read article and answer question
BEHAVIORAL RESEARCH IN ACCOUNTING American Accounting Association Vol. 25, No. 1 DOI: 10.2308/bria-50245 2013 pp. 61–87
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors
Jeffrey R. Cohen
Boston College
Colleen Hayes
Australian National University
Ganesh Krishnamoorthy
Northeastern University
Gary S. Monroe
The University of New South Wales
Arnold M. Wright
Northeastern University
ABSTRACT: This study provides insights on the effectiveness of the Sarbanes-Oxley Act (U.S. House of Representatives 2002) in promoting high-quality financial reporting
and good corporate governance, based on interviews conducted with 22 experienced
directors from U.S. firms. Our analysis indicates that SOX has positively impacted the
monitoring role of the audit committee (board), which directors attributed to the financial
expertise and internal control requirements and heightened substantive diligence.
However, some considered that an emphasis on financial expertise at the expense of
legal expertise and financial markets expertise could compromise the quality of financial
disclosures due to a lack of business savvy needed to inform accounting judgments and
the standardization of reporting. SOX was also perceived as having led to a formalistic
approach to accounting policy decision making by the audit committee and external
auditor, as a buffer against litigation. While CEO certification was viewed as having led to
heightened ownership and diligence on the part of decision agents throughout the
financial reporting decision hierarchy, it was also identified as a source of the costly
resource-intensive reaction to SOX. Directors also considered that SOX had led boards
to take a narrow focus on financial reporting risk at the expense of strategy. Further,
We thank the anonymous reviewers for their helpful comments and suggestions. We also thank Theresa Libby (editor) and an anonymous reviewer, as well as Jean Bédard; Noel Harding; Elizabeth Carson; Roger Simnett; the participants at the School of Accounting, The University of New South Wales and the Nyenrode University seminar series; and the participants at the Asia-Pacific Conference, The Australian National University ANCAAR Forum, the 2009 ISAAR symposium, and the 2009 AAA Annual Meeting for their helpful comments and suggestions. Our special thanks go to the directors who participated in the study.
Theresa Libby, Accepting Editor.
Published Online: July 2012
61
management was identified as being actively involved in the more overt process of
initiating and administering the process. The directors’ responses also demonstrate
some variation in the extent and nature of the role played by the audit committee to
resolve accounting disputes, reflecting varying interpretations of law. Participants
indicate that SOX has also led to a substantial improvement in the scope, responsibility,
and status of internal auditors.
Keywords: corporate governance; audit process; Sarbanes-Oxley Act; risk manage- ment; qualitative research.
Data Availability: Contact the authors.
INTRODUCTION
I n response to a number of significant financial reporting failures such as Enron and
WorldCom, the Sarbanes-Oxley Act (SOX) was enacted in July 2002. SOX significantly
expanded the authority and responsibilities of the audit committee and board in overseeing
financial reporting and internal controls. In this study, we investigate the following overarching
research question: What are directors’ experiences with respect to the effectiveness of SOX
regulation in achieving high-quality financial reporting? To address this question, we interviewed
22 experienced directors of U.S. companies about their experiences with financial reporting and
auditing processes in the five years following the implementation of SOX.
Interviewing directors provides an important window into how public corporations have
responded to SOX. As a key agent of change, directors play a major role in mediating the impact of
the legislation on auditing and financial reporting. While SOX prescriptions—for example, the
structural attributes and responsibilities of the audit committee—may, on the one hand, be viewed
as coercive, they are neither self-enforcing nor without ambiguity. 1
Agents of change must, to
varying degrees and depending on the level of ambiguity involved, decide ‘‘what constitutes
compliance and what actions they will take to demonstrate compliance’’ (Edelman et al. 1999,
409–410). At the same time, however, defining compliance can be challenging since it is a
politically contested space i.e., ‘‘many voices . . . vie for favorable interpretations of law’’ (Edelman et al. 1999, 407). As a result, the organizational response to a law varies between compliance,
effecting substantive change, and resistance to change, and is emergent and dynamic (Edelman
1992).
From the perspective of corporate directors, there is limited prior research on the perceived
effectiveness of SOX with respect to its impact on audit and financial reporting quality. Tremblay
and Gendron (2011, 260) found a logic of resistance prevailed over that of compliance in Canadian
audit committee members’ evaluations of the efficacy of SOX, leading the researchers to conclude
that there is the ‘‘possibility of post-Enron reforms being severely limited in engendering
meaningful change.’’ Cohen et al. (2010), on the other hand, found that U.S. auditors reported that corporate governance of financial reporting had substantially improved post-SOX. The apparent
divergence in these findings may be partially explained by territorial nuance (Tremblay and
Gendron 2011), but also by the unintended effects of the legislation.
Our study also extends Cohen et al. (2010) in two important ways. First, Cohen et al. (2010)
interview auditors and, in that respect, report indirect evidence of the impact of SOX on audit
committee and board processes, whereas we interview board members directly. Second, our explicit
1 The structural attributes involve independent membership and financial expertise. The responsibilities are to appoint, terminate, compensate, and oversee the auditor, monitor internal controls, establish whistle-blowing procedures, and pre-approve the joint provision of the audit and nonaudit services.
62 Cohen, Hayes, Krishnamoorthy, Monroe, and Wright
Behavioral Research In Accounting Volume 25, Number 1, 2013
overall objective is to evaluate directors’ experiences with respect to the effectiveness of SOX
regulation in achieving high-quality financial reporting and how directors perceived that
management translated SOX requirements into action. 2
We find evidence that the audit committee has assumed the monitoring role vested in it by
SOX. This is manifest, for example, in an increased interaction between the audit committee and the
external auditor, and the audit committee chair and the external auditor; in the heightened attention
to matters of audit and financial reporting addressed in those exchanges; and in the desire for greater
transparency. Directors frequently attribute the heightened monitoring role to SOX provisions such
as those that enhance the relationship of the external auditor to the audit committee, that require
audit committee involvement with SOX 404 internal controls, as well as the provision that requires
disclosures with respect to financial expertise of audit committee member(s). At the same time,
however, management was identified as being actively involved in managing the auditor
appointment/termination process. In general, an overwhelming majority of the participants consider
that SOX has enhanced the quality of financial reporting. However, several respondents considered
that the cost of compliance has been excessive and that this was compounded where attention to
compliance had come at the expense of strategy (e.g., value creation). The cost of compliance was
driven by resource-intensive efforts, including excessive attention to detail, which was attributed to
a heightened sense of litigation risk surrounding SOX. Interviewees pointed out that the compliance
environment was also characterized by a rules-based approach to accounting policy choice, which
does not bode well for promoting the quality of financial disclosures.
The remainder of the paper is organized as follows. The next section provides the background
and the research question, while the subsequent section describes the method. We then present the
results of the study. The last section concludes with a discussion of the implications and limitations.
BACKGROUND AND RESEARCH QUESTION
SOX seeks to ‘‘protect investors by improving the accuracy and reliability of corporate disclosures’’ (U.S. House of Representatives 2002). However, given the financial and political turmoil surrounding the passage of the legislation through Congress and the lack of empirical
support for the efficacy of certain provisions, it is seen by some as the ill-conceived product of
political expediency that ‘‘can have unintended consequences that may result in more harm than good’’ (DeFond and Francis 2005, 9).
Critics of SOX argue that it is excessively costly as it relates to compliance costs resulting from
Section 404 (e.g., Butler and Ribstein 2006; Galindo-Dorado 2005), increased audit fees (e.g.,
Asthana et al. 2009; Griffin and Lont 2007), and increased director remuneration and insurance
costs (Linck et al. 2009). Further, there is evidence of some decline in foreign issuers’ listings that
are alleged to be linked to greater costs and legal exposure due to SOX (e.g., Zhu and Small 2007;
Piotroski and Srinivasan 2008), and at least before the economic crisis of the end of the decade,
there was some belief that SOX allegedly reduced the risk appetite of management (e.g., Bargeron
et al. 2008).
At the same time, other studies indicate that SOX has had positive effects on financial
disclosures, the cost of capital, and firm value (Carcello et al. 2011). For example, Cohen et al.
(2005) report a significant association between the corporate governance mandates generally, and a
decline in earnings management. Ashbaugh-Skaife et al. (2009) find that the improvement in
effective internal controls resulting from SOX lowers information risk, leading to a reduction in the
2 Another related study is Beasley et al. (2009), which looked directly at audit committee experiences in the post- SOX era. However, they did not examine the effects of SOX in promoting the governance and quality of financial reporting and auditing, or its unintended effects.
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors 63
Behavioral Research In Accounting Volume 25, Number 1, 2013
cost of capital, while Aggarwal and Williamson (2006 ) report that SOX regulations are associated
with increased firm value.
The logic underpinning the governance provisions of SOX appears to be grounded in
positivist agency theory, specifically in the separation of the management and control/monitoring
dimensions of the financial reporting decision system, which is designed to protect residual
claimants from managerial opportunism (Fama and Jensen 1983; Jensen and Meckling 1976 ).
The certification provisions in SOX reinforce management’s responsibility for decision
management. The overarching responsibility for monitoring management’s actions with respect
to financial reporting, on the other hand, is with the audit committee and, ultimately, the board.
Support for this proposition is evident in the audit committee’s exclusive authority to appoint,
terminate, compensate, and oversee the auditor, and in the auditor’s responsibility to report to the
audit committee. The strategy is designed to protect the auditor from reprisals from management
and promote the quality of information flowing to the audit committee, board, and the
stockholders.
The rational nature of SOX provisions, together with their obligatory status as Federal law,
invokes ‘‘societal authority’’ (Edelman and Suchman 1997, 483) and renders them part of the institutional (socially constructed) environment of publicly traded corporations. The provisions
provide the criteria by which society understands and evaluates the legitimacy of publicly traded
corporations, notwithstanding evaluations of their efficacy. Lack of congruence between the edicts
and corporate actions renders entities ‘‘more vulnerable to claims that they are negligent, irrational, or unnecessary’’ (Meyer and Rowan 1977 350). Thus, the SOX agency paradigm represents a powerful exogenous force for change in publicly traded corporations. However, the benefits
accruing to investors from increased transparency may be outweighed by the costs associated with
overly conservative decision making and resource-intensive investment in information gathering by
executives, and possibly auditors, which are a means of mitigating the increased litigation risk from
SOX (Ribstein 2002; Linck et al. 2009).
