Auditing Section Research Summaries Space

A Database of Auditing Research - Building Bridges with Practice

This is a public Custom Hive  public

Posts

  • Jennifer M Mueller-Phillips
    A Risk Model to Opine on Internal Control.
    research summary posted October 19, 2015 by Jennifer M Mueller-Phillips, tagged 06.0 Risk and Risk Management, Including Fraud Risk, 06.02 Fraud Risk Models, 06.05 Assessing Risk of Material Misstatement, 07.0 Internal Control, 07.02 Assessing Material Weaknesses, 07.03 Reporting Material Weaknesses 
    Title:
    A Risk Model to Opine on Internal Control.
    Practical Implications:

    The auditor needs a different model for audits of internal control. The auditor needs to apply two different models in an integrated audit, the original model for the opinion on the financial statements and a different model for the opinion on internal controls.

    The author believes standard setters should sponsor research on an appropriate risk model for audits of internal control. Even before the research is completed, the standards could be enhanced in the following ways:
    • indicate that the original audit risk model is intended for use only in financial statement audits, not internal control audits;
    • write standards that consistently use risk terminology and are clear as to which risk they are discussing; and
    • provide guidance on the use of models in integrated audits.

    Citation:

    Akresh, A. D. 2010. A Risk Model to Opine on Internal Control. Accounting Horizons 24 (1): 65-78.

    Keywords:
    audit risk model, inherent risk, integrated audit, internal control, opinion, risk of material misstatement, risk of material weakness
    Purpose of the Study:

    The audit risk model has provided a conceptual framework for audits of financial statements for more than 40 years. Despite practical difficulties in implementation and criticisms of its theoretical foundation, the model has been fairly effective in helping auditors analyze risks and use that analysis to determine the nature, timing, and extent of audit procedures in audits of financial statements. In recent years, some auditors have tried to apply the audit risk model to audits of internal control, usually performed as parts of integrated audits. An integrated audit is an engagement where the auditor provides an opinion on the financial statements and an opinion on the effectiveness of internal control over financial reporting. It is integrated in the sense that the auditor tries to use some of the same procedures to meet both objectives.

    While the audit risk model was designed for audits of financial statements, it was not designed for audits of internal control. Audits of internal control are audits of processes rather than audits of outputs (financial statements). In addition, opinions on internal control do not rely on analytical procedures or on substantive tests of details. Because of this conceptual difference, the author asserts that audit risk model, as originally formulated, does not work as a coherent conceptual framework for audits of internal control. The need for a different risk model for internal control audits is not currently recognized in the auditing standards or in the auditing literature.

    Design/Method/ Approach:

    This article is a commentary.

    Findings:

    For an integrated audit, the auditor would use the two models sequentially. The auditor would use the internal control risk model as a framework to determine the extent of control tests. Then the auditor would use the financial statement audit risk model as a framework to determine the extent of substantive testing.

    Future research could determine a more specific model based on how auditors perform these audits. Some research questions include, for example:

    • What models and approaches are currently used in practice? How does current practice compare with the model proposed and other models?
    • Are models useful in providing a conceptual framework for integrated audits?
    • What are the current practices for the auditor’s evaluation of inherent risk? How do those practices compare with risk models?  
    • How do auditors assess design and implementation of internal controls in light of inherent risk without considering operating effectiveness?
    • What are the current practices for the auditor’s evaluation of design, implementation, and operating effectiveness of the control environment? Are those practices adequate to effectively use in a risk model?
    Category:
    Internal Control, Risk & Risk Management - Including Fraud Risk
    Sub-category:
    Assessing Material Weaknesses, Assessing Risk of Material Misstatement, Fraud Risk Models, Reporting Material Weaknesses
  • Jennifer M Mueller-Phillips
    An Experimental Examination of Factors That Influence...
    research summary posted September 17, 2015 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.02 Assessing Material Weaknesses, 07.03 Reporting Material Weaknesses, 09.0 Auditor Judgment 
    Title:
    An Experimental Examination of Factors That Influence Auditor Assessments of a Deficiency in Internal Control over Financial Reporting.
    Practical Implications:

    The results should be of interest to auditing standard setters who provide guidance on the evaluation of control deficiencies as part of an integrated audit. Further, regulators inspecting public company audits may want to further review settings where control deficiencies were not evaluated as material weaknesses and assess whether the presence/absence of a financial statement misstatement was appropriately considered. The findings provide a more complete understanding of how the factors that auditors encounter during the audit engagement influence their judgment about whether identified deficiencies in ICFR are such that there is a reasonable possibility that a material misstatement of the company’s financial statements will not be prevented or detected on a timely basis (i.e., material weakness).

