Posts

Posts

  • 1-7 of 7
  • Jennifer M Mueller-Phillips
    How Do Auditors Address Control Deficiencies that Bias...
    research summary posted July 28, 2015 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.01 Scope of Testing, 07.02 Assessing Material Weaknesses, 08.0 Auditing Procedures – Nature, Timing and Extent, 08.01 Substantive Analytical Review – Effectiveness in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    How Do Auditors Address Control Deficiencies that Bias Accounting Estimates?
    Practical Implications:

    For practice, the authors provide evidence about the relation between control deficiencies and substantive tests in the integrated audit. A significant minority of senior auditors attempt to identify bias in an accounting estimate with increased sampling from the biased estimation process, though they have been told that the estimation process is biased. The authors provide theory consistent empirical evidence that auditors often reach questionable, optimistic judgments about the capability of audit evidence to address control deficiencies. Auditors will often revert to what they know best, and it is difficult to get people to look beyond the familiar, regardless of experience level.

    Citation:

    Mauldin, E. G., & Wolfe, C. J. 2014. How Do Auditors Address Control Deficiencies that Bias Accounting Estimates? Contemporary Accounting Research 31 (3): 658-680.

    Keywords:
    accounting estimates, scarcity, control deficiencies, internal control
    Purpose of the Study:

    According to professional standards, auditors must integrate the internal control and financial statement audits. Revised risk assessment standards were issued, in part, to improve the integration of controls into the financial statement audit. However, PCAOB inspections find that auditors sometimes do not appropriately change the nature, timing, and/or extent of their substantive tests in response to clients’ internal controls. Auditors often have difficulty modifying substantive tests when responding to identified control deficiencies.

    To shed light on the underlying reasons for this difficulty, the authors of this design a contextually rich experimental case and examine how auditors map a control deficiency into modifications of substantive tests. The authors examine control deficiencies that cause errors of omission in an estimation process, resulting in an incomplete and biased estimation process. The focus is on whether auditors recognize the insufficiency of reviewing the biased estimation process and how they select alternative tests to replace or supplement such review.

    Design/Method/ Approach:

    Eighty-seven auditors attending one Big 4 firm’s national training for experienced audit seniors participated in the study. The authors employ a between-participants experimental design with two treatments. The authors describe the treatments in sequence within the experimental task. They then randomly assign participants to experimental treatments and ask them to complete a case study. The evidence was collected prior to September of 2014.

    Findings:
    • A significant minority of senior auditors (33 percent) attempt to identify bias in an accounting estimate with increased sampling from the biased estimation process. Further, they do this after being told that the estimation process is biased.
    • Seeing the falsely favorable substantive test results, on average, does not influence auditors’ tendency to increase sample size.
    • A supplemental sample of 14 managers produces a pattern of responses similar to the main results.
    • When the bias is from externally prepared documents, the authors find that about one-half the auditors (54 percent) choose the more efficient alternative test, adjusting the estimate using documents.
    • When the bias is from management judgment inputs, the authors find that most auditors (63 percent) choose to adjust the estimate using documents, even though this alternative is less effective than developing an auditor-generated estimate.
    • The observed results are not driven by lack of experience with percentage-of-completion accounting.
    • Together, the results suggest that auditors often make inefficient or ineffective alternative test choices depending on the source of omission caused by the control deficiency.
    Category:
    Auditing Procedures - Nature - Timing and Extent, Internal Control
    Sub-category:
    Assessing Material Weaknesses, Scope of Testing, Substantive Analytical Review – Effectiveness
  • Jennifer M Mueller-Phillips
    Auditors’ Internal Controls over Financial Reporting D...
    research summary posted December 1, 2014 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.04 Impact of 404, 07.0 Internal Control, 07.01 Scope of Testing in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Auditors’ Internal Controls over Financial Reporting Decisions: Analysis, Synthesis, and Research Directions
    Practical Implications:

    In the planning phase, the PCAOB and key stakeholders should consider developing an ICOFR audit risk model to serve as a conceptual planning and evaluative model. Audit firms should pay attention to aligning auditors’ skill sets to their task assignments and employ other mechanisms that encourage consultations.