Cohen et al. (2010) investigated perceptions of SOX through the eyes of auditors. In their
study, they examine whether auditors’ experiences with audit committees and boards have changed
significantly post-SOX relative to their experiences pre-SOX (Cohen et al. 2002). Importantly,
auditors report substantially greater audit committee expertise, power, and diligence than in their
earlier study. However, Cohen et al. (2010) also identify instances of the decoupling of SOX
prescriptions from corporate behavior. One fundamental issue of concern is that auditors often note
that management still has significant influence in the auditor appointment/termination decision,
which may signal a lack of effective separation of decision management and control. Further,
Cohen et al. (2010) report that audit committees frequently do not actively participate in helping to
resolve auditor-management accounting disputes, preferring instead to be informed of the outcome
on the matter. Cohen et al. (2010) call for additional research capturing the experiences of members
of the audit committee and the board, as well as those of management, in order to provide a more
systematic and complete approach to mapping and therefore understanding the impact of the
legislation.
In this study, we respond to that call by examining the experiences of audit committee and
board members on those and other issues. Since the SOX legislation is so broad, it is possible that
directors may have ambiguous perceptions about the effectiveness of the legislation supporting
some measures and viewing others through a negative lens. This could be attributed to individuals
not operating wholly within one role (Malsch et al. 2012). Further, the perceptions of the
participants and the manner in which they process and interpret information could potentially be
influenced by the multiple accountabilities they confront, such as being accountable to the board as
well as being accountable to the legislation in their own business experiences (Peecher et al. 2011).
The overall objective of the study is to gain insight into directors’ perceptions of the effectiveness of
64 Cohen, Hayes, Krishnamoorthy, Monroe, and Wright
Behavioral Research In Accounting Volume 25, Number 1, 2013
SOX with respect to enhancing the quality of the financial reporting process. The criterion for
assessing effectiveness is that the legislation has achieved what it intends—enhanced auditing and
financial reporting processes as a means of improving the accuracy of financial reporting
disclosures. Based on the foregoing discussion, our study is guided by the following overarching
research question:
RQ: What are directors’ experiences with respect to the effectiveness of SOX regulation in achieving high-quality financial reporting?
RESEARCH METHOD
Consistent with Cohen et al. (2010) and Beasley et al. (2009), a semi-structured interview
approach was used to address the research question. The voluntary participation of directors was
sought through personal contacts. Given that SOX applies to all public corporations listed on U.S.
stock exchanges, the directors were chosen with a view to capturing a cross-section of corporate
governance experience, industries, and company size. Twenty-two experienced directors were
interviewed in four cities: Boston, Los Angeles, Chicago, and New York. Twenty of the 22
directors served as audit committee members prior to or post-SOX. Sixteen of the 20 directors were
serving as audit committee members in the post-SOX era, and all but one served in that capacity
prior to SOX. 3
Two of the 16 participants chaired the audit committee in the post-SOX era. A
further ten directors had chaired audit committees prior to the introduction of SOX. Eighteen were
serving on the corporate governance and nominations committee, and 17 on the compensation
committee. The number of years the participants had served in a director capacity ranged from 5 to
40 years and averaged approximately 21 years. The directors served on the boards of 1 to 21
corporations over that time and averaged 8.59 corporations. The companies spanned a broad
spectrum of the economy including finance, health, technology, industrial and manufacturing,
natural resources, retail, and bio-medical sectors, and ranged in size from around U.S.$20 million to
U.S.$150 billion in revenues. In all, as desired, the sample reflects a diverse, highly experienced
group of corporate directors with significant involvement in oversight of the financial reporting
process both before and after SOX.
The interviews were conducted over a five-week period in 2007 just before the financial crisis
of late 2007. The interviews varied in length from 30 to 60 minutes. All interviews were
conducted by a single person in the offices of the participants, with the exception of one interview
that was conducted by telephone. A number of measures were taken to ensure the trustworthiness
of the data (Lincoln and Guba 1985). A copy of the instrument was sent to the participants prior
to the interviews. Further, each interview began by describing the purpose of the study and
emphasizing that we were interested in the interviewee’s individual experiences as a director and
that there were ‘‘no right or wrong answers.’’ Permission was sought to tape record each interview, and this was granted in each instance. At the same time, the interviewees were assured
that anonymity would be provided to them, their employing organization, and the boards on
which they serve, and that the information we gathered would be used for ‘‘educational and research purposes only.’’ A professional transcription provider transcribed the recordings verbatim. Given that the transcripts were based on actual recording of interviews (rather than
based on notes taken during the interview), and considering that the participant pool consists of
very high-profile, busy individuals, we did not send the transcripts back to the respondents for
3 The director who had not served in that capacity prior to SOX was appointed in the time leading up to the promulgation of SOX. However, the results of our study do not change qualitatively if we eliminate this participant or the two board members who had not served as audit committee members.
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors 65
Behavioral Research In Accounting Volume 25, Number 1, 2013
their review. However, in order to ensure that the transcripts faithfully captured the audio
recordings, a member of the research team test-checked the transcripts with the related audio
recording. We believe these measures provide a high degree of assurance that the transcripts
faithfully captured the responses of the participants.
The interview questions were based on Cohen et al. (2010). Additional questions were added to
our study based on SOX provisions and SOX-related academic literature (e.g., Linck et al. 2009;
Bargeron et al. 2008) prior to commencing the interviews. The additional questions related to audit
committee selection including the role of the CEO, and SOX and corporate risk taking. The final set
of questions related to the following broad areas: auditor appointment/reappointment and dismissal
decisions; interaction between the audit committee and the auditor, and its impact on aspects of the
audit process; interaction with internal auditors and management; and other issues. Prior to
commencing the interviews, the interview questionnaire was reviewed by two experienced
directors, which resulted in minor changes. Finally, a further two questions involving the following
issues were added: whether, irrespective of cost, SOX had led to an improvement in the quality of
financial reporting; and rating the overall cost-benefit calculus of the legislation with respect to
financial reporting. The majority of the questions asked directors to identify specific changes in the
effectiveness of SOX with respect to financial reporting quality in the five years following the
introduction of SOX.
The approach to the interviews was guided by the pre-determined set of interview questions.
The respondents frequently voluntarily provided complementary information. Additional
questions were used to probe further the line of responses, where appropriate. A coding scheme,
based on Cohen et al. (2010), was initially developed to capture and analyze the data in the
transcripts. The coding scheme was further refined to ensure that the data were captured and
coded consistently and reliably across the various coders. Quotations supporting the key
indicators and the related themes were identified and incorporated into the coding scheme. The
interview transcripts were then coded by two members of the research team with an average
initial inter-coder agreement of 84 percent, indicating a high level of coding reliability (Miles and
Huberman 1994). Differences in coding were discussed between the two coders and, where
possible, reconciled by the two coders by revisiting the data. Any unreconciled differences in
coding were resolved by a third researcher.
RESULTS
Consistent with Cohen et al. (2010) and given the focus of this study on the effectiveness of
SOX, we discuss the results under the rubric of the following broad issues: auditor appointment/
reappointment and dismissal decisions, interactions between the audit committee and the auditor,
financial expertise and power of the audit committee, audit committee appointments, internal
auditors, management certification, the board, and financial reporting quality and corporate risk
taking. The profile of a participant is given after each quote. The profile provides the following
three items of information in the order in which they are listed: committee representation
(experience) in the post-SOX era, which was also current at the time of the interviews; whether the
companies represented were listed on the NYSE, NASDAQ; and pre-SOX audit committee
experience (PSACE), where applicable. The number and percentage of the directors’ responses to
the questions and/or attributes of the questions are provided in Table 1. 4
4 Table 1 provides some indication of the attitudes that the directors have about the impact of SOX. The figures must be viewed in the context of the results section, which provides much more detail and introduces important nuances.
66 Cohen, Hayes, Krishnamoorthy, Monroe, and Wright
Behavioral Research In Accounting Volume 25, Number 1, 2013
TABLE 1
Responses from Directors
Total Number of Participants (with Audit Committee Experience) ¼ 22 (20) Open-Ended (OE) or Closed-Ended (CE) Question n Percent
Auditor Appointment/Reappointment and Dismissal Decisions OE Most Influence on Hiring/Firing Auditor (Note 1)
Audit Committee 19 86%
Management (CEO, CFO) 15 68%
Board of Directors 7 32%
Stockholders 1 5%
Other (specify) 0 0%
CE Percentage Influence on Hiring/Firing Auditor (Note 2)
Audit Committee 53%
Management (CEO, CFO) 33%
Board of Directors 11%
Stockholders 3%
Other (specify) 0%
Interaction between the AC and Auditor OE Specific changes with respect to effectiveness of the typical AC (Note 1)
More rigorous/more work 10 45%
Longer/more frequent meetings 4 18%
More focus on controls 3 14%
More questions 2 9%
More structured/bureaucratic 3 14%
More skeptical/independent 1 5%
Chair of AC has direct relationship with external auditor 2 9%
Other 5 23%
Frequency of meetings with external auditor and issues discussed a
CE Frequency of meetings (Note 2) 5.6
OE Issues discussed at meetings (Note 1)
Accounting/Auditing issues 10 50%
Audit risk 6 30%
Results of audit 5 25%
Compliance-related issues 6 30%
Disagreements with management 5 25%
Internal control and control environment 7 35%
Audit plan 4 20%
Audit fees 3 15%
Accounting personnel 2 10%
Auditor independence 1 5%
Quarterly review 1 5%
Other 9 45%
CE Impact of discussions with external auditor on auditor’s: a
(Note 2)
Overall risk assessment 8 53%
Nature and extent of audit work performed 8 57%
Resolution of contentious issues 6 46%
Type of audit report 3 25%
(continued on next page)
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors 67
Behavioral Research In Accounting Volume 25, Number 1, 2013
TABLE 1 (continued)
Open-Ended (OE) or Closed-Ended (CE) Question n Percent
CE Role of AC in establishing and maintaining controls (Note 2) 22 100%
OE Changes in the last five years with respect to interactions with auditors (Note 1)
Lots of questions 8 36%
Meetings more intense 5 23%
Upfront planning 3 14%
Challenge management and auditors 3 14%
More formal 5 23%
Focus on controls 3 14%
Focus on accounting issues 2 9%
Focus on audit risk 0 0%
Focus on compliance 1 5%
CE AC Financial Expertise (Note 2)
Does AC have sufficient financial expertise? 22 100%
AC financial expertise varies by industry, size, or other factors? 15 83%
Is the difference between the most and least qualified AC member
significant?
