Ph.D. Dissertation
139
Certification of Authorship of Dissertation Work Submitted to: Donald D. Rogers, PhD. (Dissertation Committee Chairperson): By: Steven M. Helwig (Candidate Name) Date of Submission: 2 / 23 / 2011 Title of Dissertation: Factors That Influence Corporate Regulatory Compliance With A Focus On Sarbanes – Oxley Act of 2002 Certification of Authorship: I hereby certify that I am the author of this document and that any assistance I received in its preparation is fully acknowledged and disclosed in this document. I have also cited all sources from which I obtained data, ideas, or words that are copied directly or paraphrased in this document. Sources are properly credited according to accepted standards for professional publications. I also certify that this dissertation was prepared by me. Candidate Signature: Date: 02 / 23 / 2011
Transcript of Ph.D. Dissertation
Certification of Authorship of Dissertation Work
Submitted to: Donald D. Rogers, PhD.
(Dissertation Committee Chairperson):
By: Steven M. Helwig
(Candidate Name)
Date of Submission: 2 / 23 / 2011
Title of Dissertation:
Factors That Influence Corporate Regulatory Compliance With A Focus On Sarbanes – Oxley Act of 2002
Certification of Authorship: I hereby certify that I am the author of this document and that any assistance I received in its preparation is fully acknowledged and disclosed in this document. I have also cited all sources from which I obtained data, ideas, or words that are copied directly or paraphrased in this document. Sources are properly credited according to accepted standards for professional publications. I also certify that this dissertation was prepared by me.
Candidate Signature: Date: 02 / 23 / 2011
FACTORS THAT INFLUENCE CORPORATION REGULATORY COMPLIANCE WITH A FOCUS ON SARBANES - OXLEY ACT OF 2002
by
Steven M. Helwig
A Dissertation Submitted in Partial Fulfillment of the
Requirements for the Degree of
Doctor of Philosophy in Information Assurance
University of Fairfax
2011
COPYRIGHT STATEMENT
Copyright © 2011 Steven M. Helwig.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or media, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the author.
Abstract
Factors That Influence Corporation Regulatory Compliance With a Focus On
Sarbanes - Oxley Act Of 2002
by
Steven M. Helwig
2011
The focus of this study was on performing an initial exploratory analysis of compliance
with information security regulation requirements. The specific regulation that was
studied was the Sarbanes Oxley Act of 2002 (SOX). The goal of this research was to
identify the factors that would influence compliance and to determine if these factors can
be used to develop a profile that can be used a basis for developing tiers. The data set used
consisted of publicly traded companies that needed to comply with the SOX regulation for
the year 2005. Although significant factors were found, the profile developed from these
factors could not be discriminated between Non-Compliant and Compliant companies.
Both research questions, (determine if the factors that have been found to influence
regulatory compliance in other industries would influenced compliance within financial
regulations and determine whether or not a profile could be developed and would be likely
to have an impact on compliance with financial regulations), were proved invalid.
Dedication
I would like to thank my family, especially my daughter for their support and patience during this project and the time it took away from being together. Next, I would like to thank those friends, especially Dorian Cougias and Tom Homan, who gave me the encouragement and push when I needed it. Through all my personal issues Dr. Berlin, Janice Orcutt and Janice Berlin were always there to listen and help. I would like to include Jo-Anne King because if it was not for her contacting me from my inquiry, I would not have been a student at the University of Fairfax and given the opportunity to achieve a lifelong goal. There are so many others that helped along the way that I cannot list them here, but hopefully they know who they are and will accept my thanks. Last but not least someone that I will forever be indebted to Dr. Don Rogers. Without his patience, guidance, strength, understanding and thoughtfulness the completion of this dissertation would not have been possible. He was always there for me when I needed it and I will never forget that.
vi
Contents
Abstract .............................................................................................................................. iv List of Tables ................................................................................................................... viii Table of Figures ................................................................................................................. ix Chapter 1 Rationale.............................................................................................................1 Chapter 2 Research Review and Synthesis .........................................................................4
2.1 Relation of Corporation Size to Compliance ................................................4 2.2 Relationship of Costs to Comply ................................................................10 2.3 Relation of Organization Profit Margin to Compliance ..............................14
Chapter 3 Methodology ....................................................................................................17 3.1 Brief History of Sarbanes – Oxley Act of 2002 ..........................................17 3.2 Theoretical Framework ...............................................................................19
3.2.1 Research Questions ..........................................................................20 3.2.2 Operational Definitions of Variables ...............................................21
3.3 Research Design Approach .........................................................................25 3.4 Context of Study .........................................................................................25
3.4.1 Setting ..............................................................................................26 3.4.2 Population ........................................................................................27 3.4.3 Limitations .......................................................................................27 3.4.4 Data Set Design and Selection .........................................................27
3.5 Data Collection Process and Procedures .....................................................28 3.5.1 Methods of Measurements ...............................................................28 3.5.2 Instrumentation ................................................................................30 3.5.3 Data Coding .....................................................................................30 3.5.4 Data Collected .................................................................................31 3.5.5 Data Quality Assessment .................................................................32
Chapter 4 Results and Findings ........................................................................................34 4.1 Data Analysis Process .................................................................................34
4.1.1 Analysis Procedures .........................................................................35 4.2 Results and Findings ...................................................................................36
4.2.1 Non-Compliant Analysis .................................................................36 4.2.2 Compliant Analysis .........................................................................48
Chapter 5 Implications and Conclusion ............................................................................74 5.1 Contribution to Knowledge .........................................................................75 5.2 Implications for Future Research ................................................................81 5.3 Implications for Practitioners ......................................................................83 5.4 Implications for Policy Makers ...................................................................83 5.5 Conclusions .................................................................................................84
vii
Appendices .........................................................................................................................86 Appendix A Definitions of Terms ....................................................................................87 Appendix B List of Acronyms and Symbols ....................................................................88 Appendix C Documentation of Research Site Approval ..................................................89 Appendix D Instruments Utilized .....................................................................................90 Appendix E Detailed Data Collection Process .................................................................91 Appendix F List of Pre Cluster Analysis for Compliant Companies..............................101 Appendix G List of Pre Cluster Analysis for Con-Compliant Companies .....................105 Appendix H List of Companies in Validation Data Set ..................................................109 Appendix I List of Compliant Companies Removed After Cluster Analysis .................110 Appendix J List of Non-Compliant Companies Removed After Cluster Analysis ........111 Appendix K Final List of Compliant Companies Used In Analysis ...............................112 Appendix L Final List of Non-Compliant Companies Used In Analysis .......................116 Appendix M List of Industry Types and SIC Codes.......................................................120 Reference List ..................................................................................................................122 Biography .........................................................................................................................129
viii
List of Tables Table 2: Final Cluster Analysis for Non - Compliant Data ............................................. 37 Table 3: Descriptive Analysis of Revenues for Non-Compliant Companies .................... 38 Table 4: Descriptive Analysis of Gross Profits for Non-Compliant Companies .............. 39 Table 5: Descriptive Analysis of Operating Income for Non-Compliant Companies ...... 41 Table 6: Descriptive Analysis of Total Assets for Non-Compliant Companies ................ 42 Table 7: Descriptive Analysis of Total Liabilities for Non-Compliant Companies .......... 44 Table 8: Descriptive Analysis of Stockholder Equity for Non-Compliant Companies ..... 45 Table 9: Descriptive Analysis of Employees for Non-Compliant Companies .................. 47 Table 10: Final Compliant Cluster Center Analysis......................................................... 49 Table 11: Descriptive Analysis of Revenues for Compliant Companies .......................... 50 Table 12: Descriptive Analysis of Gross Profits for Compliant Companies .................... 52 Table 13: Descriptive Analysis of Operating Profit\Loss for Compliant Companies ...... 53 Table 14: Descriptive Analysis of Total Assets for Compliant Companies ...................... 55 Table 15: Descriptive Analysis of Total Liabilities for Compliant Companies ................ 56 Table 16: Descriptive Analysis of Stockholder Equity for Compliant Companies ........... 58 Table 17: Descriptive Analysis of Employees for Compliant Companies ........................ 59 Table 18: Final Results of K-Cluster Analyses for Compliant and Non-Compliant......... 61 Table 19: Group Statistics of Full Data Set ...................................................................... 62 Table 20: Group Statistics of Final Data Set .................................................................... 64 Table 21: Comparison of Compliant and Non-Compliant Means and the Percentage
Difference ........................................................................................................... 66 Table 22: Industry Breakdown: Financial, Technology and Material ............................. 70 Table 23: Analysis of the Factors ..................................................................................... 76 Table 24: Discrimination Between Non & Complaint Companies for Revenue ............... 77 Table 25: Discrimination Between Non & Complaint Companies for Total Assets ......... 77 Table 26: Discrimination Between Non & Complaint Companies for Employees ........... 78 Table 27: Profile Discrimination Between Non & Compliant Companies ....................... 78 Table 28: Analysis of Additional Significant Factors ....................................................... 79 Table 29: Discrimination Between Non & Complaint Companies for Gross Profits ....... 80 Table 30: Discrimination Between Non & Complaint Companies for Operating
Income/Loss ....................................................................................................... 80 Table 31: Discrimination Between Non & Complaint Companies for Stockholder’s Equity
............................................................................................................................ 81 Table 32: Other Regulations for Research ....................................................................... 83 Table E1: Not Effective Weakness Control Reason Codes ............................................... 94 Table E2: SIC Code Description....................................................................................... 95 Table J1: First Round...................................................................................................... 111 Table J2: Second Round (Final) ..................................................................................... 111 Table M1: Industry Types ............................................................................................... 120 Table M2: SIC Codes ...................................................................................................... 121
ix
Table of Figures Figure 1: Nagel SEC Filer Report Snapshot. ................................................................... 22 Figure 2: Validation of Database – Revenues .................................................................. 33 Figure 3: Validation of Database – Total Assets.............................................................. 33 Figure 4: Histogram of Non-Compliant Revenue: Full Data Set. .................................... 38 Figure 5: Histogram of Non-Compliant Revenue: Final Data Set. .................................. 39 Figure 6: Histogram of Non-Compliant Gross Profits: Full Data Set. ............................. 40 Figure 7: Histogram of Non-Compliant Gross Profits: Final Data Set. ........................... 40 Figure 8: Histogram of Non-Compliant Operating Income/Loss: Full Data Set. ............ 41 Figure 9: Histogram of Non-Compliant Operating Income/Loss: Final Data Set. .......... 42 Figure 10: Histogram of Non-Compliant Total Assets: Full Data Set. ............................ 43 Figure 11: Histogram of Non-Compliant Total Assets: Final Data Set. .......................... 43 Figure 12: Histogram of Non-Compliant Total Liabilities: Full Data Set. ...................... 44 Figure 13: Histogram of Non-Compliant Total Liabilities: Final Data Set. .................... 45 Figure 14: Histogram of Non-Compliant Stockholder Equities: Full Data Set. .............. 46 Figure 15: Histogram of Non-Compliant Stockholder Equities: Final Data Set.............. 46 Figure 16: Histogram of Non-Compliant Employees: Full Data Set. .............................. 47 Figure 17: Histogram of Non-Compliant Employees: Final Data Set. ............................ 48 Figure 18: Histogram of Compliant Revenues: Full Data Set. ........................................ 51 Figure 19: Histogram of Compliant Revenues: Final Data Set. ....................................... 51 Figure 20: Histogram of Compliant Gross Profits: Full Data Set. ................................... 52 Figure 21: Histogram of Compliant Gross Profits: Final Data Set. ................................. 53 Figure 22: Histogram of Compliant Operating: Full Data Set. ........................................ 54 Figure 23: Histogram of Compliant Operating: Final Data Set. ...................................... 54 Figure 24: Histogram of Compliant Total Assets: Full Data Set. .................................... 55 Figure 25: Histogram of Compliant Total Assets: Final Data Set. .................................. 56 Figure 26: Histogram of Compliant Total Liabilities: Full Data Set. .............................. 57 Figure 27: Histogram of Compliant Total Liabilities: Final Data Set. ............................. 57 Figure 28: Histogram of Compliant Stockholder Equity: Full Data Set. ......................... 58 Figure 29: Histogram of Compliant Stockholder Equity: Final Data Set. ....................... 59 Figure 30: Histogram of Compliant Employees: Full Data Set. ...................................... 60 Figure 31: Histogram of Compliant Employees: Final Data Set. .................................... 60 Figure 32: T-test of Full Data Set..................................................................................... 63 Figure 33: T-test of Final Data Set. .................................................................................. 65 Figure 34: Crosstabs and Chi- Square Results for 2005 Auditor Change. ....................... 67 Figure 35: Crosstabs and Chi- Square Results for Big Four Firm ................................... 68 Figure 36: Crosstabs and Chi-Square Results for 2004 Compliant ................................. 69 Figure 37: Crosstabs and Chi- Square Results for All Three Industry Categories. ........ 70 Figure 38: Crosstabs and Chi-Square Results for Financial and Material Companies. ... 71 Figure 39: Crosstabs and Chi-Square Results for Finance and Technology Companies. 72 Figure 40: Crosstabs and Chi-Square Results for Material and Technology Companies 73 Figure E1: Database Structure. ......................................................................................... 96 Figure E2: Data Collection Procedure Step 4: CIK Lookup. ............................................ 99 Figure E3: Data Collection Procedure Step 7. ................................................................ 100 Figure E4: Data Collection Step 9: Weakness Code Lookup. ........................................ 100
Chapter 1
Rationale
Information Security is a process for safeguarding information and achieving
desired core security standards for confidentiality, integrity and availability. Recent
scandals (Hilzenrath, 2009) such as the Enron accounting fraud not only identified the
importance of Information Security but also revealed the need for establishing and
complying with a set of core standards. This, in turn, resulted in the creation of a new set
of Federal and State regulations specifying Information Security requirements. These
new regulations focused primarily on publicly traded corporations (Hilzenrath, 2009).
Failure to comply with these regulations can result in jail time, large fines, loss of
company reputation and loss of customer trust
Numerous factors are considered during the process of formulating and legislating
regulations. These factors can be placed into a few, general categories such as the:
• importance of achieving the desired outcomes,
• impact on those who must enforce the regulations, and
• the impact on those who must comply with the regulations
The importance of each factor varies. If the impact of achieving the objective is very
high (prevent substantial loss of human life), then the importance of the other factors is
usually low and they may receive little or no consideration. As the importance of
achieving the outcomes decreases, the relative importance of the other factor increases.
The process of considering and establishing each factor’s relative importance is
2
frequently a very public process that includes the participation of both general and special
interest groups.
Once the consideration has been completed and the regulations have been
established, the focus switches to assessing enforcement and compliance. The goal is to
identify any problem areas and to determine if or how the regulations should be modified.
Compliance and enforcement are frequently viewed from two distinctly different
perspectives. Corporations are responsible for compliance and focus on the impacts on
individual corporations and specific industries.
Government agencies are responsible for enforcement and focus on identifying
the best ways to achieve widespread compliance. A typical approach is to determine the
factors or characteristics of the corporations that are least likely to comply with the new
regulations and the reasons for the non-compliance. This information is, in turn, used as
a basis for developing profiles for focusing enforcement resources and developing
recommendations for modifying the regulations to reduce the requirements for specific
corporations.
Because enforcement resources are limited, these resources are focused on the
areas where they are most likely to yield the greatest return. Profiles are used as basis for
identifying these high yield areas. Profiles are used extensively by Government agencies
like Internal Revenue Service and the Social Security Administration to reduce fraud and
abuse.
Full compliance may not be possible. Full compliance may not be necessary.
When this is the case, tiering is used to provide for differential treatment. Tiering of a
regulation is the adjustment of the requirements for corporations (or products) that
3
conform to a specific profile. In the case of regulatory compliance this usually involves
smaller corporations having fewer requirements than larger corporations (Brock & Evans,
1985). Tiering is commonly used for health, safety and environmental regulations.
The new Information Security regulations are in the early stages of
implementation. Compliance with these regulations is not universal. The existing
regulations do not include tiering. Analyses of compliance have not been performed.
Compliance profiles have not been established. Nevertheless, small corporations are
arguing that these regulations place an unnecessary burden on small businesses (U.S.
Small Business Administration, 2005). And, in response to these complaints, legislatures
are considering modifying the regulations to include tiering.
The focus of this study is to perform an initial exploratory analysis of compliance
with Information Security regulations. The specific regulation to be studied is the
Sarbanes Oxley Act of 2002 (SOX). Sarbanes Oxley is a regulation that affects all
publicly traded companies which includes small, medium and large companies. It is a
regulation that not only has financial controls but also involves Information Technology
controls. This regulation would provide the best data set for this research since the goal
of the research is to identify factors that influence compliance and to determine if these
factors can be used to develop profiles that can be used as basis for developing tiers and
the data available from this regulation is public data.
Chapter 2
Research Review and Synthesis
Information Security regulations are new and compliance with these regulations is
only beginning to be studied. On the other hand, compliance with environmental, health,
and safety regulations has been extensively studied. The body of literature indicates that
regulatory compliance was influenced by the size of a corporation, costs for a corporation
to comply, and the profit margin of the corporation. Therefore, the following literature
review is divided into the following sections:
• Size of the Corporation,
• Costs to Comply, and
• Profit Margin of the Corporation.
2.1 Relation of Corporation Size to Compliance
In her dissertation Kathleen Bravo (2005) found that small to midsized entities in
different geographical locations had a variance in their compliance practices compared to
the non-variance of larger entities. In determining the size of an entity, Bravo used the
number of employees and Gross Profits. She determined that for her study, when using
Gross Profits an organization was considered small if the Gross Profit was up to
$10,000,000, a midsized organization’s Gross Profit would be $10,000,001 to
$50,000,000, and a large organization’s Gross Profits would be over $50,000,001 (Bravo,
2005).
5
Ungson, James, and Spicer (1985) compared industries in two different regulatory
sectors. The two industries were wood products and technology / electronics. Their
comparisons resulted in the hypothesis that “Managerial assessments of regulatory
relationships will vary with the size and age of the organization.” Cole and Tegeler
(1979), Ungson, James, and Spicer (1985), claim there is some evidence that regulations
do impose more burdens on small organizations.
Ungson, James, and Spicer (1985) conducted a survey of firms listed in the
Directory of Oregon Manufacturers. They found that organizational size was a factor
when dealing with regulatory agencies in the wood products industry. Although not
mentioned specifically, they based size on number of employees verified from sources
like Standard and Poor. This finding was not as compelling in the technology /
electronics industry. They did find that the size and burden of complying where more
evident in the technology / electronics industry. They found organizational size mattered
in controlling the regulatory agencies, smaller organizations were not able to do this as
well as larger organizations. They suggest using a tiering approach to regulations thus
reducing the burdens on smaller organizations.
Tiering as mentioned previously was looked at by Brock and Evans (1985).
Tiering is the process of imposing regulations according to factors such as company size.
Brock and Evans developed a framework to analyze tiering. They looked at tiered
regulations being superior to un-tiered regulations. In their research they found a survey
by the U.S. Regulatory Council that listed examples of where smaller businesses were
given more lenient requirements for 29 regulations. They believe that tiering will
become more prevalent due to the 1980 Regulatory Flexibility Act (Brock & Evans,
6
1985). This act was signed into law and requires federal agencies to consider the impact
of regulations on small entities when developing their proposed and final regulations
(U.S. Small Business Administration, 1996). Imposing uniform regulations across all
types of businesses has a negative effect on small business thus justifying the tiering of
regulations (Brock & Evans, 1985).
Brock and Evans (1985) discussed using mathematical formulas to develop
optimal tiering schemes. Their findings were presented as a framework that can be used
to analyze tiering. Brock and Evans (1985) suggested that the economies of scale are
extensive for some regulatory requirements. They also concluded that some
policymakers have already begun to tier many regulations for smaller firms.
