SOX 404(b) Audits: Evidence from Auditing the Financial Close Process of the Accounting System

Abstract

ABSTRACT Auditing Standard No. 5 requires that auditors integrate their evaluation of large issuers' internal control over financial reporting (ICFR) into their financial statement audit process, but the PCAOB warns that auditors may not adequately test related manual and systems internal controls. We use a multiple method approach to examine how auditors evaluate one important component of ICFR, the financial close process, and whether they evaluate it differently when conducting a SOX 404(b) integrated versus a financial statement audit. Interviewees relied heavily on walkthroughs, and tended to perform only cursory reviews of entity-level controls related to the financial close process. In addition, they often failed to test the link between the general ledger and supporting systems, including evaluating related access controls. Financial statement-only auditors were more likely to re-perform key controls than rely on cursory walkthroughs. Auditors performing integrated audits appeared to over-rely on ICFR findings when conducting financial statement audits. Data Availability: Interview data are available from the first author. PCAOB inspection reports are publicly available.