In the multifaceted, dynamic, corporate global milieu, imminent rifts continue to rattle the arenas of accounting/finance. The personal ambitions of CEO’s and CFO’s outweighed their responsibilities toward shareholders, employees, operations, civic/ethical duties, and the general financial system. CEO’s primarily focused on their own profitability, by increasing margins, meeting shareholder/market expectations, and expanding by any means necessary. Therefore, this lead to CFO’s and other members of top management on the front lines in manipulating margins to promote growth; thereby committing various levels of fraudulent activities, mainly to manipulate poor financial performance. The intertwining of ethical dilemmas and constant conflicts of interest endangered employees, shareholders, customers, and the general public. With the passing of Sarbanes-Oxley (SOX) in 2012, the act demanded, “that corporate management design and implement internal controls over the entire financial reporting process.” (Hall, 2013)
In reference to CEO turnover and the appropriateness and effectiveness of a board, board of directors that are, “dominated by independent directors are more likely to remove a CEO based on poor performance than boards dominated by insiders.” (Dah, Frye, & Hurst 2013) “During the post-SOX, significant decline in the incidence of CEO turnovers for compliant firms.” (Dah, Frye, & Hurst 2013) Top management have adopted Accounting Information Systems, utilizing information technology and new understandings of physical controls in the workplace, in their effort to comply with SOX, the Committee of Sponsoring Organizations (COSO), and to maintain ethically conscious decisions. A company’s internal controls have been under scrupulous review and are continuously examined to a point where they are in full compliance with SOX. Most of the attention is attributed to two main provisions, organized by the Public Companies Accounting Oversight Board (PCAOB) that directly relate to internal controls. Under section 404, the CEO and CFO of publicly traded companies must personally disclose and certify, quarterly and annually, an adoption of a detailed code of ethics, which includes an effective maintenance of an internal control system.
This section also protects whistle-blowers. In addition, section 303 requires that the CEO and CFO must sign off on the financial statements to assure that the reports do not include any material misstatements or omissions. To further protect capital markets, corporate governance, employees, shareholders, the general public, and the auditing profession, the organization’s auditor’s assurance on management’s internal control and ethics policies is required. Top management teams understood the importance of adding IT prowess. Information Technology departments garnered more responsibility after the passing of SOX. Being held as critical importance to internal control functions in an organization, IT departments became responsible for creating, improving, executing, and modifying a series of controls, essential to reduce fraud.
Additionally, IT is accountable for accumulating, processing, and storing financial data, which is utilized in financial statements, and creates audit trails for external auditors. A portion of the internal controls implemented in a business exist as IT controls, many of which are based in the computerized environment and usually pertain to financial data. Programs and processes are written and maintained by IT professionals. Fairly new and intuitive processes include automated systems. These programs have reshaped the environment of accounts reporting. They, “initiate, authorize, record, and report the effects of financial transactions.” (Hall, 2013) Automated accounting is associated with most Enterprise Resource Planning Systems (ERP). ERP systems, “facilitate the flow of information among all departments in an organization, and manage data sharing with outside systems, such as suppliers, business partners, clients and regulatory agencies.” (Chinn, 2011)
Top management are attracted to apply automated systems in order to create an efficient and secure operating and accounting environment. Rudimentary features include the generation and distribution of invoices to customers, which usually follows with high possibility, that payment will be received at a timely manner. This electronic process of invoicing goes hand in hand with receiving wire transfers and, on the opposing cycle, purchases of materials; therefore, in either process, this allows the company to efficiently benefit from increasing cash/credit receipts and the ability to quickly obtain corporate and operating capital. These advanced computerized processes are able to initiate the transfer of a corporation’s assets and are able to automatically incur liabilities, in relation to their corresponding transactions without human interaction.