12 67%
CE AC Power and authority (Note 2)
Sufficient power and authority to confront management? 21 95%
AC power and authority vary by industry, size, or other factors? 15 79%
CE Exercise of AC power and authority a
(Note 2)
Has AC exercised power and authority? 13 93%
Interaction with internal auditors and management (Note 2) CE
Role of internal auditors changed in the last five years? 19 95%
Working relationship between internal and external auditors changed
in the last five years?
16 76%
CE Impact of Sarbox certification requirements on: (Note 2)
Integrity/quality of financial reporting 15 68%
The audit process 6 35%
Other Issues CE Effectiveness of the typical board with respect to the financial reporting
process over the last five years b
(Note 2)
2.77
OE More inquisitive/probing (Note 1) 3 14%
OE BOD is more serious about their responsibility (Note 1) 9 41%
OE BOD has more leverage (Note 1) 1 5%
OE Members sitting on fewer boards (Note 1) 1 5%
OE Other (Note 1) 6 27%
CE Awareness of the board regarding responsibilities and exposure
changed in the last five years? (Note 2)
20 91%
OE Divide tasks among directors (Note 1) 1 5%
OE Litigation risk (Note 1) 6 27%
OE Other (Note 1) 2 9%
CE Willingness to serve on boards and AC changed in the last five years?
(Note 2)
20 91%
OE Serving on fewer boards (Note 1) 8 36%
OE Serving on boards longer (Note 1) 1 5%
(continued on next page)
68 Cohen, Hayes, Krishnamoorthy, Monroe, and Wright
Behavioral Research In Accounting Volume 25, Number 1, 2013
TABLE 1 (continued)
Open-Ended (OE) or Closed-Ended (CE) Question n Percent
OE Serving based on corporate reputation (Note 1) 1 5%
OE More cautious/litigation risk (Note 1) 10 45%
OE Other (Note 1) 6 27%
Selection of members to serve on the AC
OE How are board members selected for AC? (Note 1)
Nominations/Governance Committee recommendation 9 41%
CEO nomination 7 32%
Based on skills set 14 64%
Other 3 14%
CE Influence of the CEO on the selection of members to serve on AC?
(Note 2)
16 73%
CE Does typical AC help resolve contentious issues between the auditor
and the management? (Note 2)
17 77%
OE AC has necessary skills (Note 1) 4 18%
OE Issues resolved ahead of time (Note 1) 2 9%
OE Other (Note 1) 4 18%
CE Has SOX impacted corporate risk taking? (Note 2) 9 43%
OE Reduced risk taking (Note 1) 4 18%
OE Other (Note 1) 5 23%
CE Irrespective of cost, has SOX led to improved financial reporting?
(Note 2)
16 89%
OE Led to more standardization (Note 1) 1 5%
OE Other (Note 1) 3 14%
CE Overall cost-benefit of SOX c
(Note 2) 5.81
OE Litigation risk (Note 1) 1 5%
OE Other (Note 1) 2 9%
Responses to open-ended (OE) questions (e.g., From your experiences as a director in the past five years, who do you believe actually has the most influence in decisions with respect to: (a) hiring, and (b) firing auditors in a public company?) are coded as 1 (0) if the indicated response was (was not) identified by the respondent. The percentage reflects the total number of participants indicating the response out of a total of 22 (or 20) participants. For example, 19 (3) out of 22 participants identified (did not identify) ‘‘Audit Committee’’ in their response to the above question, resulting in an 86 percent score. Responses to closed-ended (CE) questions (e.g., In your experiences as a director, do you believe that SOX has impacted corporate risk taking?) are coded as 1 ¼ Yes, 0 ¼ No, or NA ¼ Not Available. A response was coded as ‘‘NA’’ if the question was not asked or if the participant did not respond to the question. Responses coded as ‘‘NA’’ were excluded from the computation of percentages. For example, 9 (12) participants indicated that SOX has (has not) impacted risk taking, with one participant classified as ‘‘NA,’’ resulting in a computation of 43 percent (9 out of 21) indicated in the table. a
Based only on responses from participants with audit committee experience. b
Responses based on the following scale: More effective ¼ 3; Same ¼ 2; Less effective ¼ 1. c
Responses based on the following scale: costs . benefits ¼ 1; benefits equal costs ¼ 5; benefits . cost ¼ 10.
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors 69
Behavioral Research In Accounting Volume 25, Number 1, 2013
Auditor Appointment/Reappointment and Dismissal Decisions
Participants were asked to identify who, in substance, had the most influence in the decision to
appoint the auditor, and to provide the percentage influence of the stakeholders involved (Table 1). 5
This was the first of a series of questions that are fundamental to evaluating the strength of the
relationship between the audit committee and the external auditor, which from an agency theory
perspective has implications with respect to the balance of power between management and the
external auditor.
Eighty-six percent of the directors identified the audit committee as having the most influence
by virtue of the power of veto, i.e., exercising decision control (Table 1). 6
One of the directors who
indicated that the power was with the audit committee stated:
I think it is fair to say that the audit committee does and it certainly didn’t used to be the
case. It used to be the CEO, but certainly in those situations that I have been involved in I
would say the audit committee has become, I think to say far less of a rubber stamp. I
mean they [the audit committee] really have become the decision maker. [Audit, corporate
governance and nominations, and compensation committee board member. NASDAQ.
PSACE]
Another with a similar view stated:
The audit committee, no question . . . The law is very clear on that subject . . . The intent is clear and I think most people are doing it. Now, there are conversations between the
chairman of the audit committee and the chief financial officer and the CEO, but I think at
the end of the day in most public companies that I’m familiar with, the decision is the audit
committee. [Compensation and other committee board member. NASDAQ. PSACE]
Another director stated:
It is at least 90 percent the audit committee so management has some impact. We just
changed auditors and it was a discussion that came up among the audit committee, but it
was recommended by management. But all the decision rights were [with] the independent
directors on the audit committee. [Audit, corporate governance and nominations,
compensation, and other committee board member. NASDAQ. PSACE]
However, while the majority view was that the audit committee exercised the controlling
influence, management was identified as being actively involved in managing (initiating and
administering) the process. The preceding quote, for example, states that the change of auditor was
‘‘recommended by management.’’ To that end, another director stated that ‘‘the audit committee has an overwhelming role today. I mean, this has been probably the single most important change post-
Enron and Sarbanes-Oxley I think.’’ However, he/she went on to state that:
Management has a lot of mediation with an auditor in terms of them [the external auditor]
bringing up last-minute issues, unnecessary escalation of issues, or unnecessary cost
increases that our company might find unreasonable, then it seems like, you know,
management will have an influence, but ultimately the audit committee is . . . the decision maker. [Audit and corporate governance and nominations committee board member.
NASDAQ. PSACE]
5 The percentage of respondents who indicated the most influence in the decision to appoint/reappoint/dismiss the auditor exceeds 100 since some respondents indicated more than one party having the most influence in this decision with respect to the auditor.
6 The overall mean percentage allocated to the audit committee was 53 percent and to management, 33 percent.
70 Cohen, Hayes, Krishnamoorthy, Monroe, and Wright
Behavioral Research In Accounting Volume 25, Number 1, 2013
Another director stated:
It is more of a joint decision than it is an independent decision. I know the audit committee
has the final say. But as a practical matter it’s the management team that deals with the
auditors on a day-to-day basis . . . When you change auditors . . . there’s a lot of work to go
through. There’s the RFP [Request for Proposal] . . . and all the due diligence around selecting the auditor and on and on. So to me it is ultimately, as a practical matter, a joint
decision. [Audit committee chair board member. NYSE. PSACE]
Another participant who identified management as having the most influence over the
appointment of the auditor did so in circumstances where the company has a policy of putting the
external audit to tender every five years. He/she stated that ‘‘that process is run by management.’’
He/she went on to say:
So I think they [management] have the most influence because they [management] set up
the way it is done. We only get to see two or three of the finalists, probably two, and they
[audit firms] will have been screened by management, so they [management] have a lot of
influence. [Corporate governance and nominations, and compensation committee board
member. NYSE. PSACE]
Interactions between the Audit Committee and the Auditor
The next set of questions concerned the interactions between the audit committee and the
external auditor (Table 1). The questions provide insight not only into the strength of the
relationship between the auditor and the audit committee, but also into the nature of the issues
discussed such as issues of audit risk.
The first question asked the directors to specify changes since SOX in the effectiveness of the
audit committee in fulfilling its responsibilities with respect to the financial reporting process.
Several directors stated that there has been a change in the effectiveness of the audit committee
because the ‘‘bar has been raised’’ [compensation and other committee board member. NASDAQ.
