The Adoption and Consequences of COSO 2013
研究了企业采用COSO 2013内部控制框架的决定因素及其对内部控制缺陷的影响,发现存在IT问题的企业更可能延迟采用,而采用该框架有助于修复控制缺陷。
SYNOPSIS COSO has developed frameworks for firms to improve their internal controls with the objective of reducing fraud and managing enterprise risk. The frameworks are widely used by firms and their auditors to comply with the internal control requirements of the Sarbanes-Oxley Act (SOX). We investigate two issues involving the most recent COSO internal control framework (COSO 2013): the determinants of a firm's decision to adopt it in a timely manner; and the consequences of adoption on internal controls. In our sample, firms that report internal control problems under SOX 404, especially firms with information technology (IT) problems, are likely to be late adopters. Regarding the consequences of adoption, for late adopters, we find that firms using the revised COSO framework have a lower probability of reporting weaknesses in IT-related controls. We also find evidence that COSO 2013 adoption is helpful in remediating internal control weaknesses. Data Availability: Data are available from the public sources cited in the text.