However the many enticing advantages an automated system offers, there is no doubt the, “inextricable elements of the financial reporting process that SOX considers, and they must be controlled.” (Hall, 2013) Section 302 is in place to circumvent any inconsistencies of internal control in the workplace. Automation of the revenue cycle is typically used to reduce overhead costs, make better credit granting decisions, and better collect outstanding accounts receivable. Along with SOX provisions, the Committee of Sponsoring Organizations framework group IT system controls into two broad categories: Application Controls and General Controls. Subcategories of application controls include input controls, processing controls, and output controls. The General controls include controls over IT governance, infrastructure, network & operating system security, database access, application acquisitions & development, and program changes.
“General controls are needed to support the environment in which application controls function, and both are needed to ensure accurate financial reporting, as well as reduce instances of fraudulent activity.” (Hall 2013) While utilizing the aforementioned controls will greatly reduce risk of financial fraud, there are inherent risks concerning information technology systems. Organizations integrated in a global frame, face an overarching environmental risk involving stability, which primarily concerns IT. The rapid production and ingenuity of increasing computing power, coupled with consistent gains in the growth of technology, have a direct result in an exponentially vibrant information technology atmosphere. This dynamic environment causes constant changes within internal controls in companies.
Currently, “IT is considered one of the main risk factors in organizations, and both lack and excess of such investments can compromise the structure and the operations of the firm.” (Lunardi, Becker, Macada, & Dolci 2010) To keep up with the forward thinking global environment, as well as complying with constant legal and technical changes, IT innately becomes a focus with organizations. Management continues to adapt to new challenges that emerge, in relation to IT. Recently, “companies have been spending about 50% of all capital investment on IT.” (Lunardi, Becker, Macada, & Dolci 2010) Executives understand that it is impossible to significantly curb IT spending in such a technologically driven world; “however, they do not want to spend any more than the minimum necessary to deploy and run IT efficiently.” (Lunardi, Becker, Macada, & Dolci 2010) Outsourcing specific IT projects, as well as full ERP (Enterprise Resource Planning) systems, has become more normal throughout the past few years.
Over 90% of firms that were sampled in various research projects engage in IT outsourcing. “Given the pervasiveness of IT outsourcing and the magnitude of IT spending in the economy” (Kobelsky & Robinson, 2010) top management can write-off costs, as well as secure system failures. In case of an unforeseen disturbance, firms can still operate ERP systems in their headquartered location, by creating an off-site ERP system. However, most IT outsourcing does not connect with cost reduction. Most managers, “indicate that though practitioner research emphasizes ITOS’s (IT outsourcing) cost-reduction benefits gained at the individual project level, outsourcing is associated with higher IT spending, presumably reflecting enhancement of capabilities.” (Kobelsky & Robinson, 2010) Organizations utilize ITOS, in addition to improving in-house IT fraud reduction projects.
The continuation of outsourcing affects an increase in IT spending, than for localization. Consistent computing advancements and technological prowess have had positive outcomes in business processes, as well as added new computer support systems. There have been recent instances that cite, “fraud costs U.S. business more than $400 billion annually.” (Ravisankar, Ravi, Rao, & Bose, 2011) Data mining techniques have been implemented to remedy fraud and increase fraud detection by utilizing approaches that are more data-driven. These methods specifically depend on historical monetary data of both troubled and strong companies, coupled with their respective financial ratios. With the use of objective data mining, companies can solve financial statement inaccuracies and financial problems affecting the business, “by sifting through the records of fraudulent and healthy companies. Then, they discover knowledge which can be used to predict whether a company at hand will perpetrate financial accounting fraud in future.” (Ravisankar, Ravi, Rao, & Bose, 2011)
Artificial Intelligence systems bring forth a theoretical advantage. They understand when and when not to extract specific statistical facts on the input variables. Nevertheless, new computing power and automated systems could contain unexpected risks that could alter and affect reliability on financial statements. Because of newfound internal control spending, coupled with an increase of information technology in the workplace, companies have been progressively shifting their reporting systems from legacy platforms to a widespread client-server network. The integrated network utilizes new servers and product software, such as industry leaders, Oracle and SAP. Since the passing of SOX and introduction of COSO, Oracle and SAP have been duking it out for majority share of the market. The Systems, Applications, and Products in Data Processing (SAP) is a software ERP, which incorporates a streamline of business function applications. The system offers a, “real time management and tracking of sales, productions, finance, accounting and human resources in an enterprise.” (Indika, 2011) Usually, IT systems operate separate processes.
