1.1 Research Topic
The effects if Sarbanes Oxley on Organizations’ Internal Control
1.2 Research Problem
Business fraud constitutes a major concern in the accounting profession and in the business community at large (Al-Hosban, 2014; Hsiung & Wang, 2014; Lakis & Giriunas, 2012). Maintaining an effective internal control system has been singled out as the best approach for fraud prevention in business organisations. Sarbanes-Oxley Act 2002 was meant to institute proper approaches for maintaining an effective internal control, which can enable companies achieve strategic goals while minimizing chances of business malpractices (Scarinci, 2015). Sarbanes-Oxley Act is a new law in the world of accounting and finance (Nezhina & Brudney, 2010), implying that it has not been extensively researched. The inadequacy that characterizes available empirical evidence concerning the impact of Sarbanes-Oxley Act on internal control creates gaps in literature that needs to be filled through research.
The success with which Sarbanes-Oxley Act is addressing nonperformance issues across companies has elicited mixed feelings among researchers. The SEC filings of a sample of 261 companies studied by Weili and McVay (2005) were found to have at least one material weakness in internal control after the effective date of the implementation of Sarbanes-Oxley Act. However, research by Abdioglu, Bamiatzi, Cavusgil, Khurshed and Stathopoulos (2015) led to the conclusion that Sarbanes-Oxley Act has improved internal controls because the researchers found that implementation of the law had positively impacted on foreign institutional investor (FII) decisions.
Similarly, Weili, Zining, and Qiliang and McVay (2015) used a sample of Chinese-listed firms to examine whether internal control has the potential to reduce the exposure of firm resources by unscrupulous managers and controlling shareholders. Findings from the study revealed that controlling for known determinants of corruption and internal control effectiveness limits the extent to which managers can extract resources of a firm. Although the researchers were not interested in Sarbanes-Oxley Act 2002, a strong relationship between internal control and possibility of fraud was established. Scarinci (2015) established that companies that had not recognised the necessity of instituting strong information systems control featured less accurate management forecasts while data processing integrity was identified among companies with strong IT systems control. Regardless of the identified importance of Sarbanes-Oxley Act in enhancing internal control, the fact that some companies still remain reluctance in fully implementing the provisions of the law reveals that its contribution to internal control is an aspect of doubt across the business arena.
2.1 Research Problem Background
The contemporary business arena emphasizes the necessity of auditor independence for fraud detection and determent (Dikan, Synyuhina & Deyneko, 2014; Abdioglu, Bamiatzi, Cavusgil, Khurshed & Stathopoulos, 2015). Public companies’ management teams are subject to laws and regulations that act as machinery for fraud prevention. It is approximately one and half decades since the Sarbanes Oxley Act of 2002 was enacted. The world of finance and accounting is characterised by a widespread consensus that there has been significance improvements in control over financial reporting structures (Weili, Zining, Qiliang & McVay, 2015). Further, Bezverhiy (2014) affirms that a moderate improvement has been experienced across organisations since compliance with the legislation became a legal requirement. Regardless of the controversies that faced the implementation of the Sarbanes-Oxley during its early stages (Hsiung & Wang, 2014), 70% of the respondents in the study by Dikan, Synyuhina and Deyneko (2014) confirmed unprecedented improvements as far as control over the internal control over the structure of financial reporting is concerned.
Sarbanes-Oxley Act 2002 was enacted in July 30, 2002 and dubbed “Public Company Accounting Reform and Investor Protection Act” and “Corporate and Auditing Accountability and Responsibility Act” in the Senate and in the House respectively (Nezhina & Brudney, 2010). From these descriptive phrases, it is evident that the fundamental focus of Sarbanes-Oxley Act 2002 constitutes reclaiming the core values accountability and investor protection, whose violation has initially led to major scandals and eventual failure of global mega businesses such Enron, Bubble.com, and JP Morgan and World.com. Sarbanes-Oxley comprises of eleven sections, which addresses areas of concern that are subject violation of Securities and Exchange Commission’s rulings of internal control compliance.
The prioritization of internal control in the modern business environment evidences the fear of investors in the companies they have made investments. The core focus of internal control, as per Lakis and Giriunas (2012) is to provide assurance of achieving companies’ objectives within the desired levels of operational effectiveness and efficiency. In the context of business, effectiveness is determined by the degree to which the targeted problems are adequately solved while efficiency signifies cost minimization and output maximization. Internal control concentrates on the reliability of financial reporting and compliance with laws, regulations, and policies governing businesses.
