Purpose of this paper: The complexity of computerized information systems increases the complexity of the external auditor’s assessment of the reliability of a client’s internal control systems. The purpose of this study is to investigate the impact of weaknesses in IT related internal controls on the cost of a SOX 404 audit of internal controls over financial reporting.
Design/methodology/approach: We consider the impact on audit fees through three dimensions: (1) percentage increase in audit fees, (2) amount of change in audit fees per outstanding common share, and (3) actual dollar amount of audit fees. Examination of first year reports by accelerated filers yields 131 companies with material IT-control weaknesses. These 131 companies are matched with a similar set of companies with no reported material weaknesses, and for a subset of 54 from the 131 companies in which a good match could be identified, a set of companies having only material non-IT-based control weaknesses were compared.
Findings: As expected, substantial fee differentials were identified for companies reporting material IT-based control weaknesses as compared to both companies without any material weaknesses and those companies with only non-IT related material weaknesses.
What is original/value of paper: We provide preliminary evidence in regard to the costs of SOX 404 compliance for stockholders. The cost of SOX 404 compliance has often been cited in criticisms of SOX, yet the focus of SOX is not on corporate wealth, but rather on enhancing corporate governance to protect the interest of stockholders. We factor the cost of SOX compliance across the number of reported outstanding common shares for the companies studied. We find the increased cost of audit fees on a per share basis is higher for companies reporting IT material weaknesses.