PSACE] on several dimensions. The changes were frequently attributed to SOX provisions,
including the requirement relating to audit committee financial expertise and SOX 404 internal
controls, illustrated in the following quotation from one of the directors:
There has been actually quite a bit of change because the requirements for financial
expertise have had a marked change in the way audit committees function, because I think
audit committees in general did not necessarily have particular experts on them. They
[audit committees] should have, but some boards didn’t have much financial expertise. So
the requirement of financial expert has had an important impact. The whole SOX 404
controls have had . . . an impact and then there has been a kind of increased emphasis on
. . . risk analysis. I think if you go back five years ago the audit committee was narrowly
looking at financial things. Now the audit committee is looking at the financial audit, it is
looking at the control compliance audit. [Audit, corporate governance and nominations,
compensation, and other committee board member. NASDAQ. PSACE]
The source of change was attributed by another director to the fact that the ‘‘relationship with
the independent auditor now belongs to the audit committee. That didn’t happen before. It was with
the CFO’’ [audit committee board member. NYSE]. Respondents also indicated an increase in audit
committee diligence (DeZoort et al. 2002; Cohen et al. 2004) and further indicated that the change
in attitude was substantive (Tremblay and Gendron 2011). For example, one director stated, in
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors 71
Behavioral Research In Accounting Volume 25, Number 1, 2013
relation to the changes he/she had observed in the past five years in the interactions between the
audit committee and the auditors, that:
They [audit committee meetings] have gone way up. We used to have an audit committee
meeting for about two hours on the day of a board meeting. But the audit committee now
meets for probably about eight hours the day before the board meeting. And that time is
spent mainly with the outside auditors . . . [they] are always there. And the chair [chairman of the audit committee] probably talks with the lead guy in the accounting firm, I would
guess, for 5 or 10 hours between meetings. And that was never much the case. [Corporate
governance and nominations, and compensation committee board member. NYSE.
PSACE]
Respondents also indicated that the time spent in meetings was used to discuss substantive
issues, as reflected in the following quote:
In the past, the 10Qs might have been done a lot more lightly. The annual meeting used to
be the main thing and the annual report. The 10Qs, maybe the audit committee chair would
just, you know, take care of it. A lot of times it may have been done on a telephone call or
something like that. Now, actually, they [the audit committee and external auditor] are
meeting many times. [Audit, corporate governance and nominations committee board
member. NASDAQ. PSACE]
This is also reflected in the following issues that respondents identified as being addressed in
meetings between the audit committee and external auditor:
Certainly, 404 and 303 and all the things that have gone on with respect to those. A report
by the auditor of any financial statements, of course, that we [the corporation] have
produced. [Audit committee board member. NYSE. NASDAQ. PSACE]
So we [the audit committee] are always discussing with them [the external auditor] what
they have been doing and what the management internal auditing group has been doing to
assist them. [Audit, corporate governance and nominations committee board member.
NYSE. PSACE]
One of the major things that gets discussed is tone at the top, especially when you are
dealing with this 404 compliance. [Audit, corporate governance and nominations,
compensation, and other committee board member. NASDAQ. PSACE]
The audit plan is the big one . . . certainly at the planning stage how they [external auditor] assess the risk involved. [Audit and corporate governance and nominations committee
board member. NYSE. PSACE]
We [the audit committee] go through the assumptions, auditing planning and coverage . . . We try to find out in real time what they’re [the external auditor] focusing on. How well
they [the external auditor] are working with senior management, how well they [the
external auditor] are working with the internal audit staff. [Audit committee board
member. NYSE]
Typically you [the audit committee] try to ascertain whether in the auditor’s view the
company’s control systems are solid enough, whether the company has any material
weaknesses in any of its controls. You of course try to determine whether management is
72 Cohen, Hayes, Krishnamoorthy, Monroe, and Wright
Behavioral Research In Accounting Volume 25, Number 1, 2013
cooperating fully with the auditors; how is the audit function going; compliance issues,
potential problems that are coming up. [Audit, corporate governance and nominations, and
compensation committee board member. NASDAQ. PSACE]
Further, the auditor was not without scrutiny: ‘‘We [the audit committee] spend a lot of time on systems and processes, including what we see as their [the audit firm’s] strengths and weaknesses’’ [audit committee board member. NYSE]. To that end, a minority of directors identified
deterioration in the relationship between the audit committee and the auditor, post-SOX, as being
due to a decline in audit service quality. One of the participants described the relationship as a
‘‘double-edged sword,’’ going on to say:
On the one hand there is much more communication going on between the auditors and
the audit committee. But . . . also . . . management are frustrated with the way auditors are treating them in the last four or five years because . . . the work that auditors have has increased dramatically because of SOX 404 certification. And so the frustrations that
management have, one the timeliness with which things are getting done and the staff
quality . . . there is more variance I think with this. Number two, costs have escalated dramatically, and on both those counts management constantly complains to audit
committees. [Audit and corporate governance and nominations committee board member.
NASDAQ. PSACE]
The same participant went on to identify the ‘‘number one source of angst for audit committees today’’ as follows:
Auditors have gotten too non-responsive, too technical, many times they want to report to
their national head office for answers, and so they’re not able to give quick answers. Like,
they give the answer and then they change it at the last minute and so there’s just a lot of
. . . frustration. [Audit and corporate governance and nominations committee board member. NASDAQ. PSACE]
The reference to the auditor having ‘‘gotten too non-responsive, too technical’’ reflects increased decision making by ‘‘rule,’’ which may diverge from what the decision maker considers appropriate in the circumstances (Schauer 1988). Perhaps decision making by rule provides a more
objective defense (legitimacy) in the face of litigation risk than discretion. 7
Further, as the following
quote shows, the phenomenon was not confined to the auditor, but extended to the audit committee:
The process of the audit committee dealing with the auditors is now more standardized or
rigid, more rules based. That is, everyone tries to be careful to make sure all the rules are
satisfied. And so the complaint you often hear by the audit committee and the auditors is
that things are far too rigid, it’s hard to have a conversation about, you know, does it really
make sense, you know, can we work this through in a different way . . . good conversation[s] about flexibility sometimes aren’t held. [Audit and corporate governance
and nominations committee board member. NYSE. PSACE]
There also appears to be a heightened adversarial relationship between the audit committee and the
external auditor in the post-SOX era, as evidenced by the following quote:
It [the relationship between the audit committee and the external auditor] has become more
adversarial and we [the audit committee] view the auditors a bit more like policemen. The
7 Decision making by rule leads to the standardization of financial reporting; and from an institutional theory perspective, the resulting model is viewed as rational on the basis of its wide use rather than its inherent correctness (Edelman et al. 1999, 410).
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors 73
Behavioral Research In Accounting Volume 25, Number 1, 2013
auditors used to work very closely with our internal people and it probably was the wrong
way to do it. But they [the external auditor] have sort of moved to the other extreme where
they are substantially less helpful at the beginning and they are more contentious at the
end. [Audit, corporate governance and nominations, compensation, and other committee
board member. NASDAQ. PSACE]
Sarbanes-Oxley has made this stuff very complicated, because what it does is it, whereas
you [the audit committee] used to work together with the auditor, auditors have now been
turned into policemen, who if they miss a traffic stop can lose their franchise, and they’re
acting as such. [Audit and other committee board member. NYSE. PSACE]
Some directors also tempered what they considered to be the benefits of the legislation by an
overreaction to SOX on the part of management, the audit committee, and the external auditor,
resulting in a loss of time for all concerned. The overreaction, as the following quotes reveal,
involved excessive attention to detail and a ‘‘ticked every box’’ mentality (Tremblay and Gendron 2011, 269):
Sarbanes-Oxley, over the past five years, has been a big hurdle . . . it has enhanced the emphasis on internal controls. It has enhanced a focus on processes. It has enhanced a
great deal of attention on technology and how that technology helps in making sure that
things are working well but on the other hand, I think it has . . . forced . . . the management to be paying a lot of attention to it, not that they paid less, but more. So the disclosure
committee must meet before the audit committee meets, tell us all the decisions that they
had to make and why they made it, and give us the facts to see if we agree with them or not
[reluctance to exercise judgment], but on the other hand it has . . . to some extent, created more burden for the organization as well. So it has caused more bureaucracy to be
introduced into the system and you see that in terms of lots of boxes that need to be
checked, so to say, just to meet Sarbanes-Oxley. I’m not quite sure I would have needed
that much to be satisfied myself with internal controls. So, lots of pluses but some minuses.
[Audit committee board member. NYSE. NASDAQ. PSACE]
Well, it is just that under Section 404 there is all this concern with processes that they [the
audit committee] would sometimes in the past have discussed and would never have got as
deeply involved in such detail. [Audit, corporate governance and nominations committee
board member. NYSE. NASDAQ. PSACE]
An additional question asked the participants whether, in their experience as directors, the audit
committee played a role in helping resolve contentious accounting and financial reporting issues
between the auditor and the management (Table 1). For this question, 77 percent of the audit
committee respondents perceived that the audit committee did play some role, but there was some
disagreement. For example, one respondent stated that ‘‘the contentions have been more about whether [the auditor] had the right people or . . . enough people really able to legitimately audit what goes on with some of the financial practices, etc.’’ [audit and corporate governance and nominations committee board member. NASDAQ. PSACE]. The participant attributed the latter to
the SOX era and the collapse of Arthur Andersen.
The directors’ responses also demonstrated some differences in understanding of the nature of
their role under those circumstances, i.e., as arbiter or mediator, as reflected in the following
quotations of two of the directors:
Yes, they [the audit committee] do. In fact it’s a role that this committee plays quite well.
In relation to the earlier conversation [providing for future claims], management had very
74 Cohen, Hayes, Krishnamoorthy, Monroe, and Wright
Behavioral Research In Accounting Volume 25, Number 1, 2013
strong feelings it was less representative of the true liability than the method being offered
by the auditor. The audit committee had to referee the fight, and finally decided we should
do it the way the auditor wanted. [Corporate governance and nominations and
compensation committee board member. NYSE. PSACE]
Increasingly so. I’m finding that on the audit committees I serve, the financial experts are
always called in to resolve . . . issues between the two . . . I don’t know if I would say it’s the audit committee or whether the help of the audit committee is sought to say, ‘‘Well we
have this issue. Do you want to get some third party in there? Should we go talk to a
particular consultant or professor who knows this thing?’’ You might be able to add your
own point of view, but you obviously can’t exclusively resolve it. [Audit committee board
member. NYSE. NASDAQ. PSACE]
The directors were also asked about their experiences with the role that the audit committee
played with respect to establishing and maintaining effective internal controls under Section 404.
