cronbach's Alpha if Item Deleted contrpu 96,22 492,536 ,521 ,971 contrpu 95,89 474,458 ,823 ,970 contrpu 96,39 480,722 ,683 ,971 contrpu 96,28 477,154 ,659 ,971 contrpu 96,11 467,752 ,837 ,970 contrpu 95,72 468,683 ,841 ,970 contrpu 95,44 482,732 ,704 ,970 contrpu 95,28 481,507 ,679 ,971 contrpu 97,11 482,810 ,584 ,971 contrpu 96,78 485,595 ,532 ,971 docupu 96,78 479,124 ,726 ,970 docupu 96,50 466,853 ,862 ,969 docupu 96,56 476,732 ,803 ,970 docupu 96,78 468,418 ,836 ,970 docupu 96,33 464,706 ,857 ,969 docupu 95,56 476,614 ,806 ,970 docupu 95,50 477,441 ,813 ,970 docupu 95,61 486,252 ,590 ,971 docupu 96,72 474,095 ,725 ,970 docupu 96,67 493,294 ,475 ,972 testpu 96,50 476,147 ,741 ,970 testpu 96,17 473,324 ,807 ,970 testpu 96,56 477,791 ,727 ,970 testpu 96,44 472,497 ,762 ,970 testpu 96,17 468,147 ,796 ,970 testpu 95,56 480,144 ,599 ,971 testpu 95,44 476,850 ,800 ,970 testpu 95,39 484,722 ,630 ,971 Cronbach's Alpha N of Items ,971 30

(17)

9B SOx Total Perceived Usefulness

Case Processing SummaryCase Processing SummaryCase Processing SummaryCase Processing Summary Reliability Statistics Reliability Statistics Reliability Statistics Reliability Statistics N % Cases Valid 18 100,0 Excluded (a) 0 ,0 Total 18 100,0

ItemItemItemItem----Total StatisticsTotal StatisticsTotal StatisticsTotal Statistics Scale Mean if Item Deleted Scale variance if Item Deleted Corrected Item-Total Correlation Cronbach's Alpha if Item Deleted contrpeou 92,78 284,183 ,170 ,948 contrpeou 91,22 252,418 ,887 ,942 contrpeou 91,72 274,683 ,490 ,946 contrpeou 91,56 261,673 ,712 ,944 contrpeou 91,61 279,310 ,279 ,948 contrpeou 92,33 265,412 ,674 ,944 contrpeou 92,00 274,235 ,423 ,947 contrpeou 91,89 265,752 ,736 ,944 contrpeou 91,89 265,634 ,740 ,944 contrpeou 92,39 263,781 ,763 ,944 docupeou 92,67 275,059 ,474 ,946 docupeou 91,94 266,526 ,670 ,945 docupeou 92,44 263,320 ,676 ,944 docupeou 91,50 268,265 ,637 ,945 docupeou 91,56 281,438 ,229 ,948 docupeou 92,28 266,330 ,711 ,944 docupeou 92,50 274,147 ,376 ,948 docupeou 91,56 275,556 ,600 ,946 docupeou 92,28 266,212 ,715 ,944 docupeou 92,06 269,703 ,713 ,944 testpeou 92,50 280,265 ,373 ,947 testpeou 91,50 269,324 ,653 ,945 testpeou 92,17 262,853 ,828 ,943 testpeou 91,56 261,320 ,723 ,944 testpeou 91,83 268,971 ,666 ,945 testpeou 91,94 268,644 ,647 ,945 testpeou 92,33 282,353 ,142 ,950 Cronbach's Alpha N of Items ,947 30

(18)

9C

9C SOx Total Attitude

SOx Total Attitude

Case Processing Summary Case Processing Summary Case Processing Summary Case Processing Summary Reliability StatisticsReliability StatisticsReliability StatisticsReliability Statistics N % Cases Valid 18 100,0 Excluded (a) 0 ,0 Total 18 100,0

