Less-experienced auditors tend to respond to risk by indiscriminately increasing sample size; when management utilizes a specific scheme to commit fraud, this method is far less effective than tailoring procedures to target a particular sample where fraud is more likely to occur. The authors suggest that training on recognizing cues that may suggest specific fraud schemes (especially early in an auditor’s career) and when targeting a particular high-risk sample is appropriate (as opposed to simply increasing sample size) would help auditors to recognize when aspects of an engagement imply higher risk of a particular fraud method or scheme and address it properly by targeting their testing to directly address the fraud risk.
For more information on this study, please contact Jacqueline Hammersley.
Hammersley, J. S., K. M. Johnstone, and K. Kadous. 2011. How Do Audit Seniors Respond to Heightened Fraud Risk? Auditing: A Journal of Practice & Theory 30 (3), 81-101.
A number of studies have looked at methods of improving the assessment of fraud risk and the resulting selection of audit procedures to address this risk. However, most of these studies use managers, whereas seniors are often responsible for putting together the audit plan. Although managers review this plan, the initial selection of procedures by seniors can significantly impact the final audit plan. Therefore, this study examines seniors’ assessment of fraud risk and how they modify a standard audit plan to combat this risk.
In addition, this study looks at multiple levels of fraud risk. Although all the seniors are given a case based on an actual fraud from an SEC Accounting and Auditing Enforcement Release, some of them are informed that a material weakness in the revenue recognition cycle (although unrelated to the fraud) was detected in the current year in order to determine whether seniors responded to this risk in terms of an elevated risk assessment. Finally, this study not only investigates the effectiveness of the procedures selected, but also their efficiency; this is able to capture whether the seniors’ procedures may not only be ineffective at catching the fraud, but also inefficient (procedures that add time to the audit, but would not catch the fraud).
The authors conduct an experiment using seniors from a Big 4 firm. Evidence was collected prior to 2010. The seniors were given a case with background and financial information on the company as well as auditing assessments of materiality and the control environment. The background information included a description of a marketing plan that management was using to fraudulently recognize revenue. About half of the participants were informed that a material weakness had been identified in the revenue recognition cycle, while the other half were informed that internal controls testing was ongoing, but had not detected anything yet. All participants were then asked to identify risk factors from the case, judge the revenue cycle risks, modify a standard audit plan to respond to the risks, and assess the need to consult with a risk management partner.