The unanimous response was that the audit committee played a major role in that respect (Table 1).
Financial Expertise and Power of the Audit Committee
Turning now to structural attributes of the audit committee arising out of SOX, the directors
were asked whether they considered that the audit committee had sufficient financial expertise to
effectively deal with financial reporting, auditing, and internal control-related issues. Respondents
indicated that audit committees did have sufficient financial expertise, 8
and further indicated that the
audit committee financial expertise varied by industry, size, or other factors:
[B]ecause if you have a small company or a medium-sized company, you typically have
fewer number of directors, and the number of people who are on that, among those
directors who are financially certified, may not be high, and therefore an undue burden
may fall on one or two people, and in fact in some medium-sized [companies] you may not
have as many qualified people as you really want to have on that audit committee.
[Nominations and corporate governance and other committee board member. NYSE.
NASDAQ. PSACE]
In general, however, the respondents considered that the audit committee had sufficient
expertise because the financial expertise criterion was broad based, as per the following quote:
Two of us are considered financial experts. I am a CPA and so is another member, and the
other has a financial background, so we are well covered. [Audit committee board
member. NASDAQ. PSACE]
Others, however, identified the need to establish a balanced portfolio of skills on the audit
committee. One of the directors acknowledged the need for the depth of the skills set of an audit
committee to match the size and complexity of the organization. The director also stated that
beyond the need for financial expertise, in his/her experience there was also a need for legal
expertise with respect to the issue of compliance and, in addition, ‘‘people who have a good
understanding of financial markets’’ [audit committee board member. NYSE. NASDAQ. PSACE].
The participant stated that on the audit committees he/she serves on, they now have more expertise
8 In responding to a separate question, several participants identified financial expertise as the principal criterion for selecting members to serve on the audit committee, despite the fact that under SOX the criterion is framed as a disclosure requirement only.
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors 75
Behavioral Research In Accounting Volume 25, Number 1, 2013
in relation to all three areas than they had pre-SOX, and that they ‘‘also have a CEO who has more the big-picture expertise’’ [audit committee board member. NYSE. NASDAQ. PSACE].
To that end, some participants raised the issue of whether, in the words of one of them, ‘‘the pendulum has swung too far’’ [audit committee member. NYSE. NASDAQ. PSACE] with respect to the representation of financial expertise on audit committees, possibly adversely affecting audit
committee effectiveness and therefore the quality of financial reporting with respect to the exercise
of accounting judgment. The source of the problem is the skills and mindsets of those most likely to
meet the definition of a financial expert, e.g., CFOs and accounting professionals. In the words of
one of the directors, ‘‘the problem with CFOs and auditors are they are rules-based people; they aren’t judgment-based people’’ [corporate governance and nominations and compensation committee board member. NYSE. PSACE]. The implications for the quality of financial
disclosures, and, ultimately, risk management, revealed in the following response of one of the
directors lie in the lack of ‘‘business savviness’’ needed to inform accounting judgment, which is ultimately concerned with controlling for market uncertainty:
[T]he real value in financial reporting oversight of audit comes from connecting business
issues with financial reporting issues. Because technical financial reporting issues are
going to be handled correctly by the management and the auditors . . . the audit committee can bring no competitive advantage in that respect. But where you have judgment . . . in a clause, in a case clause or in policy choices, and that judgment centers on knowing
something about the business, board members can bring it, add value. Now if you have too
many people that are ex-directors and ex-CFOs, they usually try to replicate what the
management or the auditors have done rather than bring a new perspective, which is a
business perspective that says that given what I see is going on in the industry or . . . that I make of this business, should we be . . . putting more reserves or should we be following this capitalization policy . . . the kinds of questions . . . you need less technical knowledge for it, but more business savviness, and then connecting the business savviness with
financial reporting . . . so there are still issues there. [Audit and corporate governance and nominations committee board member. NASDAQ. PSACE]
Thus, a focus on rules could lead board members to miss the greater risks inherent in an
uncertain economy and an ever-changing business climate. A few directors stated that, in their
experience, over-representation of the financial expertise criterion was inhibiting the acquisition of
firm-specific knowledge of board members, as it was restricting the rotation of board members
through the audit committee—either because new board members lacked the requisite financial
skills or, in the words of one of the participants, ‘‘because to get somebody on the audit committee who is qualified, you don’t want him to go anywhere else’’ [compensation and other committee board member. NASDAQ. PSACE].
Participants also indicated that an audit committee’s financial expertise could vary based on
industry or other factors, as well as on the size criterion referred to earlier (Table 1). A few
participants with experience in the finance industry identified the complexity of finance transactions
as a basis of difference in expertise between members. To that end, one of the participants stated
that ‘‘when you are dealing with derivatives and hedging, nobody will say that they’re an expert in that’’ [audit committee board member. NYSE]: a foreboding comment in the light of the then- impending exposure relating to the sub-prime crisis in October–November 2007. Finally, some
participants stated that whether an audit committee had sufficient financial expertise was a function
of, in the words of one of them, ‘‘how complicated your business model is’’ [corporate governance and nominations, compensation, and other committee board member. NYSE. NASDAQ. PSACE].
SOX expressly vests the audit committee with the power to resolve disagreements between
management and the auditor with respect to financial reporting. The legitimacy of the audit
76 Cohen, Hayes, Krishnamoorthy, Monroe, and Wright
Behavioral Research In Accounting Volume 25, Number 1, 2013
committee’s determinations accrues from its independence from management (Backer 2004). The
authority to engage advisors with the appropriate funding for that purpose underpins that legitimacy
(Backer 2004), as does the financial expertise criterion. However, the effectiveness of the structural
attributes relies upon all parties involved, including management and directors, complying with the
spirit, not just the letter of the law (‘‘tone at the top’’) (Backer 2004; Kalbers and Fogarty 1993).
Therefore, the directors were asked whether the audit committee has sufficient power and authority
from the board to engage management in dealing with contentious financial reporting, auditing, and
internal-control-related issues, and whether that varied by size, industry, or other factors. The vast
majority (95 percent) considered that the audit committee had sufficient power and authority from
the board, and 79 percent of the participants indicated that this was dependent upon size or industry
(Table 1). The reasons given were twofold. First was the fact that SOX had vested the power and
authority in the audit committee:
Yes [the audit committee does have sufficient power and authority from the board
because] . . . under Sarbanes-Oxley, audit committees have almost become an independent body, independent of the board. Because they’re independently employed to do certain
things . . . setting the audit fees, selecting the auditor, and those kinds of things. The board really can’t do much. [Audit, corporate governance and nominations, committee board
member. NASDAQ. PSACE]
The second and predominant reason centered on social dynamics, as shown in the following
quotes:
I’d say ‘‘yes’’ [the audit committee does have sufficient power and authority from the
board]. And I’d go back to what we talked about before, that it’s really more the tone that is set here that governs, than it is the industry, the size of the company, and what have you.
(emphasis added) [Corporate governance and nominations, compensation, and other
committee board member. NYSE]
Audit Committee Appointments
Management also has the capacity to influence the independence of the audit committee
(board) through its power to influence the selection and compensation of its members (Baysinger
and Hoskisson 1990). Therefore, the directors were asked what influence, if any, the CEO had on
the selection of board members who serve on the audit committee. Sixteen participants (73 percent)
stated that the CEO influenced the selection of members to serve on the audit committee. The
reason given was primarily because the CEO wanted it. However, the directors were split on who
had the primary responsibility for the appointment of the audit committees, with some responding
that the governance and/or the nominations committee had it, while others responded that the CEO
had played a significant role in the selection process. The extent of CEO influence, as the following
quotes demonstrate, is reflected in the strength of the adjectives used and in the roles played by the
CEO. These roles involved nominating personnel for consideration by the board (typically the
governance and/or nominations committee) to, by implication, evaluating audit committee member
performance and being consulted by the board with respect to the board’s choice of candidate(s).
Absolutely [the CEO influences the selection process]. I think it used to be binary. If [the
CEO] used to say, ‘‘Why don’t we put Bill on the audit committee,’’ the board would say
‘‘OK.’’ Now the governance committee would look at it and make sure that the CEO is not
stacking the committee and probably made sure there is rotation. [Audit and nominations
and corporate governance committee board member. NASDAQ. PSACE]
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors 77
Behavioral Research In Accounting Volume 25, Number 1, 2013
It’s a shared decision. If somebody is not performing, either the audit committee or the
CEO will bring the thing right on up. In the end it is the board processes that count. [Audit,
corporate governance and nominations, compensation, and other committee board
member. NASDAQ. PSACE]
Tremendous [CEO influence in the selection process]. I mean CEOs basically run their
companies and they are deferential in their relationships with boards . . . the governance and nominating committee has the formal responsibility for committee structure, but
almost always the CEO will have ideas as to what it should be. [Audit, nominations, and
compensation committee board member. NYSE. NASDAQ. PSACE]
My sense now is, it is the CEO who is very careful of who [he/she] says. The board itself
selects the audit committee. Now, perhaps there are some recommendations from the CEO
these days, but it’s done very carefully. [Audit and corporate governance and nominations
committee board member. NYSE. PSACE]
The need to consult with the CEO was emphasized in the context of the need for the ongoing
audit committee–external auditor–management relationship to be conducted in a cooperative spirit,
reflected in the following responses:
The answer is that it’s a shared decision . . . In the end it’s the board processes that count, but when I recruit a new board member . . . I have as part of the interview process that they [the external auditor] interview the CEO and the CFO. And if they [the CEO and CFO] are
not comfortable, I need to stop and say, ‘‘Well, do I really want to drive somebody in
they’re not comfortable with.’’ [Audit, corporate governance and nominations, and
compensation committee board member. NYSE. NASDAQ. PSACE]
[The CEO has] A lot [of influence]. It is very important that the board have a congenial
working relationship with the management. I mean anybody that thinks they [the board]
should be some kind of a policeman looking with gimlet eyes at the management all the
time has got the wrong idea of how a board effectively operates. So today I would say
that in selecting the people for the board who would be on the audit committee, that the
management would be very interested in having their views made known and
interviewing the person who the board was thinking of selecting and passing back
either their positive or negative impressions. [Audit committee board member. NYSE.