Traditionally, each process cycle operates in its own system. SAP differentiates itself by integrating into all business practices and operations. Updates are presented in real time, and pass along through different cycles and departments. The complexity of SAP, “runs on a fourth generation programming language called Advanced Business Application Programming (ABAP).” (Indika, 2011) Oracle maintains a similar application to the environment. ORDBMS (Oracle DMBS) has been primarily incorporated to be as versatile as SAP, specifically to assist large enterprise settings and manage data in the enterprise. Additionally, it can be useful on a personal level. Oracle DBMS is comprised of data and retrieved by applying SQL (Structured Query Language). The commands set entrance boundaries and protect the users’ data files. It, “can be embedded in other languages or could be executed directly as scripts.” (Indika, 2011) “During the initial SAP installation, Oracle can be defined as the database that is going to be used and then the SAP system will issue SQL commands that are compatible with the Oracle DBMS.” (Indika, 2011) There is not a drastic difference in installation time for Oracle or SAP. It also depends on whether the system is slowly introduced to the organization, or if it is launched all at one time.
Top management will review an in depth cost and risk analysis, in determining which method of installation is most appropriate. (http://whatiserp.net/wp-content/uploads/2010/09/duration.png) The centralized legacy mainframe environment is tightly controlled and has made management complacent because of the simple fact that it works. The security structures and internal controls found on legacy systems have developed over the past four decades. Program and file access is easily traced and organized. The operating system of mainframe programs deliberately create audit trails and logs, which offer conveniences to external auditors, as well as making it more difficult to commit fraud. Legacy systems incorporate intricate scheduling software, which operate as safeguards. For example, plans are input into the system when appropriate authorization is in effect and in the precise sequence. Additionally, these systems adopt specific controls, which protect the integrity of financial reports and stages in the multiple cycles utilized by a business.
Specifically, change controls pre-determinately restricts alterations to production applications. Automated responses appear and instruct employees to provide high level approvals and testing. The mainframe control environment has had time to evolve in decently stable times. However, upon the introduction of SOX and the realization that there were material internal control weaknesses in the workplace, standardization and integrated programming systems were presented to the business world. Over time, more and more companies are making the jump to cross-referencing and streamlined technologies. Because of a limited time lapse regarding the application of new ERP systems, there has not been reliable risk analyses on internal control processing, as there are with legacy systems. Unfortunately, there is an insurmountable need for risk awareness, when incorporating new systems in this day & age. Over-crowded client-server networks can become a problem to configure and monitor appropriately.
To cushion the negative associations of risk, physical and internal controls are put into place to monitor systems. Companies may want to place security cameras and physical guards of the servers and related systems during off-hours. When deciding to implement new technology in a firm, or replacing an entire system with more up-to-date specifications, control risks need to be assessed. New risks and internal control weaknesses are often created faster than they can be discovered and regulated. Integrity and security of a firm’s data should be at a top priority. Threats, like viruses and worms are to be kept at bay, with various walls and algorithms. Emerging technologies like Extensible Business Reporting Language (XBRL), Radio Frequency Identification (RFID) tags, the continuation of reporting, subject to repeated external audits & compliance with SOX and COSO, and object-oriented databases remedy discrepancies should protect systems.
A firm’s internal audit department are also available in coordinating and evaluating the IT control environment, and should be able to verbally instruct and announce employee centric workshops to increase employee control awareness. Because of issues concerning independence and segregation of duties, the internal audit department will not be able to design code and functionality specifications in the internal control mainframe. However, they are the cheapest and central consultants on how the controls affect operations, and if the specific controls work in detecting fraud. Top management considers the internal audit department an under-utilized resource in perfecting internal controls and information technology controls.