ItemItemItemItem----TotTotTotTotal Statisticsal Statisticsal Statistics al Statistics Scale Mean if Item Deleted Scale Variance if Item Deleted Corrected Item-Total Correlation Cronbach's Alpha if Item Deleted contrattitude 36,33 78,118 ,762 ,928 contrattitude 36,00 82,824 ,680 ,931 contrattitude 35,89 84,575 ,533 ,936 contrattitude 36,17 80,618 ,665 ,932 docuattitude 36,33 76,235 ,788 ,927 docuattitude 36,28 80,801 ,679 ,931 docuattitude 36,44 78,967 ,796 ,927 docuattitude 35,83 80,382 ,825 ,926 testattitude 36,17 81,088 ,717 ,930 testattitude 36,06 78,056 ,870 ,924 testattitude 35,78 87,124 ,563 ,935 testattitude 36,00 83,882 ,726 ,930 Cronbach's Alpha N of Items ,935 12

(19)

9D

9D SOx Total

SOx Total

SOx Total Acceptance

Acceptance

Case Processing SummaryCase Processing SummaryCase Processing SummaryCase Processing Summary Reliability StatisticsReliability StatisticsReliability StatisticsReliability Statistics N % Cases Valid 18 100,0 Excluded(a ) 0 ,0 Total 18 100,0

ItemItemItemItem----Total StatisticsTotal StatisticsTotal StatisticsTotal Statistics Scale Mean if Item Deleted Scale Variance if Item Deleted Corrected Item-Total Correlation Cronbach's Alpha if Item Deleted controlaccep 28,28 28,801 ,840 ,885 controlaccep 28,61 33,546 ,619 ,903 controlaccep 29,06 32,408 ,533 ,908 docuaccep 28,89 30,575 ,676 ,898 docuaccep 29,06 31,585 ,680 ,898 docuaccep 29,00 30,706 ,780 ,891 testaccep 29,17 30,735 ,796 ,890 testaccep 28,94 30,408 ,599 ,906 testaccep 29,00 30,706 ,713 ,895 Cronbach's Alpha N of Items ,908 9

(20)

Appendix 10 Correlations

10A

10A Total Perceived Usefulness and Total Perceived Ease of Use

Total Perceived Usefulness and Total Perceived Ease of Use

NonNonNonNon----Parametric Correlations Spearman’s RhoParametric Correlations Spearman’s RhoParametric Correlations Spearman’s RhoParametric Correlations Spearman’s Rho TotalPU TotalPEOU Correlation Coefficient 1,000 ,760(**) Sig. (1-tailed) . ,000 TotalPU N 18 18 Correlation Coefficient ,760(**) 1,000 Sig. (1-tailed) ,000 . Spearman's rho TotalPEOU N 18 18

** Correlation is significant at the 0.01 level (1-tailed).

Parametric Correlations Peason’s CorreParametric Correlations Peason’s CorreParametric Correlations Peason’s CorreParametric Correlations Peason’s Correlationlationlationlation----coefficientcoefficientcoefficient coefficient TotalPU TotalPEOU Pearson Correlation 1 ,837(**) Sig. (1-tailed) ,000 TotalPU N 18 18 Pearson Correlation ,837(**) 1 Sig. (1-tailed) ,000 TotalPEOU N 18 18

(21)

10B Total Perceived Usefulness and Total Attitude toward SOx

NonNonNonNon----Parametric Correlations Spearman’s Rho Parametric Correlations Spearman’s Rho Parametric Correlations Spearman’s Rho Parametric Correlations Spearman’s Rho TotalPU TotalAttitud e Correlation Coefficient 1,000 ,834(**) Sig. (1-tailed) . ,000 TotalPU N 18 18 Correlation Coefficient ,834(**) 1,000 Sig. (1-tailed) ,000 . Spearman's rho TotalAttitud e N 18 18

Parametric Correlations Peason’s CorrelationParametric Correlations Peason’s CorrelationParametric Correlations Peason’s CorrelationParametric Correlations Peason’s Correlation----coefficientcoefficientcoefficient coefficient TotalPU TotalAttitud e Pearson Correlation 1 ,905(**) Sig. (1-tailed) ,000 TotalPU N 18 18 Pearson Correlation ,905(**) 1 Sig. (1-tailed) ,000 TotalAttitude N 18 18

