When Congress passed the Sarbanes-Oxley Act of 2002 ("SOA"), its intention was to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws." (1) The internal control provisions of SOA Section 404 represent an attempt to improve the accuracy and reliability of financial reporting by requiring Securities and Exchange Commission (SEC) registrants both to assess and report annually on the effectiveness of their internal controls over financial reporting and to have their external auditors evaluate management's assessment and independently audit the internal controls. The costs of these new requirements have been so significant that many companies have expressed concerns over the increased burden they represent. In a recent study, we examined the audit fees for a sample of Fortune 1000 firms and found that the average audit fee increase and average percentage increase from 2003 to 2004 for this sample were $2.3 million and 103 percent, respectively. (2) We also found that SOA audit rates (2004 audit fee increase per thousand dollars of assets) varied by firm size, existence of material weaknesses, asset growth and industry. We documented in that study that the average SOA audit rate of $0.13 (per thousand dollars of assets) for financial services firms (our industry grouping that included banks) was low compared to the average rate of $0.49 for the full sample.
One reason that banks would expect to have lower SOA audit rates relative to other industries is that Section 36 of the Federal Deposit Insurance Act (FDIA) requires banks and thrifts insured with the Federal Deposit Insurance Corporation (FDIC) and with total assets of $500 million or more to submit annually both a management report that includes management's assessment of the effectiveness of internal control structure and an independent accountant's attestation report on management's assertions. (3) Banks have already been doing what SOA appears to require. In Release No. 33-8238 issued in 2003, the SEC discusses similarities and differences between the FDIA and SOA requirements and allows banks subject to both to prepare a single management report that satisfies both requirements. (4) This single report is essentially the FDIA report with additional statements and disclosures required by SOA and not by the FDIA. Also in Release No. 33-8238, the SEC indicates that firms should use the same standard for SOA Section 404 attestations that banks have been using for FDIA attestations. These similarities imply that the banking industry should be more prepared than other industries to implement SOA Section 404 and that the incremental costs of Section 404 should be small for banks complying with the FDIA internal control rules. However, in June 2004, the Public Company Accounting Oversight Board (PCAOB) passed a new auditing standard to be used for Section 404 compliance, and the American Bankers Association (ABA) and others in the banking industry have argued that this new standard has resulted in excessive and unnecessary audit fees. (5)
This article describes the initial impact of SOA Section 404 on banks' audit fees and provides descriptive evidence on possible reasons for differences in SOA audit rates across firms in the banking industry. Because initial compliance with SOA Section 404 rules was required for fiscal years ending on or after November 15, 2004, for accelerated filers, there is currently very little evidence on compliance costs other than survey data. (6) Although firms are not required to track and report on their actual compliance costs, they are required to disclose their annual fees paid to their independent auditing firm, and the disclosed audit fees should reflect the new SOA Section 404 internal control audit costs. We use disclosed audit fee data to evaluate SOA audit costs for a sample of 245 commercial banks that initially complied with Section 404 in 2004. Because the banks in this study have a more heterogeneous set of auditors than the firms in the Fortune 1000, we are able to examine cost differences by auditor type (Big Four versus non-Big Four). We also examine how bank size, complexity and other factors affected initial SOA audit rates. Our data analysis follows brief discussions of the background of SOA and some of the concerns raised by those in the banking industry.