Ann Bartel and Larry Thomas (1987) conducted a study on wage and profit
effects of Occupational Safety and Health Administration (OSHA) and the
Environmental Protection Agency (EPA). Although this study focused on wage and
profit, they did discuss the asymmetrical distributions of regulatory compliance within
these agencies’ regulations. The indirect effect of regulation is compliance asymmetry.
This is where an organization suffers a greater burden than other organizations when
regulatory compliance is enforced equally. They performed empirical analysis on OSHA
and EPA data on the manufacturing industry between 1974 and 1978. This was done
using mathematical and statistical calculations.
Bartel and Thomas (1985) concluded that there were two types of asymmetries.
There is a compliance asymmetry where by an organization does suffer greater cost
burden when regulation is evenly enforced across organizations. The other is
enforcement asymmetry where regulations are enforced differently against organizations.
7
Brock and Evans claimed from their research and conclusions that these asymmetries do
exist and are based on organizational size and location.
Peter Yeager (1987) also used the EPA in his study of structural bias in regulatory
law enforcement. He studied illegal business behavior as it relates to regulatory
compliance. He showed that there is a correlation of occurrence and discovery of an
organization’s illegality contingent and the economic system and regulations. He used
data from the EPA headquarters in New York City. This data related to enforcement of
the Clean Air Act against pollutants in New Jersey between 1973 and 1978. This
consisted of 214 plants of which 87 were considered major dischargers and 127 plants
were considered minor dischargers.
In his findings, Mr. Yeager (1987) discussed two types of violations; effluent
discharge and compliance schedule. As far as effluent discharge violations he found that
organization size was an indirect effect as larger organizations are insulated from some
sanctions but not from pollution infractions. He also found that larger organizations use
the EPA’s hearing process more than smaller organization and are more successful. As
with the compliance schedule violations (failure to meet mandated schedules for
abatement equipment) he found the EPA implemented consistent enforcement for
organizations to comply. Larger organizations were less likely to commit this violation
showing that larger organizations did have some regulatory economies of scale. Such
regulations as the Clean Water Act do tend to burden smaller organizations as Peter
Yeager (1987) stated in his paper: “the process of regulation itself reproduces inequality to the extent that it proves to be more accessible to organizations with greater resources for monitoring legal challenges to it”.
8
Noncompliance with the SEC rules or auditor changes was studied by Kenneth
Schwartz and Billy Soo (1996). They looked at the reasons that organizations had in
delaying a filing when they changes auditors. They used a model consisting of two
economic formulas for noncompliance and file lag. Their data was obtained from the
LEXIS database of all Form 8-K submissions that were for auditor changes between 1988
and 1993. The sampling size after eliminating non relevant organizations was 3078
organizations with auditor changes during the specified period. One of the factors in
filing is a competency factor. This is the requirement on an organization in filing the
Form 8-K. They claim smaller organizations must adhere to the same requirement as
larger firms, but the compliance rates differ because smaller organizations may not be as
informed on the filing requirements. They found that larger organizations are more likely
to file timely 8-Ks because of investor and financial market inquiries.
Their findings found a widespread noncompliance of this regulation. The high
non-compliance rate can be partly contributed to non-binding penalties or to the
application of informal standards which are less rigorous than statutory requirements.
They found size inversely related to both non-compliance and filing delays. They also
concluded from their study that additional items that needed further research were the
effectiveness of current regulatory mechanisms.
A study by Peter Pashigian (1984) was specific to plant size and the Clean Air
Act. Mr. Pashigian (1984) believed that larger plants (those with employees above 500)
will benefit more than smaller plants (with employees of 1-99) in the economies of scale
because the optimal size of a plant to increase because of compliance. Smaller plants can
benefit only if larger plants have more stringent regulations placed on them. Regulation
9
compliance raises the size of a plant. External dis-economies may cause the market share
of smaller plants to decline although the compliance costs across all plants or
organizations are the same.
Peter Pashigian (1984) looked at size distribution changes in industries affected
by the Clean Water Act before the regulation (1958 – 1972) and at the beginning of the
regulation (1972 – 1977). He used census data from the periods. He concluded that plant
numbers were reduced and smaller plants had a greater burden than larger plants.
Smaller plants have a harder time to compete or survive the regulatory requirements. He
also found a direct relationship between plant size and company size.
As mentioned previously, the Regulatory Flexibility Act has an impact on
regulatory compliance due to organizational size. This regulation requires agencies to
consider small organizations when developing a regulation or law. This law is designed
to take in to account the burden of a small organization and to ensure the regulatory
agency has considered all alternatives before implementing the regulation. The
regulatory agency must supply a regulatory flexibility analysis along with the proposed
rule and it must be published in the Federal Registry. This analysis consists of five
sections:
1. Reasons why the agency is considering the action,
2. Objectives and legal basis for the proposed rule,
3. Kind and number of small entities that the proposed rule will affect,
4. Projected reporting, recordkeeping, compliance requirements of the rule,
5. All federal rules that may duplicate, overlap, or conflict with the proposed
rule.
10
This act amends the Administrative Procedure Act requirements. This makes smaller
organization’s issues a major component in the development of regulations.
As can be seen in the review of these studies, organizational size is a major factor
in the influence of regulatory compliance. It also influences the way new regulations are
written and developed. What is not clear from these reviews is what determines the size
of an organization, although some indications were provided. There may be many factors
such as number of employees or financial numbers that determine an organization’s size.
Even with financial or economic numbers, this distinction was unclear. These reviews
justify using organizational size (no matter how it is determined) as one of the factors in
regulatory compliance.
2.2 Relationship of Costs to Comply
Sutinen and Kuperan (1999) conducted a theory based study on regulatory
compliance. They looked at the social and economics of complying with regulations in
the fisheries industry. Enforcement of regulations is usually cited as the problem with a
regulation failing assuming it cost nothing to achieve perfect compliance. Thus upon
failure, buying more enforcement comes at a high cost. Enforcement accounts for
between a quarter to over a half of regulatory costs. Looking at an existing theoretical
deterrence framework, Sutinen and Kuperan (1999) found that the framework had some
shortcomings.
11
The shortcomings they found:
• Assumed the threat of sanctions were the only policy mechanism to improve
compliance with regulations,
• Low expected penalties do not always result in high levels of non-compliance,
and
• More enforcement and higher penalties are usually unfeasible or not cost
effective.
With these shortcomings in mind, Sutinen and Kuperan (1999) attempted to
develop an enhanced version of the deterrence model. Their model includes theories
from psychology and sociology involving moral obligation and social influence as well as
conventional costs and revenues in complying. Using mathematical formulas they were
able to derive that moral and social influences were influences, but economic factors did
affect behavior in compliancy. They derived that changing one of the following
economic factors could control compliance violations:
• Changing economic incentive, or
• Reducing potential legal gains, or
• Increasing expected penalties.
Although this theoretical framework study was on the fisheries industry, it did
show that cost whether social or economic does have an effect on regulatory compliance.
Kathleen M. Bravo (2005), in her dissertation for Pace University, conducted a
study on the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This
regulation differs from others in that there is not a choice of what safeguards are to be
implemented; the regulation specifies the control objects to be implemented. Costs
12
associated with this regulation are stiff penalties as in fines and imprisonment and the
costs to implement the controls.
In her study, she looked at the New Jersey Division of Mental Health Services
and its readiness to comply with the HIPAA regulations. Another goal of the study was
to discover issues affecting their compliance to the regulation. The study consisted of
126 state contracted mental health providers. Quantitative analysis was performed on the
study results.
Her results were categorized to include demographics, security officer in place,
cost factor, and several safeguard controls. Her research was subject to validation and
reliability checks to ensure the data was reliable and valid. Bravo’s survey as mentioned
before contained a section that dealt with costs to comply. These questions involved the
amount of budget to enact the controls and how the security program would be funded.
There were 58 respondents to the surveys. The budgets ranged from $10,000 to over
$200,000 with a majority of the respondents claiming their budgets were under $10,000.
She found in her findings that cost was a major factor with an organization’s
ability to comply with the HIPAA regulations. About 72.4% of respondents claimed that
the costs would be absorbed elsewhere within the organization. The cost factor did not
take into effect the costs of equipment or the costs to implement the controls. Costs also
impeded the organization’s ability to hire security personnel. So it can be determined
from Bravo’s research that costs are a factor that influences compliancy with regulations.
Thomas Hopkins (1995) in his report to the U.S. Small Business Administration
on Profiles of Regulatory Compliance presents estimates of compliance costs that are
incurred annually in the private sector. Hopkins looks at cost distributions by firm size.
13
His report deals strictly with the EPA data between 1977 and 2000. He found that the
two most costly types of regulations were process and environmental. He also found that
business costs were proportional to the size in total employees and the organization’s
total receipts. This lead to the finding that compliance costs were more burdensome to
smaller firms. Number of employees was used to determine organizational size as
presented by the U.S. Small Business Administration. Any organization with 1-20
employees was considered small and over 500 employees considered large.
In an examination of regulatory burdens on small business, Chittenden, Kauser,
and Poutziouris (2000), looked at government regulations on small business in the United
States, United Kingdom, European Union, Australia and New Zealand. They considered
a small business based on employees to be small if the employee count was from 1-20.
Companies with an employee count of over 500 were considered large. After researching
the literature from these countries, they summed up their literature research despite
different methodologies and the differences between the countries as follows:
• Regulation burdens are a major concern of all countries investigated,
• United States is more open and adversarial in the way that they assess
regulations than the other countries investigated,
• The countries investigated appear to have best practice guidelines, although
the United States and United Kingdom don’t appear to incorporate these
guidelines fully in their analysis. Thus assessing best practices of the
countries is difficult,
• Tax related costs in the United States and United Kingdom appears to be the
major component of regulatory costs to small business.
14
• Quality of data is variable in evaluating overall compliance costs,
• There is no widely accepted way to assess or monitor full compliance and
administrative costs of regulations,
• The Better Regulation Task Force (BRTF) have considered a large amount of
approaches to reducing the regulatory burden for small business, and
• There is no evidence of much progress in any governments attempt to reduce
heavy burden of compliance on small business compared to larger business.
In this section of the literature review, the goal was to show the relationship
between costs and regulatory compliance. The research indicates that costs are a major
factor in regulatory compliance and that smaller firms appear to be burdened more than
larger firms.
2.3 Relation of Organization Profit Margin to Compliance
Vasanthakumar Bhat (1999) wrote his paper on the relationship between
environmental regulation compliance and financial performance. He studied large U.S.
organizations. One of the purposes of his paper was to determine if non-compliance of
environmental regulations gives an organization a competitive advantage. Mr. Bhat
(1999) said that compliance is measured in penalties assessed while the “payoff” is
measured in profit margin.
His research found that there were two types of arguments on compliance with
environmental regulations. The first was that regulations reduce productivity, destroy
jobs, wasted resources, and destroyed stock market values. Therefore, managers should
consider the investors when determining the degree of compliance with regulations. The
15
other argument was that regulations make organizations more productive and competitive
due to innovations and resource productivity. In some industries being non-compliant
could mean being shut down, thus losing profit margin and shareholder interest.
Bhat (1999) analyzed the data published in the Corporate Environmental Profiles
Directory put out by the Investors Responsibility Research Center. This directory gives
data on environmental performance of the U.S. organizations in the Standard and Poor
500. The compliance data is measured by penalties assessed by over ten environmental
regulations.
Using mathematical formulas and regression models, Mr. Bhat (1999) used assets,
labor and the production function of a business represented by a Cobb-Douglas function.
His findings showed that regulatory compliance does influence the profit margins of an
organization in a negative way. He also found that an organization does not get a
competitive advantage or superior financial results by being non-compliant. There is a
positive relation between compliance and profit margin based on the regression models,
thus it suggested that organizations that are greatly compliant had greater profit margin.
Several other reviews already discussed mention profit margins as being a factor
in regulatory compliance. Hodges (2005) and Bravo (2005) also mentioned this in their
studies. Even though there was only one major study on profit margins as a compliance
factor, it was a study that made a convincing argument and shows that profit margins
should be considered a major factor in this research.
Jack Samir Nasser (2008) conducted research on factors that defined the
relationship of SOX compliance and governance. One of the factors used was overall
16
organization size, but most of the factors were related to shareholder and CEO
compensation and the Board of Directors itself.
During the course of this research, the Public Company Accounting Oversight
Board (PCAOB) restructured the main SOX auditing standard in order for small business
to have a chance at complying. The old auditing standard was Auditing Standard No. 2
which is superseded by Auditing Standard No. 5 (PCAOB, 2007). Todd Neff’s (2009)
analysis of a KPMG survey and report showed that reducing factors such as the fee
reductions of external auditors and reducing controls has had an impact on small business
(a company with <75 million in market capitalization).
Chapter 3
Methodology
The need to regulate financial reporting of public companies emerged as a result
of public financial scandals (ENRON, Tyco International, and WorldCom) (Reibel,
2010). These scandals resulted in the enactment of SOX. This regulation applies to all
publicly held corporations. Before defining the variables to be studied, a brief history of
this regulations history will be presented.
3.1 Brief History of Sarbanes – Oxley Act of 2002
The Sarbanes – Oxley Act of 2002 was born from two separate bills, one from
Senator Paul Sarbanes and the other from Representative Michael G. Oxley. The bill was
passed and signed into law on July 30, 2002. The major pieces of this law are:
• Chief Executive Officer (CEO) and Chief Financial Officers (CFO) must
certify financial reports,
• Ban on personal loan to any Executive Officer or Director,
• Accelerated reporting of trades by insiders,
• Prohibition on insider trades during pension fund blackout periods,
• Public disclosure of CEO and CFO compensation and profits,
• Additional disclosure,
• Auditor independence,
• Criminal and civil penalties for violations of securities law,
18
• Longer jail time and larger fines for corporate executives who knowingly and
willfully misstate financial statements,
• Prohibition on audit firms providing extra “value-added” services unrelated to
their audit work, and
• A requirement that publicly traded companies furnish independent annual
audit reports on the existence and condition of internal controls as they relate
to financial reporting.
The Securities and Exchange Commission (SEC) are the overseers of this
regulation. A separate board, the Public Company Accounting Oversight Board
(PCAOB) was formed to develop rulings and guidelines for this law. The PCAOB
reports to the SEC and the SEC must approve all actions of the PCAOB. The PCAOB
Auditing Standard No. 5 is the approved standard (approved by the SEC on November
15,, 2007) for audits of internal controls required by Section 404 of SOX (the previous
Auditing Standard No. 2 was superseded by Auditing Standard No. 5). This standard has
several key requirements as listed below (PCAOB, 2007):
• The company must design controls (defined in Appendix A) for relevant
assertions (defined in Appendix A) related to all significant accounts and
disclosures in the financial statements,
• The company must provide information related to how significant transactions
are initiated, authorized, supported, processed, and reported,
• The company must provide information related to the flow of transactions to
identify where material misstatements due to error or fraud could occur,
19
• The company must show they have controls designed to prevent or detect
fraud, including who performs the controls and the regulated segregation of
duties,
• The company must have controls over the period-end financial reporting
process,
• The company must have controls over the safeguarding of assets, and
• The company must provide the results of management’s testing and evaluation
of the controls.
This law views Information Technology as an important part of a corporation’s
financial reporting process. The PCAOB recommends companies consider using the
frameworks of The Committee of Sponsoring Organizations of the Treadway
Commission (COSO) and the IT Governance Institute’s Control Objectives for
Information and related Technology (COBIT) in the management and auditor assessment
of internal controls.
3.2 Theoretical Framework
Previous research indicates that several factors may affect compliance. Kathleen
Bravo, (2005) found that cost was a factor in complying with the HIPAA regulation. She
also found that revenues were a basis for determining HIPAA compliance. She found
that those with large revenues were more likely to be HIPAA compliant than those
companies with smaller revenues. This research supports that factors such as revenue
may be used to predict if a company will be compliant or non-compliant to a regulation.
This then says that factors that have been found to be predictors of compliance with
20
regulations such as HIPPA may also be predictors of compliance with financial
regulations such as SOX. For example, factors such as profits (Jaffey & Palmer, 1997),
employee size, and compliance costs may also be used to predict compliance. Brock
&Evans (1985) determined that smaller firms had a disadvantage in being compliant.
They showed size in assets and cost did have an effect on a company complying with a
regulation. This supports that a combination of factors or a profile can also be used to
predict if a company will or will not be compliant to a regulation. Their tiering example
by size did support that smaller companies had a disadvantage in compliance.
Developing profiles based on individual factors can establish if companies can be
compliant to a regulation, can be supported by the findings from the above authors.
Research will test this and determine if their research findings can be applied to financial
institutions.
3.2.1 Research Questions
This study addressed two questions. Can the factors that have been found to be
related to regulatory compliance in other areas also be related to compliance with
financial regulations? The results were expected to be consistent with previous research.
Size (Bravo, 2005), cost, and profit margin (Jaffe & Palmer, 1997) are expected to be
related to compliance.
The second question; Can profiling can be used to determine compliance with
financial regulations? Expected results of profiling should be consistent as shown in
previous research of the HIPAA (Bravo, 2005) and profit margin (Jaffe & Palmer, 1997)
have shown that some factors can show if a company will or will not be compliant to a
regulation. Company characteristics such as size or profitability can be used as the basis
21
for determining a company’s ability to be compliant. The approach is often based on the
assumption that a larger portion of a small company’s resources are required to achieve
compliance. For example, small corporations may have to spend a higher percentage of
profit to be compliant (Jaffe & Palmer, 1997). Therefore, it may be that a large company
has a higher probability of being compliant based on its profile than a smaller company.
3.2.2 Operational Definitions of Variables
Karl Nagel and Associates collects the results of the SOX audits of all publicly
traded companies and puts this information in a database. Karl Nagel and Associates
charge a fee to access to the SOX database. The access to the Nagel database was
through the link http://www.sarbanes-
oxley.com/login.php?page_ref=%2Flookup.php&PHPSESSID=8af660de8ea2babc3de32
493eb36eaa5. The information not available in the Nagel database was collected from
the Yahoo Financial page or the company’s annual report from the company’s web site.
The Yahoo Financial page was accessed through the Nagel database by selecting the
company’s Market Symbol under information in the SEC Filer Report (Figure 1). The
company’s financials were accessed from the company’s Yahoo Financial (Appendix F,
Figure F5) page by selecting the Income Statement (Appendix F, Figure F6) or Balance
Sheet (Appendix F, Figure F7) link.
22
Figure 1: Nagel SEC Filer Report Snapshot.
The following describes the fields retrieved:
• Compliant Company: This is any company that does not display N (Not
Effective) under the SEC Filings section 404, M/A in the Nagel BCR in the
SOX database.
• Non-Compliant Company: This is any company that displays an N (Not
Effective) under the SEC Filings section 404, M/A in the Nagel BCR in the
SOX database. This can also be determined if there is a code 10010 in the
BCR Listing section for the period 2005.
23
• SEC CIK (Central Index Key) Number: This is the ID number assigned to a
company by the SEC. It is located in the Nagel BCR under the Information
section of the SEC Filer Report and is titled EDGAR.
• SIC (Standard Industrial Classification) Code: Is the standard number
assigned to a company that determines what type of industry the company is
in. It is located in the Nagel BCR under the Information section of the SEC
Filer Report and is titled SIC Code.
• Size of Corporation: Defined as the number of full time employees. This
information is located in the Yahoo Financial page for the company under
Company Profile.
• Revenue: Defined as the dollar amounts reported in the Income Statement
from the corporation’s annual report under Total Revenue.
• Profit: Defined as the dollar amounts reported in the Income Statement from
the corporation’s annual report under Gross Profits.
• Operating Cost: Defined as the dollar amounts reported in the Income
Statement from the corporation’s annual report under Operating Income/Loss.
