Auditing Section Research Summaries Space

A Database of Auditing Research - Building Bridges with Practice

This is a public Custom Hive  public

Posts

  • The Auditing Section
    Transforming audit technologies: Business risk audit...
    research summary posted May 4, 2012 by The Auditing Section, tagged 06.0 Risk and Risk Management, Including Fraud Risk, 06.05 Assessing Risk of Material Misstatement 
    Title:
    Transforming audit technologies: Business risk audit methodologies and the audit field
    Practical Implications:

    The findings of the study emphasize the importance of considering history when understanding how changes in the auditing profession occur (such as the emergence of the BRA, which the authors explore in this study).  Though audit firms have stated that they initially implemented BRA methodologies in response to the challenge of the “information age” and corporate clients’ assurance needs, the authors propose that BRA served as a legitimacy tool for the auditing profession, changed the identity of accounting firms, and enabled audit firms to maintain broader areas of expertise.  

    Citation:

    Robson, K., Humphrey, C., Khalifa, R., and J. Jones. 2007. Transforming audit technologies: Business risk audit methodologies and the audit field. Accounting, Organizations, and Society 32(5): 409 – 438.

    Keywords:
    Risk and Risk Management, including Fraud Risk
    Purpose of the Study:

    Drawing on theories of legitimacy, professional knowledge, and science and technology, this study seeks to understand the promotion and use of the Business Risk Audit (BRA) approach.  The authors suggest the BRA allowed audit firms to renegotiate their professional identities and status and expand their jurisdictional claims over broader areas of expertise.  The authors develop a framework of “theory for audit change” that highlights how audit firms gain and maintain legitimacy and how audit technology evolves and changes.

    Design/Method/ Approach:

    The research evidence is collected starting in 1996, and the authors utilize the major accounting firms’ publications, brochures, and websites (i.e., materials describing the BRA; a key example is a KPMG Monograph titled “Auditing Through a Strategic-Systems Lens: the KPMG Business Measurement Process” (KPMG 1997)), in concert with documentary material from professional accounting institutes and interviews with audit partners and senior managers from UK accounting firms. Within the written evidence, the authors conduct a textual analysis, examining both verbal characteristics of the language and latent meanings of the words.

    Findings:
    • The authors observe that during the late 1990s and early 2000s, audits tended to be viewed as a commodity, primarily because audit firms treated auditing as a “gateway” to providing more lucrative non-audit services. 
    • The authors argue that the legitimacy of the audit process lies within “the statutory frame in which audit requirements are embedded” and is also dependent on the association of auditor expertise with cultural codes and values such as efficiency, rationality, and science. 
    • The authors suggest that the emergence of the BRA as a technology to add value to the audit process was an attempt to increase the prestige of the audit profession and give it a new identity.  The authors link the emergence of the BRA with the increased use of more strategic and risk-based approaches taken by client managers.  Accordingly, the BRA generated a value added audit via knowledge spillovers that enabled the auditor to add value both with respect to business risks and the related accounting implications. 
    • The development of the BRA approach allowed audit services to be integrated with the “value-added” nature of the other expert services provided by public accounting firms. The depiction of audit as a value-added service is consistent with the AICPA’s attempts to characterize audit professionals as global knowledge experts.
    Category:
    Risk & Risk Management - Including Fraud Risk
    Sub-category:
    Assessing Risk of Material Misstatement
    Home:
    home button
  • Jennifer M Mueller-Phillips
    Triangulation of audit evidence in fraud risk assessments
    research summary posted June 21, 2013 by Jennifer M Mueller-Phillips, tagged 06.0 Risk and Risk Management, Including Fraud Risk, 06.01 Fraud Risk Assessment, 09.0 Auditor Judgment, 09.03 Adequacy of Evidence, 11.0 Audit Quality and Quality Control, 11.09 Evaluation of Evidence 
    Title:
    Triangulation of audit evidence in fraud risk assessments
    Practical Implications:

    Given the level of regulatory scrutiny surrounding auditor judgment and skepticism of audit evidence, the results indicate that when assessing the risk of fraud, there is a lack of reliance on third party evidence, particularly when management provides a compelling story with its internal evidence.  The results of this study are important in enhancing awareness for auditors to use and corroborate both internal and external audit evidence for purposes of assessing and supporting the level of risk of the audit client.  In addition, in a broader context, the same could be said regarding the evaluation of evidence for purposes of procedures throughout the various stages of the audit process.

    Citation:

    Trotman, K.T., and W.F. Wright. 2012. Triangulation of audit evidence in fraud risk assessments. Accounting, Organization and Society 37: 41-53. 

