Financial information systems service providers and the internal control report

Abstract

PurposeThe purpose of this paper is to examine if a conflict of interest arises when auditors opine on an internal control system that consists of an information system recently designed and implemented by their own firm.Design/methodology/approachA sample of companies was selected that had a financial information design and implementation service (FISD) disclosure in 2000‐2001 and a Section 404 internal control report issued in 2004‐2005. Both descriptive statistics and logistic regression results provide insight into the relation between the type of internal control report issued and the FISD provider.FindingsAfter considering the type of auditor change (forced versus voluntary) and the timing of the consulting division split‐offs, the results suggest that a material weakness internal control report is less likely if the same audit firm issued the internal control opinion and performed the FISD service. This result lends some support to the regulator's concern that certain types of non‐audit services (NAS) may cause auditors to audit their own work.Originality/valueThis study contributes to the literature by examining if the performance of a certain type of NAS (FISD) resulted in auditors auditing their own work when opining on certain internal control systems. To the author's knowledge, this is the first study of its type in relation to auditors auditing their own work.