Global Journal of Management and Business Research, A: Administration and Management, Volume 23 Issue 10

Sustainable Compliance Programs in Complex Organizations Global Journal of Management and Business Research ( A ) XXIII Issue X Version I Year 2023 2 © 2023 Global Journals Specifically, we focus on the extent of interrelationship among three main areas – the internal ‘supply side’ influence of organizational design ( people, process, structure) and information systems strategy, and the external ‘demand side’ influence of corporate governance on the overall culture of compliance management within organizations. This paper draws on the insights of complexity theory to extend relationships with stakeholders within the broader “corporate governance social ecosystem” to study the sustainability of activities to monitor firms’ operational risk management exposures (Goergen et al., 2012). Mixed methods research is used to examine how regulatory changes have multiplied the operational risks faced by both UK and EU organisations. The survey provided insights into the quality of internal control departments responsible for monitoring the firm’s compliance program management. Empirical tests were then conducted to examine the cross-sectional relation- ships between firm risk and compliance unit quality. The rest of this paper is as follows. Section 2 overviews the institutional background to the study. Section 3 identifies various influences related to management, internal control and organisational design. Section 4 develops predictions. Section 5 discusses the results of empirical tests. Section 6 concludes. II. I nstitutional B ackground This section briefly describes the standards /framework (COSO) that currently exists, and, used by companies worldwide for complying and implementing SOX, as well as other compliance program that are proposed as having contextual similarities with SOX. By emphasizing the need for having ‘effective’ and ‘efficient’ operations as one of its key objectives in the definition of internal controls, the COSO Internal Control – Integrated Framework, effectively puts the management of internal business operations in the critical path for SOX 404 compliance management (Heier et al., 2004). But while the SOX 404 essentially adopted the COSO framework as the benchmark for internal controls for financial reporting, it does not provide any guidance as to these can be implemented to influence executive management’s decisions (Datar and Alles, 2003). Given the importance of information systems integrity to effective SOX implementation, one might expect information systems to be managed to create business value and sustainable compliance programs. However there is very little knowledge about this important issue. While the general management principles for information systems have been discussed extensively, the economic impact of these practices is not fully understood even in heavily regulated industries such as insurance (Hitt, 1999). Most of the previous literature has instead focused on the general benefits and costs of SOX implementation. Ribstein (2005) argues that internal controls cost and compliance management are the most prominent of the costs related to SOX implementation, and finds a negative impact (cost-wise) on the smaller firms. Ge and McVay (2004) confirm Ribstein’s study on the increased impact of the SOX on smaller firms. They suggest that smaller firms tended to show more cases of material weakness in their filings, vis-à-vis larger ones. This directly reflects the inability of smaller firms to detect and provide effective internal controls for identified risks, presumably because of (lack) of resources. This suggests that the increased time spent by the firms to document their internal process, and controls for their 2004 certification, is a clear indication of the ‘time’ (of resources) constraints imposed by the process. Engel et al. (2005) suggests that the SOX benefits are far outweighed by the costs. This finding is corroborated by actions taken by some European companies that have preferred to pull out their US listings apparently to avoid the costs implications related to SOX compliance. Berger (2005) finds that amongst non-US firms based in countries with medium to strong “shareholder-protection”, are more likely to claim that the benefits of SOX compliance are outweighed by the costs than firms based in countries with weak “share- holder-protection’ business compliance programs. Another contributing factor to the overall costs relates to the increased monitoring needs, which we discuss in greater depth when looking at the role of the board. Linck et al (2005) provide empirical evidence of executive and board pay increase directly because of the SOX enactment. They also provide further evidence of the disproportionate impact of SOX implementation on smaller firms. Other empirical studies have examined whether SOX has affected firms’ market value, but their results are equivocal. On the one hand, Chhaocharia and Grinstein (2005) find that SOX compliance has a positive influence on “firm value”. However, they cannot attribute whether the increased returns of firms post-SOX to either governance introduced by SOX, or just the reduced information asymmetry associated with the promulgation of the Act. By contrast, Rezaee and Jain (2005) find that only those firms with better governance models (prior to the SOX enactment) ended up increasing their market value, subsequent to the enactment. The other contention of the negative impact of SOX relates to ‘work inefficiencies’. Organizations contend that with increased need for documentation of processes and controls, the workload on the individual performing a task has disproportionately increased, resulting in less output and loss in productivity. Cohen et al. (2005) find a significant drop in the research and development expenses and capital expenditures subsequent to the implementation of SOX. Ribstein