(22)

10C Perceived Ease of Use and Total Attitude toward SOx

NonNonNonNon----Parametric Correlations Spearman’s Rho Parametric Correlations Spearman’s Rho Parametric Correlations Spearman’s Rho Parametric Correlations Spearman’s Rho TotalPU TotalPEOU Correlation Coefficient 1,000 ,760(**) Sig. (1-tailed) . ,000 TotalPU N 18 18 Correlation Coefficient ,760(**) 1,000 Sig. (1-tailed) ,000 . Spearman's rho TotalPEOU N 18 18

Parametric Correlations Peason’s CorrelationParametric Correlations Peason’s CorrelationParametric Correlations Peason’s CorrelationParametric Correlations Peason’s Correlation----coefficientcoefficientcoefficient coefficient TotalPU TotalPEOU Pearson Correlation 1 ,837(**) Sig. (1-tailed) ,000 TotalPU N 18 18 Pearson Correlation ,837(**) 1 Sig. (1-tailed) ,000 TotalPEOU N 18 18

(23)

10D

10D Total Perceived Usefulness and Total Acceptance SOx

Total Perceived Usefulness and Total Acceptance SOx

NonNonNonNon----Parametric Correlations Spearman’s RhoParametric Correlations Spearman’s RhoParametric Correlations Spearman’s RhoParametric Correlations Spearman’s Rho TotalPU TotalAccept Correlation Coefficient 1,000 ,658(**) Sig. (1-tailed) . ,001 TotalPU N 18 18 Correlation Coefficient ,658(**) 1,000 Sig. (1-tailed) ,001 . Spearman's rho TotalAccept N 18 18

ParameParameParameParametric Correlations Peason’s Correlationtric Correlations Peason’s Correlationtric Correlations Peason’s Correlationtric Correlations Peason’s Correlation----coefficientcoefficientcoefficient coefficient TotalPU TotalAccept Pearson Correlation 1 ,781(**) Sig. (1-tailed) ,000 TotalPU N 18 18 Pearson Correlation ,781(**) 1 Sig. (1-tailed) ,000 TotalAccept N 18 18

(24)

10E Total Attitude toward SOx and Total Acceptance SOx

NonNonNonNon----Parametric Correlations Spearman’s RhoParametric Correlations Spearman’s RhoParametric Correlations Spearman’s Rho Parametric Correlations Spearman’s Rho

TotalAttitud

e TotalAccept

Spearman's rho TotalAttitude Correlation

Coefficient 1,000 ,606(**) Sig. (1-tailed) . ,004 N 18 18 TotalAccept Correlation Coefficient ,606(**) 1,000 Sig. (1-tailed) ,004 . N 18 18

Parametric Correlations Peason’s CorrelationParametric Correlations Peason’s CorrelationParametric Correlations Peason’s CorrelationParametric Correlations Peason’s Correlation----coefficientcoefficientcoefficient coefficient TotalAttitud e TotalAccept Pearson Correlation 1 ,688(**) Sig. (1-tailed) ,001 TotalAttitude N 18 18 Pearson Correlation ,688(**) 1 Sig. (1-tailed) ,001 TotalAccept N 18 18

(25)

Appendix

‘The creation

of the

Sox Acceptance Framework’

Barbara Hammink

University of Groningen

Faculty Management and Organization

(26)

Table of Contents Appendix

TABLE OF CONTENTS APPENDIX ... 2 APPENDIX 1 DATA COLLECTION METHODS... 3 APPENDIX 2 RESEARCH PLANNING... 4 APPENDIX 3 CONTROL ENVIRONMENT ... 5 APPENDIX 4 SECTION 302 ... 7 APPENDIX 5 SECTION 404 ... 8 APPENDIX 6 TITLES OF THE SARBANES-OXLEY ACT 2002 ... 8 APPENDIX 7 AUDITOR INDEPENDENCE ... 9 APPENDIX 8 SELF ASSESSMENT ...10 APPENDIX 9 RELIABILITY ANALYSIS ...16 APPENDIX 10 CORRELATIONS ...20

(27)