By: Jacob Z. Haislip Coauthored with : Adi Masli Vernon J. Richardson J. Manuel Sanchez

1. The Impact of SOX Information Technology Material Weaknesses on Corporate Governance: Evidence from CEO, CFO and BOD Turnover and Changes in IT Knowledge By: Jacob Z. Haislip Coauthored with : Adi Masli Vernon J. RichardsonJ. Manuel Sanchez

2. Research Questions • Do firms that report IT related material weaknesses: • experience greater levels of turnover of executives and directors than firms that report non-IT related material weaknesses? • replace (appoint) more executives (directors) with IT knowledge than firms that report non-IT related material weaknesses? • make more IT upgrades and IT management changes than firms that report non-IT related material weaknesses?

3. Background/Motivation • IT serves as the foundation of an effective system of internal controls over financial reporting (Huntonet al. 2008; Kobelsky et al. 2008; Li et al. 2010a; Masli et al 2010). • IT is “inextricably linked to the overall financial reporting process and need to be assessed, along with other important processes, for compliance with the Sarbanes-Oxley Act” (ITGI 2006).

4. Background/Motivation • Li et al. (2010b) and Johnstone et al. (2010) find increased turnover of executives and directors for material weakness firms. • A line of research emphasizes the importance of IT in financial reporting and documents the severity of IT weaknesses (Masli et al. 2010, Klamm and Watson 2009, Li et al. 2010a). • Due to the role IT plays both in controls and the financial reporting process, IT material weaknesses can permeate through the entire financial reporting structure thus they are potentially more hazardous than non-IT material weaknesses.

5. Hypotheses • H1: The likelihood of management and director turnover is greater for firms that report IT material weaknesses in internal control than for firms that report non-IT material weaknesses. • H2: Firms that report IT internal control material weaknesses are more likely to make IT governance changes than firms that report non-IT internal control material weaknesses.

6. Hypotheses • H3: Firms that report IT internal control material weaknesses are more likely to hire executives and directors with IT knowledge than firms that report non-IT internal control material weaknesses. • H4: Firms that report IT internal control material weaknesses are more likely to make IT initiative changes than firms that report Non-IT internal control material weaknesses.

7. Hypotheses • H5: The turnover and remediation efforts are greatest for firms reporting the Data Processing Integrity subcategory of IT internal control material weaknesses.

8. Sample Selection • We use Audit Analytics to identify firms that report material weaknesses from 2004-2006, and use the 404 reports to identify the IT-related material weaknesses. We also select a random sample of non-IT weakness firms. • We collect information for all of our firms using Audit Analytics, Annual COMPUSTAT (financial statement variables), CRSP, I/B/E/S, Thomson Reuters, and SEC filings (DEF 14A, 10-K, etc.) for one year prior and two years past the weakness year. • After eliminating any observations that are missing data, our final sample contains 578 firm year observations, of which 289 are IT material weakness firm year observations.

9. Table 3 – Descriptive Statistics

10. Research Design • To test H1 we run the following Logit regression: • Turnoveri = β0 + β1 IT Weaknessi,t + β2 Number of Weaknesses +β3LnAssetsi,t + β4Leveragei,t + β5BTMi,t + β6ROAi,t + β7Lossi,t + β8Institutional Holdingsi,t + β9Analysti,t + β10Restatementi,t-1,t,t+1 + β11Board Sizei,t + β12Board Independencei,t + β13CEO Chairman+ β14Automatei,t + β15Transformi,t + β16High Techi,t + β17Low Tech. • We run the above regression using different dependent variables for turnover. For all of our turnover variables we measure turnover if it occurs in the year of the weakness or either of the two years following the weakness (Similar to Desai et al. 2006 and Collins et al. 2009). • We specifically examine turnover for: • CEO • CFO • Directors • Chairperson of the Board

11. Research Design • To test H2, H3, and H4 we run the following Logit regression: • IT Governance Changeior Major IT Initiativesi= α0 + α1 IT Weaknessi,t + α2 Number of Weaknesses + α3 LnAssetsi,t + α4ROAi,t + α5Avg Sales Growthi,t + α6Leveragei,t + α7Uncertaintyi,t + α8Automatei,t + α9Transformi,t + α10High Techi,t + α11Low Techi,t + α12Foreigni,t + α13Mergeri,t+ α14Restructuringi,t + α15Product Differentiationi,t + α16Cost Leadershipi,t. • We vary our dependent variable depending on which IT governance change we are interested in. These variables include: • CEO IT Knowledge • CFO IT Knowledge • Director IT Knowledge • Chairperson IT Knowledge • IT Upgrades

12. The control variables are suppressed.

13. The control variables are suppressed.

14. The control variables are suppressed.

15. The control variables are suppressed.

16. The control variables are suppressed.

17. The control variables are suppressed.

18. The control variables are suppressed.

19. Conclusions and Implications for Practice • We find that IT weakness firms have higher levels of turnover and IT governance changes, suggesting that firms recognize the need to make changes to correct the weaknesses. • Executives and directors should recognize the importance IT plays both within financial reporting and the internal controls surrounding financial reporting. • Hiring an executive or director that understands IT can help decrease the likelihood of material weaknesses.

21. IT Weaknesses

22. IT Weaknesses

23. IT Knowledge An executive (board member) is said to have IT Knowledge if he/she has prior experience as a CIO (or other IT related management positions), has previously worked in an IT/technology firm, or has IT related degrees such as computer science or management information systems. CEO IT Knowledge (Vitria Technology) M. Dale Skeen, Ph.D., is 51 years old, co-founded Vitria in 1994 and has been our Chief Executive Officer since April 2004. Dr. Skeen has also served as Chief Technology Officer and as a director since Vitria’s inception. From 1986 to 1994, Dr. Skeen served as Chief Scientist at Teknekron Software Systems, now TIBCO, Inc., a software company. From 1984 to 1986, Dr. Skeen was a research scientist at IBM’s Almaden Research Center. From 1981 to 1984, Dr. Skeen was on the faculty at Cornell University. Dr. Skeen holds a B.S. in Computer Science from North Carolina State University and a Ph.D. in Computer Science on Distributed Database Systems from the University of California, Berkeley.

24. IT Upgrades Any upgrade to the IT is included in the general IT upgrade. Upgrades specific to the financial functions of the firm are included in the Financial upgrades. Accounting upgrades are financial upgrades that specifically mention changes to the accounting information systems. All other IT upgrades are included in the Non-Financial upgrades. Financial IT Upgrade (Richardson Electronics LTD) The Company is in the application development stage of implementing certain modules of enterprise resource management software (PeopleSoft). Accounting IT Upgrade (Adelphia Communications) With respect to the access to financial applications and data material weakness described above, subsequent to December 31, 2004, we have substantially completed our remediation efforts. We have implemented controls, including policies and procedures that govern security and access to our IT systems, programs and data, including those supporting our financial data relating to property and equipment and our general ledger and financial reporting applications. Non-Financial IT Upgrade (Actividentity Corp.) To meet these challenges we implemented a new customer relationship management system in fiscal 2005, and are continuing the process of modifying and refining it to better meet our needs.