    Scoping decisions remain underexplored. Nevertheless, anecdotal evidence suggests that auditors may be cognitively wired to scope some types of ELCs but not others. Firms may consider the interactions between auditors and client personnel that explain the tendency for auditors to evaluate only the ELCs scoped by the client.

    Audit firms should pay special attention to how audit teams design testing plans to test ELCs that are not easily tested by attribute sampling methods (e.g., management philosophy and operating style). This is necessary to address concerns by PCAOB inspections that some auditors identified ELCs that appeared to be designed to operate with a high degree of precision, but failed to obtain sufficient audit evidence of their operating effectiveness.

    In the evaluation phase, firms should consider mechanisms that can help auditors “imagine what could go wrong where nothing wrong has happened.” Examples of such mechanisms include restructuring the task (e.g., documentation, decomposition of the task, or requirements to list what could go wrong). In the reporting phase, firms should consider having a requirement to specifically require auditors to consider the needs of a prudent official. This requirement may be a countervailing check on their detection and disclosure incentives.

    For more information on this study, please contact Stephen K. Asare.

    Citation:

    Asare, S. A., B. C. Fitzgerald, L. E. Graham, J. R. Joe, E. M. Negangard, and C. J. Wolfe. 2013. Auditors’ Internal Controls over Financial Reporting Decisions: Analysis, Synthesis, and Research Directions. Auditing: A Journal of Practice and Theory 32 (sp1): 131-166.

    Keywords:
    Auditor judgment and decision-making; internal controls; Sarbanes-Oxley Act; literature synthesis; standard setting
    Purpose of the Study:

    This paper synthesizes the literature on auditors’ evaluation of and reporting on companies’ internal control over financial reporting (ICOFR) as required by the Sarbanes-Oxley Act (SOX). The purpose of the synthesis is (1) to provide stakeholders with information on how, and how well, auditors perform the ICOFR task; (2) to highlight implementation issues related to auditors’ application of the ICOFR standard and empirical findings related to regulatory concerns; (3) to identify gaps in the existing accounting literature and fruitful areas of future research; and (4) to stimulate additional research focusing on important regulatory areas as well as understanding and improving auditors’ ICOFR decisions.

    Design/Method/ Approach:

    The authors develop a framework to organize the literature on post-SOX ICOFR research. The framework suggests that there are five phases of the ICOFR audit: (1) planning; (2) scoping; (3) testing; (4) evaluation; and (5) reporting. It also suggests that auditors’ performance on the tasks within each phase are affected by (a) the auditor’s attributes, (b) the client’s attributes, (c) the interaction between the auditor and the client, (d) task attributes, and (e) environmental attributes. Following the framework, the authors describe and evaluate auditors’ performance on the specific tasks within each phase of the ICOFR audit. They end their analysis of each phase with a brief summary of the findings, discussion of the under-studied performance determinants, and suggestions for future research.

    Findings:

    Key takeaways from the synthesis paper include the following:

