Auditing Section Research Summaries Space

A Database of Auditing Research - Building Bridges with Practice

This is a public Custom Hive  public

research summary

    The Use of Business Risk Audit Perspectives by Non-Big 4...
    research summary posted March 10, 2015 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.02 Changes in Audit Standards, 06.0 Risk and Risk Management, Including Fraud Risk, 06.05 Assessing Risk of Material Misstatement 
    The Use of Business Risk Audit Perspectives by Non-Big 4 Audit Firms
    Practical Implications:

    The first implication is a call for proportionality and flexibility to adopt an audit approach that meets the client-audit firm context. SMP auditors told us that they struggle with achieving proportionality by not performing some audit procedures such as entity-level analytical procedures for smaller clients, because they feel obliged to perform these procedures to comply with documentation requirements of the auditing standards or of regulators and oversight bodies. Such experiences may result in inefficient, ‘‘check-the-box’’ audits in order to satisfy perceived documentation requirements for review purposes.

    The second implication is that standard setters should be aware that the type and/or scope of the assurance engagement might also vary by jurisdiction. For example, in a jurisdiction with a close book-tax alignment, the clients’ and users’ expectations about the type and scope of assurance may interact with the prescribed standards in shaping audit practice.

    For more information on this study, please contact Niels van Nieuw Amerongen.


    Van Buuren, J., C. Koch, N. v. Nieuw Amerongen, and A. M. Wright. 2014. The Use of Business Risk Audit Perspectives by Non-Big 4 Audit Firms. Auditing: A Journal of Practice and Theory 33 (3): 105-128

    business risk auditing, small and medium-sized audit practices (SMPs), auditing standards, audit methodology
    Purpose of the Study:

    The purpose of this study is to examine the extent of use of business risk perspectives by Small and Medium-sized audit Practices (SMP) and to investigate the conditions and factors affecting the application of such practices. We neither focus on the degree of compliance with standards nor on the audit quality differences among audit firms. Rather, we want to document variation in practices and, in particular, the relative reliance on Business Risk Audit (BRA) forms of evidence, since current auditing standards allow great flexibility in the choice of audit approaches on an audit engagement.

    Investigating SMPs is expected to provide new insights because SMP auditors face an audit environment that is very challenging in the use of business risk perspectives. For instance, SME clients often do not have formalized entity-level controls for assessing (client) business risks. Also, clients of such firms vary considerably in size and complexity, which may affect the cost-effectiveness of various forms of BRA evidence. We examine whether business risk assessments are proportionally applied. That is, we investigate whether the extent of consideration of business risks is dependent upon cost-effectiveness in the client setting. For instance, for large clients, the complexity of the engagement likely requires a focus on business risks and entity-level evidence, while for small clients, it may be more cost-effective to primarily rely on substantive tests at the assertion-, account or cycle level. In this respect, we consider a continuum of audit approaches, ranging from a substantive-based audit approach to a full-scope business risk audit, to explain differences in the use of business risk perspectives in SMP’s audit planning.

    Design/Method/ Approach:

    To examine these issues, we use a semi-structured interview approach involving 38 highly experienced auditors in Germany and in The Netherlands. This approach allows us to gather rich, detailed data of auditors’ experiences in the field.


    The findings indicate limited application of business risk perspectives by SMPs. Although SMPs regularly assess business risks, they are divided in their experiences and perceptions about the usefulness of business risk perspectives and rarely apply the knowledge of business risks for analytical procedures. We also find that many SMP auditors find it challenging to rely on entity-level controls that are often informal in SMEs or that are established by an owner-manager. Our results suggest that SMP auditors more often choose a systems-based or primarily substantive audit approach, as compared to the broad BRA approach. The findings indicate that the use of business risk perspectives is driven by consideration of the tradeoff between audit effectiveness and efficiency. Auditors with larger and more complex clients apply business risk perspectives more extensively. Further, auditors identify other factors that may affect the use of a business risk audit approach, such as tax-book alignment, enforcement by audit supervisory authorities, prior working exposure to BRA through experience with Big 4 audit firms, audit client tenure, and investments in training and databases.

    Risk & Risk Management - Including Fraud Risk, Standard Setting
    Assessing Risk of Material Misstatement, Changes in Audit Standards