• Total Assets: Defined as the dollar amounts reported in the Balance Sheet
from the corporation’s annual report under Total Assets.
• Total Liabilities: Defined as the dollar amounts reported in the Balance Sheet
from the corporation’s annual report under Total Liabilities.
• Total Stockholder Equity: Defined as the dollar amounts reported in the
Balance Sheet from the corporation’s annual report under Total Stockholder
Equity.
24
• Firm Name: This is the name of the external auditing company used to
perform the end of year financial reports for the period 2005. This is located
in the Nagel BCR in the SEC Filer Report under the SEC Filings section in
the CPA Firm (office) column.
• Audit Fees: These are the fees that are paid directly to the auditing firm.
• Audit Related Fees: These are fees that are paid out for performing that audit
that are not directly paid to the auditing firm.
• Tax Fess: These are fees that are paid for taxes.
• Misc. Fees: These are fees that do not fit into any other fee category, but are
related to compliancy with SOX.
• Firm Big Four (Yes / No): This variable is determined by the Firm Name for
the period of 2005. If the firm name is Deloitte & Touche, KMPG,
Pricewaterhouse Coopers, or Ernst & Young, then it is a big four firm. If
there is any other firm name there it will be considered a non-big four firm.
• Auditor Change (Yes / No): In the SEC Filer Report of the Nagel BCR, under
the SEC Filing section, if the name of the firm for the period 2005 is different
from the name of the firm for the period 2004 then it is Yes for auditor
change. If the firm name for both periods is the same than it is No. This
information can also be obtained from the same report under the BCR Listings
section for the period 2005. It will be Yes if a code of 10002 or Change of
Auditor-Resignation in under the Description column.
25
• Filer Compliant in 2004 (Yes / No): In the SEC Filer Report of the Nagel
BCR, under the SEC Filing section, if there is an N in the 404 M/A column
for the period 2004 this will be a Yes. It will be Yes if a code of 10010 or
Management assessment not effective internal controls is listed under the
Description column for the Period of 2004.
3.3 Research Design Approach
The research design is exploratory research. The data for this research was from
one of three sources. All Non-Compliant companies were used. A random data set of
Compliant companies was selected. The data was classified as being from Compliant and
Non-Complaint companies. The type of analyses that were performed on these data
elements is described in Section 3.4.1. The type of data was nominal and ratio. A cluster
analysis was performed on the data to remove outliers that would skew the results. Then
descriptive and correlation statistical analysis was then applied to the data and analyzed.
3.4 Context of Study
A publicly traded company is a company that trades stock in the market and is
given a market symbol and CIK code by the SEC. These companies must submit annual
financial reports in the 10k form to the SEC and they must also comply with the SOX
regulation. The information submitted is public information. The Nagel database and the
Yahoo Financial page take this information, once released by the SEC, and manually
input the information into their respective databases. Data was collected for each
company as it was reported to the SEC for the period 2005 and inputted as of the research
26
period. The research was conducted during the month of June 2007. At this time the
data was collected and finalized.
3.4.1 Setting
Each year, every publicly held company must submit a 10k form (annual report)
and an audit report for SOX compliancy to the SEC. The audit report is generated by an
external firm that performs an audit of controls to confirm that the financial report is
accurate and the company is safeguarding the information. This audit is performed as per
the SOX regulation. These reports are usually signed off by the Board of Directors,
Chief Executive Officer (CEO) and the Chief Financial Officer (CFO). It is a detailed
and costly process but is in place to verify the integrity of the data and accounting
practices. This process includes those of the business unit as well as the Information
Technology (IT) group.
After the information is sent to the SEC and checked, it is made public. Once it is
made public, Nagel and Yahoo collect the pertinent data and manually input it into their
databases. Nagel’s database has more detailed SOX information where Yahoo has the
detailed financial information. The data is dependent on the company’s annual report and
accounting reporting structure. Once the data is in the Nagel database, Nagel’s reports
can be run, thus generating the data that was used for this research. The timeframe used
for this research was data from the companies reporting for the year 2005. Data was
taken from the results of SOX audits that were performed in 2005 and from annual
reports that were published in 2005. Data used in this research was data that was entered
in the Nagel database as of June 30th, 2007.
27
3.4.2 Population
The population studied consisted of all publicly traded corporations that were
required to report to the Securities and Exchange Commission and comply with SOX and
reported their financials as of June, 2007. The unit of analysis was the corporation. The
population was divided in to two groups – those that complied and those that did not. All
185 Non-Compliant companies in the Nagel list of companies reporting their 2005
financials (varied by corporation as to reporting time frame, this time frame was
determined by how the corporation reported to the SEC, but data set was classified as
Year 2005 reporting) were selected; a simple random data set of 185 Compliant
companies was selected. After the Non-Compliant companies and the Compliant
companies’ data set were removed, another random data set of 25 companies was
selected and used for validation of the Nagel database.
3.4.3 Limitations
The limitation to this research was the number of companies reporting their 2005
compliance data. It was undetermined how many companies were actually supposed to
report their compliancy in 2005. This research was limited to the 6,047 companies that
reported in 2005. Each company however can have a different reporting period for a
given year and file extensions. If an extension was filed or a company did not submit
their data before data was collected, this data may not be included as part of the final
company list used in this study.
3.4.4 Data Set Design and Selection
The data set of the data was based on the SOX Database information. All Non-
Compliant companies listed (185) in the database for 2005 were selected. The Compliant
28
companies’ data set was selected by subtracting the total Non-Compliant companies from
the total companies listed and dividing this number by the total number of Non-
Compliant companies (185) and every 32nd company in the database was selected as a
Compliant company data set. Once the Non-Compliant and Compliant companies were
selected, a data set of 25 companies from the remaining companies was selected to use as
the validation data set.
3.5 Data Collection Process and Procedures
Data collection was performed using the SOX Database, annual reports, and
Yahoo Financial page within these sources until June 30th, 2007. The data collected was
manually inputted in to a custom Filemaker Pro (Appendix F, Figure F1) database using
the variables listed previously. Once the data was put into the database and sorted; it was
exported to an Excel spreadsheet. The Excel spreadsheet was then imported into SPSS
Graduate Package version 17 and 18 Statistic (SPSS) application. Once the data was in
SPSS, it was analyzed and reports generated.
3.5.1 Methods of Measurements
The data that was collected between the data sources were of two types. The two
types of data that were collected were Nominal and Ratio data.
The nominal data consisted of data that was a Yes/No or a name assigned to it as
shown in Table 1. The Ratio data consisted of data that was measured in dollars and the
number of employees an actual value. The data used in this type of analysis is shown in
Table 1.
29
Table 1: Data Measures
The following statistical analysis was performed on each type of data measure:
• Nominal Data
o Cross tabulations
o Chi-Square
• Ratio (Scale) Data
o Descriptive Analysis
o Cluster Analysis
o T-Test
Name Measure Revenues Scale Gross Profits Scale Operating Income Scale Total Assets Scale Total Liabilities Scale Total Stockholders Scale No. Employees Scale Industry Nominal SIC Code Nominal Auditing Firm Nominal Big Four Firm Nominal 2005AuditorChangeY1N2 Nominal 2004Compliant Nominal Audit Fees Scale Audit Related Fees Scale Tax Fees Scale Misc. Fees Scale Total Fees Scale
30
3.5.2 Instrumentation
The data gathered between the data sources was manually inputted into a custom
Filemaker Pro database used for data collection. This data was then imported into an
Excel spreadsheet and then imported into the statistical software for analysis.
3.5.3 Data Coding
The data collected was divided into two categories. The coding of these
categories was:
• NON404 - Non Compliant Companies.
• COM – Compliant Companies.
The financial variables were coded by name:
• Revenues1000000 – Revenues in the millions,
• GrossProfits1000000 – Gross profits in the millions,
• OperatingIncome100000 – Operating income in the millions,
• TotalAssets100000 – Total assets in the millions,
• TotalLiabilities1000000 – Total liabilities in the millions,
• TotalStockholder1000000 – Total Stockholder equity in the millions,
• Audit Fees – Fees paid to the auditing firms,
• Audit Related Fees – Fees associated with the audit but not directly paid to the
auditing firms,
• Tax Fees – Fees paid out in taxes, and
• Misc. Fees – Fees that do not fit in any of the other fee categories.
31
The non-financial variables were coded as follows:
• No. Employees – Total employees listed. This determined the company size
by using Census Bureau standards:
o Small Company: 100 or less employees,
o Medium Company: 101 – 500 employees, and
o Large Company: over 501 employees.
• Industry – The industry heading that the company is associated with,
• SIC Code – Code that is assigned to the company by the SEC and used as an
identifier,
• Auditing Firm – Name of the auditing firm associated with the SOX audit,
• BigFour – Determination if company used one of the “Big Four” auditing
firms for their audits The “Big Four auditing firms are:,
o Ernst and Young (EY),
o KPMG,
o PriceWaterhouse Coopers (PWC), and
o Deliotte & Touche (DT).
• 2005AuditorChange – Determination if company changes auditors in 2005,
and
• 2004Compliant – Determination if company was SOX compliant in 2004
3.5.4 Data Collected
The data types collected is outlined in Section 3.2.2 definitions of Operation
Variables. This data was collected on 185 data sets of Complaint companies, 185 Non-
Compliant companies, and 25 data set companies used for validation. This data was
32
collected from one of three sources to ensure all data variables for each company was
collected. These data sources were the Nagel database, Yahoo Financial page and the
company’s annual report.
3.5.5 Data Quality Assessment
The SOX Database, Yahoo Financial page and annual reports provided data that
was collected by an external auditing firm and reported to the SEC and shareholders.
Therefore, the information was considered to have a high degree of content validity and
internal consistency. The population is known, well defined, and completely listed. A
simple random data set was selected. Therefore, the data set was representative.
To show the reliability of the database, a sampling of 25 companies not included
in the study was used. The revenues and total assets from these companies included in
the SOX database was collected and compared to the public information from the SEC
(finance.yahoo.com) or the company’s annual report. A correlation was performed on
the Revenues (Figure 2) and on the Assets (Figure 3). Comparing the SOX database
information and public information about the company showed that the information in the
database was properly collected and entered in the database with a high degree of
accuracy.
33
Figure 2: Validation of Database – Revenues
Figure 3: Validation of Database – Total Assets.
Chapter 4
Results and Findings
4.1 Data Analysis Process
The initial sections of this chapter provide a high level overview of the analyses.
The details are presented in the final sections. The intent is to provide an orientation to
the analytical framework before presenting the results.
Six financial variables were analyzed. These financial variables were:
• Revenues,
• Profit Margin,
• Operating Income,
• Total Assets,
• Total Liabilities, and
• Stockholder Equity.
Five fee variables were analyzed. These variables are:
• Audit Fees,
• Audit Related Fees,
• Tax Fees,
• Misc. Fees, and
• Total Fees.
35
Seven non-financial variables were analyzed. These variables are:
• Number of Employees,
• Industry,
• SIC Code,
• Auditing Firm,
• Big Four,
• 2005 Auditor Change, and
• 2004 Compliant.
4.1.1 Analysis Procedures
The analytical process had five steps. The first step consisted of reviewing the
descriptive statistics of the ratio variables. These distributions were found to be skewed
by a small number of cases with values that were many times larger than the majority of
cases in the distribution.
The second step consisted of identifying and removing the cases with the extreme
values. A three step cluster analysis was used to identify these outliers.
The third step consisted of removing the outliers, computing a second set of
descriptive statics, and assessing the impact of the removal of the outliers.
The fourth step consisted of conducting T-tests to determine the significance of
the observed distribution of the ratio variables.
The fifth step consisted of conducting Chi Square tests to determine the
significance of the observed frequencies of nominal variables.
36
SPSS Graduate Pack 17.0 and 18.0 for Windows statistical package was used to
conduct all of the analyses. All results reported in the following sections are from reports
generated by SPSS statistical package.
4.2 Results and Findings
4.2.1 Non-Compliant Analysis
The 3 Step K-Means Cluster analyses were used in identifying the outliers and
determining the final data set for the Non-Compliant and Compliant companies. The
outliers, a value that is an abnormal distance from other values (NIST, 2009), in each of
the data set groups needed to be eliminated so the data in each final data set would not be
as skewed. In each data set group, revenue was analyzed first followed by the other five
financial factors for data that was outside the norm. With three clusters, the cluster with
most companies falling within it was determined to be the normal data set companies.
The original data set for the Non-Compliant companies contained 185 companies.
This size was based on all Non-Compliant companies in the database for the year 2005.
An initial 3-K Cluster analysis using revenues was performed and due to the cluster
center sizes, Cluster 1 and Cluster 3 companies were removed (Appendix J) from the
initial data set. Cluster 1 contained 1 company, Cluster 3 contained 1 company, and
cluster 2 contained 183 companies. The mean revenue for Cluster 1 companies was
137.24 times higher than the mean revenue for Cluster 2 companies. The mean revenue
for Cluster 3 companies was 77.6 times higher than the mean revenue of cluster 2
companies. Another 3-K Cluster analysis was performed once the one company from
Cluster 1 was removed and the one company from Cluster 3 was removed. In this second
37
data set, Cluster 1 contained 2 companies, cluster 3 contained 11 companies, and cluster
2 contained 170 companies. In the second data set, Cluster 1 mean revenues were 5.32
times higher than Cluster 2 and Cluster 3 was 16.27 times higher. Based on the results of
this second round, 13 additional companies were removed. The final data set size for the
Non-Compliant data of companies (Appendix L) was 170 (Table 2). An analysis was
performed on the other five financial variables, but the results were very similar. The
same 15 companies were identified as outliers in the data sets for all of the financial
variables.
Table 2: Final Cluster Analysis for Non - Compliant Data
Once the Cluster analysis was conducted, descriptive analysis was performed.
The descriptive analysis was run on the original 185 data set and the final data set of 170.
These analysis were then compared (Tables 3-9). Histograms were also used to compare
the results (Figures 4-17). The Histogram scales are different between the Histogram of
the full data set and the final data set. This is due to large numbers from the full data set
Clusters
2 1 3
Mean Revenues 60,467 956,707 2,439,670
Number of companies 170 12 3
38
and these being eliminated to form the final data set. The full data set contained 185
companies and the final Non-Compliant data set contained 170 companies.
Table 3: Descriptive Analysis of Revenues for Non-Compliant Companies
Analysis Revenues Company Count 185 170 Mean 301,803 60,467 Median 31,003 27,932 Std. Deviation 16,500,000,000 86,087 Skewness 9.90 2.60 Std. Error of Skewness 0.18 0.19 Kurtosis 105.60 6.90 Std. Error of Kurtosis 0.34 0.37 Minimum 1.70 1.70 Maximum 19,260,400 442,924
Figure 4: Histogram of Non-Compliant Revenue: Full Data Set.
39
Figure 5: Histogram of Non-Compliant Revenue: Final Data Set.
Table 4: Descriptive Analysis of Gross Profits for Non-Compliant Companies
Analysis Gross Profits Company Count 185 170 Mean 130,806 26,691 Median 10,158 8,954 Std. Deviation 851,194 52,349 Skewness 11.50 3.90 Std. Error of Skewness 0.18 0.19 Kurtosis 141.60 16.50 Std. Error of Kurtosis 0.36 0.37 Minimum -5,789 -5,789 Maximum 10,890,500 333,100
40
Figure 6: Histogram of Non-Compliant Gross Profits: Full Data Set.
Figure 7: Histogram of Non-Compliant Gross Profits: Final Data Set.
41
Table 5: Descriptive Analysis of Operating Income for Non-Compliant Companies
Analysis Operating Income/Loss Company Count 185 170 Mean 23,998 5,318 Median 1,354 1,264 Std. Deviation 166,969 18,615 Skewness 9.10 4.80 Std. Error of Skewness 0.18 0.19 Kurtosis 84.20 30.20 Std. Error of Kurtosis 0.36 0.37 Minimum -116,300 -24,399 Maximum 1,652,900 149,685
Figure 8: Histogram of Non-Compliant Operating Income/Loss: Full Data Set.
42
Figure 9: Histogram of Non-Compliant Operating Income/Loss: Final Data Set.
Table 6: Descriptive Analysis of Total Assets for Non-Compliant Companies
Analysis Total Assets Company Count 185 170 Mean 1,120,030 150,767 Median 37,949 34,144 Std. Deviation 7,530,000,000,000 462,283 Skewness 9.40 7.50 Std. Error of Skewness 0.18 0.19 Kurtosis 94.50 68.40 Std. Error of Kurtosis 0.36 0.37 Minimum 141.90 141.90 Maximum 85,337,000 4,862,367
43
Figure 10: Histogram of Non-Compliant Total Assets: Full Data Set.
Figure 11: Histogram of Non-Compliant Total Assets: Final Data Set.
44
Table 7: Descriptive Analysis of Total Liabilities for Non-Compliant Companies
Analysis Total Liabilities Company Count 185 170 Mean 1,011,783 115,019 Median 17,212 14,636 Std. Deviation 69,100,000,000 424,673 Skewness 9.10 7.90 Std. Error of Skewness 0.18 0.19 Kurtosis 89.70 73.30 Std. Error of Kurtosis 0.36 0.37 Minimum 14 14 Maximum 76,705,300 4,517,442
Figure 12: Histogram of Non-Compliant Total Liabilities: Full Data Set.
45
Figure 13: Histogram of Non-Compliant Total Liabilities: Final Data Set.
Table 8: Descriptive Analysis of Stockholder Equity for Non-Compliant Companies
Analysis Stockholder Equity Company Count 185 170 Mean 115,749 34,644 Median 17,655 15,426 Std. Deviation 665,163 61,064 Skewness 11.75 3.70 Std. Error of Skewness 0.18 0.19 Kurtosis 124.40 22.60 Std. Error of Kurtosis 0.36 0.37 Minimum -154,072 -154,072 Maximum 8,631,700 494,200
46
Figure 14: Histogram of Non-Compliant Stockholder Equities: Full Data Set.
Figure 15: Histogram of Non-Compliant Stockholder Equities: Final Data Set.
47
Table 9: Descriptive Analysis of Employees for Non-Compliant Companies
Analysis Employees Company Count 185 170 Mean 6,735.40 2,669.30 Median 942 842.50 Std. Deviation 25,198 4,938.50 Skewness 8.20 3.40 Std. Error of Skewness 0.18 0.19 Kurtosis 80.20 15.30 Std. Error of Kurtosis 0.36 0.37 Minimum 1 1 Maximum 280,000 37,000
Figure 16: Histogram of Non-Compliant Employees: Full Data Set.
48
Figure 17: Histogram of Non-Compliant Employees: Final Data Set.
4.2.2 Compliant Analysis
The original data set for the Compliant companies contained 185 companies.
This size was based on all Compliant companies in the database for the year 2005. An
initial 3-K Custer analysis using revenues was performed and due to the cluster center
sizes, Cluster 1 and Cluster 3 companies were removed from the initial data set. Cluster
1 contained 1 company, Cluster 3 contained 8 companies, and Cluster 2 contained 176
companies. The reason for these cluster companies being removed (Appendix I) is that
the average revenues for companies in Cluster 1 was 22.41 times the average revenues
for companies in Cluster 2 and Cluster3 was 155.02 times higher than Cluster 2. Another
3-K Cluster analysis was performed once the nine companies were removed from the
49
data. This analysis revealed that the cluster centers were closer, Cluster 1 was 10.55
times that of Cluster and Cluster was 25.75 higher than Cluster 2. The results of
removing the companies would have resulted in a data set size that would have been two
small for this research. The final data set (Appendix K) size for the compliant data of
companies was 176. . An analysis was performed on the other five financial variables,
and the outlying companies were found to be the same as those for the revenues.