    • In the planning phase, there is an absence of a generally agreed upon ICOFR audit risk model akin to the audit risk model used in the audit of the financial statements. Auditors are not fully aware of the risks in complex enterprise resource planning systems, may be overconfident in their ability to assess risks in this setting, and are reluctant to seek consultation from computer assurance specialists.
    • The evidence from the studies on scoping suggests that the more prescription-oriented Auditing Standard No. 2 induced inefficiencies, some of which have been eliminated by the risk-based scoping prescribed by Auditing Standard No. 5. Further, there is evidence that management trustworthiness and investment in monitoring controls affect scoping decisions.
    • Auditors’ experience, knowledge, and training enhance testing strategies. However, providing auditors with client-prepared documentation before they make an independent assessment can hinder their ability to evaluate internal controls.
    • In the evaluation phase, auditors’ severity assessments are unduly influenced by the absence of a misstatement.
    • In the reporting phase, detection and disclosure incentives play a role in whether existing material weaknesses are reported.
    • The article includes a summary of the authors’ findings related to the Public Company Accounting Oversight Board (PCAOB) staff’s stated interest in the auditor’s testing of entity-level controls (ELCs), multi-location scoping, and the effect of compensating controls on the evaluation of identified control deficiencies.
    • Proposed areas of research related to the audit of ICOFR likely to influence future regulation are presented.
    Category:
    Internal Control, Standard Setting
    Sub-category:
    Impact of 404, Scope of Testing
  • Jennifer M Mueller-Phillips
    Internal Audit Sourcing Arrangements and Reliance by...
    research summary posted September 26, 2013 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.01 Scope of Testing, 08.0 Auditing Procedures – Nature, Timing and Extent, 08.11 Reliance on Internal Auditors, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Internal Audit Sourcing Arrangements and Reliance by External Auditors
    Practical Implications:

    The authors note a couple of implications for practitioners resulting from this study.  First, given the fact that external auditors assess internal audit quality and rely upon the work similarly for outsourced and cosourced internal audit functions, it may be worthwhile for companies to consider engaging some level of independent outside service provider to work along with their in-house internal auditors for high risk areas. 
        Second, having the same 3rd party internal audit service provider also provide tax services results in less reliance upon the work performed by internal audit, even though those services are approved by the audit committee and performed by different individuals.  Therefore, external audit increases their audit effort, thereby implying that external audit must see this additional service provision to be detrimental to the internal audit service provider’s objectivity. 
     
    For more information on this study, please contact Naman K. Desai.
     

    Citation:

    Desai, N. K., G. J. Gerard, and A. Tripathy. 2011. Internal Audit Sourcing Arrangements and Reliance by External Auditors. Auditing: A Journal of Practice & Theory 30 (1):149-171.

    Keywords:
    cosourcing; external auditor reliance; internal audit; sourcing
    Purpose of the Study:

      The purpose of this study is to investigate potential internal audit (IA) sourcing arrangements (in-house, outsource, and cosource) and to determine how that impacts an external auditor’s evaluation of the IA function’s competency, objectivity, and technical skills. The extent to which the audit team will rely upon work performed by the internal auditors can also be determined this way.  This study also looks at whether tax services provided by the IA service provider impacts the extent of reliance for outsourced or cosourced IA.
    This study is important because the Institute of Internal Auditors makes no preference between any of these sourcing arrangements.  Prior research has shown that outsourcing the IA function results in higher ratings of objectivity and more reliance upon their work when inherent risk is high (but no differences when inherent risk is low).  However, no studies test how cosourcing arrangements are evaluated.  This question is important to answer since a cosourced arrangement is a blend of in-house and outsourced internal auditors, which indicates that results could go either way. 
     

    Design/Method/ Approach:

    The authors conducted an experiment including experienced CPAs from Big 4 and regional firms prior to October 2007.  The design results in only 5 groups – in-house, outsource, or cosource without mention of tax services and outsource or cosource with the service firm also providing tax services.  External auditors were asked to provide ratings related to internal audit’s quality, reliance on internal audit work, audit risk, planned external audit effort, and likelihood that IA would give in to management regarding potential findings.

    Findings:
    • The authors find that in high risk areas, external auditors’ rate outsourced and cosourced internal auditors as having higher levels of quality than in-house internal audit.
    • They similarly find that external audit is more likely to rely upon the internal audit work performed if it is performed by outsourced or cosourced IA.
    • Further, the authors find no differences in quality or reliance ratings between outsourced and cosourced IA. 
    • However, when outsourced or cosourced internal audit service providers also provide tax services (which are performed by individuals other than those who perform the internal audit work) external auditors perceive the quality of the internal audit work to be lower.  As a consequence, they rely less upon the internal auditor’s work and instead increase their own external audit efforts. 
       