PSACE]
Internal Auditors
The directors were asked whether, in their experience, the role of internal auditors had changed
in the last five years and, if so, how. One director who stated that the role had not changed
indicated: ‘‘we’ve always had a lot of oversight there and . . . we’ve [the audit committee] always had every meeting an executive session with the . . . head of internal audit and we’ve thought a lot about hiring, who’s in that role, and try to make sure that person understands they really do report to
us’’ [audit and corporate governance and nominations committee board member. NYSE. PSACE].
However, 95 percent of the participants stated that the role of the internal auditor had changed in the
last five years (Table 1). The responses, taken as a whole, demonstrated that the role had changed
substantively in greater status, power, independence, and the scope and level of responsibility,
reflected, in part, in the following responses:
78 Cohen, Hayes, Krishnamoorthy, Monroe, and Wright
Behavioral Research In Accounting Volume 25, Number 1, 2013
Yes, it has changed. I think that the internal audit function is taken more seriously. I think at
times in the past it was kind of like a necessary evil. You checked the box to say you have it.
But, in our particular case it has been much upgraded. We have substantially higher quality
people. More disciplined. More professional. Much, much better. You wouldn’t even
recognize them as the two groups. [Audit committee chair board member. NYSE. PSACE]
Yes. I think the internal audit role has become more powerful. I think that the stature of the
internal audit manager has been raised. They [the internal auditors] have been elevated to
effectively a higher level of management than they were before. [Audit and corporate
governance and nominations committee board member. NYSE. PSACE]
Yes. We are trying to be more compliant with Sarbanes-Oxley, wanting to make sure that
the internal controls are also tested by them, wanting to make sure that key areas where
there could potentially be issues and deficiencies are looked at very carefully. I think more
audits. There’s just no question in my mind that it has caused that to happen as well, and
more focus on remediation measures, if needed, are actually implemented. [Audit
committee board member. NYSE. NASDAQ. PSACE]
There is also evidence of the internal auditor actively responding to the ethos of SOX and
exercising the ‘‘right to be heard’’:
There are two things to me. One, it [the internal audit] has gained in importance so much.
The second thing is it has gained some separation that it didn’t have before . . . in many ways it was looked at as an adjunct to the audit functions of the company or the executive
function . . . And now what’s happened in the past five years is the internal audit has separated themselves, and set themselves up as an independent entity much more than they
were. [Corporate governance and nominations, compensation, and other committee board
member. NYSE]
Dramatically, because the internal audit was relatively invisible and now they are the
completely independent honcho of the 404 compliance. They are very proactive with
coming to the audit committee about issues, about tone at the top. Before you would have
an internal auditor and, OK, the internal auditor blessed things, but nobody paid much
attention. But now it is really on everybody’s agenda. [Audit, corporate governance and
nominations, compensation, and other committee board member. NASDAQ. PSACE]
Management Certification
The next two questions concerned participants’ experiences of the impact of the CEO/CFO
certification on, first, the integrity/quality of financial reporting and, second, the audit process. The
majority (68 percent) of respondents indicated that certification had a positive influence on the
integrity of financial reporting (Table 1) for two related reasons. First, it heightened CEO ownership
in terms of the integrity of financial disclosures. Here, one of the participants stated that he
considered the legislative provision to be ‘‘perhaps one of the most important changes that has taken
place in aligning the incentives of all parties in the audit process’’ [audit and corporate governance
and nominations committee board member. NASDAQ. PSACE]. The participant went on to say:
So, now the CEO also wants a good audit and previously it used to be like . . . passing the buck kind of mentality, whereas now in a sense . . . I’m on the hook, you’re on the hook, and the audit committee is on the hook. So, all three of us have to coordinate and kind of make sure that . . . we
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors 79
Behavioral Research In Accounting Volume 25, Number 1, 2013
do this right. So, in that sense I think it has been a very positive thing because it’s created more a
team mentality between the management, external auditors, and the audit committee. [Audit and
corporate governance and nominations committee board member. NASDAQ. PSACE]
Second is the fact that CEO/CFO certification had, in the words of one of the directors, been
‘‘pushed . . . down through the organization so you’ve got every level sort of doing their due diligence’’ [audit committee board member. NYSE]. The participant also added that he/she considered that aspect to be ‘‘a fine part of Sarbanes-Oxley.’’ The heightened ‘‘ownership’’ and ‘‘due diligence’’ on the part of decision agents within the financial reporting decision hierarchy holds important
positive implications for the effectiveness of the internal management monitoring system and,
therefore, the effectiveness of the information system. At the same time, however, the cascading effect
was identified as contributing to the ‘‘bottom-up’’ approach to internal control, i.e., ‘‘focusing on routines and details deep within the organization without enough attention to their overall strategic
significance’’ (Langevoort 2006, 968). Here, one of the participants who had substantial direct experience with non-U.S. stock exchanges stated that the CEO certification was particularly
unpopular with ‘‘non-U.S. CEOs,’’ U.S. listed or otherwise, due to the heightened bureaucracy [audit and corporate governance and nominations committee board member. NYSE. PSACE].
In contrast, only 35 percent of the participants considered that SOX certification had any
impact on the audit process (Table 1). Others, however, considered that the impact lay in the
heightened interest of the CEO in the audit and the fact that it had the effect of bringing ‘‘more people into the process. Again, it is pushing the ownership down in the organization’’ [audit committee chair board member. NYSE. PSACE].
The Board
The next question asked what specific changes, if any, had occurred with respect to the
effectiveness of the board in fulfilling its fiduciary responsibilities relating to the financial reporting
process. In response to the question of whether awareness of the board regarding responsibilities
and exposure has changed in the last five years, 91 percent of the participants answered in the
affirmative (Table 1). Many of the changes cited by the directors and reflected in the following
cross-section of excerpts from the responses concern board attitude and composition:
It [SOX] has made them [the board of directors] more responsible.
I think they [the directors] pay a lot more attention than they used to.
I would say directors are more aware.
There is much more [director] awareness.
Today they [directors] are very much more engaged . . . they’re more independent . . . they’re experienced, they’re more expert, and they’re more diligent.
Hell, it is much more inquisitive than it was before. It has heightened the sense of responsibility.
The boards are very interested in listening to the audit committee’s report and making sure that the
audit committee has appropriate resources, appropriate expertise, and all that stuff.
There is a strong group of financially literate and potential financial experts on the board.
It is getting truly independent-minded people [on the board].
The responses are consistent with the factors that prior literature identifies as the determinants
of audit committee (board) effectiveness (DeZoort et al. 2002; Cohen et al. 2004; Bédard and
Gendron 2010). One of the participants stated that board members are also ‘‘focused on their own effectiveness. They’re [directors] doing a lot of internal reviews, doing evaluations’’ [audit committee board member. NYSE].
The heightened awareness and strengthening of the board is attributed to a heightened sense of
liability of board members following the introduction of SOX. One of the directors, for example,
80 Cohen, Hayes, Krishnamoorthy, Monroe, and Wright
Behavioral Research In Accounting Volume 25, Number 1, 2013
referred to the ‘‘giant hand [Sarbanes-Oxley] out there waiting to pounce’’ [corporate governance
and nominations, compensation, and other committee board member. NYSE]; and another felt that
SOX had ‘‘done a lot to increase nervousness’’ [corporate governance and nominations, and
compensation committee board member. NYSE. PSACE]. On the downside, some respondents
stated that the heightened monitoring of financial reporting by the board had come at the expense of
its efficiency with respect to the oversight of strategy. This, as the following quotations reveal, was
attributed to an excessive attention to detail. One respondent stated:
So I think they [the directors] pay a lot more attention than they used to. But that means they
are paying less attention to what they used to. If you are a kind of cynic, you might think
they used not to do anything, and so now they are paying attention to it. I think a lot of good
boards used to worry about the future of the company, and now they’re spending a lot of
time talking about how we’re reporting what happened. It [SOX] has shortened the time
horizon people have. It’s got them into details that they never used to get into. [Corporate
governance and nominations and compensation committee board member. NYSE. PSACE]
Another stated:
I think more of the board’s time is devoted to compliance and less to strategy, which I
think is an unfortunate aspect of all of this. But it’s understandable . . . if the board says,
‘‘Gee, I am going to have liability, I am going to make sure these guys are doing it right.’’
[Audit, corporate governance and nominations committee board member. NYSE. PSACE]
The wider implication of the diversion of attention away from strategy is captured in the following
prophetic quote, given to the then-impending, global financial crisis:
Over half the time a board spends is now spent on minutia of reiterative reporting
requirements, and this is taking time away from overall strategy. It is taking time away
from the big issues to fulfill the small issues. And the large crash you see in companies will
likely be because they didn’t see the elephant coming because they were watching the
smaller things. [Audit and other committee board member. NYSE. PSACE]
Financial Reporting Quality and Corporate Risk Taking
The remaining interview questions addressed the cost-benefit aspects of SOX with respect to
financial reporting quality and the impact of SOX corporate risk taking. The directors were asked
whether, irrespective of cost, they thought that SOX has led to an improvement in the quality of
financial reporting. All acknowledged the financial burden of complying with SOX, but, at the same
time, there was overwhelming agreement (89 percent) that SOX had positively affected the quality
of ‘‘financial reporting’’ (Table 1). However, there was some variation in the perceived strength of
the impact, as reflected in the following cross-section of responses: ‘‘Yes. Absolutely. No question
about it’’ [audit, corporate governance and nominations, and compensation committee board
member. NYSE. NASDAQ. PSACE]. ‘‘Yes. But not as much as people think’’ [audit committee
chair board member. NYSE. PSACE]. 9
9 The directors were also asked to rate the cost-benefit associated with implementation of the legislation on a ten- point scale. The response scale was anchored by 1 ¼ costs far exceed benefits, 5 ¼ benefits equal costs, and 10 ¼ benefits far exceed costs. The responses ranged from 2 to 8, with a mean response of 5.81. The mean response suggests a marginally favorable opinion on the part of the directors that the benefits of implementing SOX exceeded the costs.