    Keywords:
    Audit evidence, audit risk assessment, auditor judgment, adequacy of evidence, fraud risk
    Purpose of the Study:

    This study evaluates the impact that audit evidence has on an auditor’s fraud risk assessment using an evidence framework developed by Bell et al. (2005) called evidentiary triangulation.  The evidentiary triangulation framework is a way for auditors to evaluate complementary types of audit evidence and use the evidence to update any risk assessments.  Looking at how auditors use this notion of evidentiary triangulation is a key element in enabling audit quality improvement.

    The authors consider the following types of evidence within the study: evidence from management-controlled financial statement processes, evidence from management-controlled internal business processes, and evidence from third party external sources.   The use of evidence from a third-party external source is a key element in evaluating the concept of evidentiary triangulation with respect to fraud since it is not easily manipulated.     Using the framework, the authors specifically evaluate how auditors respond to different types of evidence when making fraud related judgments.  The authors test to determine if there are conditions that may exist whereby an auditor will alter their fraud risk assessment based on third party external evidence particularly when it contradicts the management-controlled evidence received by auditors. 

    Design/Method/ Approach:

    The authors perform a simulated case during a Big 4 audit firm’s training session with 102 participants with an average experience of approximately three years.   The authors perform a 2x2x2 subject design whereby evidence from a management-controlled financial statement process, a management-controlled internal business process, and an external source were manipulated to reflect either higher or lower fraud risk.  The dependent variable is the probability of a seeded fraud related to a higher than expected revenue from sales.  Using two different fraud concealment strategies (one where management provides a fraudulent explanation that is highly compatible to the business strategy and one that is not), the authors manipulate the management-controlled business evidence.  The participants are then asked to evaluate various pieces of information that are indicative of each of the manipulated concealment strategies and also external evidence from a customer that corroborates (or refutes) the information provided by management. 

    Findings:

    When evidence from the management-controlled financial statement process and management-controlled internal business evidence are inconsistent, auditors are more likely to request third party external evidence to corroborate management’s explanation.  The experiment shows that auditors will assess a higher risk of fraud when the third party external evidence contradicts the business objective that was provided by management only when there is conflicting internal evidence obtained from the management-controlled financial statement process and a management-controlled internal business process.  If the third party external evidence is consistent with management’s “story” (even though the “story” may be inconsistent with the internal evidence), the results indicate that it is less probable that auditors will assess a higher risk of fraud.

    Auditors do not rely on the third party external evidence when, on its own, both forms of the internal management-controlled evidence is deemed to be low fraud risk.  The results of the experiment indicate that auditors do not use the third party external evidence as a way to corroborate management’s internal evidence when management’s evidence seems trustworthy.

    Category:
    Risk & Risk Management - Including Fraud Risk, Auditor Judgment, Audit Quality & Quality Control
    Sub-category:
    Fraud Risk Assessment, Adequacy of Evidence, Evaluation of Evidence
    Home:

    home button

  • Jennifer M Mueller-Phillips
    Under Which Conditions are Whistleblowing “Best P...
    research summary posted December 1, 2014 by Jennifer M Mueller-Phillips, tagged 06.0 Risk and Risk Management, Including Fraud Risk, 06.01 Fraud Risk Assessment, 14.0 Corporate Matters, 14.02 Corporate Whistle Blowers 
    Title:
    Under Which Conditions are Whistleblowing “Best Practices” Best?
    Practical Implications:

    The authors’ results suggest that an external reporting channel may overcome an organization’s history of poor responsiveness to whistleblowing as well as decrease the reticence of less proactive individuals to report.  The external anonymous channel thus achieves higher reporting intentions in instances of perceived past negative outcomes of a non-anonymous internal channel and among individuals who by personal trait are less likely to report. Although, the study does not address the likely incremental costs of an external channel, its results suggest no advantage to incurring such additional costs when employees perceive a situation with past positive outcomes.

    For more information on this study, please contact Jian Zhang.

    Citation:

    Zhang, J., K. Pany and P. M. J. Reckers.  2013. Under which conditions are whistleblowing “best practices” best? Auditing: A Journal of Practice and Theory 32(3): 171-181.

    Keywords:
    fraudulent financial reporting; anonymous reporting channel; proactivity; whistleblowing.
    Purpose of the Study:

    Public companies are required by the Sarbanes-Oxley Act of 2002 to establish an anonymous reporting (whistleblowing) channel for employee reporting of questionable accounting practices.  Corporate audit committees are provided flexibility in implementing this requirement and a controversial choice is the type of reporting channel.  The purpose of the study is to examine the efficacy of externally administered versus internally administered channels.

    Use of an externally administered hotline generally has been considered a “best hotline practice” in that it is likely to lessen the reporter’s hesitation to become involved. That is, arguably, an externally administered hotline is perceived to provide a heightened likelihood of action and favorable outcome, including a reduced likelihood of whistleblower detection through greater confidentiality. This is consistent with tenants of the theory of planned behavior.  Nonetheless, this topic is controversial because such externally administered hotlines are not cost free and because some suggest that there may be a general hesitancy on the part of some individuals to report externally. 