    Citation:

    Gramling, A. A., E. F. O'Donnell, and S. D. Vandervelde. 2013. An Experimental Examination of Factors That Influence Auditor Assessments of a Deficiency in Internal Control over Financial Reporting. Accounting Horizons 27 (2): 249-269.

    Keywords:
    audit judgments, control deficiency, internal control over financial reporting, material weakness, operating effectiveness
    Purpose of the Study:

    Beginning in 2004, public company auditors who opine on client financial statements also express an opinion about whether the client’s internal control over financial reporting (ICFR) is effective at year-end. In forming the ICFR opinion, auditors evaluate the severity of each identified control deficiency to determine whether the deficiency is a material weakness. When auditors conclude there is a reasonable possibility that ICFR will fail to prevent or detect a material financial misstatement (i.e., a material weakness exists), they issue an adverse opinion on the effectiveness of ICFR. This study examines how different types of audit evidence accumulated during the audit influence auditor judgment of ICFR operating effectiveness and about whether an identified control deficiency is a material weakness in ICFR.

    The study is motivated by a recognition that many stakeholders, including financial statement users, company management, audit committee members, regulators, researchers, and other auditors, would benefit from an enhanced understanding of the factors an auditor considers when evaluating the effectiveness of ICFR and concluding whether identified control deficiencies represent material weaknesses.

    Design/Method/ Approach:

    The authors analyze responses from the submitted case materials of 138 participants, which include 44 partners, 47 senior managers, and 47 managers. On average, the participants had worked on 4.0 integrated audit engagements and had issued 1.1 adverse opinions on ICFR. For the integrated audit engagements on which the participants had worked, they reported an average of 4.1 potential material weaknesses that were ultimately deemed to be significant deficiencies. The evidence was gathered prior to June 2013.

    Findings:

    Based on experimental results from audit managers and partners, the authors provide evidence regarding whether the following factors are significant determinants of assessed operating effectiveness of an identified control deficiency: (1) whether the client has a material weakness unrelated to the deficiency being assessed (i.e., unrelated material weakness), and (2) whether there is a known misstatement associated with the identified control deficiency (i.e., failure of the specific control to prevent a misstatement). Further, they examine whether these two factors influence the likelihood of assessing a control deficiency as a material weakness. The authors find that the presence of either an unrelated material weakness or a known misstatement influences the assessed operating effectiveness of an internal control, in addition to the likelihood of a material weakness assessment. The presence of either an unrelated material weakness or a known misstatement warrants a decreased operating effectiveness assessment and an increased likelihood of a material weakness assessment. The combination of the two factors together does not further influence those assessments.

    Category:
    Auditor Judgment, Internal Control
    Sub-category:
    Assessing Material Weaknesses, Reporting Material Weaknesses
  • Jennifer M Mueller-Phillips
    Audit Partner Evaluation of Compensating Controls: A Focus...
    research summary posted February 16, 2015 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.02 Assessing Material Weaknesses, 09.0 Auditor Judgment, 09.02 Documentation Specificity 
    Title:
    Audit Partner Evaluation of Compensating Controls: A Focus on Design Effectiveness and Extent of Auditor Testing
    Practical Implications:

    The results of this study are important for audit firms to consider when audit partners are evaluating the level of precision in a compensating control. The evidence indicates that the partner’s knowledge of the existence of a material weakness unrelated to a compensating control being evaluated results in partners preferring a more precise compensating control and requiring more audit testing. Furthermore, this has implications for the efficiency of the audits as control-related decisions are potentially being influenced by inappropriate factors.

    For more information on this study, please contact Audrey Gramling, Ed O’Donnell, or Scott D. Vandervelde. 