SOA was signed into law on July 30, 2002, and on June 5, 2003, the SEC approved final rules in Release No. 33-8238 for the implementation of SOA Section 404. Section 404(a) and new Item 308(a) of Regulations S-B and S-K require management to include an internal control report in its annual statement filing and state that this required internal control report must include four items: management's statement of responsibility for internal controls over financial reporting, identification of the framework used by management to evaluate the effectiveness of these internal controls, management's conclusion regarding the effectiveness of these controls and disclosure of any material weaknesses and management's confirmation that its auditors have issued their required attestation report on these controls. Section 404(b), Item 308(b) of Regulations S-B and S-K and Rule 202 of Regulation S-X require the firm's independent auditors to attest to management's internal control assessment as part of the annual audit engagement and require firms to include that attestation report in their SEC annual report filing. (7) SOA states that the PCAOB would adopt attestation standards for auditors to follow for these attestations. The SEC approved the PCAOB's Auditing Standard No. 2--An Audit of Internal Control over Financial Reporting Conducted in Conjunction With an Audit of Financial Statements ("AS 2") on June 17, 2004, to be used in place of Statement on Standards for Attestation Engagements No. 10--Reporting on an Entity's Internal Control Over Financial Reporting (also known as "AT 501") for the required Section 404 attestations. Because of concerns about available audit resources and the complexity of initial implementation, the SEC introduced a graduated compliance schedule. Accelerated filers were required initially to comply with Section 404 in the first fiscal year ending on or after November 15, 2004, and nonaccelerated filers must comply in the first fiscal year ending on or after July 15, 2006. In Exemptive Order No. 50754 issued on November 30, 2004, the SEC allowed accelerated filers with public float less than $700 million and fiscal years ending between November 15, 2004, and February 28, 2005, to file their SOA Section 404 reports in a Form 10K/A within 45 days after the due date of their Form 10-K if they needed additional time to complete the Section 404 reports. (8) The SEC solicited written feedback in February 2005 from those involved in implementation and held a roundtable discussion on implementation issues and experiences on April 13, 2005. Both the SEC and the PCAOB issued additional implementation guidance on May 16, 2005, in response to concerns expressed in comment letters and at the roundtable meeting. (9)
The message that is consistently presented in many of the comment letters to the SEC from banking industry groups and individual banks is their belief that the initial SOA audit fees are excessive and that the costs of implementing SOA Section 404 exceed the benefits. (10) In its April 1, 2005, letter, the ABA stated that the "implementation process has gone too far with respect to costs and the level of detail required by the accounting firms." The ABA cited two banks as examples of the significant incremental costs borne by banks because of the SOA attestation requirement: One bank's audit fees increased 70 percent from 2003 to 2004, and the other bank's audit fees increased 211 percent. The ABA argued "that the PCAOB should require attestations rather than attestations and audits" because the current internal control audit "results in unnecessary duplication of effort and cost with little corresponding benefit." In fact, the ABA stated that "the similarities between FDICIA implementation and Section 404 implementation ... diverge under the rules issued by the PCAOB" in large part because AS 2 requires an additional stand-alone audit opinion on internal controls, not just AT 501 attestation on management's assessment of internal controls. According to the ABA, "The requirement for attestations plus audits of internal controls results in auditors' retesting management's testing of internal controls (for the attestations) and then performing new tests of those same areas (for the audits of internal controls)."
The Financial Services Roundtable (FSR), the Independent Community Bankers of America (ICBA) and America's Community Bankers (ACB) all agree with the ABA. In separate letters to the SEC, these groups emphasized the excessive and unnecessary audit fees charged for the internal control audits and attributed much of the excess to increased scope of testing and level of detail, extraordinary documentation requirements, accounting firms' overly cautious interpretations of the rules and fear of PCAOB sanction and shareholder litigation, inadequate use of internal audit staff work and lack of expertise and resources within the accounting firms. These groups also encouraged the SEC to do more in eliminating the overlapping requirements under the FDIA and SOA Section 404.
Sample, Data and Analysis
Because our objective is to analyze initial Section 404 attestation compliance costs, our sample consists of domestic (not foreign) commercial banks that are accelerated filers with the SEC whose fiscal year ends on or after November 15, 2004. Using Standard & Poor's Compustat database and SEC filings, we identified 245 firms for our sample. These firms are commercial banks based on Global Industry Classification Standard (GICS) Industry code 401010, have Standard Industry Classification (SIC) codes in the range of 6020 through 6022 and are traded on one of the three national exchanges.