Removing the outliers brought the data set data closer to the data set centers. The
Histogram scales are different between the Histogram of the full data set and the final
data set. This is due to large numbers from the full data set and these being eliminated to
form the final data set. The full data set contained 185 companies and the final Compliant
data set contained 176 companies.
Table 10: Final Compliant Cluster Center Analysis
Cluster
2 3 1
Mean Revenues 198,451 4,446,361 30,764,111
Number of Companies 176 8 1
50
Once the cluster analysis was conducted, descriptive analysis was performed.
The descriptive analysis was run on the full 185 data set and the final data set of 176.
These analysis were then compared (Tables 11-17). Histograms were also used to
compare the results (Figures 18-31).
Table 11: Descriptive Analysis of Revenues for Compliant Companies
Analysis Revenues Company Count 185 176 Mean 54,700,000 19,800,000 Median 4,250,000 3,280,000 Std. Deviation 246,000,000 37,500,000 Skewness 10.50 2.6 Std. Error of Skewness 0.18 0.18 Kurtosis 125.50 7.60 Std. Error of Kurtosis 0.36 0.37 Minimum 0 0 Maximum 3,080,000,000 189,000,000
51
Figure 18: Histogram of Compliant Revenues: Full Data Set.
Figure 19: Histogram of Compliant Revenues: Final Data Set.
52
Table 12: Descriptive Analysis of Gross Profits for Compliant Companies
Analysis Gross Profits Company Count 185 176 Mean 15,900,000 7,520,000 Median 1,530,000 1,350,000 Std. Deviation 54,100,000 17,800,000 Skewness 6.40 4.10 Std. Error of Skewness 0.18 0.18 Kurtosis 45.30 18.40 Std. Error of Kurtosis 0.36 0.36 Minimum -112.70 -112.70 Maximum 448,000,000 112,000,000
Figure 20: Histogram of Compliant Gross Profits: Full Data Set.
53
Figure 21: Histogram of Compliant Gross Profits: Final Data Set.
Table 13: Descriptive Analysis of Operating Profit\Loss for Compliant Companies
Analysis Operating Income/Loss Company Count 185 176 Mean 3,620,000 2,210,000 Median 2,411.8 2,152.05 Std. Deviation 13,200,000 7,060,000 Skewness 3.50 2 Std. Error of Skewness 0.18 0.18 Kurtosis 25.30 18 Std. Error of Kurtosis 0.36 0.36 Minimum -530,169 -374,300 Maximum 100,000,000 473,600
54
Figure 22: Histogram of Compliant Operating: Full Data Set.
Figure 23: Histogram of Compliant Operating: Final Data Set.
55
Table 14: Descriptive Analysis of Total Assets for Compliant Companies
Analysis Total Assets Company Count 185 176 Mean 113,000,000 40,200,000 Median 5,370,000 4,760,000 Std. Deviation 551,000,000 134,000,000 Skewness 8 7 Std. Error of Skewness 0.18 0.18 Kurtosis 68 56 Std. Error of Kurtosis 0.36 0.36 Minimum 0 0 Maximum 5,180,000,000 12,500,000,000
Figure 24: Histogram of Compliant Total Assets: Full Data Set.
56
Figure 25: Histogram of Compliant Total Assets: Final Data Set.
Table 15: Descriptive Analysis of Total Liabilities for Compliant Companies
Analysis Total Liabilities
Company Count 185 176 Mean 995,167.74 302,301.70 Median 37,170 32,776.40 Std. Deviation 587,000,000 120,000,000 Skewness 9.20 7.90 Std. Error of Skewness 0.18 0.18 Kurtosis 88.8 68.4 Std. Error of Kurtosis 0.36 0.36 Minimum 0 0 Maximum 63,877,300.30 11,840,317.70
57
Figure 26: Histogram of Compliant Total Liabilities: Full Data Set.
Figure 27: Histogram of Compliant Total Liabilities: Final Data Set.
58
Table 16: Descriptive Analysis of Stockholder Equity for Compliant Companies
Analysis Stockholder Equity Company Count 185 176 Mean 58,300,000 9,850,000 Median 1,430,000 1,300,000 Std. Deviation 679,000,000 24,600,000 Skewness 13.10 2.80 Std. Error of Skewness 0.18 0.18 Kurtosis 177.10 12.20 Std. Error of Kurtosis 0.36 0.36 Minimum -1,210,000,000 -81,500,000 Maximum 9,150,000,000 150,000,000
Figure 28: Histogram of Compliant Stockholder Equity: Full Data Set.
59
Figure 29: Histogram of Compliant Stockholder Equity: Final Data Set.
Table 17: Descriptive Analysis of Employees for Compliant Companies
Analysis Employee Company Count 185 176 Mean 10,547.60 6,941.32 Median 1,300 1,043.50 Std. Deviation 25,418.70 14,528.10 Skewness 4.70 3.80 Std. Error of Skewness 0.179 0.183 Kurtosis 28 17.60 Std. Error of Kurtosis 0.36 0.36 Minimum 1 1 Maximum 217,000 104,276
60
Figure 30: Histogram of Compliant Employees: Full Data Set.
Figure 31: Histogram of Compliant Employees: Final Data Set.
61
The final results of the K-Means analysis are shown in Table 18. From these final
results the data set data was obtained from Cluster 2 for both Non-Compliant and
Compliant data set. The final company data set were used for T-test analysis. A listing
of the companies that were removed for the Non-Compliant companies in Appendix J
and the Compliant companies is in Appendix I.
Table 18: Final Results of K-Cluster Analyses for Compliant and Non-Compliant
Company Data Set Cluster 2 Cluster 1 Cluster 3
COM 185 176 8 1
NON-COM 185 170 12 3
The results of the T-test of the ratio (scale) data of the 185 NON404 and 185 Com
showed that all factors were greater than .05 in the Sig. (2-tailed). This means that there
is no significant difference between NON404 and COM means. Table 19 depicts the
Groups Statistic and Figure 32 shows the T-test results for the original data set. When
analyzing the data for the final data set the opposite is seen. The revenues, gross profits,
operating profit\loss, total assets, total stockholder equity, number of employees, and
misc. fees all are less than .05 in the Sig. (2-tailed) results. This indicates a significant
difference in the means between the final data sets of 170 NON-COM and 176 COM
companies. Total liabilities, SIC code, audit fee, audit related, tax fees, and total fees are
all greater than .05 in the Sig. (2-tailed) test indicating that the means of these factors
62
show no significant difference. Table 20 shows the group statistics for the final data set
and Figure 33 shows the T-test results.
Table 19: Group Statistics of Full Data Set
Group Statistics Code N Mean Std. Deviation Std. Error
Mean Revenues NON404 185 301802.51 1645500.00 120978.37 COM 185 547364.30 2461100.00 180943.22 Gross Profits NON404 185 130806.40 851193.59 62581.00 COM 185 159060.37 540696.80 39752.82 Operating NON404 185 23998.28 166968.48 12275.77 COM 185 36234.10 132381.79 9732.90 Total Assets NON404 185 1120030.04 7531300.00 553712.53 COM 185 1134946.63 5505600.00 404777.63 Total Liabilities NON404 185 1011783.21 6911200.00 508124.09 COM 185 995167.74 5874500.00 431900.57 Stockholder Equity NON404 185 115748.89 665163.63 48903.80 COM 185 583322.17 6792400.00 499385.57 Employees NON404 185 6735.39 25198.04 1852.60 COM 185 10547.59 25418.71 1868.82 SIC Code NON404 185 49.80 19.94 1.47 COM 185 48.56 19.73 1.45 Audit Fees NON404 185 2220528.86 5835093.44 429004.60 COM 185 9794418.30 108000000.00 7959037.76 Audit Related NON404 185 152185.25 350129.34 25742.02 COM 185 881150.37 8918799.81 655723.20 Tax Fees NON404 185 175400.50 615722.75 45268.84 COM 185 1031077.51 10370000.00 762067.40 Misc. Fees NON404 185 21340.54 185293.54 13623.05 COM 185 36404.47 265741.35 19537.69 Total Fees NON404 185 2569701.95 6780203.23 498490.46 COM 185 11690107.86 126900000.00 9330928.03
63
Figure 32: T-test of Full Data Set.
64
Table 20: Group Statistics of Final Data Set
Code N Mean Std. Deviation Std. Deviation Error
Revenues NON404 170 60467.31 86086.55 6602.54 COM 176 198451.10 374527.19 28231.05 Gross Profits NON404 170 26691.04 52349.37 4015.01 COM 176 75227.97 177792.13 13401.59 Operating NON404 170 5317.95 18614.72 1427.68 COM 176 22131.67 70568.10 5319.27 Total Assets NON404 170 150767.26 462283.20 35455.03 COM 176 402243.91 1339676.97 100981.95 Total Liabilities NON404 170 115019.47 424673.34 32570.96 COM 176 302301.68 1202100.00 90614.17 Stockholder Equity NON404 170 34644.09 34644.09 4683.39 COM 176 98508.74 98508.74 18510.96 Employees NON404 170 2669.28 2669.28 378.77 COM 176 6941.32 6941.32 1095.09 SIC Code NON404 170 49.97 20.28 1.56 COM 176 48.64 19.79 1.49 Audit Fees NON404 170 1372154.43 1721011.62 131995.57 COM 176 9596179.29 110700000.00 8366168.73 Audit Related NON404 170 1372.15 1721.01 132.00 COM 176 815575.18 9105157.58 686327.08 Tax Fees NON404 170 117124.18 283156.67 21717.13 COM 176 1023403.19 10630000.00 801009.82 Misc. Fees NON404 170 117.12 283.16 21.72 COM 176 15810.27 74468.71 5613.29 Total Fees NON404 170 94581.71 188965.46 14492.99 COM 176 11396444.19 130100000.00 9804467.17
65
Figure 33: T-test of Final Data Set.
As the results have shown, the mean for the final data set Compliant companies
was significantly higher than those in Non-Compliant companies; Table 21 shows the
percentage difference of means for ratio factors.
66
Table 21: Comparison of Compliant and Non-Compliant Means and the Percentage
Difference
Factor Com Non % Difference
Revenues 1985 605 70%
Gross Profits 752 267 69%
Operating Costs 221 605 76%
Total Assets 4022 1508 63%
Total Liabilities 3023 1150 62%
Stockholder Equity 985 346 65%
Employees** 6941 2669 62%
Crosstab analysis was performed to analyze the relations between nominal values.
These values included:
• 2005 Auditor Change,
• Big Four Firm,
• 2004 Compliant, and
• Industries
Crosstab analysis was performed on 2005 Auditor Change (Figure 34). Then a
Chi-Square test (Figure 34) was performed. The result of the Chi-Square analysis for the
2005 Auditor Change factor does not show any significant difference.
67
Figure 34: Crosstabs and Chi- Square Results for 2005 Auditor Change.
Crosstab analysis was then performed on Big Four Firm (Figure 35). Then a Chi-
Square test (Figure 35) was performed. The result of the Chi-Square analysis for the Big
Four Firm factor does not show any significant difference. An auditor change in 2005
occurred among 13% of the Compliant companies and 18% of the Non-Compliant
companies. Those using a Big Four were 72% of the Compliant companies and 72% of
the Non-Compliant companies.
68
Figure 35: Crosstabs and Chi- Square Results for Big Four Firm
Crosstab analysis was performed between the Compliant and Non-Compliant
companies that were compliant in the year 2004 (Figure 36). Of the total of 346
companies used in the research, only 4 of the Compliant companies in 2005 were Non-
Compliant in 2004. Of the companies that were Non-Compliant in 2005, 29 of these
companies were also Non-Compliant in 2004. Then a Chi-Square test (Figure 36) was
performed. The result of the Chi-Square analysis for the 2004 Compliant factor does not
show any significant difference.
69
Figure 36: Crosstabs and Chi-Square Results for 2004 Compliant
Crosstab analysis was then performed on Industries (Figure 37). Then a Chi-
Square test (Figure 37) was performed between all three categories of industries. The
result of the Chi-Square analysis for the Industries factor as a whole shows a significant
difference. There is a significant difference between Compliant and Non-Compliant
Technology Industries. There is a significant difference between the Finance and
Technology companies (Figure 39), between the Material and Technology companies
(Figure 40), but not between Financial and Material (Figure 38) companies. Table 22
shows how the industries were broken out.
70
Table 22: Industry Breakdown: Financial, Technology and Material
Industries Non-
Compliant Companies
Percentage Non - Comp
Compliant Companies (Weighted)
Percentage Compliant
Total Companies
Percentage Total
Financial Finance, Insurance, Healthcare, Conglomerates
41 0.72 1,591 28.10 1,632 28.82
Technology Technology, Services, Biotechnology, Utilities
91 1.16 2,028 35.82 2,119 37.43
Materials Basic Materials, Consumer Goods, Industrial Goods
38 0.67 1,872 33.08 1,910 33.75
Total number of Companies 170 3.00 5,491 97.00 5,661 100.00
Figure 37: Crosstabs and Chi- Square Results for All Three Industry Categories.
71
Figure 38: Crosstabs and Chi-Square Results for Financial and Material Companies.
72
Figure 39: Crosstabs and Chi-Square Results for Finance and Technology Companies.
73
Figure 40: Crosstabs and Chi-Square Results for Material and Technology Companies
Chapter 5
Implications and Conclusion
This research was designed to identify the variables that influence compliance and
to determine if these variables can be used to develop profiles that can be used as a basis
for developing tiers. As reported in Chapter IV, the Non-Compliant companies' observed
mean was significantly less than Compliant companies' observed mean for five of the six
financial variables. These five financial variables were used to develop a profile that fit
the majority of the Non-Compliant companies. Then, the profile was applied to the
Compliant companies to determine if it discriminated between Non-Compliant and
Compliant companies. It did not. Next, each financial variable was individually
analyzed to determine if any discriminated between Non-Compliant and Compliant
companies. None did. The results indicate that the vast majority of Non-Compliant
companies are small companies and the majority of Compliant companies are also small
companies. None of the variables studied discriminated between Non-Compliant and
Complaint companies. The detailed results are presented in the next section.
75
5.1 Contribution to Knowledge
Significant differences were observed between Non-Compliant and Compliant
companies on the following variables:
• Revenues
• Gross Profits
• Operating Profit / Loss
• Total Assets
• Stockholder Equity
• Employees
Revenues, Total Assets and Employees were selected as the variables to be used
to develop the profile. The rationale behind this decision was to lower the amount of
factors in the profile to make it a viable tool for determining compliance. Revenues were
chosen as it was the lead variable throughout this research. Total Assets covered the non-
financial variables and Employees were chosen because it was the only true non-financial
variable and was used in previous research to determine size.
A profile was formed from the variables listed above. The profile consisted of
revenues, total assets, and number of employees. The values selected for the profile were
derived from the Non-Compliant data set. For this analysis, it was felt that the profile
should capture 95% or more of the Non-Compliant companies. The mean plus three
standard deviations provided this distribution.
76
Table 23 shows the results of the analysis. The profile based on the results is as follows:
Profile (Non-Compliant):
Revenues (Less than or Equal to) $319,000 or
Total Assets (Less than or Equal to) $1,500,000 or
Employees (Less than or Equal to) 17,500
Table 23: Analysis of the Factors
Non – Compliant Companies
Companies Above Profile
Percentage %
Companies Below Profile
Percentage %
Revenues Mean + Std. Dev. 17 10.00 153 90.00 Mean + 2X Std. Dev. 11 6.57 159 93.53 Mean + 3X Std. Dev. 7 4.12 163 95.88 Mean + 4X Std. Dev. 2 1.18 168 98.82 Total Assets Mean + Std. Dev. 8 4.71 162 95.29 Mean + 2X Std. Dev. 5 2.94 165 97.06 Mean + 3X Std. Dev. 2 1.18 168 98.82 Mean + 4X Std. Dev. 2 1.18 168 98.82 Employees Mean + Std. Dev. 20 11.76 150 88.24 Mean + 2X Std. Dev. 11 6.57 159 93.53 Mean + 3X Std. Dev. 4 2.35 166 97.65 Mean + 4X Std. Dev. 1 0.59 169 99.41
There was a weighting factor of 31.2 applied to the Compliant companies. Tables
24, 25, and 26 shows the Compliant and Non-Compliant company comparisons for each
of the profile factors to determine how well the profile discriminated between Compliant
and Non-Compliant companies. The profile was then analyzed and the results are shown
in Table 27.
77
Table 24: Discrimination Between Non & Complaint Companies for Revenue
Revenues Non-Compliant Companies
Percentage Non –
Comp %
Compliant Companies (Weighted)
Percentage Compliant
%
Total Companies
Percentage Total
% Number of companies that meet the profile
163 2.9 4,493 79.3 4,656 82.2
Number of companies that do not meet the profile
7 0.1 998 17.7 1,005 17.8
Total number of companies 170 3.0 5491 97.0 5661 100.0
Table 25: Discrimination Between Non & Complaint Companies for Total Assets
Total Assets Non-Compliant Companies
Percentage Non - Comp
Compliant Companies (Weighted)
Percentage Compliant
Total Companies
Percentage Total
Number of companies that meet the profile
167 2.96 5,179 91.48 5,346 94.44
Number of companies that do not meet the profile
3 0.04 312 5.52 315 5.56
Total number of companies 170 3.0 5491 97.0 5661 100.0
78
Table 26: Discrimination Between Non & Complaint Companies for Employees
Employees Non-Compliant Companies
Percentage Non - Comp
Compliant Companies (Weighted)
Percentage Compliant
Total Companies
Percentage Total
Number of companies that meet the profile
166 2.93 4,836 85.43 5,002 88.36
Number of companies that do not meet the profile
4 0.07 655 11.57 659 11.64
Total number of companies 170 3.00 5491 97.00 5661 100.00
Table 27: Profile Discrimination Between Non & Compliant Companies
Profile Non-Compliant Companies
Percentage Non - Comp
Compliant Companies (Weighted)
Percentage Compliant
Total Companies
Percentage Total
Number of companies that meet the profile
170 3.00 5,304 93.69 5,474 96.69
Number of companies that do not meet the profile
0 0.00 187 3.31 187 3.31
Total number of companies 170 3.00 5491 97.00 5661 100.00
By using the profile, all 170 Non-Compliant companies met at least one of the
profile factors. This showed the profile covered all Non-Compliant companies one
hundred percent (100%). When the profile was applied to the Compliant companies, 170
of the 176 were compliant with at least one of the factors. This demonstrated that ninety
seven (97%) percent of the Complaint companies fit the profile. As Table 27 shows, with
the profile ninety-seven percent (97%) of all companies in the data set were covered.
79
This indicates there was no discrimination between the Non-Compliant companies and
Compliant companies when using this data set. This means that the factors that were
determined to be significant statistically, and used to form the profile, do not show
discrimination between Non-Compliant companies and Compliant companies.
Because there were other variables that were significant, and the variables chosen
may have been invalid, analysis with the remaining financial variables was performed.
Discrimination charts between Non-Compliant and Compliant companies was developed
for Gross Profits, Operating Income / Loss and Stockholder’s Equity to verify the results
of the profile was true and in fact a profile from this data set could not be developed to
determine if a company would be Non-Compliant to a particular regulation. The same
formula that was used for Revenue, Total Assets and Employees was used for Gross
Profits, Operating Income/Loss and Stockholder’s Equity. The value was driven from the
mean plus three times the standard deviation for the Non-Compliant companies. Table
28 shows these calculations. Tables 29, 30, and 31 show the results of the analysis of
these three factors.