    Citation:

    Gramling, A., E. O’Donnell, and S.D. Vandervelde. 2010. Audit Partner Evaluation of Compensating Controls: A Focus on Design Effectiveness and Extent of Auditor Testing. Auditing: A Journal of Practice & Theory 29 (2): 175-187.

    Keywords:
    audit partner judgments, compensating controls, halo effects, internal control over financial reporting, material weakness
    Purpose of the Study:

    The assessment of internal control over financial reporting is a mandatory requirement of auditors for large publicly traded companies. The assessment made by the auditors on the severity of any identified control deficiencies has a significant impact on external reporting. To assess the severity of a deficiency, auditors should consider the effect of any compensating controls. However, auditors’ prior knowledge has been a primary influence on their subsequent judgments during the assessment of this severity. Also knowledge of risk factors not directly related to the compensating control influences audit partner judgments’.

    This paper addresses the concern of the influence of this prior knowledge on the evaluation of compensating controls by investigating two factors:

    • Level of precision needed in a compensating control for it to be assessed as effectively designed
    • Extent of evidence needed for auditor testing of the operating effectiveness of the compensating control

                The authors motivate their expectations based on the psychology literature discussing halo effects. Halo effects occur when knowledge that has no diagnostic implications for a specific judgment still influences that judgment. In an audit setting, halo effects can result in auditors interpreting judgment-specific evidence to be consistent with global knowledge about the client, instead of evaluating that evidence based on its diagnostic implications relative to the judgment at hand.

    Design/Method/ Approach:

    The research evidence was collected in June 2007. The authors use a simulated task to examine whether information about overall risks influences audit partners’ judgments related to a compensating control that has been implemented within a specific client process. Participants have an average experience level of 20.91 years. The minimum number of years of experience is 10 and maximum number of years of experience is 35. Participating audit partners were asked to assume the role of an engagement partner on an integrated audit. 

    Findings:
    • Audit partners who knew of an unrelated material weakness required testing of a greater percentage of the revenue subject to the compensating control than partners who knew there were no other material weaknesses.
    • Differences in inherent risk did not significantly influence any of the dependent variables (assessment of the control design effectiveness, and the extent of evidence necessary for testing the operating effectiveness of that compensating control).
    Category:
    Auditor Judgment, Internal Control
    Sub-category:
    Assessing Material Weaknesses, Documentation Specificity
  • Jennifer M Mueller-Phillips
    Detection and Severity Classifications of Sarbanes-Oxley...
    research summary posted October 24, 2013 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.04 Impact of 404, 07.0 Internal Control, 07.02 Assessing Material Weaknesses, 07.04 Assessing Remediation of Weaknesses 
    Title:
    Detection and Severity Classifications of Sarbanes-Oxley Section 404 Internal Control Deficiencies
    Practical Implications:

    The results of this study support the value of auditor involvement at two stages of the ICFR assessment process (detection and classification), and contribute to understanding of factors associated with client and auditor performance in both stages. The study also provides direct evidence on the “yield” of detection methods used by auditors. This issue is at the heart of the debate on the value of auditor involvement in assessing and testing internal controls. Lastly, the findings of this study imply that the recent exemption of Section 404(b) for smaller U.S. public companies could result in failure to fully realize potential improvements in financial reporting quality in that sector of the market.

    For more information on this study, please contact Jean Bedard.
     

    Citation:

    Bedard, J. C. and L. Graham. 2011. Detection and Severity Classifications of Sarbanes-Oxley Section 404 Internal Control Deficiencies.  The Accounting Review 86 (3):  825-855. 

    Keywords:
    internal controls; Sarbanes-Oxley Section 404; risk assessment; materiality
    Purpose of the Study:

    In the aftermath of large company failures (Enron and WorldCom), Congress enacted the Sarbanes-Oxley Act (SOX) and, more specifically, Section 404 to improve the reliability of information provided by public companies to the financial markets by requiring company management and auditors to test internal control over financial reporting (ICFR) and to disclose severe control flaws that are not remediated as of the balance sheet date. Prior research uses publicly available annual report data to distinguish characteristics of companies disclosing ineffective controls (i.e., at least one MW) under Section 404, or quarterly management reports under Section 302  but does not address the full extent of detected control flaws, how those problems are detected, or how auditors determine which problems are disclosed. This study extends prior research and investigates detection and severity classification of internal control deficiencies (ICD) under Section 404 to determine (1) the relative contribution of clients and auditors to ICD detection and (2) the factors are associated with the auditor’s severity classifications of detected ICD.