    Category:
    Auditing Procedures - Nature - Timing and Extent, Governance, Internal Control
    Sub-category:
    Internal auditor role and involvement in controls and reporting, Reliance on Internal Auditors, Scope of Testing
  • The Auditing Section
    Discussion of “Internal Audit Sourcing Arrangement and the E...
    research summary posted May 7, 2012 by The Auditing Section, tagged 07.0 Internal Control, 07.01 Scope of Testing, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Discussion of “Internal Audit Sourcing Arrangement and the External Auditor’s Reliance Decision”
    Practical Implications:

    The points noted below suggest some limitations in Glover, Prawitt & Wood (2008) article. However, Messier acknowledges that the article provides insight on some factors that might affect the external auditors’ reliance decisions under AS 5.

    Citation:

    Messier, W. F. 2008. Internal Audit Sourcing Arrangement and the External Auditor’s Reliance Decision. Contemporary Accounting Research 25 (1) 215-218.

    Purpose of the Study:

    This is a discussion of the Glover et al. article (2008). The comments are based on Messier’s comments provided during the 2006 Contemporary Accounting Research Conference.

    Findings:
    • Glover, Prawitt, & Wood (2008) used a first-year audit scenario for their experiment. Messier suggests that auditors are more conservative in first-year audits. This conservative nature may have caused the auditors (participants) to assess the internal audit work as relatively low in terms of reliability. 
    • Messier suggests that the evaluation of “task subjectivity” may be confounded with the auditors’ consideration of the type of work performed, in accordance with SAS No. 65. (The “objective task” was control testing; the “subjective task” was inventory valuation.) This may limit the implications for the findings related to task objectivity/subjectivity, noted above.
    Category:
    Internal Control, Governance
    Sub-category:
    Scope of Testing, Internal auditor role and involvement in controls and reporting
    Home:
    home button
  • The Auditing Section
    Internal Audit Sourcing Arrangement and the External...
    research summary posted May 7, 2012 by The Auditing Section, tagged 07.0 Internal Control, 07.01 Scope of Testing, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Internal Audit Sourcing Arrangement and the External Auditor’s Reliance Decision
    Practical Implications:

    The results of this study suggests that external auditors place more reliance on “outsourced” internal audit work, especially under high inherent risk conditions, than on “in-house” internal audit work due to the external auditors’ assessment of higher objectivity on the part of the “outsourced” internal auditor. The authors suggest this may have implications for external audit teams’ planning and assessment of internal audit work, in that whether or not the work is outsourced might need to be considered in the assessment. Also, audit clients might consider a need to outsource more internal audit work or try to make changes to increase the external auditors’ perception of their “in-house” internal audit team, in terms of objectivity.

    Citation:

    Glover, S. M., Prawitt, D. F., and D. A. Wood. 2008. Internal Audit Sourcing Arrangement and the External Auditor’s Reliance Decision. Contemporary Accounting Research 25 (1) 193-213.

    Keywords:
    assessment of internal audit work; internal audit outsourcing; auditor judgment
    Purpose of the Study:

    Under Section 404 of the Sarbanes-Oxley Act (SOX), client management must evaluate the effectiveness of internal controls over financial reporting (ICOFR). In order to meet new regulations, many firms outsourced internal audit functions to third-parties. Auditing standards state that external auditors are required to evaluate the objectivity, competence, and work performed by internal auditors. Since third-party internal audit teams likely have different incentive and motives, compared to in-house internal audit teams, the external auditor may have different perceptions of each team’s objectivity. This study examines whether external auditors’ reliance on the work of outsourced internal auditors differs from the reliance of “in-house” internal auditors.