Table 28: Analysis of Additional Significant Factors
Gross Profits Operating Income/Loss
Stockholder’s Equity
Mean 159,060 23,998 115,749 Std. Deviation 540,697 166,969 665,164 3X Std. Deviation 1,622,091 500,907 1,995,492 3X Std. Deviation + Mean
1,781,151 524,905 2,111,241
80
Table 29: Discrimination Between Non & Complaint Companies for Gross Profits
Gross Profits Non-Compliant Companies
Percentage Non - Comp
Compliant Companies (Weighted)
Percentage Compliant
Total Companies
Percentage Total
Number of companies that meet the profile
164 2.89 4,930 87.09 5,094 89.98
Number of companies that do not meet the profile
6 0.11 561 9.91 567 10.02
Total number of companies 170 3.00 5491 97.00 5661 100.00
Table 30: Discrimination Between Non & Complaint Companies for Operating
Income/Loss
Operating Income / Loss
Non-Compliant Companies
Percentage Non - Comp
Compliant Companies (Weighted)
Percentage Compliant
Total Companies
Percentage Total
Number of companies that meet the profile
166 2.93 4,805 84.88 4,971 87.81
Number of companies that do not meet the profile
4 0.07 686 12.12 690 12.19
Total number of companies 170 3.00 5491 97.00 5661 100.00
81
Table 31: Discrimination Between Non & Complaint Companies for Stockholder’s Equity
Stockholder’s Equity
Non-Compliant Companies
Percentage Non - Comp
Compliant Companies (Weighted)
Percentage Compliant
Total Companies
Percentage Total
Number of companies that meet the profile
168 2.97 4,711 83.22 4,879 86.19
Number of companies that do not meet the profile
2 0.03 780 13.78 782 13.81
Total number of companies 170 3.00 5491 97.00 5661 100.00
As with the original profile factors, these additional significant factors showed
that there is still no discrimination between the Non-Compliant and Compliant
companies. These additional factors cannot be used to form a discriminating profile.
5.2 Implications for Future Research
The data set that was used for developing the profile was based on a specific data
set for the Compliant and Non-Compliant publicly traded companies who had to comply
with the Sarbanes Oxley Act of 2002 for the year 2005. Additional research is needed to
determine if the results found for the year 2005 renders the same or similar results for
other year’s data sets. The same process could be applied to years before and after 2005
to ascertain if the same profile is prevalent. The profile may change as other companies
now have been audited several times and have had the opportunity to remediate the audit
findings. If this is the case with past and future years, the profile may change. Also the
regulation changed in 2007 by changing the auditing standard and the regulation was
82
relaxed for companies that had less than 75 million in market capitalization. With these
changes, the profile could be altered or completely voided.
As the research showed the type of industry showed a significant difference
between Technology companies as compared to either Financial or Material based
companies. The Technology companies were 45% of the total companies and the only
sector that had more Non-Compliant companies than Compliant. This can be seen in
Table 22. What the research did not show was why the Technology industries were more
significant statistically than the Financial and Material industries combined. It could be
assumed that since Sarbanes Oxley’s main purpose is to help prevent fraud, it could be
further assumed that the financial industry should have been more significant due to the
nature of the industry, instead of Technology industries, therefore further research could
show why this is not the case.
A result that was expected but could not be shown with this research is why the
type of accounting firms (big four vs. others) was not significantly different between the
Compliant and Non-Compliant companies and did not demonstrate to be a factor in the
profile. These variables because of the expertise associated with big four firms would
have thought to have been a factor, thus this is another area that could require more
research.
It is uncertain as to whether the profile that was developed from this research
using Sarbanes Oxley will be the same for other regulations and laws. The regulations
and laws listed in Table 32 could be used to further the research in order to validate the
results found in this research. The profile could be valid with other regulations where it
was not with Sarbanes- Oxley. Further research into the SOX regulation may expand the
83
variables, by using research tools like surveys and interviews, other variables may surface
causing further research.
Table 32: Other Regulations for Research
5.3 Implications for Practitioners
Because the profile developed in the research proved to be invalid, this research
would have no implications for practitioners. Practitioners cannot use the information
from this research to make a determination as to the compliancy of a company, but
further research may provide more valid results.
5.4 Implications for Policy Makers
The research of HIPAA by Bravo (2005) demonstrated that revenue was a
significant factor in determining compliance in healthcare industry. The results of this
research are not consistent with Bravo’s findings. This research found revenues to be
significant but not a discriminator in publicly traded companies. The study does not
Regulation Enacted Affected Industry Health Insurance Portability and Accountability Act (HIPAA)
1996 Healthcare Industry
Gramm-Leach-Bliley Act (GLBA)
1999 Financial Institutions
Sarbanes Oxley Act of 2002 (SOX)
2002 Public Companies
California 1386 2003 Anyone doing business in California Payment Card Industry Standard (PCI)
2004 Any one dealing with Visa, MasterCard, American Express, etc.
84
support using financial variables develop tiers when writing regulations and laws. Since
this research was started, legislators did take a look back at how SOX was affecting small
businesses. After they investigated they did make adjustments to the regulation that
would help small businesses comply with the SOX regulation. They developed a new
auditing standard (AS No.5) and relaxed the testing of a small business’s risks (a
company with <75 million in market capitalization) and allow them to only be audited for
the controls of the risk areas they identified. So in summary the new legislation did not
use one of the significant factors determined in this research, and did not base their
determining factor on a simple profile, but have a complicated way to determine who can
use the new relaxed standard. The new way uses stock prices and unsold stock, to
determine the <75 million figures and the new auditing standard includes:
• Tailoring audits to particular circumstances;
• Encourages auditors to use their own judgment and to be flexible;
• Allows auditors to choose when they can rely on work by others.
It is difficult to validate the new regulations for small businesses with the profile
because of the differences in factors. Regulators hope that by making this change, more
companies should be able to comply with the regulation. It is unknown how they came
up with this factor, but this determinate should be considered in future research.
5.5 Conclusions
The findings from this research have indicated that most financial factors are
significant statistically but not discriminately different between Non-Compliant and
Compliant companies. There could be many reasons for this, such as the data set was
85
two small, the research was too stringent, or the wrong year was chosen. The most
significant factor found in this research was companies’ revenues. This was also a
determining factor in Kathleen Bravo’s research (Bravo, 2005) involving HIPAA
regulation, but in her research it could be used as an indicator of compliancy. The factors
that were significant in this research cannot be used for developing tiering. Therefore,
answering the research questions used as the basis for this research was invalid. Tiering
is the process of categorizing companies and developing specific regulations and laws for
those companies that for some reason may not be able to comply with a particular
regulation due to contributing factors. Those factors could not be determined by this
research and therefore indicates that a regulation could not be adjusted to allow
companies in different tiers to comply with a specific regulation. The significant factors
from this research on the SOX regulation cannot be used to allow regulators to make a
determination in tiering of the SOX regulation. Legislators did make a change to adjust
SOX so as to not be as burdensome on some companies allowing a form of tiering to
become a reality. This was not based on any significant factor found in this research, but
based on market capitalization market.
Appendices
87
Appendix A
Definitions of Terms
Assertions: Management representations that are embodied in financial statement
components.
Asymmetrical: Something that is not symmetrical or mis-proportioned.
Controls: Activities surrounding policies, procedures, practices, and organizational
structures designed to provide reasonable assurance that the business objectives will be
achieved and undesired events will be prevented or detected.
Electronic Data Gathering, Analysis, and Retrieval (EDGAR): An automated collection,
validation, indexing, acceptance, and forwarding system used by the SEC. This system
performs the above activities of submission by companies and others required by law to
file forms with the SEC.
Regulator: The person or entity that ensures compliance with laws, regulations, and
established rules.
Relevant Assertions: Assertions that have meaningful bearing on whether the account is
fairly stated.
88
Appendix B
List of Acronyms and Symbols
BCR Back Channel Report BRTF Better Regulation Task Force CEO Chief Executive Officer CFO Chief Financial Officer CIK Central Index Key COBIT IT Governance Institute’s Control Objectives for Information and related
Technology COM Compliant Companies COSO Committee of Sponsoring Organizations of the Treadway Commission CPA Certified Public Accountant EDGAR Electronic Data Gathering, Analysis, and Retrieval EPA Environmental Protection Agency GLBA Gramm-Leach-Bliley Act HIPAA Health Portability and Accountability Act IT Information Technology NON Non-Compliant Companies NON404 Non-Compliant Companies OSHA Occupational Safety and Health Administration PCAOB Public Company Accounting Oversight Board PCI Payment Card Industry SEC Securities and Exchange Commission SIC Standard Industry Classification SOX Sarbanes-Oxley Act of 2002
89
Appendix C
Documentation of Research Site Approval
This research did not require research site approval. The research was based of
publicly available information from the Internet, corporation Web sites and a paid on-line
database. The approval was obtained to use these resources and was verbally given. It
should be that noted after data collection and during the finalization of this research,
Nagel and Associates Web site no longer existed. After trying to find any information
related to Nagel and Associates, none could be found. Therefore, permission for
capturing snapshots of their Web site could not be obtained.
90
Appendix D
Instruments Utilized
Instrumentation used for the research is listed here.
• Internet Web Sites:
o Nagel Database: Web based database that is maintained by Nagel
Company. This database contains information about all companies
that need to be SOX compliant.
o Yahoo.Com: This was another source of information that
complimented the Nagel Database and supplied additional
information about companies.
• Company Annual Reports: The annual reports were used to compliment
the Nagel Database and Yahoo.Com information and supply additional
information about the companies.
• FilePro Database: This is an application that was used to stored collected
information.
• Microsoft Excel: This is an application that was used to compile
information for SPSS application
• SPSS v.17 and v. 18: This is the statistical program that was used to run
statistical analysis of the data.
91
Appendix E
Detailed Data Collection Process
A database using FileMaker Pro 8.5 was developed to sort the data. This data was
then exported into spreadsheets. The compliant and non-compliant data set were
separated into separate spreadsheets. One master spreadsheet contained all 370 selected
companies. The database included the following fields:
Company Information
• Code
o NON404 = Non-Compliant
o COM = Compliant
• No.
o Sequential numbering
• Filer Name
o Name of company
• SEC CIK Code
o 10 digit number given by Securities and Exchange Commission (SEC)
• Market Symbol
o Stock market symbol
• Revenues
o Company’s 2005 revenue
• Gross Profits
o Company’s 2005 gross profit
92
• Operating Income / Loss
o Company’s 2005 operating income or operating loss
• Total Assets
o Company’s 2005 total assets
• Total Liabilities
o Company’s 2005 total liabilities
• Total Stockholder Equity
o Company’s 2005 total stockholder equity
• No. of Employees
o Company’s total employees
• Industry
o Type of industry the company is associated with
• SIC Code (See Table F2)
o Industry code given by the SEC
• Location
o Address
o City
o State
• Web Site Address
o Company web site location
Audit Information
• Auditing Firm
o Auditing firm name
93
• Firm Location
o Auditing firm location: City and state
• Big Four Firm
o 1 = Big Four firm
PricewaterhouseCoopers
KPMG
Deloitte & Touche
Ernst & Young
o 2 = Non big four firm
• 2005 Auditor Change
o 1 =YES - If there was an auditor change from 2004 to 2005
o 2 = NO - If no change occurred
• 2004 Compliant
o 1 = Yes
o 2 = No
Compliance Analysis
• The amount of non-effective weakness controls weakness description codes
(Table F1) for the finance or IT controls.
94
Table E1: Not Effective Weakness Control Reason Codes
Code Type Reason Description 10000 F Control environment - general entity level 20000 F Accounting & finance - GAAP 20010 F Accounting & finance - policies & procedures 20020 I Control design & implementation 21010 F Accounting - staffing/personnel: resources (experienced/trained), segregation 21015 F Accounting - 3rd party service providers 21020 F Accounting - supervision: oversight, analysis & review 22005 F Transactions - capture & classification; timeliness 22010 F Transactions - support: documentation & records 22015 F Transactions - estimates/allocations (spreadsheets) 22020 F Transactions - effectiveness testing 23000 F Monitoring - reconciliation & review 25005 IT IT - systems integration & processing 25010 IT IT - access control: password/physical 25015 IT IT - backup & data recovery 25020 IT IT - change management: design/documentation 29010 F Closing procedures - monthly/quarterly/year-end 29020 F Financial statement preparation/review 31000 F Cash/bank accounts - receipts/deposits/disbursements 31001 F Foreign exchange - currency, derivatives 31005 F Investments - valuation (reserves), derivatives 31007 F Deferred tax assets 31010 F Accounts receivable - billing, reserves 31030 F Inventory - valuation, derivatives 31031 F Inventory - management/control 31050 F Long term assets - P,P&E 31055 F Long term assets - leaseholds/improvements 31060 F Long term assets - acquisitions/dispositions (impairment, discontinued ops) 31065 F Long term assets - capitalized development 31070 F Long term assets - proven reserves 31090 F Intangible assets - goodwill 32010 F Accounts payable, procurement 32015 F Accrued liabilities - general expenses/reserves 32020 F Accrued liabilities - tax provisions 32021 F Accrued liabilities - stock options, dividends 32025 F Accrued liabilities - compensation, benefits (pension/health/other) 32050 F Long term debt - valuation, interest, issuance costs 34000 F Revenue - timing, recognition, valuation 35600 F Investment Income (Loss) 40000 F Information & communication - general entity level 50000 F Monitoring - general entity level
95
Table E2: SIC Code Description
Code SIC Code Description
10 Metal mining 13 Oil and gas extraction 14 Nonmetallic minerals, except fuels 15 General building contractors 17 Special trade contractors 20 Food and kindred products 22 Textile mill products 23 Apparel and other textile products 24 Lumber and wood products 28 Chemicals and allied products 30 Rubber and miscellaneous plastics products 32 Stone, clay, glass, and concrete products 34 Fabricated metal products 35 Industrial machinery and equipment 36 Electrical and electronic equipment 38 Instruments and related products 39 Miscellaneous manufacturing industries 42 Motor freight transportation and warehousing 47 Transportation services 48 Communications 49 Electric, gas and sanitary services 50 Wholesale trade--durable goods 51 Wholesale trade--nondurable goods 53 General merchandise stores 54 Food stores 56 Apparel and accessory stores 58 Eating and drinking places 59 Miscellaneous retail 60 Depository institutions 61 Non-depository credit institutions 62 Security, commodity brokers, and services 63 Insurance carriers 64 Insurance agents, brokers, and service 65 Real estate 67 Holding and other investment offices 70 Hotels, rooming houses, camps, and other lodging 72 Personal services 73 Business services 75 Automotive repair, services, and parking 78 Motion pictures 79 Amusement and recreational services 80 Health services 82 Educational services 87 Engineering and management services
96
Figure E1: Database Structure.
The procedures to collect this data and put the information in the database were:
1) Open up a Web browser and go to http://www.sarbanes-oxley.com/login.php;
2) Login in to the site using credentials;
3) Select Lookup
4) Select CIK Number from drop down box on Lookup Screen (Figure F2)
5) Input 10 digit CIK Number
6) Click on Submit Button
7) On Lookup Report page fill in the following in the database fields (Figure F3);
a. Filer Name
b. CIK Symbol
97
c. Market Symbol
d. SIC Code (Table F2)
e. Auditing Firm
f. Firm Location
g. Big Four Firm
h. 2005 Auditor Change
i. 2004 Compliant
j. Control Assessment
k. 404 Control Weakness
8) Click on the 2005 under Period under the SEC Filings
9) Using the code lookup in Table F3 fill in the Weakness Codes if no codes enter 0
(Figure F4).
10) Click on the Filer Name
11) On the Lookup Report, Click on the Symbol
12) On the Finance.Yahoo.Com page, Select Profile and fill in the following in the
database. An example can be viewed at the following URL link:
http://finance.yahoo.com/q/pr;_ylt=A2KJjb0camFNUmkASHuTmYlQ?s=ZOLT. a. No. Employees (if none reported enter a 1)
b. Industry (Sector)
c. Address
d. City
e. State
f. Zip
g. Web Site Address
98
13) On the left side of the screen Select Income Statement, under 2005 fill in the
following in the database. An example can be viewed at the following URL link:
http://finance.yahoo.com/q/is?s=ZOLT+Income+Statement&annual.
a. Revenues
b. Gross Profits
c. Operating Income / Loss
14) On the left side of the screen Select Balance Sheet, under 2005 fill in the
following in the database. An example can be viewed at the following URL link:
http://finance.yahoo.com/q/bs?s=ZOLT+Balance+Sheet&annual.
a. Total Assets
b. Total Liabilities
c. Total Stockholder Equity
Note: Information not available for a particular company on Finance.Yahoo.Com was
searched on the Internet for the company’s 2005 Annual Report and the report
searched to obtain the required information.
15) After the database was completely filled in for both the Non-Compliant and
Compliant companies the following steps were used:
a. Select File,
b. Export Records,
c. Fill in file name,
d. Select Excel Files,
e. Select folder where it is to be stored,
f. Then Save.
99
Note: This saved the data into an Excel spreadsheet that was used to generate the
statistical reports.
Figure E2: Data Collection Procedure Step 4: CIK Lookup.
100
Figure E3: Data Collection Procedure Step 7.
Figure E4: Data Collection Step 9: Weakness Code Lookup.