Constant balance between CEO’s and CFO’s must be maintained in order to synergize business operations, in accordance with GAAP, SOX, and COSO. Information technology, “serves as a facilitator, catalyst, motivator, or even an enabler for the convergence of management accounting and financial accounting.” (Taipaleenmaki & Ikaheimo 2012) In order for the SOX initiative to be effective, the information technology function must be in conjuncture with aiding the control environment of a business. Financial reporting has changed over the years, to favor IT processes, which are almost entirely fundamental to the financial reporting practice. Additionally, with the passing of SOX, new responsibilities are imposed upon IT functions, which would usually be ignored, because IT is not necessarily responsible for monitoring internal controls. IT & finance professionals, as well as top management, have had to adopt and learn a whole new set of functions, reporting, and monitoring.
The information technology culture is of dire importance to adhering to new standards and progresses the business environment to innovative and more secure highs. A functioning IT department is crucial for the CEO & CFO to document financial and internal controls. Value is a very subjective term, especially in reference to capital expenditures. Different opinions and different needs will influence how much a firm spends on new technology to facilitate and cooperate with changing standards. Usually, implementing a new system in a business have positive and financial benefits, in the long run. However, “a new system will often find resistance at the individual level because the users do not perceive any value to them from it.” (Barua, Brooks, Gillon, Hodgkinson, & Kohli, 2010) Positives could include additional time to perform other tasks, and create more efficiency around the organization.
However, an overuse of technology could threaten employee’s jobs, as systems become more automated. Individual perception on new installations of systems might be shaky at first, but in the end, whatever is needed to comply with changing standards, is exactly what leaders of organizations will flock toward. CEOs and CFOs understand that integrating proper Accounting Information Systems is integral to society and the business world. Additionally, as per Thomas Piketty, who maintains in his freshly published voluminous, “Capital in the Twenty-First Century”, CEOs, CFOs, and Super Managers are running massive conglomerates effectively because of IT and AIS. Therefore, IT has given them powers to set exorbitant compensation packages for themselves, by super-humanly maximizing their own productivity and performance. In conjunction, if fraud can be avoided in the bargain, they are awarded super hero status and remuneration, which may summarize their perceptions about AIS, IT, and the dual benefits of SOX and COSO.
Barua, A., Brooks, L., Gillon, K., Hodgkinson, R., & Kohli, R. (2010). Creating, Capturing andMeasuring Value From IT Investments: Could We Do Better? . Communications of theAssociation for Information Systems, 27, 13-26. Chinn, D. (2011, March 11). What Is Enterprise Resource Planning Systems?. eHow. RetrievedApril 15, 2014, from: http://www.ehow.com/info_8050594_enterpriseresourceplanningsystems.html#ixzz2zS3rm7n5
Dah, M. A., Frye, M. B., & Hurst, M. (2014). Board Changes and CEO Turnover: TheUnanticipated Effects of the Sarbanes-Oxley Act. Journal of Banking & Finance, 41, 97108. Difference Between. (Indika). Difference Between RSS. Retrieved May 5, 2014, fromhttp://www.differencebetween.com/difference-between-sap-and-vs-oracle/ Hall, J. A. (2013). Accounting Information Systems (8th ed.). Cincinnati, Ohio: South-WesternCollege Pub.. Print. Kobelsky, K. W., & Robinson, M. A. (2010). The impact of outsourcing on informationtechnology spending. International Journal of Accounting Information Systems, 11(2),105-119.
Lunardi, G. L., Becker, J. L., Macada, A. C., & Dolci, P. C. (2010). The impact of adopting ITgovernance on financial performance: An empirical analysis among Brazilian firms .Journal of Banking & Finance, 15, 66-81. Ravisankar, P., Ravi, V., Rao, G. R., & Bose, I. (2011). Detection of financial statement fraudand feature selection using data mining techniques. Decision Support Systems, 50(2),491-500. Taipaleenmäki, J., & Ikäheimo, S. (2013). On the convergence of management accounting andfinancial accounting – the role of information technology in accounting change.International Journal of Accounting Information Systems, 14(4), 321-348. Chart Picture: http://whatiserp.net/wp-content/uploads/2010/09/duration.png