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors 81
Behavioral Research In Accounting Volume 25, Number 1, 2013
When elaborating on their responses to the directed question on whether SOX positively
affected the quality of financial reporting, the factors that participants identified as the source of
improvement in financial reporting mirrored responses to earlier questions, including the alignment
of interests in the audit committee–external auditor–management relationship, the strengthening of
internal controls, and the enhanced effectiveness in the monitoring role of the audit committee and
the board.
Finally, the directors were asked whether SOX had affected corporate risk taking. Forty-three
percent of the directors answered ‘‘yes’’ (Table 1). One of the directors stated that ‘‘it has caused
corporations to be more cautious and that is not all a good thing’’ [audit, corporate governance and
nominations committee board member. NYSE. PSACE]. As the following discussion reveals, the
decline in risk taking does not involve a fundamental shift in the risk appetite that was fueling the
then bull market, but in the main, it involves lost opportunity.
Some directors attributed the downturn in risk taking to the fact that, in the words of one of the
directors, ‘‘it [SOX] has diverted a lot of executive time to process as opposed to new initiatives’’
[corporate governance and nominations, compensation, and other committee board member.
NYSE]. The same director went on to say, however, consistent with the sentiment of the other
directors, ‘‘that it is ameliorating to some degree now, because after three or four years they [the
executives] have the process at least harnessed’’ [corporate governance and nominations,
compensation, and other committee board member. NYSE]. The director also described how, in
his/her experience as a former NASDAQ officer, SOX had been the tipping point in the U.S. legal
environment with respect to CEO willingness to provide guidance to the market. He/she stated:
[T]wo CEOs of significant NASDAQ companies simply refused to give guidance . . . because the liability and exposure was so great, that if what they [the CEOs] thought was
going to happen didn’t happen, they just decided it was better just not to stick their necks
out. [Corporate governance and nominations, compensation, and other committee board
member. NYSE]
Another director stated in relation to smaller companies that they ‘‘are spending more money
on compliance and governance, so to the extent your ability to bear risk is a function of your
profitability then clearly there has been a reduction in risk-bearing ability’’ [audit, corporate
governance and nominations, and compensation committee board member. NASDAQ. PSACE].
Since the interviews were conducted right before the credit crisis of late 2007 and 2008 when
the economy still appeared to be relatively strong, participants’ references to risk were not the types
of risk that characterized the sub-prime crisis. Instead, directors appear to be referring to risks that
are associated with the financial reporting process. For example, as the following two responses
reveal, the perceived reduction in risk included SOX-related transaction-risk analysis and, in some
instances, the not unrelated matter of conservative accounting:
In a minor way, that there now in most companies is a risk analysis, a broader risk analysis
than pure financial risk, and that probably has been improved indirectly by SOX. [Audit,
corporate governance and nominations, compensation, and other committee board
member. NASDAQ. PSACE]
I think accounting risks and being conservative about accounting and reporting and there
are less, you know, there are less risks rather than there used to be. [Compensation and
other committee board member. NASDAQ. PSACE]
Thus, the apparent reduction in risk management affecting the firm as a whole that occurred in
2007–2008 could potentially, in part, be attributed to an emphasis on risk management associated
82 Cohen, Hayes, Krishnamoorthy, Monroe, and Wright
Behavioral Research In Accounting Volume 25, Number 1, 2013
with the financial reporting process, which may be viewed as improving financial reporting, i.e.,
less aggressive reporting.
DISCUSSION AND CONCLUSION
The purpose of our study is to provide insight into the perceived effectiveness of the
regulations of SOX in enhancing financial reporting and audit processes and the quality of financial
reporting. Specifically, we sought to enhance our understanding of the efficacy of SOX (U.S. House
of Representatives 2002) by examining directors’ experiences of the impact of the Sarbanes-Oxley
Act on the audit committee (board)-external auditor-management relationship, internal audit,
financial reporting quality, and corporate risk taking. Our goal is to understand how directors
perceived how compliance to SOX has caused a substantive change in the governance process and
why there is resistance to the cost-benefit analysis concerning provisions of SOX. The results of our
study lend support to a strengthening of the monitoring role of the audit committee (board) that
appears to be, in part, attributable to both the functional and structural provisions of SOX. Further,
there was concern by at least some of our participants that SOX is excessively costly and leads to an
overly narrow focus on certain types of reporting risks at the cost of focusing on more general risks
a company may confront.
Comparing the responses of the directors to that of the auditors in Cohen et al. (2010), we see
significant convergence, but also noteworthy differences. Directors’ experiences regarding the
enhanced expertise, attitude, process, and power and authority of the audit committee, and relating
to their extensive involvement in Section 404 internal controls, corroborate those results reported by
auditors in Cohen et al. (2010). Similarly, both parties identified substantial improvement in the
scope, level of responsibility, and status of the internal audit function post-SOX. The auditors in
Cohen et al. (2010) also report greater reliance on the internal audit function. Both directors and
auditors considered that CEO/CFO certification had a positive impact on the integrity of financial
disclosures, but less of an impact on the audit process. Importantly, the directors reported that CEO/
CFO certification had heightened CEO ownership of the integrity of financial disclosure and had
been pushed down through the organization, with all parties exercising greater due diligence.
In contrast to the auditors in Cohen et al. (2010), the directors’ experiences indicate that audit
committees exercise the greatest influence in the auditor appointment and dismissal decision. The
directors’ responses indicate that influence is exercised through the power of ratification, i.e.,
decision control. Thus, compliance with SOX has led to greater empowerment of the audit
committee. However, consistent with Cohen et al. (2010), management was still identified as being
actively involved in the more overt process of initiating and administering the process, i.e., decision
management. The directors also indicate greater management influence in corporations where
decision agents are also the major residual-risk bearers (shareholders), i.e., they bear the bulk of the
wealth effects of their decisions. This controls for agency problems. The agency paradigm that
underlies the monitoring emphasis in the SOX legislation, on the other hand, is premised on the
separation of residual risk bearing and control and, therefore, calls for the separation of decision
management from decision control (Fama and Jensen 1983, 306 ). From an agency theory
perspective, the finding invokes the issue of the complementarity and substitution of corporate
governance mechanisms (Simunic 1980, 1984; Wallace 1984) that the one-size-fits-all approach of
SOX does not appear to accommodate.
From an institutional theory perspective, the finding that management still had influence on
such matters as the appointment of the auditor demonstrates that decoupling of regulatory
prescriptions from corporate behavior may be attributable to the fact that institutional rules apply to
all classes of organizations, in the case of SOX to all publicly traded corporations, notwithstanding
their makeup, and therefore may not be appropriate in all circumstances (Meyer and Rowan 1977;
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors 83
Behavioral Research In Accounting Volume 25, Number 1, 2013
Cohen et al. 2008). It also suggests that there is some resistance on the part of management to cede
total control over the auditor to the audit committee.
The directors’ responses also demonstrate some variation in the extent and nature of the role
played by the audit committee to resolve accounting disputes. This points to varying interpretations
of the role of the audit committee in that respect, which may, in turn, be due to ambiguity in the
regulations. SOX does not direct the audit committee on how to play its oversight role. Lack of
specificity leads to differences in interpretation and provides the opportunity for organizations to
become actively involved in constructing the rules, leading to differences in the behavior and
expectations of the agents of change (e.g., Suchman and Edelman 1996 ), which in this instance are
the directors.
While a number of directors attributed enhanced audit committee performance to the financial
expertise criterion, others considered that it has the potential to undermine performance. From an
institutional theory perspective, the filtering of audit committee personnel to focus on accounting
knowledge (DiMaggio and Powell 1983) has the capacity to lead to the standardization of financial
reporting. Directors maintained that an audit committee’s capacity to add value post-SOX does not
lie with financial expertise, but in business acumen from, for example, knowledge of the future
direction of markets. Larger firms have the resources to expand their audit committees to
accommodate that circumstance, although not without cost. The same opportunity may be denied to
smaller firms. There was also some evidence of SOX having led to a formalistic (rule-based)
approach to accounting policy choice by audit committees and auditors to insulate themselves from
litigation, which does not necessarily lead to promoting the accuracy and reliability of financial
disclosures. However, as Power (2003, 379) asserts, ‘‘accounting systems in their broadest sense function often more to legitimate individual and organizational behavior than to support efficient
and rational decision making.’’ Finally, our study sought directors’ views on the impact of SOX on the quality of financial
reporting and corporate risk taking. Overall, a large majority of the directors maintained that, costs
aside, SOX had positively impacted the quality of financial reporting. This substantive change in
financial reporting quality can be indirectly supported by the decline in major frauds since the
passage of the Act. In contrast, on the downside, several directors noted that SOX had adversely
impacted corporate risk taking. However, since these opinions were not benchmarked against
risk-taking levels that may be considered optimal, we need to be cautious in interpreting the
functional or dysfunctional effects on risk taking as a result of SOX.
The strength of the qualitative method employed in the study is its ability to capture the
experiences of how insiders have responded to Sarbanes-Oxley and, therefore, various forces that
shape the diffusion of the legislation into practice. A potential disadvantage of the method is that the
directors could respond normatively. However, this does not appear to be a major problem with our
study, as a great divergence of experiences are reported, both favorable and unfavorable, with
respect to the impact of SOX. The data obtained provided rich and detailed responses, but cannot be
said to be statistically representative of the underlying population of directors. However, while the
number of participants is relatively small, they represent a broad spectrum of the economy, and
collectively provide both significant depth and breadth of information in relation to the research
question addressed.