101
Appendix F
List of Pre Cluster Analysis for Compliant Companies
No. Filer Name CIK Number
Market Symbol
1 Activcard 0001183941 ACTI 2 Adzone Research Inc 0001102013 ADZR.PK 3 Alcoa, Inc. 0000004281 AA 4 AllianceBernstien Holding (Alliancebernstein Blended Style) 0001172221 N/A 5 Ambassadors International Inc 0000946842 AMIE 6 American Ecology Corp 0000742126 ECOL 7 American Homepatient Inc 0000879181 AHOM.OB 8 Ameriresource Technologies Inc 0000876490 AMRE.OB 9 Amylin Pharmaceuticals Inc 0000881464 AMLN
10 Annaly Mortgage Management Inc 0001043219 NLY 11 Aqua America Inc 0000078128 WTR 12 Artesyn Technologies Inc 0000023071 N/A 13 Avery Dennison Corporation 0000008818 AVY 14 Bad Toys Holdings, Inc. 0001200268 BTYH.OB 15 Baker Hughes Inc 0000808362 BHI 16 Baxter International Inc 0000010456 BAX 17 Bell Microproducts 0000900708 BELM 18 Berkshire Hathaway Inc 0001067983 BRKA 19 Black & Decker Corp 0000012355 BDK 20 Blount International Inc 0001001606 BLT 21 Boston Properties Inc 0001037540 BXP 22 Broadcom Corp 0001054374 BRCM 23 Building Materials Holding Corp 0001046356 BLG 24 C Dex Inc 0001173738 CEXI.OB 25 Canadian National Railway Co 0000016868 CNI 26 Cardinal Health Inc 0000721371 CAH 27 Cardiodynamics International Corp 0000719722 CDIC 28 Catapult Communications Corp. 0001063085 CATT 29 CDW Corp 0000899171 CDWC 30 Central Valley Community Bancorp 0001127371 CVCY 31 Chaus Bernard, Inc. (Bernard Chaus, Inc.) 0000793983 CHDB 32 China Biopharma, Inc. (Formerly Techedge Inc.) 0001190132 CBPC.OB 33 Cinemark Holdings Inc 0001173463 CNK 34 Click Commerce Inc 0001107050 N/A 35 Community Bancorp 0000718413 CMTV.OB 36 Consolidated Container Co LLC 0001095531 N/A 37 Cooper Tire & Rubber Co 0000024491 CTB 38 Core-mark Holding Company, Inc. 0001318084 CORE 39 Corus Bankshares Inc 0000051939 CORS 40 Critical Therapeutics Inc 0001145404 CRTX 41 Cycle Country Accessories Corp 0001157758 ATC
102
42 DCAP Group Inc 0000033992 DCAP 43 Dennys Corp. 0000852772 DENN 44 Dick's Sporting Goods, Inc. 0001089063 DKS 45 Diodes Inc 0000029002 DIOD 46 Duane Reade Holdings Inc 0001279172 N/A 47 Dupont E I De Nemours & Co 0000030554 DD 48 Easy Gardener Products Ltd 0001210936 N/A 49 Edwards Lifesciences Corp 0001099800 EW 50 Elecsys Corp 0000914398 ASY 51 Enbridge Inc 0000895728 ENB 52 Entertainment Properties Trust 0001045450 EPR 53 Eschelon Telecom Inc 0001110507 ESCH 54 Evergreen Solar Inc 0000947397 ESLR 55 Exelon Generation Co LLC 0001168165 EXC 56 Federal Signal Corp 0000277509 FSS 57 Ferro Corp 0000035214 FOE 58 Fifth Third Bancorp 0000035527 FITB 59 First Advantage Corp 0001210677 FADV 60 First Mcminnville Corp 0000743397 N/A 61 Flexsteel Industries Inc 0000037472 FLXS 62 Footstar, Inc. 0001011308 FTAR.OB 63 Forward Industries Inc 0000038264 FORD 64 Foxhollow Technologies, Inc. 0001217688 FOXH 65 FTI Consulting Inc 0000887936 FCN 66 Gateway Inc 0000895812 GTW 67 Gaylord Entertainment Co 0001040829 GET 68 Genvec Inc 0000934473 GNVC 69 GFI Group Inc. 0001292426 GFIG 70 Graham Packaging Holdings Co 0001061507 N/A 71 Guaranty Federal Bancshares Inc 0001046203 GFED 72 Guitar Center Inc 0001021113 GTRC 73 Hanger Orthopedic Group, Inc. 0000722723 HGR 74 Hanover Compressor Company 0000909413 HC 75 Harman International Industries Inc 0000800459 HAR 76 Hecla Mining Co 0000719413 HL 77 Helios & Matheson (Formerly A Consulting Team Inc) 0001040792 HMNA 78 Hertz Global Holdings, Inc. 0000047129 HTZ 79 Hines Horticulture Inc 0001003515 HORT 80 Hudson Technologies Inc 0000925528 HDSN 81 Hybrid Fuels Inc 0001104200 HRID.OB 82 IBIS Technology Corp 0000855182 IBIS 83 Ict Group Inc 0001013149 ICTG 84 ILX Resorts, Inc. 0000819551 ILX 85 Ingram Micro Inc 0001018003 IM 86 Inter Parfums Inc 0000822663 IPAR 87 Iron Mountain Inc 0001020569 IRM 88 Johnson Outdoors Inc 0000788329 JOUT 89 Kanbay International Inc 0001125011 N/A
103
90 Kitty Hawk, Inc. 0000932110 KHK 91 KMG America Corp 0001299210 KMA 92 Kononklijke Philips Electronics Nv 0000313216 PHG 93 Kraft Foods, Inc. 0001103982 KFT 94 Ladish Co Inc 0000814250 LDSH 95 Lafarge 0000913785 LR 96 Lear Corp 0000842162 LEA 97 Legend Mobile Inc 0001061169 LGMB.OB 98 LGA Holdings 0000845696 LGAH.OB 99 LifeCell Corp. 0000849448 LIFC
100 Lilly Eli & Co 0000059478 LLY 101 Lincoln National Corp 0000059558 LNC 102 Lpath, Inc. 0001251769 LPTN.OB 103 LSB Bancshares Inc 0000714530 LXBK 104 Lyondell Chemical Co. 0000842635 LYO 105 Majestic Star Casino LLC 0001016466 N/A 106 Massey Energy Co 0000037748 MEE 107 Mcmoran Exploration Co 0000064279 MMR 108 Memry Corp 0000720896 MRY 109 Metlife Inc 0001099219 MET 110 Midamerican Energy Co. 0000928576 MDPWK.PK 111 Millennium Cell Inc 0001114872 MCEL 112 ML Macadamia Orchards LP 0000792161 NUT 113 Moldflow Corporation 0001103234 MFLO 114 Moodys Corp 0001059556 MCO 115 Movie Gallery Inc 0000925178 MOVI 116 Multimedia Games, Inc. 0000896400 MGAM 117 Nanophase Technologies Corporation 0000883107 NANX 118 National Oilwell Varco, Inc. 0001021860 NOV 119 Naturewell Inc 0000945617 NAWL.OB 120 Neenah Paper Inc 0001296435 NP 121 Netlogic Microsystems Inc 0001135711 NETL 122 Nexstar Broadcasting Group Inc 0001142417 NXST 123 North Pointe Holdings Corp 0001171218 NPTE 124 Novelos Therapeutics, Inc. 0001279704 NVLT.OB 125 Nu Skin Enterprises, Inc. 0001021561 NUS 126 O Charleys Inc 0000864233 CHUX 127 Office Depot, Inc. 0000800240 ODP 128 Omega Healthcare Investors Inc 0000888491 OHI 129 Option Care Inc 0000884064 OPTN 130 Oracle Corporation 0000777676 ORCL 131 Owens Corning 0000075234 OC 132 Oxigene Inc 0000908259 OXGN 133 Palomar Enterprises Inc 0001082822 PLMA.OB 134 Panera Bread Co 0000724606 PNRA 135 Peabody Energy Corp 0001064728 BTU 136 Pentair Inc 0000077360 PNR 137 Perot Systems Corp 0000894253 PER
104
138 Pioneer Companies Inc. 0000830141 PONR 139 Polaris Industries Inc 0000931015 PII 140 Pozen Inc 0001059790 POZN 141 Priceline Com Inc 0001075531 PCLN 142 Provident New York Bancorp Inc. 0001070154 PBNY 143 PW Eagle Inc 0000852426 PWEI 144 Qlinks America, Inc. (Formerly Global Envirotech Inc) 0001216014 QLKA.OB 145 Qsound Labs Inc 0000840518 QSND 146 Questcor Pharmaceuticals Inc 0000891288 QSC 147 Radian Group Inc 0000890926 RDN 148 Range Resources Corp 0000315852 RRC 149 RC2 Corp 0001034239 RCRC 150 Reliant Resources Inc 0001126294 RRI 151 Ritchie Bros Auctioneers Inc 0001046102 RBA 152 Ryland Group Inc 0000085974 RYL 153 Samart-tek Solutions Inc. 0000947011 STTK.OB 154 Schweitzer Mauduit International Inc 0001000623 SWM 155 Secure Computing Corp 0001001916 SCUR 156 Servicemaster Company 0001052045 SVM 157 Sina Corp 0001094005 SINA 158 Smith Micro Software Inc 0000948708 SMSI 159 Solo Cup Co 0001294608 N/A 160 Spacedev Inc 0001031833 SPDV.OB 161 Standard Parking Corp 0001059262 STAN 162 Strattec Security Corp 0000933034 STRT 163 Sub-Urban Brands, Inc. (Formerly Dp & D Inc.) 0001265700 SUUB.OB 164 Sunterra Corp 0001016577 SNRRW.PK 165 Tag It Pacific Inc 0001047881 TAG 166 Textron, Inc. 0000217346 TXT 167 Thomson Corp 0001075124 TOC 168 Travelzoo, Inc. 0001133311 TZOO 169 Triad Hospitals Inc 0001074771 TRI 170 Tutogen Medical Inc 0000816949 TTG 171 UFP Technologies, Inc. 0000914156 UFPT 172 Unified Western Grocers Inc 0000320431 N/A 173 United States Steel Corp 0001163302 X 174 Usa Technologies Inc 0000896429 USAT 175 VeriSign Inc. 0001014473 VRSN 176 Viasystems Inc 0001041380 VSGP.PK 177 Vnus Medical Technologies Inc 0001040666 VNUS 178 Washington Post Co 0000104889 WPO 179 West Bancorporation Inc 0001166928 WTBA 180 Weyco Group Inc 0000106532 WEYS 181 Willow Financial Grove Bancorp Inc. 0001163428 WFBC 182 Wright Medical Group Inc 0001137861 WMGI 183 Yahoo! Inc. 0001011006 YHOO 184 Zevex International Inc 0000827056 N/A 185 Zymogenetics Inc 0001129425 ZGEN
105
Appendix G
List of Pre Cluster Analysis for Con-Compliant Companies
No. Filer Name CIK Number Market Symbol
1 Abaxis, Inc. 0000881890 ABAX 2 Accupoll Holding Corp 0000764794 ACUP.PK 3 Affirmative Insurance Holdings Inc 0001282543 AFFM 4 Airspan Networks Inc 0001105542 AIRN 5 Airtran Holdings Inc 0000948846 AAI 6 Alliance Semiconductor Corp 0000913293 ALSC.PK 7 Allion Healthcare Inc 0000847935 ALLI 8 Alpharma Inc 0000730469 ALO 9 American Financial Realty Trust 0001193558 AFR
10 American International Group Inc 0000005272 AIG 11 American Science & Engineering Inc 0000005768 ASEI 12 AMIS Holdings, Inc. 0001161963 AMIS 13 Arlington Tankers Ltd. 0001305507 ATB 14 Arthocare Corp. 0001005010 ARTC 15 Ashworth Inc 0000820774 ASHW 16 Aspen Technology Inc 0000929940 AZPN 17 Astec Industries, Inc. 0000792987 ASTE 18 Authorize.Net Holdings, Inc. (Formerly Lightbridge) 0001017172 ANET 19 Autobytel, Inc. 0001023364 ABTL 20 Avanex Corp 0001056794 AVNX 21 AVX Corporation 0000859163 AVX 22 BFC Financial Corp 0000315858 BFF 23 Biolase Technology Inc 0000811240 BLTI 24 BioScript, Inc (formerly MIMS) 0001014739 BIOS 25 Bookham Technology Plc 0001110647 BKHM 26 Borland Software Corp 0000853273 BORL 27 Bowne & Co Inc 0000013610 BNE 28 Build A Bear Workshop Inc 0001113809 BBW 29 CA, Inc. 0000356028 CA 30 Cache Inc 0000350199 CACH 31 Calgon Carbon Corporation 0000812701 CCC 32 Candela Corp 0000793279 CLZR 33 Capital Senior Living Corp 0001043000 CSU 34 CDI Corporation 0000018396 CEC 35 CEC Entertainment Inc 0000813920 CEC 36 Center Bancorp Inc 0000712771 CNBC 37 Central Parking Corp 0000949298 N/A 38 Ceridian Corp 0001124887 CEN 39 Chattem Inc 0000019520 CHTT 40 China Energy Savings Technology, Inc. 0001119601 N/A 41 Chordiant Software Inc 0001042134 CHRD
106
42 CMS Energy Corp 0000811156 CMS 43 CNA Financial Corp 0000021175 CNA 44 Cogent, Inc. 0001289434 COGT 45 Concord Camera Corp 0000831861 LENS 46 Constar International, Inc. 0000029806 CNST 47 Corinthian Colleges Inc 0001066134 COCO 48 Crown Media Holdings, Inc. 0001103837 CRWN 49 Cymer, Inc. 0000897067 CYMI 50 Dassault Systems (Formerly Matrixone Inc.) 0000786998 DASTY 51 Dave & Busters Inc 0000943823 N/A 52 Diebold Inc 0000028823 DBD 53 Dionex Corp 0000708850 DNEX 54 Dollar General Corp 0000029534 DG 55 Dover Motorsports Inc 0001017673 DVD 56 Dura Automotive Systems Inc 0001016177 DRRAQ.PK 57 Dynegy Inc 0000879215 DYN 58 Eastman Kodak Co 0000031235 EK 59 Ecollege Com 0001085653 ECLG 60 EMS Technologies, Inc. 0000032198 ELMG 61 Energy Conversion Devices Inc 0000032878 ENER 62 Entegris Inc 0001101302 ENTG 63 Epicor Software Corp 0000891178 EPIC 64 Fairchild Corp 0000009779 FA 65 Fedders Corp 0000744106 FJCC.PK 66 Flagstar Bancorp Inc 0001033012 FBC 67 FNB Financial Services Corp 0000742679 FNBF 68 Forrester Research Inc 0001023313 FORR 69 General Communications, Inc. 0000808461 GNCMA 70 General Growth Properties Inc 0000895648 GGP 71 General Motors Acceptance Corp 0000040729 GJM 72 General Motors Corp 0000040730 GM 73 Goremote Internet Communications, Inc. 0001059155 GRIC 74 GP Strategies Corp. 0000070415 GPX 75 Great Southern Bancorp Inc 0000854560 GSBC 76 H&R Block Inc 0000012659 HRB 77 Healthsouth Corp. 0000785161 HLS 78 HealthTronics, Inc. 0001018871 HTRN 79 Hersha Hospitality Trust 0001063344 HT 80 Hollywood Media Corp 0000912544 HOLL 81 Hooper Holmes, Inc. 0000741815 HH 82 Immucor Inc 0000736822 BLUD 83 Impco Technologies Inc 0000790708 FSYS 84 Input Output Inc 0000866609 IO 85 Intac International Inc 0001127439 INTN 86 Integrated Electrical Services Inc 0001048268 IESC 87 Interpool Inc 0000898777 IPX 88 Interpublic Group Of Companies Inc 0000051644 IPG 89 Investools Inc 0001145124 SWIM
107
90 Ionatron, Inc. 0000879911 IOTN 91 JDS Uniphase Corp 0000912093 JDSU 92 Jetblue Airways Corp. 0001158463 JBLU 93 Johnson Controls Inc 0000053669 JCI 94 Kansas City Southern 0000054480 KSU 95 Key Technology Inc 0000906193 KTEC 96 Keynote Systems Inc 0001032761 KEYN 97 L-1 Identity Solutions (Formerly Identix Inc) 0000735780 ID 98 L-1 Identity Solutions (Formerly Viisage Technology) 0001018332 ID 99 Landamerica Financial Group 0000877355 LFG
100 Laureate Education, Inc. (Formerly Sylvan Learning) 0000912766 LAUR 101 LCC International, Inc. 0001016229 LCCI 102 Leapfrog Enterprises, Inc. 0001138951 LF 103 Lennox International Inc 0001069202 LII 104 Levitt Corp. 0001218320 LEV 105 Magellan Health Services Inc 0000019411 MGLN 106 Manhattan Associates, Inc. 0001056696 MANH 107 Markwest Energy Partners Lp 0001166036 MWE 108 Mattson Technology, Inc. 0000928421 MTSN 109 Mcafee, Inc. 0000890801 MFE 110 MDC Partners Inc 0000876883 MDCA 111 Metrocorp Bancshares Inc. 0001068300 MCBI 112 MGP Ingredients Inc 0000835011 MGPI 113 Modtech Holdings Inc 0001075066 MODT 114 Molson Coors Brewing Company 0000024545 TAP 115 Monolithic Power Systems 0001280452 MPWR 116 MSGI Security Solutions, Inc. 0000014280 MSGI.OB 117 Mueller Industries, Inc. 0000089439 MLI 118 Nanometrics Inc 0000704532 NANO 119 National RV Holdings Inc 0000910655 NVH 120 Nautilus Group, Inc. 0001078207 NLS 121 Netflix, Inc. 0001065280 NFLX 122 NII Holdings Inc 0001037016 NIHD 123 Odyssey RE Holdings Corp. 0001137048 ORH 124 Oneok, Inc. 0001039684 OKE 125 Open TV Corp. 0001096958 OPTV 126 Orthovita Inc 0000913756 VITA 127 OSI Systems Inc 0001039065 OSIS 128 Osteotech Inc 0000874734 OSTE 129 Packeteer, Inc. 0001011344 PKTR 130 Pantry Inc 0000915862 PTRY 131 Parallel Petroleum Corp 0000750561 PLLL 132 Patterson UTI Energy Inc 0000889900 PTEN 133 Penns Woods Bancorp Inc 0000716605 PWOD 134 Perficient Inc 0001085869 PRFT 135 Pericom Semiconductor Corp 0001001426 PSEM 136 PharmaNet Development Group, Inc. 0001089542 PDGI 137 Phoenix Technologies Ltd 0000832767 PTEC
108
138 Photon Dynamics Inc 0001002663 PHTN 139 Pomeroy IT Solutions Inc 0000883979 PMRY 140 Pope & Talbot, Inc. 0000311871 POP 141 Popular, Inc. 0000763901 BPOP 142 PRG Schultz International Inc 0001007330 PRGX 143 Progressive Gaming (Formerly Mikohn Gaming Corp) 0000912241 PGIC 144 Pulaski Financial Corp 0001062438 PULB 145 Quanta Capital Holdings Ltd. 0001264242 QNTA 146 Quixote Corp 0000032870 QUIX 147 Rural Metro Corp 0000906326 RURL 148 Russ Berrie & Co., Inc. 0000739878 RUS 149 Ryerson Inc. 0000790528 RYI 150 Salton Inc 0000878280 SFP 151 Savient Pharmaceuticals Inc 0000722104 SVNT 152 SCOLR Pharma Inc. 0000934936 DDD 153 Seneca Foods Corp 0000088948 SENEA 154 Sharper Image Corp 0000811696 SHRP 155 Sigma Designs Inc 0000790715 SIGM 156 Silicon Image Inc 0001003214 SIMG 157 South Financial Group, Inc. 0000797871 TSFG 158 Spatialight Inc 0000881468 HDTV 159 Starrett L S Co 0000093676 SCX 160 Stillwater Mining Co. 0000931948 SWC 161 Stone Energy Corp 0000904080 SGY 162 Sumtotal Systems Inc 0001269132 SUMT 163 SVB Financial Group 0000719739 SIVB 164 Take Two Interactive Software Inc 0000946581 TTWO 165 Tecumseh Products Co 0000096831 TECUA 166 The AES Corporation 0000874761 AES 167 Titanium Metals Corp. 0001011657 TIE 168 Toreador Resources Corp. 0000098720 TRGL 169 Transmeridian Exploration Inc 0001132645 TMY 170 Trex Co., Inc. 0001069878 TWP 171 Trimble Navigation Ltd. (Formerly At Road Inc) 0001109537 TRMB 172 Tripath Technology Inc 0001045739 TRPH.PK 173 Tween Brands, Inc. (Formerly Too, Inc.) 0001085482 TWB 174 Ultra Petroleum Corp. 0001022646 UPL 175 Universal American Financial Corp. 0000709878 UHCO 176 Urologix Inc 0000882873 ULGX 177 Visteon Corp 0001111335 VC 178 Visual Sciences, Inc. (Formerly Websidestory Inc ) 0001091158 VSCN 179 Warwick Valley Telephone Co 0000104777 WWVY 180 Wireless Facilities Inc 0001069258 WFII 181 WJ Communications, Inc. 0000105006 WJCI 182 Woodhead Industries Inc (A Molex Company) 0000108215 MOLX 183 World Fuel Service Corp. 000789460 INT 184 Wynn Resorts Ltd. 0001174922 WYNN 185 Zoltek Companies Inc 0000890923 ZOLT
109
Appendix H
List of Companies in Validation Data Set
No. Filer Name CIK Number Market Symbol 1 Aaron Rents Inc. 706688 RNT 2 American Biltrite Inc 4611 ABL
3 Aspen Insurance Holdings Ltd 1267395 AHL
4 BJ'S Restaurants, Inc. 1013488 BJRI
5 Carey WP & Co., LLC 1025378 WPC
6 CNB Financial Corp 736772 CCNE
7 Cullen Frost Bankers Inc 39263 CFR
8 DSP Group, Inc. 915778 DSPG
9 ESS Technology, Inc. 907410 ESST
10 Fonar Corporation 355019 FONR
11 Golden Telecom, Inc. 1089874 GLDN
12 Healthaxis, Inc. 768892 HAXS
13 Interwoven, Inc. 1042431 IWOV
14 Lasalle Hotel Properties 1053532 LHO
15 McDonalds Corporation 63908 MCD
16 Monster Worldwide, Inc. 1020416 MNST
17 Nicor Inc 72020 GAS
18 Oscient Pharmaceuticals, Inc. 356830 OSCI
19 PLX Technology Inc 850579 PLXT
20 RCM Technologies Inc 700841 RCMT
21 Scotts Liquid Gold Inc 88000 SLGD.OB
22 Sport Haley, Inc. 892653 SPOR
23 Telus Corp 868675 TU
24 Unigene Laboratories, Inc. 352747 UGNE.OB
25 W R Grace & Co. 1045309 GRA
110
Appendix I
List of Compliant Companies Removed After Cluster Analysis
No. Filer Name CIK Number Market
Symbol
Cluster1 3 Alcoa, Inc. 0000004281 AA
18 Berkshire Hathaway Inc 0001067983 BRKA 26 Cardinal Health Inc 0000721371 CAH 47 Dupont E I De Nemours & Co 0000030554 DD 85 Ingram Micro Inc 0001018003 IM 92 Kononklijke Philips Electronics Nv 0000313216 PHG 93 Kraft Foods, Inc. 0001103982 KFT
109 Metlife Inc 0001099219 MET Cluster3
105 Majestic Star Casino LLC 0001016466 N/A
111
Appendix J
List of Non-Compliant Companies Removed After Cluster Analysis
Table J1: First Round
