Global Journal of Management and Business Research, A: Administration and Management, Volume 23 Issue 10

Sustainable Compliance Programs in Complex Organizations Global Journal of Management and Business Research ( A ) XXIII Issue X Version I Year 2023 6 © 2023 Global Journals behaviour, compensation, and audit. Audit committees provide the backbone for the compliance management by reviewing the working practices, at least the financial reporting practices within the organization. To this end, the committee acts as a control on the ‘internal’ audit team, which has a reporting structure to the executive (CFO) within the organization. Historically, audit committees have taken an ‘avuncular’ role in the management of the organizations’ governance practices. With the changed landscape, the committee’s role has dramatically re-defined, with increased responsibility (Linck et al, 2005) placed on this committee and its chairman to oversee the management’s governance program and practices. SOX regulations, requires audit committees to have increased independence in hiring and overseeing the organization’s auditors. Likewise, the UK Combined Code on Corporate Governance (2015) states that “Audit Committees should bear more responsibility for internal controls and financial reporting, including monitoring the integrity of financial statements and recommending and reviewing outside auditors”. While prior empirical research generally finds that the ‘independent’ audit committees do increase the monitoring capabilities of the board (Ribstein, 2005), there seems to be conflicting results on the resultant financial impact for the firm While Bryan and Lilien (2005) and DeFond et al (2004) attribute the improved earnings quality to the existence of independent audit committees, Ribstein (2005) finds that the degree of corporate director independence has had no influence in the firm’s performance. As a direct consequence of these regulations, the relationship with the management has altered, with the latter constantly looking at the committee with suspicion (suggesting ‘holes’ in the management’s plan for governance). Corporate directors also individually face an increased personal legal exposure as a result of SOX and more rigorous workload especially in areas of audit committees and governance. They need to have more in-depth understanding of the business operations of the organization, with clear view of risk profile and risk management practice of the organization. Clieaf and Kelly (2005) recommend boards take increased direct responsibility for performing “accountability audit” and assessing the alignment of the organization structure with its existing capabilities. Charan (2005) calls such boards “progressive”, in their thinking and actions. These boards come with the necessary skill set and the knowledge in the areas of governance and thus act as ‘counter balance’ to the management. The UK Combined Code on Corporate Governance (FRC, 2015) requires boards to regularly monitor not only the management’s performance, but their own performance too. However, similar Codes do not apply to many other European firms, due to the existence of dual supervisory and management boards. While promoting internal or supply side influence of people and organisation, they do not facilitate response to external or demand side influences in responding to regulatory change. The importance of the audit committees in evaluating the internal controls and compliance programs of organizations and increasing oversight provided by the board in the areas of strategy formulation and development emerges as key findings from this section. The prior analysis suggests that a range of issues related to organisational design, compliance culture and corporate governance effectiveness, can influence the effectiveness of compliance management. IV. D evelopment of H ypotheses The prior analysis suggests that high level IT management issues, organisational design, people management and corporate governance and internal control effectiveness can influence IT expenditure as well as compliance management. We first discuss how IT audit compliance strategy can be adopted by firms to establish an effective IT governance model. We then develop predictions concerning management’s engage- ment in defining the compliance management system, be it earnings, or value, or cash flow, have a bearing in the quality of internal controls. The predictions imply that management/board’s role in organisational strategy and compliance management strategy has a direct bearing on the compliance unit’s performance (that holds the key to creating & managing a sustainable compliance program), and ultimately the effectiveness of the compliance management program itself. a) IT Strategy Given the underlying need of these compliance IT audit programs (Section 3.2), there is an implicit requirement imposed to having an effective underlying IT infrastructure – including availability of adequate controls in the infrastructure to prevent any misuse. Further, due to the increased usage of IT in a firm’s operations, the (impact of the) risks related to IT infrastructure failure has become a key component in the organization’s overall risk and compliance IT audit programs. To manage this risk introduced by the IT component, organizations have been looking to reduce the complexity surrounding the IT systems, thereby creating the need for an effective IT Governance platform 2 While there are multitude of solutions proposed by different IT vendors to managing compliance IT audit programs (or parts of compliance activity), there seems . 2 Information Systems Audit and Control Association (ISACA), “ IS AUDITING GUIDELINE: IT GOVERNANCE (Document g18”), 2002, http://www.isaca.org/ContentManagement/ContentDisplay.cfm?Conte ntID=18562