Opportunities for further research lie in the interface between the legislative demands of SOX
and organizational responses to those demands, i.e., examining if, when, and under what
circumstances companies respond to the demands of SOX. Further, it would be interesting to
examine if, after the global financial crisis, board members have paid less attention to SOX factors
and focus more heavily on enterprise risk management activities. For example, it would be valuable
to compare members of the board, the auditor, and management of the same company and
determine if they view the enterprise risk management experiences of the same company through a
84 Cohen, Hayes, Krishnamoorthy, Monroe, and Wright
Behavioral Research In Accounting Volume 25, Number 1, 2013
similar lens. Finally, in this study the corporate directors were by and large supportive of regulation.
This runs counter to the typical opposition that corporate America has to any additional regulation.
A future study could probe under what conditions this constituency will support or oppose
legislation after it has been enacted. One can use the cultural theory perspective (see Malsch et al.
[2012] for a discussion of the theory) to evaluate how boards may understand their actions. Perhaps
in situations where the reputation of business has been compromised, as was the case when SOX
was enacted, then business people may enter in a self-preservation mode to support the continued
existence of regulation. This is further supported by the notion that, similar to other venues such as
with the development of corporate social responsibility (Archel et al. 2011), the dialogue on
corporate governance and the enactment of legislation such as SOX may have been institutionalized
to potentially reflect a protection of business interests and not necessarily a substantive change in
managerial power (Archel et al. 2011). A future study can look at the more recent Dodd-Frank bill
(U.S. House of Representatives 2010) that intends to curb excesses in the financial industry to see if
directors have internalized any of its benefits or have focused only on its costs—and whether their
attitude toward the bill is more substantive than ephemeral.
REFERENCES
Aggarwal, R., and R. Williamson. 2006. Did new regulations target the relevant corporate governance
attributes? Available at: http://ssrn.com/abstract¼859264 Archel, P., J. Husillos, and C. Spence. 2011. The institutionalization of unaccountability: Loading the dice
of corporate social responsibility. Accounting, Organizations and Society 36: 327–343. Ashbaugh-Skaife, H. D., W. Collins, W. R. Kinney, and R. LaFond. 2009. The effect of SOX internal
control deficiencies on firm risk and cost of equity. Journal of Accounting Research 47 (1): 1–43. Asthana, S., S. Balsam, and S. Kim. 2009. The effect of Enron, Andersen and Sarbanes-Oxley on the market
for audit services. Accounting Research Journal 22 (1): 4–26. Backer, L. C. 2004. Surveillance and control: Privatizing and nationalizing corporate monitoring after
Sarbanes-Oxley. Michigan Law Review 327: 328–440. Bargeron, L., K. Lehn, and C. J. Zutter. 2008. Sarbanes-Oxley and corporate risk taking. Available at: http://
ssrn.com/abstract¼1104063 Baysinger, B., and C. J. Hoskisson. 1990. The composition of boards of directors and strategic control:
Effects on corporate strategy. The Academy of Management Review 15 (1): 72–87. Beasley, M. J., J. Carcello, D. Hermanson, and T. Neal. 2009. The audit committee oversight process.
Contemporary Accounting Research 26 (1): 65–122. Bédard, J., and Y. Gendron. 2010. Strengthening the financial reporting system: Can audit committees
deliver? International Journal of Auditing 14 (2): 174–210. Butler, H. N., and L. E. Ribstein. 2006. The Sarbanes-Oxley Debacle: What We’ve Learned, How to Fix It.
Washington, DC: The AEI Press.
Carcello, J. V., D. R. Hermanson, and Z. Ye. 2011. Corporate governance research in accounting and
auditing: Insights, practice implications, and future research directions. Auditing: A Journal of Practice & Theory 30 (3): 1–31.
Cohen, D., A. Dey, and T. Z. Lys. 2005. Trends in earnings management and informativeness of earnings
announcements in the pre- and post-Sarbanes-Oxley periods. Available at: http://www.ssrn.com/
abstract¼658782 Cohen, J., G. Krishnamoorthy, and A. Wright. 2002. Corporate governance and the audit process.
Contemporary Accounting Research 19 (4): 573–594. Cohen, J., G. Krishnamoorthy, and A. Wright. 2004. The corporate governance mosaic and financial
reporting quality. Journal of Accounting Literature 23: 87–152. Cohen, J., G. Krishnamoorthy, and A. Wright. 2008. Form versus substance: The implications for auditing
practice and research of alternative perspectives on corporate governance. Auditing: A Journal of Practice & Theory 27 (2): 181–198.
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors 85
Behavioral Research In Accounting Volume 25, Number 1, 2013
Cohen, J., G. Krishnamoorthy, and A. Wright. 2010. Corporate governance in the post-Sarbanes-Oxley era:
Auditors’ experiences. Contemporary Accounting Research 27 (3): 751–786. DeFond, M. L., and J. R. Francis. 2005. Audit research after Sarbanes-Oxley. Auditing: A Journal of
Practice & Theory 24 (Supplement): 5–40. DeZoort, F. T., D. R. Hermanson, D. S. Archambeault, and S. A. Reed. 2002. Audit committee
effectiveness: A synthesis of the empirical audit committee literature. Journal of Accounting Literature 21: 38–75.
DiMaggio, P. J., and W. W. Powell. 1983. The iron cage revisited: Institutional isomorphism and collective
rationality in organizational fields. American Sociological Review 48 (2): 147–160. Edelman, L. B. 1992. Legal ambiguity and symbolic structures: Organizational mediation of civil rights
law. American Journal of Sociology 97 (6 ): 1531–1576. Edelman, L. B., and M. C. Suchman. 1997. The legal environments of organizations. Annual Review of
Sociology 23: 479–515.
Edelman, L. B., C. Uggen, and H. S. Erlanger. 1999. The endogeneity of legal regulation: Grievance
procedures and rational myth. American Journal of Sociology 105 (2): 406–454. Fama, E. F., and M. C. Jensen. 1983. Separation of ownership and control. Journal of Law and Economics
26: 301–325.
Galindo-Dorado, R. 2005. The echoing effects of the Sarbanes-Oxley Act: Are the high costs of its
implementation worth it? Available at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id¼728439 Griffin, P. A., and D. H. Lont. 2007. An analysis of the audit fees following the passage of Sarbanes-Oxley.
Asia Pacific Journal of Accounting and Economics 14 (2): 161–192. Jensen, M. C., and W. H. Meckling. 1976. Theory of the firm: Managerial behavior, agency costs, and
ownership structure. Journal of Financial Economics 3 (4): 305–360. Kalbers, L. P., and L. Fogarty. 1993. Audit committee effectiveness: An empirical investigation of the
contribution of power. Auditing: A Journal of Practice & Theory 12 (1): 24–36. Langevoort, D. C. 2006. Internal controls after Sarbanes-Oxley: Revisiting corporate law’s ‘‘duty of care as
responsibility for systems.’’ Journal of Corporations Law 31 (3): 949–973. Linck, J. S., J. M. Netter, and T. Yang. 2009. The effects and unintended consequences of the Sarbanes-
Oxley Act on the supply and demand for directors. Review of Financial Studies 22 (8): 3287–3328. Lincoln, Y. S., and E. G. Guba. 1985. Naturalistic Inquiry. Newbury Park, CA: Sage. Malsch, B., M. Tremblay, and Y. Gendron. 2012. Sense-making in compensation committees: A cultural
theory perspective. Organization Studies 33 (March): 389–421. Meyer, J. W., and B. Rowan. 1977. Institutionalized organizations: Formal structure as myth and ceremony.
The American Journal of Sociology 83 (September): 340–363. Miles, M., and M. Huberman. 1994. Qualitative Data Analysis. 2nd edition. Thousand Oaks, CA: Sage. Peecher, M. E., I. Solomon, and K. Trotman. 2011. Improving the Quality of Financial Statement Audits by
Updating External Auditors’ Accountabilities. Working paper, University of Illinois. Piotroski, J. D., and S. Srinivasan. 2008. Regulation and bonding: The Sarbanes-Oxley Act and the flow of
international listings. Journal of Accounting Research 46 (2): 383–425. Power, M. K. 2003. Auditing and the production of legitimacy. Accounting, Organizations and Society 28:
379–394.
Ribstein, L. E. 2002. Market vs. regulatory responses to corporate fraud: A critique of the Sarbanes-Oxley
Act of 2002. The Journal of Corporations Law (Fall): 1–67. Schauer, F. 1988. Formalism. The Yale Law Journal 97 (4): 509–548. Simunic, D. A. 1980. The pricing of audit services: Theory and evidence. Journal of Accounting Research
18: 161–190.
Simunic, D. A. 1984. Auditing, consulting and auditor independence. Journal of Accounting Research 22 (2): 679–702.
Suchman, M. C., and L. B. Edelman. 1996. Legal rational myths: The new institutionalism and the law and
society tradition. Law and Social Inquiry 21 (4): 903–941. Tremblay, M.-S., and Y. Gendron. 2011. Governance prescriptions under trial: On the interplay between the
logics of resistance and compliance in audit committees. Critical Perspectives on Accounting 22 (3): 259–272.
86 Cohen, Hayes, Krishnamoorthy, Monroe, and Wright
Behavioral Research In Accounting Volume 25, Number 1, 2013
U.S. House of Representatives. 2002. The Sarbanes-Oxley Act of 2002. Public Law 107-204 [H.R. 3763].
Washington, DC: Government Printing Office.
U.S. House of Representatives. 2010. Dodd-Frank Wall Street Reform and Consumer Protection Act. Public
Law 111-203 [H.R. 4173]. Washington, DC: Government Printing Office.
Wallace, W. A. 1984. Internal auditors can cut outside CPA costs. Harvard Business Review 62: 16–20. Zhu, H., and K. Small. 2007. Has Sarbanes-Oxley led to a chilling in the U.S. cross-listing market? The
CPA Journal 77 (3): 32–37.
The Effectiveness of SOX Regulation: An Interview Study of Corporate Directors 87
Behavioral Research In Accounting Volume 25, Number 1, 2013
Copyright of Behavioral Research in Accounting is the property of American Accounting Association and its
content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's
express written permission. However, users may print, download, or email articles for individual use.