Our primary variable of interest is audit fees paid to a firm's principal accountant. In 2003, the SEC issued Release No. 33-8183, amending Item 9 of Regulation S-K and Item 16 of Form 10-K to require proxy statement and Form 10-K disclosure, respectively, of four categories of fees paid to the firm's principal accountants: audit fees, audit-related fees, tax fees and all other fees. (11) These fees must be disclosed for each of the last two fiscal years. Although the SEC does not explicitly state in which category Section 404 attestation fees should be disclosed, it does state in Release 33-8183 that the audit fees category should include those fees for "services performed to comply with GAAS" (generally accepted auditing standards). It also states that the audit fees category should include fees for services "in connection with statutory and regulatory filings." The audit-related fees category, according to Release 33-8183, would include services such as "employee benefit plan audits, due diligence related to mergers and acquisitions, accounting consultations and audits in connection with acquisitions, internal control reviews, attest services that are not required by statute or regulation and consultation concerning financial accounting and reporting standards." Firms that disclose audit-related fees must also provide a description of the nature of these services. Based on this guidance, we expect the Section 404 attestation fees to be included in the audit fees category. We also expect banks to report the FDIA attestation fees paid to their auditors in the audit fees category because the attestation is required in a regulatory filing and is an attestation, not just an internal control review.
The audit fee data were collected from the Corporate Governance Performance and Technalytics (CGPT) Audit Fee product. CGPT collects audit fee data, auditor changes and any notes that are disclosed regarding the fees paid to the principal accountants. These note disclosures often provide explanations about changes in fees from 2003 and 2004, including incremental fees due to the SOA internal control attestation. We also collected certain financial statement data from 10-K filings using the CGPT Direct-Link product, which has direct hyperlinks to each specific SEC filing included in its coverage set, and from Standard & Poor's Compustat database. Finally, we used CGPT's DirectSEARCH product to search the 10-Ks of our sample firms to determine the nature and extent of internal control material weaknesses and to identify the types of audit reports.
As previously mentioned, our data analysis is primarily descriptive in nature. We are interested in understanding factors affecting the SOA internal control audit costs for banks, so we address the following four questions in our analysis of audit fees:
1. Were 2004 audit fees significantly higher than 2003 audit fees for the full sample and/or for subsamples based on bank size?
2. Were audit fee increases from 2003 to 2004 primarily attributable to the new SOA audit?
3. Did SOA costs vary by auditor type?
4. Are SOA audit costs based on the likelihood or identification of material weaknesses in internal controls over financial reporting?
Were 2004 audit fees significantly higher than 2003 audit fees for the full sample and/or for subsamples based on bank size? Because our sample firms are accelerated filers initially subject to the Section 404 internal control audit rules in 2004, 2004 audit fees should reflect the fees paid for these attestation services. If 2004 audit fees are not significantly different from 2003 audit fees, then the initial year SOA audit costs would seem to be immaterial. However, if the 2004 audit fees are significantly greater than the 2003 audit fees, then further examination of the SOA audit costs is warranted. Descriptive statistics for the 2004 and 2003 audit fees and the dollar and percentage change in these fees are reported in Panel A of Exhibit 1. Bank of America is the largest bank in our sample (over $700 billion of assets in 2003 and over $1,100 billion in 2004) and has the largest audit fees in both years ($28.8 million in 2004 and $17.8 million in 2003) and largest dollar increase in fees, $11 million, from 2003 to 2004. Six banks in our sample of 245 actually reported decreases in audit fees from 2003 to 2004, and Banc Corp. had the largest decrease in fees, $318,800, and largest percentage decrease, 46.28 percent. The average increase in audit fees for the full sample is $414,134, and the t-statistic of 2.16 for testing mean differences indicates that average 2004 audit fees of $979,716 are significantly greater than average 2003 audit fees of $565,582, with a p-value of 0.03. The z-score for testing median differences using a Wilcoxon test is 6.98 and indicates that median 2004 audit fees of $393,000 are significantly greater than median 2003 audit fees of $206,346, with a p-value less than 0.001.
Part of the fee increases may not be attributed to SOA costs. Special circumstances, such as acquisitions or financial statement restatements and reaudits, could result in nonrecurring components of audit fees for a particular year. For example, North Fork Bancorporation reported, "Audit fees for 2004 include additional audit services provided in connection with the audit of internal controls over financial reporting and the acquisition transactions completed in 2004." (12) While North Fork's total audit fees increased by more than $1.7 million, its limited disclosure prevents us from directly identifying the amount of that increase that represents its SOA audit fees. In Question 2 of this article, we use a subset of sample firms that explicitly disclosed their SOA audit fees to evaluate whether the 2004 increases in audit fees are primarily attributable to the SOA audit.