    Design/Method/ Approach:

    The authors obtained proprietary data from several large audit firms, under confidentiality agreements that limit the ability of the authors to results separate results by firm or firm size. The authors asked that each firm randomly select from 2004–2005 engagements of smaller accelerated filers (with revenues of about $1 billion or less) in non-regulated industries allowing them to increase generalizability to the large number of U.S. public companies. Contact personnel from participating firms helped the authors develop a spreadsheet to be completed by engagement teams, containing both company-level and control-level information. The authors first examine the overall percentage of ICD detected by clients/auditors and also model the factors associated with likelihood of client detection. In addition, because auditors are sometimes aware of the client’s preliminary classification of ICD, the authors test whether auditors override those classifications by judging ICD to be more severe. Lastly, the authors test expectations regarding factors associated with severity classification of ICD.

    Findings:
    • The authors find that clients detect fewer ICD than auditors, and are less likely to detect severe and pervasive ICD and therefore infer that many of the control flaws most likely to affect financial reporting would not be found in a client-driven process such as Section 302.
    • Furthermore, the analysis shows that the use of a large accounting firm consultant for Section 404(a) work is associated with improved client detection
    • The authors find that control tests provide initial evidence on a large proportion of ICD, including most MW and entity-level problems viewed as more serious by financial report users which affirms auditors’ Section 404 control testing as an important source of detecting control deficiencies.
    • The authors find that clients tend to classify ICD as less severe, but auditors frequently override those classifications.
    • Lastly, the authors find higher severity associated with:
    1. greater knowledge and independence in the client’s Section 404(a) process;
    2. more objective evidence (e.g., an existing misstatement);
    3. control flaws other than documentation problems (e.g., inappropriate design);
    4. certain types of entity-level ICD (e.g.,  Control Environment);
    5. certain types of account-specific ICD (revenue and tax), consistent with the regulatory climate of the period.
       
    Category:
    Internal Control, Standard Setting
    Sub-category:
    Assessing Material Weaknesses, Impact of 404 on Fees and Financial Reporting Quality, Impact of 404
  • Jennifer M Mueller-Phillips
    How Do Auditors Address Control Deficiencies that Bias...
    research summary posted July 28, 2015 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.01 Scope of Testing, 07.02 Assessing Material Weaknesses, 08.0 Auditing Procedures – Nature, Timing and Extent, 08.01 Substantive Analytical Review – Effectiveness 
    Title:
    How Do Auditors Address Control Deficiencies that Bias Accounting Estimates?
    Practical Implications:

    For practice, the authors provide evidence about the relation between control deficiencies and substantive tests in the integrated audit. A significant minority of senior auditors attempt to identify bias in an accounting estimate with increased sampling from the biased estimation process, though they have been told that the estimation process is biased. The authors provide theory consistent empirical evidence that auditors often reach questionable, optimistic judgments about the capability of audit evidence to address control deficiencies. Auditors will often revert to what they know best, and it is difficult to get people to look beyond the familiar, regardless of experience level.

    Citation:

    Mauldin, E. G., & Wolfe, C. J. 2014. How Do Auditors Address Control Deficiencies that Bias Accounting Estimates? Contemporary Accounting Research 31 (3): 658-680.

    Keywords:
    accounting estimates, scarcity, control deficiencies, internal control
    Purpose of the Study:

    According to professional standards, auditors must integrate the internal control and financial statement audits. Revised risk assessment standards were issued, in part, to improve the integration of controls into the financial statement audit. However, PCAOB inspections find that auditors sometimes do not appropriately change the nature, timing, and/or extent of their substantive tests in response to clients’ internal controls. Auditors often have difficulty modifying substantive tests when responding to identified control deficiencies.