    Design/Method/ Approach:

    The study’s participants, 130 MBA students with an average of nine years work experience, responded to differing forms of a research instrument which systematically manipulates the administrator of an anonymous reporting channel (internal vs. external), and the company’s previous whistleblowing outcomes (positive or negative to the previous non-anonymous whistleblower). The research instrument describes a current fraudulent act that violates GAAP revenue recognition principles and asks respondents about the likelihood that they would report the act.

    Findings:
    • The authors find that the preference for external whistleblowing channels may be conditional upon the perceived lack of past success of internal channels to produce good outcomes and an employee overall proactivity characteristic.
    • The authors find that the external anonymous channel achieves higher reporting intentions in instances of perceived past negative outcomes of a non-anonymous internal channel, but not when past outcomes had been positive to a whistleblower.
    • The authors find that highly proactive participants (as measured by a frequently used scale) were not influenced by the reporting channel, whereas less proactive participants reported a greater likelihood of reporting to an externally administered hotline.
    Category:
    Corporate Matters, Risk & Risk Management - Including Fraud Risk
    Sub-category:
    Corporate Whistle Blowers, Fraud Risk Assessment
  • Jennifer M Mueller-Phillips
    Vague Auditing Standards and Ambiguity Aversion.
    research summary posted October 16, 2015 by Jennifer M Mueller-Phillips, tagged 06.0 Risk and Risk Management, Including Fraud Risk, 06.09 Litigation Risk 
    Title:
    Vague Auditing Standards and Ambiguity Aversion.
    Practical Implications:

    This paper could have implications for the current debate in the U.S.A. and the European Union on whether auditors’ liability should be capped. This paper shows that a liability cap may be (but need not be) desirable when auditors’ ambiguity aversion otherwise induces excessive care. If liability caps are not warranted, accounting and auditing standard setters may consider making standards more precise in a high-liability setting. Since sharing losses seems beneficial under ambiguity aversion, auditors may find it advantageous to perform joint audits (if permitted by regulation). This paper contributes to the literature by incorporating a persistent phenomenon of boundedly rational decision-making into a model of auditor liability.

    Citation:

    Bigus, J. 2012. Vague Auditing Standards and Ambiguity Aversion. Auditing: A Journal of Practice & Theory 31 (3): 23-45.

    Keywords:
    ambiguity aversion, auditors’ liability, behavioral accounting, vague standards of due care
    Purpose of the Study:

    There is strong empirical evidence that individuals are subject to boundedly rational behavior. There is also evidence that auditors face cognitive. More specifically, auditors tend to increase care levels when confronted with ambiguous audit contexts. Many experiments have confirmed that individuals generally dislike ambiguity. This paper incorporates ambiguity aversion into a model of auditor liability. Ambiguity implies uncertainty about the probability that a future event, e.g., a future loss, will occur. With ambiguity aversion, people tend to weigh less favorable outcomes more highly, and are, therefore, more pessimistic. For instance, other things being equal, individuals usually prefer a 30 percent chance to a (imprecisely defined) chance of 1050 percent. Interestingly, individuals still prefer a certain probability to a probability range, even with training in decision-making. This immunity to persuasion leads to the belief that ambiguity aversion might, in fact, be considered rational. If, in fact, ambiguity aversion is rational, there seems to be a need to incorporate it into economic modeling.

    Design/Method/ Approach:

    The author uses a model to analyze how an auditor’s ambiguity aversion affects his level of care.

    Findings:

    The author obtains the following results, considering a risk-neutral auditor who dislikes ambiguity:

    (1) An ambiguity-averse auditor tends, on the one hand, to exert less care with low damage payments. Due to likelihood insensitivity, with low damage payments, the perceived marginal benefits of additional care are too low (futility effect).
    (2) On the other hand, an ambiguity-averse auditor may be willing to take a (very) high level of precaution in order to be certain that he will not be held liable ex post. Certainty is valuable in the event of pessimism, and becomes more valuable the higher damage payments are. If damage payments exceed a certain threshold level, the certainty effect outweighs the futility effect. Thus, the problem of excessive care becomes more serious.
    (3) Even with low incentives to sue, an ambiguity-averse auditor may exert excessive care when damage payments are sufficiently large.
    (4) Both a liability cap and liability insurance avoid excessive care, but may then induce suboptimal precaution.
    (5) With strict liability, the auditor exerts efficient care, since there is no second-order probability and no ambiguity situation. Thus, there is no distortion from ambiguity aversion. This is a new benefit of a strict liability rule.