    Design/Method/ Approach:

    The authors collected their evidence via experimental cases administered to auditors from one of the Big 4 accounting firms. Approximately 21 percent were staff-level; 59 percent were senior staff, the other 20 percent were manager-level or higher. Data was collected prior to 2007.  Participants were provided background information about the hypothetical company, the internal audit team, and the audit procedures performed by the internal audit team. Participants were asked to evaluate the internal audit team’s competency and objectivity, as well as the amount of reliance to place on the internal audit team’s work.

    Findings:
    • When inherent risk is low, external auditors are just as likely to rely on “outsourced” internal audit work as “in-house” internal audit work. 
    • External auditors perceive “outsourced” internal audit work to be more objective than “in-house” internal audit work. 
    • When inherent risk is high, external auditors are more likely to rely on “outsourced” internal audit work as “in-house” internal audit work. 
    • External auditors are more willing to rely on internal auditors’ work when they perceive the internal auditors to be performing objective tasks, versus subjective tasks. (This is for both “in-house” and “outsourced” internal audit teams.) This difference in reliance between objective and subjective tasks is magnified when inherent risk is high.
    • However, when the task is subjective, the auditor relies less on the internal audit team’s work when inherent risk is high.
    Category:
    Internal Control, Governance
    Sub-category:
    Scope of Testing, Internal auditor role and involvement in controls and reporting
    Home:
    home button
  • The Auditing Section
    An Examination of Auditor Planning Judgments in a Complex...
    research summary posted May 7, 2012 by The Auditing Section, tagged 05.0 Audit Team Composition, 05.01 Use of Specialists e.g., financial instruments, actuaries, valuation, 07.0 Internal Control, 07.01 Scope of Testing in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    An Examination of Auditor Planning Judgments in a Complex Accounting Information System Environment
    Practical Implications:

    The results suggest that auditors’ AIS expertise can play a significant role in complex AIS settings and in their ability to compensate for CAS competence deficiencies.  The authors note that it may be prudent for firms to consider the combined capabilities of individuals when assigning auditors and CAS to engagements with complex AIS.

    Citation:

    Brazel, J. F. and C. P. Agoglia. 2007. An examination of auditor planning judgments in a complex accounting information system environment. Contemporary Accounting Research 24 (4): 1059-83.

    Keywords:
    Auditor judgment, risk, risk management, fraud risk
    Purpose of the Study:

    This study examines auditor judgments in a complex accounting information system (AIS) environment. Auditing standards recommend that a computer assurance specialist (CAS) be assigned to assist in the audit of computer-intensive environments. 
    CAS (also known as information systems audit specialists and IT auditors) provide auditors with control-testing evidence relating to their client’s AIS.  Auditors use this information when making control risk assessments and planning substantive audit procedures.  This study examines how the auditors’ own level of AIS expertise and the competence of the CAS affect the assessed control risk and scope of substantive testing.

    Design/Method/ Approach:

    Participants included practicing auditors from four international and two national public accounting firms. Participants were audit seniors with an average of 3.7 years of experience.  The experiment was conducted before 2007.  

    Participants were provided a case that included background information for a hypothetical client, relevant authoritative audit guidance, and prior year workpapers.  After reviewing this information, participants assessed and documented inherent risk. Participants then received information about the CAS competence (high or low) and CAS control tests.  Participants were then asked to evaluate the strength of CAS testing, assess control risk, and plan the substantive audit procedures. 

