Full length articleDeterminants and consequences of noncompliance with the 2013 COSO framework
Introduction
The Securities and Exchange Commission (SEC) requires companies to use a “suitable framework” as a basis for evaluating the effectiveness of internal control over financial reporting (ICFR) as required by Section 404 of the Sarbanes-Oxley Act of 2002 (SOX). The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework, developed in 1992, was considered a suitable framework until it was superseded by the COSO 2013 framework. However, because compliance was not strictly enforced by regulatory authorities, a nontrivial number of firms were not in compliance with the COSO 2013 framework following the supersession.1,2 According to issuer data analyzed by Protiviti and Audit Analytics, only 82% of firms’ fiscal 2014 annual reports with audited ICFR opinions disclosed the use of the COSO 2013 framework, which increased to 96% and 99% for fiscal 2015 and 2016 annual reports, respectively.3 Given the importance that internal control systems play in effective governance (e.g., Doyle et al., 2007a, Goh and Li, 2011) and the potential signal that nontimely compliance provides to investors and regulators, we examine determinants and consequences of noncompliance with the COSO 2013 framework following the supersession of the COSO 1992 framework.
Since the release of the original COSO 1992 framework, businesses and operating environments have changed dramatically. In response to these changes, COSO embarked on a project to modernize the original 1992 framework. We discuss the substantive changes to the framework in more detail in the next section. The process of transitioning to the COSO 2013 framework should help firms identify potential weaknesses in internal control environment design and better calibrate monitoring effort and control activities with relevant risks of material misstatement.
After the updated framework was introduced on May 14, 2013, public issuers had the choice to use either the original 1992 framework or the updated 2013 framework as the underlying internal control framework during a transition period from May 14, 2013, to December 15, 2014, as long as the applicable framework was disclosed. Following the transition period, COSO considers the 1992 framework as having been superseded. Despite the potential benefits of the updated framework and encouragement from the COSO board to transition as soon as feasible, some firms did not transition even after supersession of the 1992 framework.
We first examine determinants of noncompliance. We refer to noncompliant firms as those that continue to use the COSO 1992 framework after its supersession (i.e., fiscal years ending on or after December 15, 2014). Our analyses are based on a sample of firms subject to the reporting requirements of Section 404(b) of SOX, which requires auditor attestation on the effectiveness of ICFR. Our sample consists of 1,761 firms that made a timely transition to the COSO 2013 framework and 305 firms that continue to use the original 1992 framework after supersession. Prior research examining internal control effectiveness (Doyle et al., 2007b, Feng et al., 2015, Ge and McVay, 2005) as well as financial press articles and speeches issued/made around the implementation of the COSO 2013 framework motivate the determinants of noncompliance that we examine.
The results suggest that resource constraints, financial distress, and a weak internal control environment influence noncompliance. We find that noncompliant firms are smaller, are less likely to have an internal audit function (IAF), are more highly leveraged, are more likely to be financially distressed, and are more likely to have a material weakness in internal controls. We find that KPMG clients were more likely to be noncompliant, consistent with financial press articles suggesting that KPMG counseled its clients not to rush the transition process. We find that firms were less likely to be noncompliant with the new framework if they engaged an industry specialist auditor, had a larger board of directors, or had at least one audit committee member with accounting expertise. Surprisingly, we find that noncompliance is positively associated with a higher proportion of institutional investment in the firm.
We next examine consequences of noncompliance. Because noncompliance can provide a signal to investors and regulators, we examine whether investors view quarterly earnings surprises of noncompliant firms to be less credible and whether noncompliance increases regulatory scrutiny. Finally, given the potential governance benefits associated with the updated framework, we examine whether accounting conservatism increases for firms that implement the updated framework relative to noncompliant firms that continue to use the 1992 framework. For each of these tests, we use a difference-in-differences research design to draw stronger inferences regarding noncompliance (or compliance) with the updated framework.
Results of these tests suggest that in the period(s) following supersession of the 1992 framework, investors view quarterly earnings surprises of noncompliant firms to be less credible and that noncompliance increases regulatory scrutiny as evidenced by the receipt of an SEC comment letter (or one with multiple comments) and an increasing number of comments in SEC comment letters received by noncompliant firms following supersession of the COSO 1992 framework. These results highlight how noncompliance intensifies regulatory scrutiny on issuers’ financial statements and disclosures broadly. We also find some evidence that accounting conservatism increases after the supersession of the 1992 framework for compliant firms relative to noncompliant firms, suggesting that noncompliance can delay the potential benefits of the updated framework. These results are robust to the use of propensity-score matched samples.