    Category:
    Risk & Risk Management - Including Fraud Risk
    Sub-category:
    Litigation Risk
  • Jennifer M Mueller-Phillips
    Was Dodd-Frank Justified in Exempting Small Firms from...
    research summary posted November 26, 2014 by Jennifer M Mueller-Phillips, tagged 04.0 Independence and Ethics, 04.08 Impact of SEC Rules Changes/SarbOx, 06.0 Risk and Risk Management, Including Fraud Risk, 06.06 Earnings Management, 07.0 Internal Control, 07.05 Impact of 404 on Fees and Financial Reporting Quality, 08.0 Auditing Procedures – Nature, Timing and Extent, 08.05 Evaluating Accruals/Detection of Abnormal Accruals, 08.06 Earnings Management – Detection and Response, 14.0 Corporate Matters, 14.01 Earnings Management 
    Title:
    Was Dodd-Frank Justified in Exempting Small Firms from Section 404b Compliance?
    Practical Implications:

    Our study evaluates a provision of Dodd-Frank which provided permanent exemption from Section 404b compliance to non-accelerated filers. Our results show that these small firms did not improve their reporting quality to the same extent as large firms implying that the Dodd-Frank exemption will probably serve to keep the reporting quality of the exempted firms at lower than achievable levels.

    We also note that as part of the Dodd-Frank legislation, the SEC was given a mandate to investigate raising the Section 404b exemption requirements from $75 million to $250 million in market capitalization (Dodd Frank 2010). While the SEC eventually decided to leave the exemption criterion at $75 million, this matter is still considered to be an open topic (SEC 2011). Our study informs this ongoing debate.

    For more information on this study, please contact

    Anthony D. Holder, PhD, CPA

    Assistant Professor, Department of Accounting - MS 103

    University of Toledo

    Toledo, OH 43606-3390

    Email: Anthony.Holder@utoledo.edu

    Web:    http://homepages.utoledo.edu/aholder4/

    Phone: 1.419.530.2560

    Fax: 1.419.530.2873 

    Citation:

    Holder, A., K. Karim, and A. Robin. 2013. Was Dodd-Frank Justified in Exempting Small Firms from Section 404b Compliance? Accounting Horizons 27 (1): 1-22.

    Keywords:
    Sarbanes-Oxley; Dodd-Frank; earnings management; exempt filers
    Purpose of the Study:

    A major component of the Sarbanes-Oxley Act of 2002 (SOX) is Section 404b, which requires auditor certification of internal controls. However, not all firms were required to comply with this section. Fearing that compliance costs may be prohibitive, SOX allowed a temporary exemption to small firms called non-accelerated filers (typically those firms with market capitalizations under $75 million). Later, the Dodd-Frank Act of 2010 made this exemption permanent.

    Needless to say, both 404b itself and the small-firm exemption, remain controversial. At the heart of the issue, as with any regulation, is the cost-benefit tradeoff. In this particular instance, what are the potential benefits small firms would have obtained had they been subject to SOX Section 404b? By focusing just on the costs of compliance, we may be overlooking these benefits. We consider these foregone benefits an opportunity cost.

    The purpose of our study is to estimate this opportunity cost. We estimate the benefits lost by small firms, because they were not subject to SOX Section 404b.

    Design/Method/ Approach:

    Our sample contains listed firms (subject to SOX), divided into the large (accelerated) and small (non-accelerated) categories. Our data span the SOX period and are from 1995-2009. We measure reporting gains using two standard approaches, one measuring the extent of earnings management and the other measuring accrual quality.

    The reporting benefits foregone by small-firms can be understood by comparing the following two quantities:

    • Post-SOX reporting gains achieved by large firms (accelerated filers).
    • Post-SOX reporting gains achieved by small firms (non-accelerated filers). If these gains (or losses) are smaller than those achieved by large firms, we know there is an opportunity cost.
    Findings:

    We detect a significant deterioration in reporting quality for non-accelerated filers but not for accelerated filers. The result is invariant to whether we compare non-accelerated filers with all accelerated filers or only with small accelerated filers.  Our findings suggest a significant opportunity cost for the exemption. Although the consideration of the cost of Section 404b compliance is outside the scope of our study, our result concerning the opportunity cost suggests that it may have been premature to grant permanent exemption to the non-accelerated filers. This result is especially important, considering contemporaneous discussions to grant Section 404b exemption to even larger firms (up to a market capitalization of $500 million).

    Category:
    Auditing Procedures - Nature - Timing and Extent, Corporate Matters, Independence & Ethics, Internal Control, Risk & Risk Management - Including Fraud Risk
    Sub-category:
    Earnings Management – Detection and Response, Earnings Management, Evaluating Accruals/Detection of Abnormal Accruals, Impact of 404 on Fees and Financial Reporting Quality, Impact of SEC Rules Changes/SarBox

Filter by Type

Filter by Tag