    To shed light on the underlying reasons for this difficulty, the authors of this design a contextually rich experimental case and examine how auditors map a control deficiency into modifications of substantive tests. The authors examine control deficiencies that cause errors of omission in an estimation process, resulting in an incomplete and biased estimation process. The focus is on whether auditors recognize the insufficiency of reviewing the biased estimation process and how they select alternative tests to replace or supplement such review.

    Design/Method/ Approach:

    Eighty-seven auditors attending one Big 4 firm’s national training for experienced audit seniors participated in the study. The authors employ a between-participants experimental design with two treatments. The authors describe the treatments in sequence within the experimental task. They then randomly assign participants to experimental treatments and ask them to complete a case study. The evidence was collected prior to September of 2014.

    Findings:
    • A significant minority of senior auditors (33 percent) attempt to identify bias in an accounting estimate with increased sampling from the biased estimation process. Further, they do this after being told that the estimation process is biased.
    • Seeing the falsely favorable substantive test results, on average, does not influence auditors’ tendency to increase sample size.
    • A supplemental sample of 14 managers produces a pattern of responses similar to the main results.
    • When the bias is from externally prepared documents, the authors find that about one-half the auditors (54 percent) choose the more efficient alternative test, adjusting the estimate using documents.
    • When the bias is from management judgment inputs, the authors find that most auditors (63 percent) choose to adjust the estimate using documents, even though this alternative is less effective than developing an auditor-generated estimate.
    • The observed results are not driven by lack of experience with percentage-of-completion accounting.
    • Together, the results suggest that auditors often make inefficient or ineffective alternative test choices depending on the source of omission caused by the control deficiency.
    Category:
    Auditing Procedures - Nature - Timing and Extent, Internal Control
    Sub-category:
    Assessing Material Weaknesses, Scope of Testing, Substantive Analytical Review – Effectiveness
  • Jennifer M Mueller-Phillips
    Internal Control Assessment and Interference Effects
    research summary posted February 17, 2015 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.02 Assessing Material Weaknesses 
    Title:
    Internal Control Assessment and Interference Effects
    Practical Implications:

    The results of this study are important for audit firms to consider when designing their audit process.  First, our findings strongly indicate that auditors will be more likely to identify weaknesses in the control system if they first brainstorm about the risks that could occur (e.g. “goods may be shipped but the sale is not recorded”, “accounts receivable may be written off without proper authorization”, or “purchase may be recorded when goods/services were not received”).  Then, the controls in the system should be identified and mapped back against the risks to determine if there are any deficiencies in the system.   Second, our findings also indicate that audit efficiency will be enhanced if another member of the audit team (such as the audit senior or reviewer) identifies controls first, i. e., does not  consider the risks first; as looking at the risks first appears to inhibit identification of controls. 

    For more information on this study, please contact Janet Morrill (Janet.Morrill@umanitoba.ca). 

    Citation:

    Morrill, J., C. Morrill and L. Kopp. 2012. Internal Control Assessment and Interference Effects. Behavioral Research in Accounting 24 (1): 73-90

    Keywords:
    Auditor Judgment, Internal Control Evaluation, Interference, Assessing Material Weaknesses
    Purpose of the Study:

    Assessing the risk of material misstatement requires the auditor to evaluate the auditee’s internal control systems.  While a risk-based audit is required by auditing standards, the standards do not mandate when risks need to be evaluated in the process.  Current standards and practice vary regarding the point at which risks are to be identified. We hypothesize, based on output interference theory, that risk identification performed by the auditor before evaluating the client’s internal control systems will lead to a more complete identification of internal control deficiencies than risk identification performance after controls are evaluated. We theorize that the identification of controls before identifying risks interferes with the ability to generate risks that are not being controlled, resulting in fewer deficiencies being identified.  We also investigate whether auditors who identify controls before identifying risks will be less successful in identifying important deficiencies.  

    Design/Method/ Approach:

    The research evidence is collected in the early-2000s time period.  The authors use a group of accountants enrolled in Audit 1 and Audit 2 courses of the Certified General Accountants program in Canada.  Participants had a mean age of 33 years, with an average of 43 months of accounting work experience. Participants evaluated the controls and weaknesses of an internal control system, where half the participants identified controls first before evaluating risks and control deficiencies, and the other half of participants evaluated risks first, followed by identifying controls and control deficiencies.  The importance of the deficiencies were based on ratings of three auditing experts.  