In additional analyses, we break out compliant firms into early and on-time implementers. We identify on-time implementers as those firms that implemented the 2013 framework in the first fiscal year ending on or after the supersession date (i.e., December 15, 2014). Early implementers are those firms that implemented the 2013 COSO framework in a fiscal year ending before the required transition date (December 15, 2014). We then reexamine our consequence-related tests. In terms of quarterly earnings response coefficients (ERCs), we do not find that ERCs change differentially for early relative to on-time implementers after transitioning to the updated 2013 framework. However, we find that early implementers are less likely to receive SEC comment letters, including letters with multiple comments, relative to on-time implementers. Additionally, we find some evidence that early implementers exhibit increased accounting conservatism relative to on-time implementers.
This study provides several important contributions. To our knowledge, this is the first study that examines the determinants of noncompliance with the COSO 2013 framework. The study suggests that resource constraints, resource distractions, financial distress, and weak internal control environments can delay transitions to new and updated internal control frameworks. Although updates to internal control reporting frameworks are not frequent, these results have important insights for the COSO board when considering future framework updates and to regulators such as the SEC when considering enforcement of transition requirements. The study also highlights investor and regulator responses to noncompliance. The results from our difference-in-differences tests suggest that investors view quarterly earnings surprises of noncompliant firms to be less credible and that regulators increase their scrutiny of noncompliant firms’ financial reports following evidence of noncompliance. These consequences appear to persist even after the noncompliant firms implement the updated COSO framework. These insights should be informative to boards of directors and managers as they devise compliance strategies for future updates, new rules, or new regulations involving ICFR. Additionally, the study provides some evidence of a substantive impact of the COSO 2013 framework on reporting conservatism. This result aligns with the framework’s increased emphasis on governance and anti-fraud measures and better calibration of internal control design to relevant financial statement risks.
Section snippets
COSO’s 2013 internal control framework
The original COSO 1992 framework served as a basis for evaluating the design and effectiveness of internal control. In the two decades that followed, significant changes in business models, business complexity, technology, and regulation led the COSO board to engage in outreach efforts to determine the need to update or overhaul the framework. Feedback from over 750 stakeholders, representing different entities and organizations across the world, recommended updating and enhancing, but not
Sample selection
To obtain the sample to test our determinants model (H1a through H1i), we use the Audit Analytics database to identify whether firms disclose compliance with the COSO 2013 framework in the first fiscal year following the supersession of the 1992 framework (i.e., firms with fiscal years ending after December 15, 2014). We obtain data related to internal control weaknesses and going-concern opinions from Audit Analytics. We obtain annual financial data from the Compustat Fundamentals annual
Descriptive statistics and correlations
Table 1 Panel A provides the descriptive statistics for the variables used to examine the determinants of noncompliance with the COSO 2013 framework. We find that 14.8% of firms continue to disclose the use of the 1992 framework in the first fiscal year following supersession. Panel B provides the descriptive statistics for the variables used to perform our consequence-related tests.
Table 2 provides the descriptive statistics for the compliant and noncompliant firms separately, and the
Early compliance with the COSO 2013 framework
Our study focuses on the determinants and consequences of noncompliance with the updated 2013 framework. In additional analyses, we examine potential benefits of “early” compliance. Given that the COSO 2013 framework was updated on May 14, 2013, and firms were given a period from May 14, 2013, to December 15, 2014, to transition to the updated framework, some firms may have chosen to comply with the updated framework earlier than required. We break out “compliant firms” into 1) early
Conclusion
The COSO 1992 framework was considered a suitable framework for evaluating internal control over financial reporting until it was superseded by the COSO 2013 framework. Because compliance with the updated framework was not strictly enforced by regulatory authorities, a nontrivial number of firms were not in compliance following the supersession of the COSO 1992 framework. In this study, we examine determinants and consequences of noncompliance with the COSO 2013 framework following the
CRediT authorship contribution statement
Kunsu Park: Investigation, Data curation, Software, Formal analysis. Juan Qin: Investigation, Data curation, Writing - Review & Editing. Timothy Seidel: Conceptualization, Methodology, Supervision, Writing- Original draft, Writing- Reviewing and Editing. Jian Zhou: Conceptualization, Writing- Reviewing and Editing.
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
References (66)
- et al.
Accounting conservatism and board of director characteristics: An empirical analysis
J. Account. and Economics
(2007) - et al.
How does internal control regulation affect financial reporting?
J. Account. Econ.
(2010) The conservatism principle and the asymmetric timeliness of earnings
J. Account. and Econ.
(1997)- et al.
The effects of firm-initiated clawback provisions on earnings quality and auditor behavior
J. Account. Econ.
(2012) - et al.
Institutional monitoring and opportunistic earnings management
J. Corporate Finance
(2002) - et al.
Internal control and management guidance
J. Account. and Econ.
(2009) - et al.
Audit and non-audit fees and capital market perceptions of auditor independence
J. Account. and Public Policy
(2009) - et al.
The changing time-series properties of earnings, cash flows and accruals: Has financial reporting become more conservative?
J. Account. and Econ.
(2000) - et al.
Do accountants make better chief financial officers?
J. Account. Econ.
(2016) - et al.
Estimation and empirical properties of a firm-year measure of accounting conservatism
J. Account. Econ.
(2009)