Internal control fundamentally focuses on the means by which business resources are directed, monitored, and measured. Thus, internal control performs a critical role in protecting both tangible and intangible properties of organisations (Dikan, Synyuhina & Deyneko, 2014). The aim of achieving the desired level of internal control was the primary motivator of enactments such the Foreign Corrupt Practices Act of 1977 and the Sarbanes-Oxley Act of 2002. As part of complying with the requirements of Sarbanes-Oxley Act of 2002, companies are currently focusing on achieving streamlined total population of controls, increased number of automated controls, decreased number of manual controls, streamlined total population controls, and narrowed overall assessment scope (Lahti & Peterson, 2005).
3.1 Theoretical Foundations
The main constructs and concepts that can be extracted from the current topic include auditor independence, corporate responsibility, enhanced financial disclosures, conflict of interest, and fraud accountability. All these concepts and constructs are related to internal control because they revolve around and inform both Sarbanes-Oxley Act 2002 and the processes of internal control. Based on the aforementioned assertion, agency theory has been singled out as a theoretical foundation, which can best explain the relationship between Sarbanes-Oxley and internal control.
The agency theory forms the foundation of the relationship between shareholders (as the owners of businesses) and company executives (as the agents of shareholders). The principal role of the executives as the agents of the shareholders is to prevent the losses to the portfolio that shareholders have invested in the business. The inherent assumption in the agency theory is that both the principal and the agent are motivated by self-interests. Holt (2008) argues that the agency theory emphasizes proper organizations of the relationships between the agent and the principal in order to maximize the benefits. When the relationships are organized properly, agency loss is minimized. The agency loss is the difference between the best possible outcome for the principal and the consequences of the acts of the agent. The objective of enacting Sarbanes-Oxley Act was to enhance the level of internal control in order to minimize the agency loss.
According to the agency theory, agents have moral responsibilities for their actions that they cannot dismiss simply because they act as agents of the principal (Mesa, 2003). The law recognizes that companies’ executives have critical roles to play as far as survival or failure of businesses is concerned. Therefore, executives cannot rationalize their mistakes to shareholders to escape the law in case of business failure. The third section of Sarbanes-Oxley Act provides for corporate responsibility. Under Title III of this provision, the senior executives are required to take responsibility for accuracy and completeness of the companies’ financial records (Nezhina & Brudney, 2010). Thus, the validity and accuracy of financial reports is a responsibility of the executives. The interaction of the external auditors and internal audit committees is also defined in this section. The role of auditors as the agents of shareholders are also stressed in the first section (Public Company Accounting Oversight Board) and the second section (auditor independence), which establish the creation of an oversight tasked with the registration of auditors and standards of external auditor respectively.
The COSO Framework provides that all members of the organization are responsible for internal control of activities Scarinci, 2015; Nezhina & Brudney, 2010). These include employees, management and board of directors, external auditors and audit committee. Initially, Holt (2008) noted that failure of most companies was caused by the negligence of duty and responsibility among the internal publics. However, with the introduction of Sarbanes-Oxley Act, each member of the organization is legally bound to observe and execute tasks that lead to acting their responsibility without which they are judged in the courts of law. Lakis and Giriunas (2012) argues that upon the implementation of Sarbanes-Oxley, most of the companies have become keen on internal control as they strive not to find themselves in the wrong side of the law. Although Weili and McVay (2005) is still concerned that corporations continue to fail more a decade after the enactment of Sarbanes-Oxley Act, Weili, Zining, Qiliang and McVay (2015) contend that the situation of failing is not as bad as it was prior to Sarbanes-Oxley implementation. Failing corporations are quickly identified and frameworks instituted to prevent further losses. For example, the recent challenge that faced by branches of Barclays Bank operating in Africa especially in Kenya was quickly noted and the investors decided to stop their operations in Kenya.
3.2 Contributions to Theory
Findings from this study are aimed at proposing improvements to existing theories and concepts of existing theories, providing a marshal compelling evidence for theories reconceptualizations and proposing remedies or alternatives to areas of theories that are inconsistent with the study findings. Whetten (1989) argues that most scholars and researchers do not focus on generating new theories from scratch, but they generally engage in improving the theories that already exist. One of the ways that research contributes to theory is by adding or subtracting some factors that exist in models. This can only be done by carrying out a research that leads to generation of surprising results. In collecting data for this study, the researcher expects to be confronted with inconsistencies between the observations and already published findings/conventional wisdom. It is evident from Whetten (1989) that contradicting results to existent theories are frequently subjected to discounting by original theorists based on measurement of error; however, the persistent challenges to outdated data and rising motivation for new knowledge demonstrate that persuasive data can be sufficient in calling for re-conceptualization of prior theories and models.