    Findings:
    • Auditors with high AIS expertise and those assigned low competence CAS tended to assess control risk as higher than their counterparts.
    • Auditors assigned low competence CAS assessed control risk as higher regardless of their own AIS expertise.    
    •  When the competence of the CAS is deficient, auditors with higher AIS expertise compared to auditors with lower AIS expertise are more likely to identify and react to potential AIS-specific risks.
    Category:
    Audit Team Composition, Internal Control
    Sub-category:
    Use of Specialists (e.g. financial instruments – actuaries - valuation), Scope of Testing
    Home:
    home button
  • The Auditing Section
    The Influence of Auditor Experience on the Persuasiveness of...
    research summary posted April 16, 2012 by The Auditing Section, tagged 07.0 Internal Control, 07.01 Scope of Testing, 09.0 Auditor Judgment, 09.03 Adequacy of Evidence, 09.10 Prior Dispositions/Biases/Auditor state of mind in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    The Influence of Auditor Experience on the Persuasiveness of Information Provided by Management
    Practical Implications:

    The extent to which auditors’ judgments are persuaded by information from management represents asignificant issue for audit practice, especially when information from more objective sources is also available.  The evidence indicates that less experienced senior auditors rely on information from management that is aligned with management’s self-interest to a greater extent than more experienced audit seniors.  This reliance raises a concern that some senior auditors assess audit evidence more favorably than may be warranted because they inappropriately rely on information provided by management. A lack of appropriate skepticism has the potential to make audits ineffective and expose the firm to audit failures.  The study suggests the importance of carefully assigning audit tasks to auditors with an appropriate level of experience.

    Citation:

    Kaplan, S. E., E. F. O’Donnell, and B. M. Arel. 2008. The Influence of Auditor Experience on the Persuasiveness of Information Provided by Management. Auditing: A Journal of Practice & Theory 27 (1): 67-83.

    Keywords:
    Auditing, Auditor experience, Persuasiveness, Management’s assessments
    Purpose of the Study:

    Information provided by management is among the most pervasive sources of information that auditors receive during an audit engagement; however, evaluating information from management presents a dilemma for auditors.  On one hand, management should generally be knowledgeable and competent, which suggests they are a good source of information.  On the other hand, because management has self-interested incentives, they are not an objective source of information.  Thus, auditors should be particularly skeptical when evaluating information obtained from management.  Prior research finds that auditors may place too much reliance on information provided by management when that information is favorable to management (i.e., when the information may not be objective).  Understanding the factors that influence auditors’ consideration and skepticism of information provided by management is important. 

    The purpose of this paper is to examine whether auditor experience reduces auditors’ reliance on information provided by  management when that information is favorable to management.  The authors motivate their expectations based on the psychology literature of persuasion knowledge.  The authors expect that as auditors gain experience they develop more persuasion knowledge.  The authors also expect that with more persuasion knowledge, auditors will be more skeptical (or less persuaded) of management-provided information that is aligned with management’s self-interests.

    Design/Method/ Approach:

    The research evidence was collected in the mid-2000s time period.  The authors used a group of audit seniors with a wide range of experience from one Big 4 firm to complete a simulated task.  Auditors were provided with information about the reliability of internal controls.  They received assessment information from two sources: information from management and information gathered from other members of the engagement team.  The audit seniors were asked to assess the overall reliability of internal controls based on both management’s reliability assessment and the tests performed by the other members of the audit team.

    Findings:
    • The authors find that when management’s assessment information was aligned with management’s self-interests (when the information from management was more favorable than the information gathered from the other members of the engagement team), auditor experience at the senior level did have an effect on the audit seniors’ internal control reliability assessments.  Specifically, less experienced audit seniors were influenced more by management’s information than were more experienced audit seniors.  The authors claim that more experienced audit seniors had more persuasion knowledge than less experienced audit seniors; thus they were more skeptical of management’s information because it was aligned with management’s self-interests.  
    • The authors find that when management’s assessment information was not aligned with management’s self-interests (when the information from management was less favorable than the information gathered from the other members of the engagement team), auditor experience at the senior level did not have an effect on the audit seniors’ internal control reliability assessments.  Specifically, all audit seniors made similar internal control reliability assessments.
    Category:
    Internal Control, Auditor Judgment
    Sub-category:
    Scope of Testing, Adequacy of Evidence, Prior Dispositions/Biases/Auditor state of mind
    Home:
    home button