Auditing Section Research Summaries Space

A Database of Auditing Research - Building Bridges with Practice

This is a public Custom Hive  public

research summary

    Internal Control Assessment and Interference Effects
    research summary posted February 17, 2015 by Jennifer M Mueller-Phillips, last edited March 3, 2015, tagged 07.0 Internal Control, 07.02 Assessing Material Weaknesses 
    130 Views
    Title:
    Internal Control Assessment and Interference Effects
    Practical Implications:

    The results of this study are important for audit firms to consider when designing their audit process.  First, our findings strongly indicate that auditors will be more likely to identify weaknesses in the control system if they first brainstorm about the risks that could occur (e.g. “goods may be shipped but the sale is not recorded”, “accounts receivable may be written off without proper authorization”, or “purchase may be recorded when goods/services were not received”).  Then, the controls in the system should be identified and mapped back against the risks to determine if there are any deficiencies in the system.   Second, our findings also indicate that audit efficiency will be enhanced if another member of the audit team (such as the audit senior or reviewer) identifies controls first, i. e., does not  consider the risks first; as looking at the risks first appears to inhibit identification of controls. 

    For more information on this study, please contact Janet Morrill (Janet.Morrill@umanitoba.ca). 

    Citation:

    Morrill, J., C. Morrill and L. Kopp. 2012. Internal Control Assessment and Interference Effects. Behavioral Research in Accounting 24 (1): 73-90

    Keywords:
    Auditor Judgment, Internal Control Evaluation, Interference, Assessing Material Weaknesses
    Purpose of the Study:

    Assessing the risk of material misstatement requires the auditor to evaluate the auditee’s internal control systems.  While a risk-based audit is required by auditing standards, the standards do not mandate when risks need to be evaluated in the process.  Current standards and practice vary regarding the point at which risks are to be identified. We hypothesize, based on output interference theory, that risk identification performed by the auditor before evaluating the client’s internal control systems will lead to a more complete identification of internal control deficiencies than risk identification performance after controls are evaluated. We theorize that the identification of controls before identifying risks interferes with the ability to generate risks that are not being controlled, resulting in fewer deficiencies being identified.  We also investigate whether auditors who identify controls before identifying risks will be less successful in identifying important deficiencies.  

    Design/Method/ Approach:

    The research evidence is collected in the early-2000s time period.  The authors use a group of accountants enrolled in Audit 1 and Audit 2 courses of the Certified General Accountants program in Canada.  Participants had a mean age of 33 years, with an average of 43 months of accounting work experience. Participants evaluated the controls and weaknesses of an internal control system, where half the participants identified controls first before evaluating risks and control deficiencies, and the other half of participants evaluated risks first, followed by identifying controls and control deficiencies.  The importance of the deficiencies were based on ratings of three auditing experts.  

    Findings:

    Consistent with our expectations, we found that participants who generated risks before identifying controls (hereafter “risks-first”) identified significantly more internal control deficiencies than participants who performed those tasks in the reverse order (hereafter “controls-first”). In addition, we found that the risks-first participants identified more important deficiencies than did the controls-first participants, where importance was defined by the judgments of an expert panel. On this basis, we conclude that a risks-first approach appears to be more effective. However, we also found that the risks-first participants identified significantly fewer controls, indicating that the increase in effectiveness may entail sacrifices in the efficiency of the audit.   

    Category:
    Internal Control
    Sub-category:
    Assessing Material Weaknesses