3.3 Theoretical Implications
Establishing the relationship inherent in the interaction between Sarbanes-Oxley Act 2002 and internal control provides an avenue for validating various theories that forms the foundations of accounting and finance. The researcher recognizes that applying an old model to a new context and trying to convince that the models works as expected does not amount to instruction. The aforementioned conclusion can only have a theoretical merit if some elements about the new setting suggest that the theory cannot work under such conditions. Thus, it is critical to revise theories so that applicability to new contexts and circumstances can be ascertained. The researcher intends to improve the viewpoints of various theories by expanding the perspectives from which conventional theories can be viewed from. Whetten (1989) argues that the need for a theoretical feedback loop is necessitates advancing theory development by applying it new contexts. It is with the belief that theorists are required to comprehend new aspects about their past theories made possible by working with such theories under different conditions.
3.4 Practical Implications
The research intends to fill the gaps in literature concerning both cross-sectional and longitudinal nature of the benefits of Sarbanes-Oxley Act 2002. This is meant to influence opponents and slow implementers identify its critical necessity in enhancing the extent of internal control. During the study, the researcher aims at identifying various aspects of internal control that pose challenges during implementation by various sizes of organisations. Thus, the recommendations based on the identified challenges will be forwarded to the relevant authorities and policy implementers with the aim of lobbying them to consider revising specific provisions to enable the affected businesses stay in operation. The study also aims at generating data, which can be used as theoretical foundations by future researchers carrying out the similar studies. Findings from the study will also be beneficial to students of finance and accounting seeking a proper comprehensive of internal control and the relation inherent in the two variables. Investors of various companies will also be informed about the vitality of implementing Sarbanes-Oxley, which may motivate them to be interested in the matters of internal control made possible through such an implementation.
4.3 Ethical Considerations
Ethical considerations are fundamental in all research endeavors. The necessity of observing ethics in research is emphasized by Bryman and Bell (2011) in their argument that scientific research is carried out within the constraints of the society where each society has a predetermined set of norms that define the interpretation of actions that are right and acceptable. Therefore, research activities are required to be carried out within the boundaries of compliance with the expected norms of society that provides the context of study. In this research, the researcher ought to observe the norms and standards of behavior that provide guidance for human behavior and interpersonal interactions. The core rationale for the researcher working within the provisions of ethics is to ensure that the stakeholders to the researcher are not adequately affected by the activities that take place during the progress of the study.
Although participants are the most common stakeholders in any research Keleman and Rumens (2008) identify that conventional research studies have three types of stakeholders: the sponsor, research team and research participants. Every stakeholder to the research raises critical ethical concerns that the current researcher will need to observe. However, for this study, the only ethical concerns that are relevant constitute those pertaining to participants.
Prior to the commencement of this study, the researcher will ensure that benefits, informed consent and rights to privacy are duly observed and observed according to the legal requirements. As far as benefits are concerned, the researcher intends to discuss the benefits that participants will expect for their sacrifice to participate in the study. After introducing he research question, the researcher is required to clarify the benefits as one way making the respondent feel at ease and motivate them to answer research questions truthfully (Wilson, 2010). The researcher will ensure that all inducements, financial or otherwise, are not disproportional to the assigned to the respondents because this may amount to coercion.
The aspect of informed consent will involve the researcher disclosing the full details about the procedural treatments of variables during the research process. Considering that this will be a business research, a sufficient will be required. This will include a brief description of the purpose of the study including the expected duration, statement of all risks and inconveniences associated with participation, and an offer to provide a free copy of summarized findings after the study. The researcher considers that this research will involve release of accounting information and procedures in order to gauge the level of internal control and procedures. Therefore, signing a non-disclosure will be critical as one way of assuring companies that access to confidential information to third parties will not be allowed.
Sekaran and Bougie (2010) argue that study participants have rights to privacy that should be respected. This raises the necessity of observing the ethical concern of confidentiality. There are several ways that researchers can protect confidentiality of the respondents. In this study, the researcher will seek permission from the respondents before revealing respondent information, restrict access to specifications that may identify a respondent, restrict third parties from accessing instruments of the study, and obtain signed nondisclosure documents. All aspects relating to confidentiality are included in the introduction letter that is handed to the respondent prior to accepting to participate in the study.
Read More