Because our sample banks have total assets ranging from approximately $400 million to more than $700 billion, we evaluate audit fees by size groups based on the peer groups used in the Federal Reserve's Bank Holding Company Performance Reports. Our analysis of audit fees by size groups is presented in Panel B of Exhibit 1 and helps explain the marginal significance of the difference between average 2004 and average 2003 audit fees (p-value of 0.03 above). Banks in the largest (greater than $10 billion total assets) and smallest (less than $500 million total assets) groups reported average 2004 audit fees that are higher than average 2003 audit fees, but these amounts are not statistically different. However, the average 2004 fees are significantly higher than the average 2003 fees for each of the three middle peer groups (p-values of less than 0.001). Banks with assets between $3 billion and $10 billion experienced the largest average percentage increase in fees, approximately 110 percent. Although the finding that banks in the smallest group had 2004 audit fees that were statistically equal to 2003 fees is surprising because these particular institutions were exempt from the FDIA internal control attestation requirement, this finding is based on a set of only five banks.
Were audit fee increases from 2003 to 2004 primarily attributable to the new SOA audit? The significant increase in audit fees for three of the five bank peer groups is not surprising based on the concerns about SOA audit fees expressed by many banking organizations. However, we cannot readily assume the increase is due only to SOA audit fees, as evidenced by the previous North Fork example. To test the assumption that the increase in audit fees is primarily attributable to the SOA Section 404 audit, we use the 21 sample banks that specifically disclosed their SOA audit fees for 2004. Most firms used general language when explaining their audit fees. For example, FNB Corp. reported that the audit fees "category consists of fees billed and expected to be billed for professional services rendered for the audit of our annual financial statements, attest services provided pursuant to Section 404 of the Sarbanes-Oxley Act and assistance provided with regulatory filings." (13) The 21 banks that made a specific disclosure of SOA audit fees did so unambiguously. For example, Wilmington Trust Corp. stated, "Audit fees for 2004 included approximately $1.3 million for compliance with Section 404 of the Sarbanes-Oxley Act." (14) The 21 sample banks that reported specific 2004 SOA audit fees represent approximately 8.6 percent of our sample. Panel C of Exhibit 1 contains descriptive statistics for the 2004 and 2003 audit fees, the dollar and percentage change in these fees and the incremental internal control attestation costs for this subsample of firms. The mean 2004 internal control (SOA) audit fee is $235,104, and the mean change in total audit fees from 2003 to 2004 is $261,574. These means are not statistically different based on a t-statistic of 0.26 (p = 0.80). The Wilcoxon z-score of 0.20 for comparing the median values for these two measures also indicates no statistical difference between the medians. Thus, we conclude for this subsample that the increase in audit fees from 2003 to 2004 is primarily attributable to the incremental cost of the SOA internal control attestation. Based on this finding, we assume that the fee increases for our full sample are due to the incremental cost of the SOA internal control audit. We acknowledge that this assumption is not valid for every firm in our sample and that this assumption may affect the strength of any assertions we make later about the determinants of SOA audit costs. However, without this assumption, we could not go any further in our analysis because of the small sample of banks that actually reported their SOA audit costs.
Did SOA costs vary by auditor type? In its April 1, 2005, comment letter to the SEC, the ABA discusses its belief that excessive SOA audit costs are resulting from accounting firms' "stringent interpretations" of the PCAOB's AS 2. The ABA's concern with overauditing seems to be primarily directed toward the Big Four accounting firms. We base this interpretation on its use of a quote from a WALL STREET JOURNAL article that states in part, "[E]ach of the Big Four is free pretty much to interpret Section 404 by its own whimsical lights" (emphasis added). Thus, we examine whether SOA audit costs differed by auditor type (Big Four versus non-Big Four). We use a unit cost measure instead of total costs in our analysis for this question and for Question 4 because it is more informative and provides a better basis for comparison across companies of different size. We measure SOA audit unit cost as 2004 SOA audit costs divided by 2004 year-end total assets stated in thousands of dollars. The 2004 SOA audit costs are the dollar change in audit fees from 2003 to 2004, based on our test results for Question 2 above.
