Standard-setters believe high-quality internal audit functions (IAFs) serve as a key resource to audit committees for monitoring senior management. However, regulators do not enforce IAF quality or require disclosures relating to IAF quality, which is in stark contrast to regulatory requirements placed on boards, audit committees, and external auditors. Using proprietary data, I find that a composite measure of IAF quality is negatively associated with the likelihood of management misconduct even after controlling for board, audit committee, and external auditor quality. This result is robust to a variety of other specifications, including controlling for internal control quality and separate estimation during the pre- and post-SOX time periods. A difference-in-differences analysis indicates that misconduct firms have low IAF quality and competence during misconduct years and improve IAF quality and competence in the post-misconduct years. These findings suggest that regulators, audit committees, and other stakeholders should consider ways to improve IAF quality.
This study examines whether and how weak internal controls increase the risk of financial reporting fraud by top managers. Since top managers can override controls, there is a longstanding debate on whether control strength significantly affects fraud risk, yet little evidence on this issue. In fact, prior work suggests that control weaknesses are linked to lower quality accruals associated with errors, not intentional manipulation. We find a strong association between material weaknesses and future fraud revelation. We theorize this link could be attributable to weak controls a) giving managers greater opportunity to commit fraud or b) signaling a management characteristic that does not emphasize reporting quality and integrity. We find support consistent with weak controls giving managers the opportunity to commit fraud through entity-not process-level controls. This supports the PCAOB's assertion that entity-level controls reduce the risk of fraud and management override of controls.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.