    Findings:

    Consistent with our expectations, we found that participants who generated risks before identifying controls (hereafter “risks-first”) identified significantly more internal control deficiencies than participants who performed those tasks in the reverse order (hereafter “controls-first”). In addition, we found that the risks-first participants identified more important deficiencies than did the controls-first participants, where importance was defined by the judgments of an expert panel. On this basis, we conclude that a risks-first approach appears to be more effective. However, we also found that the risks-first participants identified significantly fewer controls, indicating that the increase in effectiveness may entail sacrifices in the efficiency of the audit.   

    Category:
    Internal Control
    Sub-category:
    Assessing Material Weaknesses
  • Jennifer M Mueller-Phillips
    Internal control deficiencies in tax reporting: A detailed...
    research summary posted January 20, 2016 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.02 Assessing Material Weaknesses, 07.03 Reporting Material Weaknesses 
    Title:
    Internal control deficiencies in tax reporting: A detailed view.
    Practical Implications:

    The authors use a unique data set to shed light on characteristics which lead to material weaknesses, specifically in tax-related accounts relative to other accounts. The data (obtained from several international accounting firms) allows the authors to determine which characteristics of tax-related internal control deficiencies are different from other deficiencies, prevent them from being remediated, and cause them to rise to the level of a material weakness. Results suggest that tax deficiencies, relative to other account-specific deficiencies, are less likely to be remediated, more severe, and more likely to cause a financial misstatement. Tax-related deficiencies are less likely to get remediated by year-end if discovered by the auditor, if the control was deficient in design, or if the control pertained to monitoring. This paper underscores the importance of auditor involvement in internal control reporting in taxes.

    Citation:

    Graham, L. and J.C. Bedard. 2015. Internal Control Deficiencies in Tax Reporting: A Detailed View. Accounting Horizons 29 (4): 917-942.

    Keywords:
    Sarbanes-Oxley Section 404, internal controls, control activities, taxes, internal audit
    Purpose of the Study:

    The authors take advantage of a unique data source to attempt to glean information on tax-related internal control deficiencies. They analyze the characteristics of these deficiencies relative to other account-specific deficiencies to develop an understanding of the nature of tax control deficiencies. The authors then investigate the characteristics of tax-related deficiencies which lead to material weaknesses.

    Design/Method/ Approach:

    The authors collected data on approximately 2,500 account-specific internal control deficiencies from 74 public company engagements during 2004 and 2005. The data came from several international public accounting firms. The authors use archival regression analysis to analyze factors which cause significant differences between tax-related and other account-specific deficiencies, tax-related remediated and unremediated deficiencies, and tax-related material weaknesses and control deficiencies.

    Findings:

    The authors find:  

    • Relative to other accounts, tax internal control deficiencies are less likely to be remediated before year-end, more likely to be severe, and more likely to cause a financial statement misstatement.  
    • Remediation for tax internal control deficiencies is less likely when detected by the auditor.
    • Remediation failure is more prevalent for poorly designed controls, controls over the tax provision, and monitoring controls.  
    • Tax provisions and deferred tax controls have a higher potential for producing misstatements.
    Category:
    Internal Control
    Sub-category:
    Assessing Material Weaknesses, Reporting Material Weaknesses
  • Jennifer M Mueller-Phillips
    Management control system design, ownership, and performance...
    research summary posted November 14, 2016 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.02 Assessing Material Weaknesses 
    Title:
    Management control system design, ownership, and performance in professional service organizations
    Practical Implications:

    This study provides some of the first empirical evidence of the characteristics of efficient MCS design for PHOs. This evidence has the potential to assist primary healthcare owners, managers and their advisors to better understand the relationship between ownership and MCS design and thereby improve the effectiveness and efficiency of delivery of primary care. 

    Citation:

    King, R. and P. Clarkson. 2015. Management control system design, ownership, and performance in professional service organizations. Accounting, Organizations and Society 45: 24-39. 