The average SOA audit unit cost for our full sample is $0.09 (nine cents per thousand dollars of total assets). Banks that used Big Four auditors in 2004 have an average SOA audit unit cost of $0.10, and this is significantly greater than the average unit cost of $0.06 for banks that used non-Big Four auditors in 2004 (t-statistic = 3.26; p-value = 0.001). (15) One concern about comparing audit fees across auditors is that the concentration of auditors differs across the size peer plexity, growth and organizational restructuring. Larger companies usually benefit from returns to scale in the form of lower unit costs (even though they pay more in total costs), and despite having more numerous and complex internal controls, they have greater resources to spend on internal auditors and the establishment and maintenance of strong internal control systems. Given the complicated nature of the interrelationships among size, complexity and growth, we estimate an ordinary least-squares model to test the relationships between these measures and SOA audit unit costs.
The model we use is:
Ln(SOXUNITCOST) = [alpha] + [[beta].sub.1] Ln(TotalAssets2003) + [[beta].sub.12] COMPLEX + [[beta].sub.3]ASSETGROW + [[beta].sub.4]MATWEAK + [[beta].sub.5]BIG4 + [[beta].sub.6]KAREPORTS + [epsilon]
where SOXUNITCOST = (2004 audit fees minus 2003 audit fees) divided by 2004 year-end total assets in thousand of dollars, [TotalAssets.sub.2003] = 2003 year-end total assets in thousands of dollars, COMPLEX = 2004 net sales divided by 2004 total interest income, ASSETGROW = percentage change in total assets from 2003 to 2004, MATWEAK = one if the 2004 SOA reports of management and the auditors conclude ineffective internal controls (existence of material weaknesses) and zero otherwise, BIG4 = one if the bank used a Big Four auditing firm in 2004 and zero otherwise and KAREPORTS = one if the bank filed its SOA Section 404 reports in Form 10-K/A instead of Form 10-K. We expect SOA audit unit costs to decrease with size, [TotalAssets.sub.2003] consistent with returns to scale for larger banks and perhaps weaker control systems in smaller banks due to resource constraints. Our measure of complexity, COMPLEX, reflects banks' use of various lines of business to generate noninterest income, and we expect SOA audit unit costs to increase as banks' complexity increases because of the additional time auditors would spend testing and evaluating multiple types of controls. Doyle, Ge and McVay report that internal control quality is associated with rapid growth, often experienced with acquisitions, because rapidly growing firms are likely to outgrow existing internal controls and experience a lag before new controls are established. A positive association between SOA audit unit costs and growth, ASSETGROW, would be consistent with this. However, because companies can exclude recent acquisitions from the current year's internal control reports, we may find no association between SOA costs and growth. Based on our test results reported in Exhibit 3, we expect banks that reported ineffective controls to have higher SOA audit unit costs than those that reported effective controls. We also expect higher SOA audit unit costs when Big Four auditors were used based on the results reported earlier for Question 3. Because approximately two-thirds of our sample banks could have taken advantage of the SEC's Exemptive Order No. 5075417 and filed their SOA Section 404 reports in a Form 10-K/A within 45 days after the due date of their Form 10-K, we also include a dummy variable to capture the decision to do so. The SEC's reason for this exemptive order was to give smaller public companies--those with less than $700 million public float--additional time to comply because of potential resource constraints. If companies that took advantage of this exemption were able to reduce their SOA audit unit cost, the coefficient for KAREPORTS will be negative.