No. Filer Name CIK Number Market Symbol Cluster1
72 General Motors Corp 0000040730 GM Cluster3
10 American International Group Inc 0000005272 AIG
Table J2: Second Round (Final)
No. Filer Name CIK Number Market Symbol Cluster1
41 CMS Energy Corp 0000811156 CMS 42 CNA Financial Corp 0000021175 CNA 51 Dollar General Corp 0000029534 DG 54 Eastman Kodak Co 0000031235 EK 81 Interpublic Group Of Companies Inc 0000051644 IPG
105 Molson Coors Brewing Company 0000024545 TAP 114 Oneok, Inc. 0001039684 OKE 138 Ryerson Inc. 0000790528 RYI 154 The AES Corporation 0000874761 AES 164 Visteon Corp 0001111335 VC 169 World Fuel Service Corp. 000789460 INT
Cluster3 66 General Motors Acceptance Corp 0000040729 GJM
85 Johnson Controls Inc 0000053669 JCI
112
Appendix K
Final List of Compliant Companies Used In Analysis
No. Filer Name CIK
Number Market Symbol
1 Activcard 0001183941 ACTI 2 Adzone Research Inc 0001102013 ADZR.PK 3 AllianceBernstien Holding (Alliancebernstein Blended Style) 0001172221 N/A 4 Ambassadors International Inc 0000946842 AMIE 5 American Ecology Corp 0000742126 ECOL 6 American Homepatient Inc 0000879181 AHOM.OB 7 Ameriresource Technologies Inc 0000876490 AMRE.OB 8 Amylin Pharmaceuticals Inc 0000881464 AMLN 9 Annaly Mortgage Management Inc 0001043219 NLY
10 Aqua America Inc 0000078128 WTR 11 Artesyn Technologies Inc 0000023071 N/A 12 Avery Dennison Corporation 0000008818 AVY 13 Bad Toys Holdings, Inc. 0001200268 BTYH.OB 14 Baker Hughes Inc 0000808362 BHI 15 Baxter International Inc 0000010456 BAX 16 Bell Microproducts 0000900708 BELM 17 Black & Decker Corp 0000012355 BDK 18 Blount International Inc 0001001606 BLT 19 Boston Properties Inc 0001037540 BXP 20 Broadcom Corp 0001054374 BRCM 21 Building Materials Holding Corp 0001046356 BLG 22 C Dex Inc 0001173738 CEXI.OB 23 Canadian National Railway Co 0000016868 CNI 24 Cardiodynamics International Corp 0000719722 CDIC 25 Catapult Communications Corp. 0001063085 CATT 26 CDW Corp 0000899171 CDWC 27 Central Valley Community Bancorp 0001127371 CVCY 28 Chaus Bernard, Inc. (Bernard Chaus, Inc.) 0000793983 CHDB 29 China Biopharma, Inc. (Formerly Techedge Inc.) 0001190132 CBPC.OB 30 Cinemark Holdings Inc 0001173463 CNK 31 Click Commerce Inc 0001107050 N/A 32 Community Bancorp 0000718413 CMTV.OB 33 Consolidated Container Co LLC 0001095531 N/A 34 Cooper Tire & Rubber Co 0000024491 CTB 35 Core-mark Holding Company, Inc. 0001318084 CORE 36 Corus Bankshares Inc 0000051939 CORS 37 Critical Therapeutics Inc 0001145404 CRTX 38 Cycle Country Accessories Corp 0001157758 ATC 39 DCAP Group Inc 0000033992 DCAP 40 Dennys Corp. 0000852772 DENN
113
41 Dick's Sporting Goods, Inc. 0001089063 DKS 42 Diodes Inc 0000029002 DIOD 43 Duane Reade Holdings Inc 0001279172 N/A 44 Easy Gardener Products Ltd 0001210936 N/A 45 Edwards Lifesciences Corp 0001099800 EW 46 Elecsys Corp 0000914398 ASY 47 Enbridge Inc 0000895728 ENB 48 Entertainment Properties Trust 0001045450 EPR 49 Eschelon Telecom Inc 0001110507 ESCH 50 Evergreen Solar Inc 0000947397 ESLR 51 Exelon Generation Co LLC 0001168165 EXC 52 Federal Signal Corp 0000277509 FSS 53 Ferro Corp 0000035214 FOE 54 Fifth Third Bancorp 0000035527 FITB 55 First Advantage Corp 0001210677 FADV 56 First Mcminnville Corp 0000743397 N/A 57 Flexsteel Industries Inc 0000037472 FLXS 58 Footstar, Inc. 0001011308 FTAR.OB 59 Forward Industries Inc 0000038264 FORD 60 Foxhollow Technologies, Inc. 0001217688 FOXH 61 FTI Consulting Inc 0000887936 FCN 62 Gateway Inc 0000895812 GTW 63 Gaylord Entertainment Co 0001040829 GET 64 Genvec Inc 0000934473 GNVC 65 GFI Group Inc. 0001292426 GFIG 66 Graham Packaging Holdings Co 0001061507 N/A 67 Guaranty Federal Bancshares Inc 0001046203 GFED 68 Guitar Center Inc 0001021113 GTRC 69 Hanger Orthopedic Group, Inc. 0000722723 HGR 70 Hanover Compressor Company 0000909413 HC 71 Harman International Industries Inc 0000800459 HAR 72 Hecla Mining Co 0000719413 HL 73 Helios & Matheson (Formerly A Consulting Team Inc) 0001040792 HMNA 74 Hertz Global Holdings, Inc. 0000047129 HTZ 75 Hines Horticulture Inc 0001003515 HORT 76 Hudson Technologies Inc 0000925528 HDSN 77 Hybrid Fuels Inc 0001104200 HRID.OB 78 IBIS Technology Corp 0000855182 IBIS 79 Ict Group Inc 0001013149 ICTG 80 ILX Resorts, Inc. 0000819551 ILX 81 Inter Parfums Inc 0000822663 IPAR 82 Iron Mountain Inc 0001020569 IRM 83 Johnson Outdoors Inc 0000788329 JOUT 84 Kanbay International Inc 0001125011 N/A 85 Kitty Hawk, Inc. 0000932110 KHK 86 KMG America Corp 0001299210 KMA 87 Ladish Co Inc 0000814250 LDSH 88 Lafarge 0000913785 LR
114
89 Lear Corp 0000842162 LEA 90 Legend Mobile Inc 0001061169 LGMB.OB 91 LGA Holdings 0000845696 LGAH.OB 92 LifeCell Corp. 0000849448 LIFC 93 Lilly Eli & Co 0000059478 LLY 94 Lincoln National Corp 0000059558 LNC 95 Lpath, Inc. 0001251769 LPTN.OB 96 LSB Bancshares Inc 0000714530 LXBK 97 Lyondell Chemical Co. 0000842635 LYO 98 Massey Energy Co 0000037748 MEE 99 Mcmoran Exploration Co 0000064279 MMR
100 Memry Corp 0000720896 MRY 101 Midamerican Energy Co. 0000928576 MDPWK.PK 102 Millennium Cell Inc 0001114872 MCEL 103 ML Macadamia Orchards LP 0000792161 NUT 104 Moldflow Corporation 0001103234 MFLO 105 Moodys Corp 0001059556 MCO 106 Movie Gallery Inc 0000925178 MOVI 107 Multimedia Games, Inc. 0000896400 MGAM 108 Nanophase Technologies Corporation 0000883107 NANX 109 National Oilwell Varco, Inc. 0001021860 NOV 110 Naturewell Inc 0000945617 NAWL.OB 111 Neenah Paper Inc 0001296435 NP 112 Netlogic Microsystems Inc 0001135711 NETL 113 Nexstar Broadcasting Group Inc 0001142417 NXST 114 North Pointe Holdings Corp 0001171218 NPTE 115 Novelos Therapeutics, Inc. 0001279704 NVLT.OB 116 Nu Skin Enterprises, Inc. 0001021561 NUS 117 O Charleys Inc 0000864233 CHUX 118 Office Depot, Inc. 0000800240 ODP 119 Omega Healthcare Investors Inc 0000888491 OHI 120 Option Care Inc 0000884064 OPTN 121 Oracle Corporation 0000777676 ORCL 122 Owens Corning 0000075234 OC 123 Oxigene Inc 0000908259 OXGN 124 Palomar Enterprises Inc 0001082822 PLMA.OB 125 Panera Bread Co 0000724606 PNRA 126 Peabody Energy Corp 0001064728 BTU 127 Pentair Inc 0000077360 PNR 128 Perot Systems Corp 0000894253 PER 129 Pioneer Companies Inc. 0000830141 PONR 130 Polaris Industries Inc 0000931015 PII 131 Pozen Inc 0001059790 POZN 132 Priceline Com Inc 0001075531 PCLN 133 Provident New York Bancorp Inc. 0001070154 PBNY 134 PW Eagle Inc 0000852426 PWEI 135 Qlinks America, Inc. (Formerly Global Envirotech Inc) 0001216014 QLKA.OB 136 Qsound Labs Inc 0000840518 QSND
115
137 Questcor Pharmaceuticals Inc 0000891288 QSC 138 Radian Group Inc 0000890926 RDN 139 Range Resources Corp 0000315852 RRC 140 RC2 Corp 0001034239 RCRC 141 Reliant Resources Inc 0001126294 RRI 142 Ritchie Bros Auctioneers Inc 0001046102 RBA 143 Ryland Group Inc 0000085974 RYL 144 Samart-tek Solutions Inc. 0000947011 STTK.OB 145 Schweitzer Mauduit International Inc 0001000623 SWM 146 Secure Computing Corp 0001001916 SCUR 147 Servicemaster Company 0001052045 SVM 148 Sina Corp 0001094005 SINA 149 Smith Micro Software Inc 0000948708 SMSI 150 Solo Cup Co 0001294608 N/A 151 Spacedev Inc 0001031833 SPDV.OB 152 Standard Parking Corp 0001059262 STAN 153 Strattec Security Corp 0000933034 STRT 154 Sub-Urban Brands, Inc. (Formerly Dp & D Inc.) 0001265700 SUUB.OB 155 Sunterra Corp 0001016577 SNRRW.PK 156 Tag It Pacific Inc 0001047881 TAG 157 Textron, Inc. 0000217346 TXT 158 Thomson Corp 0001075124 TOC 159 Travelzoo, Inc. 0001133311 TZOO 160 Triad Hospitals Inc 0001074771 TRI 161 Tutogen Medical Inc 0000816949 TTG 162 UFP Technologies, Inc. 0000914156 UFPT 163 Unified Western Grocers Inc 0000320431 N/A 164 United States Steel Corp 0001163302 X 165 Usa Technologies Inc 0000896429 USAT 166 VeriSign Inc. 0001014473 VRSN 167 Viasystems Inc 0001041380 VSGP.PK 168 Vnus Medical Technologies Inc 0001040666 VNUS 169 Washington Post Co 0000104889 WPO 170 West Bancorporation Inc 0001166928 WTBA 171 Weyco Group Inc 0000106532 WEYS 172 Willow Financial Grove Bancorp Inc. 0001163428 WFBC 173 Wright Medical Group Inc 0001137861 WMGI 174 Yahoo! Inc. 0001011006 YHOO 175 Zevex International Inc 0000827056 N/A 176 Zymogenetics Inc 0001129425 ZGEN
116
Appendix L
Final List of Non-Compliant Companies Used In Analysis
No. Filer Name CIK Number Market
Symbol
1 Abaxis, Inc. 0000881890 ABAX 2 Accupoll Holding Corp 0000764794 ACUP.PK 3 Affirmative Insurance Holdings Inc 0001282543 AFFM 4 Airspan Networks Inc 0001105542 AIRN 5 Airtran Holdings Inc 0000948846 AAI 6 Alliance Semiconductor Corp 0000913293 ALSC.PK 7 Allion Healthcare Inc 0000847935 ALLI 8 Alpharma Inc 0000730469 ALO 9 American Financial Realty Trust 0001193558 AFR
10 American Science & Engineering Inc 0000005768 ASEI 11 AMIS Holdings, Inc. 0001161963 AMIS 12 Arlington Tankers Ltd. 0001305507 ATB 13 Arthocare Corp. 0001005010 ARTC 14 Ashworth Inc 0000820774 ASHW 15 Aspen Technology Inc 0000929940 AZPN 16 Astec Industries, Inc. 0000792987 ASTE 17 Authorize.Net Holdings, Inc. (Formerly Lightbridge) 0001017172 ANET 18 Autobytel, Inc. 0001023364 ABTL 19 Avanex Corp 0001056794 AVNX 20 AVX Corporation 0000859163 AVX 21 BFC Financial Corp 0000315858 BFF 22 Biolase Technology Inc 0000811240 BLTI 23 BioScript, Inc (formerly MIMS) 0001014739 BIOS 24 Bookham Technology Plc 0001110647 BKHM 25 Borland Software Corp 0000853273 BORL 26 Bowne & Co Inc 0000013610 BNE 27 Build A Bear Workshop Inc 0001113809 BBW 28 CA, Inc. 0000356028 CA 29 Cache Inc 0000350199 CACH 30 Calgon Carbon Corporation 0000812701 CCC 31 Candela Corp 0000793279 CLZR 32 Capital Senior Living Corp 0001043000 CSU 33 CDI Corporation 0000018396 CEC 34 CEC Entertainment Inc 0000813920 CEC 35 Center Bancorp Inc 0000712771 CNBC 36 Central Parking Corp 0000949298 N/A 37 Ceridian Corp 0001124887 CEN 38 Chattem Inc 0000019520 CHTT 39 China Energy Savings Technology, Inc. 0001119601 N/A 40 Chordiant Software Inc 0001042134 CHRD
117
41 Cogent, Inc. 0001289434 COGT 42 Concord Camera Corp 0000831861 LENS 43 Constar International, Inc. 0000029806 CNST 44 Corinthian Colleges Inc 0001066134 COCO 45 Crown Media Holdings, Inc. 0001103837 CRWN 46 Cymer, Inc. 0000897067 CYMI 47 Dassault Systems (Formerly Matrixone Inc.) 0000786998 DASTY 48 Dave & Busters Inc 0000943823 N/A 49 Diebold Inc 0000028823 DBD 50 Dionex Corp 0000708850 DNEX 51 Dover Motorsports Inc 0001017673 DVD 52 Dura Automotive Systems Inc 0001016177 DRRAQ.PK 53 Dynegy Inc 0000879215 DYN 54 Ecollege Com 0001085653 ECLG 55 EMS Technologies, Inc. 0000032198 ELMG 56 Energy Conversion Devices Inc 0000032878 ENER 57 Entegris Inc 0001101302 ENTG 58 Epicor Software Corp 0000891178 EPIC 59 Fairchild Corp 0000009779 FA 60 Fedders Corp 0000744106 FJCC.PK 61 Flagstar Bancorp Inc 0001033012 FBC 62 FNB Financial Services Corp 0000742679 FNBF 63 Forrester Research Inc 0001023313 FORR 64 General Communications, Inc. 0000808461 GNCMA 65 General Growth Properties Inc 0000895648 GGP 66 Goremote Internet Communications, Inc. 0001059155 GRIC 67 GP Strategies Corp. 0000070415 GPX 68 Great Southern Bancorp Inc 0000854560 GSBC 69 H&R Block Inc 0000012659 HRB 70 Healthsouth Corp. 0000785161 HLS 71 HealthTronics, Inc. 0001018871 HTRN 72 Hersha Hospitality Trust 0001063344 HT 73 Hollywood Media Corp 0000912544 HOLL 74 Hooper Holmes, Inc. 0000741815 HH 75 Immucor Inc 0000736822 BLUD 76 Impco Technologies Inc 0000790708 FSYS 77 Input Output Inc 0000866609 IO 78 Intac International Inc 0001127439 INTN 79 Integrated Electrical Services Inc 0001048268 IESC 80 Interpool Inc 0000898777 IPX 81 Investools Inc 0001145124 SWIM 82 Ionatron, Inc. 0000879911 IOTN 83 JDS Uniphase Corp 0000912093 JDSU 84 Jetblue Airways Corp. 0001158463 JBLU 85 Kansas City Southern 0000054480 KSU 86 Key Technology Inc 0000906193 KTEC 87 Keynote Systems Inc 0001032761 KEYN 88 L-1 Identity Solutions (Formerly Identix Inc) 0000735780 ID
118
89 L-1 Identity Solutions (Formerly Viisage Technology) 0001018332 ID 90 Landamerica Financial Group 0000877355 LFG 91 Laureate Education, Inc. (Formerly Sylvan Learning) 0000912766 LAUR 92 LCC International, Inc. 0001016229 LCCI 93 Leapfrog Enterprises, Inc. 0001138951 LF 94 Lennox International Inc 0001069202 LII 95 Levitt Corp. 0001218320 LEV 96 Magellan Health Services Inc 0000019411 MGLN 97 Manhattan Associates, Inc. 0001056696 MANH 98 Markwest Energy Partners Lp 0001166036 MWE 99 Mattson Technology, Inc. 0000928421 MTSN
100 Mcafee, Inc. 0000890801 MFE 101 MDC Partners Inc 0000876883 MDCA 102 Metrocorp Bancshares Inc. 0001068300 MCBI 103 MGP Ingredients Inc 0000835011 MGPI 104 Modtech Holdings Inc 0001075066 MODT 105 Monolithic Power Systems 0001280452 MPWR 106 MSGI Security Solutions, Inc. 0000014280 MSGI.OB 107 Mueller Industries, Inc. 0000089439 MLI 108 Nanometrics Inc 0000704532 NANO 109 National RV Holdings Inc 0000910655 NVH 110 Nautilus Group, Inc. 0001078207 NLS 111 Netflix, Inc. 0001065280 NFLX 112 NII Holdings Inc 0001037016 NIHD 113 Odyssey RE Holdings Corp. 0001137048 ORH 114 Open TV Corp. 0001096958 OPTV 115 Orthovita Inc 0000913756 VITA 116 OSI Systems Inc 0001039065 OSIS 117 Osteotech Inc 0000874734 OSTE 118 Packeteer, Inc. 0001011344 PKTR 119 Pantry Inc 0000915862 PTRY 120 Parallel Petroleum Corp 0000750561 PLLL 121 Patterson UTI Energy Inc 0000889900 PTEN 122 Penns Woods Bancorp Inc 0000716605 PWOD 123 Perficient Inc 0001085869 PRFT 124 Pericom Semiconductor Corp 0001001426 PSEM 125 PharmaNet Development Group, Inc. 0001089542 PDGI 126 Phoenix Technologies Ltd 0000832767 PTEC 127 Photon Dynamics Inc 0001002663 PHTN 128 Pomeroy IT Solutions Inc 0000883979 PMRY 129 Pope & Talbot, Inc. 0000311871 POP 130 Popular, Inc. 0000763901 BPOP 131 PRG Schultz International Inc 0001007330 PRGX 132 Progressive Gaming (Formerly Mikohn Gaming Corp) 0000912241 PGIC 133 Pulaski Financial Corp 0001062438 PULB 134 Quanta Capital Holdings Ltd. 0001264242 QNTA 135 Quixote Corp 0000032870 QUIX 136 Rural Metro Corp 0000906326 RURL
119
137 Russ Berrie & Co., Inc. 0000739878 RUS 138 Salton Inc 0000878280 SFP 139 Savient Pharmaceuticals Inc 0000722104 SVNT 140 SCOLR Pharma Inc. 0000934936 DDD 141 Seneca Foods Corp 0000088948 SENEA 142 Sharper Image Corp 0000811696 SHRP 143 Sigma Designs Inc 0000790715 SIGM 144 Silicon Image Inc 0001003214 SIMG 145 South Financial Group, Inc. 0000797871 TSFG 146 Spatialight Inc 0000881468 HDTV 147 Starrett L S Co 0000093676 SCX 148 Stillwater Mining Co. 0000931948 SWC 149 Stone Energy Corp 0000904080 SGY 150 Sumtotal Systems Inc 0001269132 SUMT 151 SVB Financial Group 0000719739 SIVB 152 Take Two Interactive Software Inc 0000946581 TTWO 153 Tecumseh Products Co 0000096831 TECUA 154 Titanium Metals Corp. 0001011657 TIE 155 Toreador Resources Corp. 0000098720 TRGL 156 Transmeridian Exploration Inc 0001132645 TMY 157 Trex Co., Inc. 0001069878 TWP 158 Trimble Navigation Ltd. (Formerly At Road Inc) 0001109537 TRMB 159 Tripath Technology Inc 0001045739 TRPH.PK 160 Tween Brands, Inc. (Formerly Too, Inc.) 0001085482 TWB 161 Ultra Petroleum Corp. 0001022646 UPL 162 Universal American Financial Corp. 0000709878 UHCO 163 Urologix Inc 0000882873 ULGX 164 Visual Sciences, Inc. (Formerly Websidestory Inc ) 0001091158 VSCN 165 Warwick Valley Telephone Co 0000104777 WWVY 166 Wireless Facilities Inc 0001069258 WFII 167 WJ Communications, Inc. 0000105006 WJCI 168 Woodhead Industries Inc (A Molex Company) 0000108215 MOLX 169 Wynn Resorts Ltd. 0001174922 WYNN 170 Zoltek Companies Inc 0000890923 ZOLT
120
Appendix M
List of Industry Types and SIC Codes
Table M1: Industry Types
Industry
Basic Materials
Biotechnology
Conglomerates
Consumer Goods
Financial
Healthcare
Industrial Goods
Life Insurance
Services
Technology
Utilities
121
Table M2: SIC Codes
Code SIC Code Description
10 Metal mining 13 Oil and gas extraction 14 Nonmetallic minerals, except fuels 15 General building contractors 17 Special trade contractors 20 Food and kindred products 22 Textile mill products 23 Apparel and other textile products 24 Lumber and wood products 28 Chemicals and allied products 30 Rubber and miscellaneous plastics products 32 Stone, clay, glass, and concrete products 34 Fabricated metal products 35 Industrial machinery and equipment 36 Electrical and electronic equipment 38 Instruments and related products 39 Miscellaneous manufacturing industries 42 Motor freight transportation and warehousing 47 Transportation services 48 Communications 49 Electric, gas and sanitary services 50 Wholesale trade--durable goods 51 Wholesale trade--nondurable goods 53 General merchandise stores 54 Food stores 56 Apparel and accessory stores 58 Eating and drinking places 59 Miscellaneous retail 60 Depository institutions 61 Non-depository credit institutions 62 Security, commodity brokers, and services 63 Insurance carriers 64 Insurance agents, brokers, and service 65 Real estate 67 Holding and other investment offices 70 Hotels, rooming houses, camps, and other lodging 72 Personal services 73 Business services 75 Automotive repair, services, and parking 78 Motion pictures 79 Amusement and recreational services 80 Health services 82 Educational services 87 Engineering and management services
122
Reference List
Anderson, F., Chirba-Martin, M. A., Elliott, E. D., Farina, C., Gellhorn, E., Graham, J.