    Keywords:
    Control systems, ownership, TCE, and primary healthcare organizations.
    Purpose of the Study:

    The authors investigate the implications for organizational performance of the interplay between ownership and management control system (MCS) design in professional service organizations. The setting for the investigation is the primary healthcare sector in Australia, specifically primary healthcare organizations (PHOs). PHOs are small ‘for profit’ organizations where general practitioners (GPs) provide a first point of contact with the healthcare system. These organizations present a significant control challenge because GPs work independently to produce an intangible output and have preferences that conflict with bureaucracy. Despite professional belief, the authors find variation in the level of GP ownership across PHOs. The performance implications of this variation have not been investigated to date; furthermore, whether differences in the MCS design can mitigate these differences can also be investigated. 

    Design/Method/ Approach:

    The authors structure the analysis around Transaction Cost Economics (TCE), a holistic MCS design theory that allows for the possibility of misalignment and resultant performance effects and employ data from an online survey of practice managers.

    Findings:
    • The authors find that a lack of fit between MCS design and ownership will result in reduced organizational performance. 
    Category:
    Internal Control
    Sub-category:
    Assessing Material Weaknesses
  • Jennifer M Mueller-Phillips
    Material Weakness Remediation and Earnings Quality: A...
    research summary posted October 16, 2015 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.02 Assessing Material Weaknesses, 07.03 Reporting Material Weaknesses, 07.04 Assessing Remediation of Weaknesses, 07.05 Impact of 404 on Fees and Financial Reporting Quality 
    Title:
    Material Weakness Remediation and Earnings Quality: A Detailed Examination by Type of Control Deficiency.
    Practical Implications:

    Combining the remediation and earnings quality analyses, the results imply that investors should be most concerned about MWs in information technology, segregation of duties, account reconciliations, taxation, revenues, and inventory. These types occur frequently and are slow to remediate; thus, their effects on financial reporting linger longer than others. Their link to near-term earnings quality is evident, as their remediation reduces abnormal accruals, and/or their lack of remediation in the following year further increases accruals. In general, these results suggest that financial statement users should adopt a more granular view of remediation, as successful remediation of some specific MWs can signal improvement in the quality of disclosed financial information even if other MWs remain unremediated.

    Citation:

    Bedard, J. C., R. Hoitash, U. Hoitash, and K. Westermann. 2012. Material Weakness Remediation and Earnings Quality: A Detailed Examination by Type of Control Deficiency. Auditing: A Journal of Practice & Theory 31 (1): 57-78.

    Keywords:
    internal control, material weakness, remediation, Sarbanes-Oxley Section 404
    Purpose of the Study:

    This paper investigates the remediation likelihood of specific types of Sarbanes-Oxley (SOX) Section 404 material weaknesses (MWs) in internal control over financial reporting, and the association between remediation of specific types of MW with changes in earnings quality. This detailed look at remediation is important because companies disclose many types of control problems under Section 404, which likely vary in remediation difficulty as well as in impact on the financial reports. Because the goal of Section 404 is to improve financial reporting, it is important to identify specific areas in which control problems are less tractable and more influential. However, no study yet provides a detailed, comprehensive analysis of remediation by specific MW type. The authors first examine remediation rates by specific MW type, and investigate the association of MW type remediation with constraints identified by prior research. Next, they investigate which MW types have greater influence on earnings quality, by associating remediation of specific types with reductions in abnormal accruals. 

    Design/Method/ Approach:

    The authors obtain data on Section 404 MW from 20042006 from the AA database. They gather auditor information from AA, financial data from Compustat, and institutional ownership from Thomson Financial. The authors’ final sample consists of 567 observations that reported Section 404 MWs in either 2004 or 2005, representing 496 companies.