Exhibit 4 reports the parameter estimates, their significance and goodness-of-fit measures from estimating our regression model. We eliminate the six banks that reported audit fee decreases from 2003 to 2004 from the original sample for this test because we use the natural log of SOA audit unit costs as the dependent variable. The regression results support our expectations that SOA audit unit costs decrease with size and increase with complexity, actual material weaknesses and the use of Big Four auditors. By using a log transformation of the SOA audit unit cost as our dependent variable, we can interpret the parameter estimates as percentage effects on the dependent variable of changes in the particular independent variables. Thus, we can interpret the -0.54 estimate for Ln([TotalAssets.sub.2003]) as indicating that for every percent increase in total assets, the SOA audit unit cost decreases by about one-half of a percent. These findings could indicate that auditors share their economies of scale with their clients, and they confirm the findings of Doyle, Ge and McVay, who show that the likelihood of a company having ineffective controls decreases with size. The 0.66 estimate for MATWEAK shows the additional costs of having ineffective controls because it can be interpreted as suggesting that, "ceteris paribus," companies with one or more material weaknesses paid a 66-percent premium in their SOA audit rate. Consistent with the results of t-tests for Question 3, the parameter estimate of 1.17 for BIG4 implies that banks using a Big Four auditing firm for SOA attestation paid a 117-percent premium. Banks with greater amounts of noninterest income are considered more complex and paid higher SOA audit rates based on the positive and significant coefficient on COMPLEX. The positive and significant coefficient on KAREPORTS indicates that the banks who postponed filing their SOA reports paid a premium instead of reducing their audit costs. The insignificant coefficient on ASSETGROW is consistent with newly acquired companies being excluded from the current SOA reports.
Summary and Conclusion
Our data analyses confirm the significant cost of SOA internal control attestation for banks. The average increase in audit fees from 2003 to 2004 for our sample of banks is $414,134, a 100-percent increase. Based on tests using a subsample of 21 banks that disclosed actual SOA audit fees, we conclude that the audit fee increase from 2003 to 2004 is primarily attributable to the new SOA audit. Average SOA audit unit cost is $0.09 (nine cents per thousand dollars of assets) for the full sample, $0.15 for banks reporting ineffective internal controls and $0.08 for banks reporting effective internal controls. Big Four auditors charged more than non-Big Four auditors based on average SOA audit unit costs of $0.10 and $0.06, respectively, and unit cost mean differences are significant for relatively smaller banks (total assets between $500 million and $3 billion). We estimate a regression model to evaluate the effects of actual and potential for material weaknesses on SOA audit unit costs. Our regression results indicate that smaller and more complex banks faced higher SOA audit unit costs as did banks that reported ineffective internal controls. Our regression model controls for auditor type and delayed SOA reporting and indicates that banks paid higher SOA audit unit costs if they used Big Four auditors and if they delayed their SOA reporting.
Even though we document significant SOA audit costs and their association with actual or potential internal control problems, we cannot test bankers' assertions that the costs are due to overauditing. The regression results do indicate that smaller banks paid higher unit costs, and we interpret this to be consistent with the assumption that smaller banks have greater potential for control weaknesses because of lack of resources spent on control systems. However, we do not test this or alternative assumptions for the association between size and SOA costs. Regression results also indicate that Big Four auditors charged more than non-Big Four auditors for SOA audits, but data are not available for us to evaluate why this is so for our sample of banks.
The SEC and the PCAOB are continuing to monitor implementation issues and concerns and respond to feedback from companies subject to the SOA Section 404 rules. The PCAOB issued additional implementation guidance on May 16, 2005, to address concerns over the scope of testing required by AS 2. The SEC also issued additional implementation guidance on May 16, 2005, encouraged management and auditors to find better ways to focus on reasonable assurance regarding controls and stated its expectation that more integration between internal control and financial statement audits should reduce future SOA audit costs.
(1) Sarbanes-Oxley Act of 2002 (P.L. 107-204).
(2) S. Eldridge and B. Kealey, SOX Costs: Auditor Attestation under Section 404 (working paper, 2005).
(3) 12 USC [section]1831m and 12 CFR [section]363. Available at www.fdic.gov/ regulations/laws/rules/1000-3800.html#1000sec.36 and www.fdic. gov/regulations/laws/rules/2000-8500.html.
(4) Securities and Exchange Commission (SEC) Release No. 33-8238, Final Rule: Management's Reports on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports (2003). Available at www.sec.gov/rules/final/33-8238.htm.
