"The Plane Fell Out Of
The Sky: The
Doctrine of res ipsa loquitor
Applied to SOX 404"
By
Roberta A. Barra, Ph.D.
Based on an on-going research project
 With Martin Taylor

And
 Richard Mark

At University of Texas at Arlington
SOX 404
 Mgmt responsible for establishing adequate
I/C structure—following SEC guidelines
 Year-end reporting of I/C assessment


Effectiveness of I/C structure and procedures
Only over financial reporting
 Auditor’s responsible for following AS-5
(PCAOB standard)
So What’s The Problem?
 SOX is a law
 Eventually courts are involved
 Implies lawyers
 Lawyers don’t view the world in the same way
we do
 Possible conflict between SEC guidelines and
PCAOB Auditing Standards
Key Differences
 Reasonable Assurance
 Cost/Benefit
 Effectiveness
 Inherent Limitation
 Research
Reasonable Assurance
 Lawyers: it’s a relative term to the particular
standard—has not yet been established for SOX
 Accountants—”concept that no matter how well
designed, I/C cannot guarantee that objectives will be
met
 Accountants—PCAOB & SEC use “reasonable” in
their standards; neither are necessarily going to fit
what any particular firm/CPA thinks
 Problem—the courts are not necessarily going to use
our standard or our definition
Cost/Benefit
 Lawyers - If there is a material weakness the
system is not effective without the control
regardless of cost; cost a factor, not a
controlling factor. Accuracy & adequacy are
the key factors
 Accountants - Integral part of
reasonableness. But measurement is seldom
done in practice
 Problem—the courts are not necessarily
going to be sympathetic to a cost/benefit
defense
Effectiveness
 Lawyers—Lack of valuable research
 Accountants—research not necessary, theory is
enough
 Accountants—state or condition that can be
measured; Board and management have
reasonable assurance that objectives are met
 Problem—May become a free for all in court, one
expert versus another expert without substantive
research to back any expert’s claims
Inherent Limitation
 Lawyers—res ipsa loquitor? A fraud happened,
someone is to blame

Not SOX (fraud is intentional action), State or Fed
negligence standard that might come up in SOX case
 Accountants—Consistently recognizes no control
system is perfect
 Problem—Courts may buy inherent limitation but if
not, then anyone might be found negligent:
management, internal auditors, external auditors
Possible defenses
 Accountants—If negligence is found, proportional
liability will afford protection
 Accountants—following GAAS will afford protection
 Problem: Proportional liability is available only in
some states, not all; Federal law similarly fractured,
may not apply in Federal law to SOX at all
 Problem—Courts will not automatically agree that a
GAAS audit is sufficient; they have been critical
before (Continental Vending), Supreme Court has
stated on number of occasions that GAAP, GAAS are
not necessarily same standards courts have to follow
Possible Defenses
 Management—have good internal controls
 Problem—what is good internal controls?
 Management—good corporate governance
(index)
 Problem—no down side; in fact there recent
evidence to suggest good internal controls
starts with good control environment
Research
 Lawyers: calling for empirical research to
support “effective” internal controls
 Romano of Yale Law School has concluded in
her criticisms of SOX that executive
certification of financial statements are
unsupported by the empirical academic
literature. [Romano, 2005]
Research - Lawyers
 “…a broader and more recent examination of
the extant empirical academic literature
actually supports several of the provisions
that Romano and others critique… We
concede that Congress does not seem to
have perused in any great detail the Journal
of Finance and perhaps allowed its
subscription to the Accounting Review to
lapse.” [Prentice and Spence, 2007]
Research - Accountants
 We don’t need research
 Theory will suffice
 Academics citing Practitioners
Problem
 Theory isn’t sufficient in a court of law
 The expert witness with empirical research to
support their claims will be more credible
 The firm who has implemented controls
supported with empirical research will be
more credible
 Theory used to say the world was flat and the
sun revolved around the earth
 Empirical testing of those theories proved
otherwise
Some Published Research
 Hollinger and Clark, 1983 (Inventory
Controls)
 Beck, 1986 (SOD)
 Heins, 2006 (Passwords)
 Howard, 2006 (Passwords)
 Barra and Griggs, 2007 (SOD)
Working Papers
 Novoselov, 2007 (Collusion/SOD)
 Barra, 2007 (Penalties)
 Barra & DePillis 2007 (Collusion)
Potential Liability other than SOX
 “Legally, it is clear that even after pro-
defendant judicial and legislative reforms to
securities law in the mid-1990s, auditors
continue to face potential risks of liability for a
host of potential causes of action at both the
state and federal level. The aggregation of
these risks could - at least under the right
theoretical conditions - create a risk portfolio
that might be ‘cataclysmic’ in nature “
Potential Liability other than SOX
Authority
Type of Liability
Rule 10b-5 (Securities
Exchange Act of 1934)
§ 11 (Securities Act of
1933)
§13(b) (Securities
Exchange Act of 1934)
Reckless
Disclosure
Strict Liability
Disclosure
Accounting
Standards/
Internal Controls
General
(bootstrap)
General
(bootstrap)
Fiduciary Duty
Violations
Mail/Wire Fraud
RICO
ERISA
Civil
Damages?
Yes
Criminal
Sanctions?
Yes
Yes
Yes
Yes
Yes
No
Yes
Yes
Yes
No
Limited
Potential Liability other than SOX
Authority
Type of Liability
Blue Sky Laws
Contract
Merit
3rd Party
Beneficiaries
Negligence
Regulatory
Refusal to Certify
Fiduciary Duty
Violations
Tort
State Boards
Corporations Law
Civil
Damages?
Varies
Yes
Criminal
Sanctions?
Yes
No
Yes
No
No
No
Yes
No
Potential Liability
 Tort: res ipsa loquitor?
 The accountant’s view of effectiveness: “no
news is good news”
 With fraud: implies controls NOT effective


unless one buys into inherent limitation
And circumvention of controls
Conclusion
 SOX makes internal control the province of
the courts
 It is too late to keep attorneys out of internal
controls
 More important then ever that accountants
know and understand how attorneys think
 Law courses more important then ever for an
accountant’s education
Conclusion
 Legal land mine for auditors and
management
 External auditors should work more closely
with management; less dictatorial in their
approach
 More practical research by academics

And quickly!
Questions to Consider
 Should Auditors be JDs?
 Or should a JD be part of the audit team?
 Should we require more law courses as part
of the accounting curriculum?
 If so, which courses should be required?
 What research needs to be the top priority for
accounting academics?
 How can be best protect both management
and accountants (internal and external?)
Questions to consider
 How can we get both internal and external
accountants working together on establishing
objective internal controls?
 Other questions???
Thank you!