    Findings:
    • Finer classification does provide greater insight in showing that all specific entity-level MW types exhibit lower remediation likelihood.
    • Companies with fewer resources are less likely to remediate problems that involve large capital investments.
    • Companies with weaker governance are less likely to remediate problems linked by past research to earnings management.
    • Most companies with repeated disclosure of ineffective controls engaged in some successful remediation activity following initial disclosure, as only 3 percent had no success in remediating any MW types.
    • Certain types of MW have a greater impact on earnings quality, both when disclosed and when remediated, including some entity-level and some account-specific MW types. For most of these types, remediation reverses the higher abnormal accruals observed on disclosure. However, if remediation does not occur within a year from disclosure, abnormal accruals continue to increase for virtually all MW types.
    • Information technology and segregation of duties problems share an element of personnel reallocation, as the definition of information technology issues shown in includes specific reference to segregation of duties. Remediating such problems could involve hiring new workers, changing assignments or workflows, and thus could take more time than the remediation of other MW types. However, earnings quality is shown to increase in those companies that invest in solutions to these problems and reassign personnel appropriately.
    Category:
    Internal Control
    Sub-category:
    Assessing Material Weaknesses, Assessing Remediation of Weaknesses, Impact of 404 on Fees and Financial Reporting Quality, Reporting Material Weaknesses
  • The Auditing Section
    Reducing Management’s Influence on Auditors’ Judgments: An...
    research summary posted May 7, 2012 by The Auditing Section, tagged 07.0 Internal Control, 07.02 Assessing Material Weaknesses, 09.0 Auditor Judgment, 09.10 Prior Dispositions/Biases/Auditor state of mind 
    Title:
    Reducing Management’s Influence on Auditors’ Judgments: An Experimental Investigation of SOX 404 Assessments
    Practical Implications:

    The results of this study are important for audit firms to consider in planning, implementing, and documenting their assessment of internal controls.  Findings suggest that auditors are influenced by knowing management’s classification of the ICFR issue before making their assessment. The authors suggest this “knowledge bias” impairs independence and could also reduce audit effectiveness, impact tests of controls, and the reliance of others’ work (i.e., internal auditors).  There are additional implications for other parts of the audit (e.g., auditing estimates) where the audit client presents information that may bias an “independent assessment” of the account(s) being audited. However, as findings in this study suggest, requiring auditors to consider and explicitly document the potential impact the deficiency may have on the financial statements may reduce the impact of such knowledge biases.

    Citation:

    Earley, C. E., Hoffman, V.B., and J. R. Joe. 2008. Reducing Management’s Influence on Auditors’ Judgments: An Experimental Investigation of SOX 404 Assessments. The Accounting Review 83 (6) 1461-1485

    Keywords:
    internal control assessments; auditor curse of knowledge bias; management’s influence on auditors; auditor judgment
    Purpose of the Study:

    Under Section 404 of the Sarbanes-Oxley Act (SOX), both client management and the external auditors must evaluate the effectiveness of internal controls over financial reporting (ICFR).  Since management has to test and evaluate its internal controls, the external auditors may be testing and evaluating internal controls after management.  Knowledge of management’s conclusions as to the effectiveness of internal controls may bias the auditors’ judgment in evaluating the effectiveness of ICFR.  This paper examines whether auditors are influenced by this knowledge bias in their assessment of ICFR.  Also, the paper examines whether auditors’ explicit documentation of potential financial statement impact helps reduce any effect of knowledge bias. 

    Design/Method/ Approach:

    The authors collected their evidence via experimental cases administered to in-charge auditors from one of the Big 4 accounting firms. At the time of the experiment, the participants had completed at least one year of SOX 404 audit procedures for their clients. Data was collected prior to August 2007.  Participants were provided several control deficiencies and asked to evaluate their significance. Participants were either provided management’s assessment (either more or less severe) or not provided management’s assessment at all. Additionally, some participants were asked to consider and explicitly document the potential impact the deficiency could have on the financial statements, if the deficiency was not corrected.

    Findings:
    • The authors’ find that when auditors are provided management’s assessment of ICFR issues, their classifications of control deficiencies are different than when they are not provided management’s assessments.
    • Auditors are more influenced when management’s classification was “less severe” and was more favorable to management (i.e., Significant Deficiency compared to a Material Weakness), suggesting that the auditors do not “discount” management’s assessments that favor the client.
    • Overall, auditors change their assessment of the control deficiency after having to consider and explicitly document the impact the control deficiencies may have on the financial statements.  This suggests that such “knowledge biases” may be reduced by having auditors consider and explicitly document potential consequences.
    Category:
    Internal Control, Auditor Judgment
    Sub-category:
    Assessing Material Weaknesses, Prior Dispositions/Biases/Auditor state of mind
    Home:
    home button

Filter by Type

Filter by Tag