(5) See the comment letters sent to the SEC by the American Bankers Association (www.sec.gov/news/press/4-497/djfisher040105. pdf), the Independent Community Bankers of America (www. sec.gov/news/press/4-497/ccole033105.pdf), the Financial Services Roundtable (www.sec.gov/news/press/4-497/rmwhiting040105. pdf), America's Community Bankers (www.sec.gov/news/ press/4-497/cmbahin040105.pdf) and the Florida Bankers Association (www.sec.gov/news/press/4-497/4497-196.pdf).
(6) The effective date for accelerated filers is provided in SEC Release No. 33-8392 (2004), available at www.sec.gov/rules/final/33-8392.htm. According to SEC Release No. 33-8545 (2005), available at www.sec.gov/rules/final/33-8545.htm, nonaccelerated filers must begin to comply with Section 404 rules for their first fiscal year ending on or after July 15, 2006. "Accelerated filer" is defined in Exchange Act Rule 12b-2 and includes U.S. companies filing annual reports with the SEC and having market capitalization over $75 million.
(7) SEC Release No. 33-8238 (2003) includes the text of the rule amendments and references Regulation S-B at 17 CFR [section]228.10 et seq., Regulation S-K at 17 [section]CFR 229.10 et seq. and Regulation S-X at 17 CFR [section]210.1-01 et seq.
(8) SEC Release No. 50754, Order Under Section 36 of the Securities Exchange Act of 1934 Granting an Exemption from Specified Provisions of Exchange Act Rules 13a-1 and 15d-1 (Nov. 30, 2004). Available at: www.sec.gov/rules/exorders/34-50754.htm.
(9) The SEC's guidance can be found in its Commission Statement on Implementation of Internal Control Reporting Requirements, issued on May 16, 2005, and available at: www.sec.gov/news/ press/2005-74.htm. The PCAOB's guidance can be found in its Release No. 2005-009, Policy Statement Regarding Implementation of Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements, issued on May 16, 2005, and available at www.pcaobus.org/Standards/Standards_and_Related_Rules/ PCAOB%20Release%20No.%202005-009% 20-%20AS2%20Policy% 20Statement%20-%20May%2016,%202005.pdf .
(10) The comment letters referred to and quoted from in this section of the article are fully referenced in note 5, supra.
(11) SEC Release No. 33-8183, Strengthening the Commission's Requirements Regarding Auditor Independence (2003). Available at www.sec.gov/rules/final/33-8183.htm.
(12) North Fork Bancorporation, Definitive Proxy Statement, filed with the SEC on March 30, 2005. Available at www.sec.gov/Archives/ edgar/data/352510/000095012305003778/y06864ddef14a.htm.
(13) FNB Corp., Definitive Proxy Statement, filed with the SEC on April 6, 2005. Available at www.sec.gov/Archives/edgar/data/76 4811/000119312505071176/ddef14a.htm.
(14) Wilmington Trust Corp., Definitive Proxy Statement, filed with the SEC on March 15, 2005. Available at www.sec.gov/Archives/ edgar/data/872821/000089322005000563/w06250def14a.txt.
(15) Even though the average SOA audit unit cost is greater for banks using Big Four instead of non-Big Four auditors, the average 2004 total audit unit costs for the two groups are statistically equivalent ($0.19 for the Big Four group and $0.17 for the non-Big Four group).
(16) J. Doyle, W. Ge and S. McVay, Determinants of Weaknesses in Internal Control over Financial Reporting and the Implications for Earnings Quality (working paper, 2005).
(17) SEC Release No. 50754, Order Under Section 36 of the Securities Exchange Act of 1934 Granting an Exemption from Specified Provisions of Exchange Act Rules 13a-1 and 15d-1 (Nov. 30, 2004). Available at www.sec.gov/rules/exorders/34-50754.htm.
Susan W. Eldridge is an Assistant Professor of Accounting at the University of Nebraska at Omaha. Contact her at email@example.com.
Burch T. Kealey is an Assistant Professor of Accounting at the University of Nebraska at Omaha. Contact him at firstname.lastname@example.org.