D., et al. (2000). Regulatory improvement legislation: risk assessment, cost-benefit analysis, and judicial review. Duke Environmental Law and Policy Forum, 11(1), 89-138.
Bartel, A. P., & Thomas, L. G. (1985). Direct and indirect effects of regulation: A new
look at OSHA's impact. Journal of Law & Economics, 28(1), 1-25. Bartel, A. P., & Thomas, L. G. (1987). Predation through regulation: The wage and profit
effects of the Occupational Safety and Health Administration and the Environmental Protection Agency. Journal of Law and Economics, 30(2), 239-264.
Bednarz, A. (2006, May 11). Execs tell regulators Sarbanes-Oxley costs exceed benefits
[Electronic version]. Retrieved December 03, 2010, http://www.networkworld.com/news/2006/051106-sox-costs.html.
Bhat, V. N. (1999). Does environmental compliance pay? The Environmentalist, 19(1),
337-342. Bravo, K. (2005). A model for HIPAA security compliance. ETD Collection for Pace
University. (AAI3172359). http://digitalcommons.pace.edu/dissertations/AAI2172359.
Brice, A. R. (2006). A best-practices approach to leveraging control framework for
compliance and risk management. It Compliance Journal, 1(Spring), 21-29. Brock, W. A., & Evans, D. S. (1985). The economics of regulatory tiering. Rand Journal
of Economics, 16(3), 398-409. Chan, S. (2004). Mapping COSO and Cobit for Sarbanes-Oxley compliance (October 1st
ed.) (Institute of Internal Auditors, Ed.). . (Original work published 2004) Retrieved June 18, 2006. http://www.theiia.org/ITAudit/index.cfm?act=itaudit.archive&fid=5553.
Chittenden, F., Kauser, S., & Poutziouris, P. (2000). Regulatory burden of small
business: A literature review. The University of Manchester. Research Review, 1-79. Retrieved May 16, 2006. http://www.berr.gov.uk/files/file38324.pdf.
Congressional Budget Office. (2002, April 26). H.R. 3763 Corporate and Auditing
Accountability, Responsibility, and Transparency Act of 2002 (H.R. 3763). Washington, DC: Congressional Budget Office.
123
Committee of Sponsoring Organizations of the Treadway Commission. (2010). About us. Retrieved December 03 2010. http://www.coso.org/aboutus.htm.
Congressional Budget Office. (2002). H.R. 3763 Sarbanes-Oxley Act of 2002 (H.R.
3763). Washington, DC: Congressional Budget Office. COSO. (n. d.). Internal control - integrated framework executive summary. Retrieved
April 30, 2006. http://coso.org/publications/executive_summary_integrated_framework.htm.
CPR (Center for Progressive Reform). (n. d.). Estimating regulatory costs. Retrieved
January 23, 2006. http://www.progressiveregulation.org/perspectives/estimtingreg.cfm.
Cougias, D.& Halpern, M. (2007). The language of compliance: a glossary of acronyms, terms, and extended definitions. Lacanto, FL: Schaser-Vartan Books. Dunn, J. (2005, December 12). The cost of compliance: A necessary evil - but sysadmins
had better get used to the concept. . (Original work published 2005) Retrieved January 29, 2006. http://www.techworld.com/features/index.cfm?featureID=2057&printerfriendly=1.
Dunwoodle, B. (2004, November). The cost of compliance, Sarbanes Oxley. Cms Wire.
Retrieved January 29, 2006. http://www.cmswire.com/cms/enterprise-cms/the-cost-of-compliance-sarbanesoxley-000474.php.
Ettner, L. W. (2006). Corporate governance in the era of Sarbanes-Oxley: Regulations,
governance, and performance. (Unpublished doctoral dissertation). Case Western Reserve University, Cleveland, Ohio.
Gincel, R. (2005, December 12). The awful truth about compliance. Infoworld, 29-34. Goodwin, J. (2004). A comparison of internal audit in private and public sectors
[Electronic version]. Managerial Auditing Journal, 19(5), 640-650. Retrieved May, 16, 2006. http://www.emeraldinsight.com/10.1108/02686900410537766.
Gralla, P. (2004, April 02.). Cost of compliance with Sarbanes - Oxley can be cut by
50%. Retrieved January 29, 2006. http://informationweek.securitypipeline.com/shared/article/printablearticlesrc.jhtml?articleID=18700461.
Grandfather Economic Report Series. (2005). Government Regulatory Compliance Cost
Report [Report on Economics]. Retrieved January 23, 2006. http://mwhodges.home.att.net/regulation_a.htm. Grandfather Economic Report Series. (2005).
124
Grivolas, N. (n. d.). How to turn Sarbanes - Oxley compliance into a strategic advantage. Retrieved April 30, 2006. http://www.microsoft.com/business/executivecircle/content/printpage.aspx?cid=2012&subcatid=.
Hatcher, A., Jaffry, S., Thebaud, O., & Bennett, E. (2000). Normative and social
influences affecting compliance with fishery regulations. Land Economics, 76(3), 448-461.
Hazill, M., & Kopp, R. J. (1990). Social costs of environmental quality regulations: A
general equilibrium analysis. Journal of Political Economy, 98(4), 853-873.
Hilzenrath, D. (2009, May 19). Supreme Court will hear Sarbanes-Oxley challenge. The Washington Post, Retrieved February 3, 2011. http://www.washingtonpost.com/wp-dyn/content/article/2009/05/18/AR2009051803107.html.
Hochhauser, M. (2003). Compliance vs. communication readability of HIPAA notices
(Reprint of Clarity, No. 50, Nov. 2003). San Diego, California: Privacy Rights Clearinghouse. Retrieved May 16, 2006. http://www.privacyrights.org/ar/HIPAA-Reading.htm.
Hodges, M. (2005). Government regulatory compliance cost report. In Grandfather
Economic Report Series (Government Regulatory Compliance Cost Report). . Retrieved January 23, 2006. http://mwhodges.home.att.net/regulation_a.htm.
Hopkins, T. D. (1995). Profiles of regulatory costs (Report to the U.S. Small Business
Administration, pp. 1-100). Rochester, New York: Rochester Institute of Technology.
Hurley, J. (2005). The CSO's security compliance agenda (Benchmark Research Report).
Houston, Texas: Security Compliance Council. Retrieved June 11, 2006. http://securitycompliance.com.
Irsfeld, M. (2006, January 24). If compliance costs are still rising, something is wrong. .
(Original work published 2006) Retrieved February 27, 2006. http://www.compliancepipeline.com/blog/archives/2006/if_compliance_c.html.
IT Governance Institute. (2006, April 30). IT control objectives for Sarbanes - Oxley, 2nd
edition (Exposure Draft, April 30, 2006). Rolling Meadows, Illinois: IT Governance Institute.
Jaffe, A. B., & Palmer, K. (1997). Environmental regulation and innovation: A panel
data study. Boston: President and Fellows of Harvard College and the Massachusetts Institute of Technology.
125
Kerrigan, S. L. (2003). A software infrastructure for regulatory information management and compliance assistance. Dissertation Abstracts International, 151-153. (AAT 3104258).
Lahti, C., & Peterson, R. (2005). Sarbanes - Oxley: IT compliance using COBIT and
Open Source tools. Rockland, MA: Syngress Publishing. (Original work published 2005).
Lear, K. K., & Maxwell, J. W. (1998). The impact of industry structure and penalty
policies on incentives for compliance and regulatory enforcement. Journal of Regulatory Economics, 14(1), 127-148.
Lowengrub, P. (2005). The impact of Sarbanes Oxley on companies, investors, &
financial markets. Sarbanes-Oxley Compliance Journal, 1-6. Lynxwiler, J., Shover, N., & Clelland, D. A. (1983). The organization and impact of
inspector discretion in a regulatory bureaucracy. Social Problems, 30(4), 425-436. Makkai, T., & Braithwaite, J. (1996). Procedural justice and regulatory compliance. Law
and Human Behavior, 20(1), 83-98. Makkai, T., & Braithwaite, V. (1993). Professionalism, organizations, and compliance.
Law & Social Inquiry, 18(1), 33-59. Marlin, S. (2005, March 28). The cost of compliance can only go up. Informationweek.
Retrieved January 29, 2006. http://www.informationweek.com/shared/printablearticlesrc.jhtml?articleID=159906225.
Matlen Silver Group. (2006). SOX 12 - mapping the COBIT framework to SOX IT
compliance paper (Executive Summary) (Dolan Jr, 2004). May, P., & Wood, R. (2003). At the regulatory front lines: Inspectors' enforcement styles
and regulatory compliance [Electronic version]. Journal of Public Administration Research and Theory, 13.(2), 117-139. Retrieved May 16, 2006. http://www.questia.com/PM.qst?a=o&se=gglsc&d=5001928062.
McCloskey, M., & Seabolt, S. (n. d.). The increasing cost of compliance - auditors,
section 404, and PCAOB auditing standard No. 2. Retrieved January 29, 2006. http://www.foley.com/files/tbl_s31Publications/FileUpload137/2295/D&OMcCloskeySeabolty.pdf.
Nasser, J.S. (2008). Factors defining the relationship between Sarbanes-Oxley
compliance and corporate governance with respect to firm performance. Retrieved from ProQuest Dissertations & Theses, (DAI-A 69/03).
126
National Institute of Standards and Technology, (2009). What are outliers in data?. Retrieved December 03, 2010. http://www.itl.nist.gov/div898/handbook/prc/section1/prc16.htm.
Neff, T. (2009, June 16). SOX compliance in the tech sector. Retrieved December 03,
2010. http://www.complianceweek.com/article/5454/sox-compliance-in-the-tech-sector.
OCTAVE and Sarbanes Oxley. (n. d.). Retrieved June 18, 2006.
http://oattool.aticorp.org/new/OIC_Website/OCTAVE_SOC.html. O”Donnell, J. B., & Rechtman, Y. (2005). Navigating the standards for information
technology controls. Retrieved December 03, 2010. http://www.nysscpa.org/cpajournal/2005/705/essentials/p64.htm.
Pashigian, B. P. (1984). The effect of environmental regulation on optimal plant size and
factor shares. Journal of Law & Economics, 27(1), 1-28. Protiviti. (n. d.). COSO description. Retrieved April 30, 2006.
http://www.knowledgeleader.com. Public Company Accounting Oversight Board. (2006). Auditing Standard No. 2. In
PCAOB (Ed.), Standards and Related Rules (Auditing Standard No. 2). Washington, DC: PCAOB. Retrieved April 30, 2006. http://www.pcaobus.org/standards/standards_and_related_rules/auditing_standard_no.2.aspx.
Putrus, R. (n. d.). Lessons learned: COSO, COBIT and other emerging standards for
SOX compliance. Retrieved April 30, 2006. http://www.findarticles.com/p/articles/mi_m0ICC/is_1_74/ai_n15727476/print.
Reibel, J. (2010, April 13). Efficiently maintain SOX compliance. Retrieved December
03, 2010. http://www.accountingtoday.com/news/Efficiently-Maintain-SOX-Compliance-53865-1.html.
Rielly, K. (2005, March 14). AMR research predicts compliance is an $80B issue. .
(Original work published 2005) Retrieved January 29, 2006. http://www.amrresearch.com/content/view.asp?pmillid=18086&docid=12380.
Scalable Software. (n. d.). About Scalable Software, Inc [Brochure]. Retrieved January
23, 2006. http://www.itcinstitute.com/upc/full.aspx?id=17. Schneider, Laura (n. d.). Information technology audit. Retrieved December 03, 2010.
http://jobsearchtech.about.com/od/historyoftechindustry/g/IT_Audit.htm.
127
Scholz, J. T. (1984). Cooperation, deterrence, and the ecology of regulatory enforcement. Law & Society Review, 18(2), 179-224.
Scholz, J. T., & Wei, F. H. (1986). Regulatory enforcement in a federalist system.
American Political Science Review, 80(4), 1249-1270. Schwartz, E. (2006, January 03). New regulations loom over 2006: red tape .....and lots
of it. . (Original work published 2006) Retrieved January 29, 2006. http://techworld.com/features/index.cfm?featureID=2122&printerfriendly=1.
Schwartz, K. B., & Soo, B. S. (1996). Evidence of regulatory noncompliance with SEC
disclosure rules on auditor changes. The Accounting Review, 71(4), 555-572. Shaw, H. (2006, March 15). The trouble with COSO. Cfo. Retrieved April 30, 2006.
http://www.cfo.com/printable/article.cfm/5598405?f=options. SOX Law. (n. d.). The Sarbanes – Oxley Act. Retrieved December 03, 2010.
http://www.soxlaw.com. Stone, A. (2005, March 14). Cost of compliance. Businessweek. Retrieved January 29,
2006. http://www.businessweek.com/the_thread/wellspent/archives/2005/03/cost_of_complia.html.
Surmacz, J. (2004, August 15). Trendlines - By The Numbers: The rising cost of
compliance [Electronic version]. Cio. Retrieved January 29, 2006. http://www.cio.com/archive/081504/tl_numbers.html.
Sutinen, J., & Kuperan, K. (1999). A scio-economic theory of regulatory compliance
[Electronic version]. International Journal of Social Economics, 26(1/2/3), 174-193. Retrieved May 16, 2006. http://www.emeraldinsight.com/10.1108/03068299910229569.
Ungson, G. R., James, C., & Spicer, B. H. (1985). The effects of regulatory agencies on
organizations in wood products and high technology/electronics industries. Academy of Management Journal, 28(2), 426-445.
U.S. Code Collection [Abstract]. (n.d.). Cornell Law. Abstract retrieved June 11, 2006.
http://www.law.cornell.edu/uscode/html/uscode05/usc_sec_05_00000556----000.html.
U.S. Small Business Administration. (1996). A guide to the Regulatory Flexibility Act
(Regulatory Flexibility Act of 1980, pp. 1-4). Washington, DC: U.S. Small Business Administration.
128
U.S. Small Business Administration. (2005). Small Business Hard Hit By Federal Regulatory Compliance Burden [Newsrelease]. Retrieved May 16, 2006. http://www.sba.gov/advo/press/05-43.html.
Worthen, B. (2005, July 1). How to dig out from under Sarbanes – Oxley. Cio. Retrieved
April 30, 2006. http://www.cio.com/archive/070105/sox.html?action=print. Yeager, P. C. (1987). Structural bias in regulatory enforcement: The case of the U.S.
Environment Protection Agency. Social Problems, 34(4), 330-344.
129
Biography
Mr. Helwig has over 20 years of Information Technology experience. He holds a MBA from Salem International University, an MS in Information Technology with a specialization in Information Security from Capella University, a BS in Business Administration from the University of Phoenix, and an Electronics Technology Certificate from Ohio Institute of Technology. He holds a Certified Information Systems Security Professional (CISSP) certification, a Certified in the Governance of Enterprise Information Technology (CGEIT) certification and is certified by the National Security Agency (NSA) as well as other IT certifications. He has been Information Security Officer (ISO) for SunGard Higher Education and Chief Information Security Officer (CISO) for Dynamic Campus Solution. He has been Technical Editor for The Compliance Authority magazine and was responsible writing, editing, and consulting services for Governance, Risk and Compliance (GRC) engagements. He is currently employed as a leader in Information Security Risk Management at a large Florida Insurance company. He teaches Information Security for Capella University in the Undergraduate program. He is a member of the Information Systems Audit and Control Association (ISACA) board in central Florida, and Information Systems Security Association (ISSA). He has been technical editor for a couple compliance books and is a speaker at many security conferences.