EXHIBIT 1 Audit Fees Descriptive Statistics Panel A: All sample firms (n = 245) Mean (a) Minimum Median (b) Maximum 2004 audit fees $979,716 $63,700 $393,000 $28,800,000 2003 audit fees 565,582 40,000 206,346 17,800,000 Dollar change 2003 to 2004 414,134 (318,800) 174,630 11,000,000 Percentage change 2003 to 2004 100% (46.28%) 75.44% 431.94% Panel B: Sample firms by size (2003 year-end total assets) > $10 $3 Billion $1 Billion Billion - - $10 Billion $3 Billion Mean 2004 audit fees $3,770,358 $931,451 $403,915 Mean 2003 audit fees 2,353,334 470,589 203,380 Mean dollar change 2003 to 2004 1,417,024 460,862 200,535 Mean percentage change 2003 to 2004 81.45% 109.73% 108.03% Number of banks in size subsample 38 49 95 t-statistic (p-value) for comparing 1.31 4.79 6.75 mean 2004 to mean 2003 audit fees (0.20) (>0.001) (<0.001) $500 Million < $500 - Million $1 Billion Mean 2004 audit fees $201,113 $215,844 Mean 2003 audit fees 108,471 93,946 Mean dollar change 2003 to 2004 92,643 121,898 Mean percentage change 2003 to 2004 90.48% 101.32% Number of banks in size subsample 58 5 t-statistic (p-value) for comparing 6.75 1.29 mean 2004 to mean 2003 audit fees (<0.001) (0.23) Panel C: Companies that disclosed SOA internal control audit fees as part of total audit fees for 2004 (n = 21) Mean (a) Minimum Median (b) Maximum 2004 audit fees $459,080 $84,681 $295,000 $2,348,390 2003 audit fees 197,506 55,504 148,000 646,546 Dollar change 2003 to 2004 261,574 9,871 126,000 1,701,844 Percentage change 2003 to 2004 119.05% 13.19% 85.23% 286.58% 2004 internal control audit fee $235,104 $19,216 $120,020 $1,300,000 (a) t-statistic for differences in mean audit fees in Panel A is 2.16 (p = 0.03). t-statistic for comparing mean dollar change in audit fees with mean 2004 internal control (SOA) audit fee in Panel C is 0.26 (p = 0.80). (b) z-score for median differences in audit fees in Panel A is 6.98 (p<0.001). z-score for comparing median dollar change in audit fees with median 2004 internal control audit fee in Panel C is 0.20 (p = 0.42). Exhibit 2 SOA Audit Unit Cost by Auditor Type SOA Cost per $1,000 of 2004 Year-End Total Assets Size Peer Groups Based on Total Assets $500 Million $1 Billion to $3 Billion to to $1 Billion $3 Billion $10 Billion BIG 4 $0.19 $0.13 $0.08 OTHER $0.08 $0.05 $0.04 Note: Table made from line chart. Exhibit 4 Multivariate Estimation of SOA Audit Unit Costs Dependent variable is Ln(SOXUNITCOST). n = 239 Parameter Estimate Variable (t-Statistic) Intercept 3.17 (5.37) ** Ln([TotalAssets.sub.2003]) -0.54 (-11.59) ** COMPLEX 0.84 (2.71) * ASSETGROW 0.00 -1.34 MATWEAK 0.66 (3.56) ** BIG4 1.17 (9.25) ** KAREPORTS 0.52 (3.63) ** F-value 32.03 Adjusted [R.sup.2] 43.89% * Significant at 0.01 or less. ** Significant at 0.001 or less. Variable definitions: Ln(SOX UNITCOST) = natural log of [(2004 audit fees--2003 audit fees) / 2004 year-end total assets]; Ln(TotalAssets2003) = natural log of 2003 year-end total assets in $ thousands; COMPLEX = net sales divided by total interest income, where net sales is interest income plus noninterest income; ASSETGROW = percentage change in total assets from 2003 to 2004; MATWEAK = 1 if management reported material weakness(es) in internal control as of fiscal year-end 2004, zero otherwise; BIG4 = 1 if the bank used a "Big 4" auditing firm in 2004; and KAREPORTS = 1 if the bank filed its SOA Section 404 reports in a Form 10-K/A, zero otherwise.