The effects of disclosure type and audit committee expertise on Chief Audit Executives’ tolerance for financial misstatements

This study involves an experiment where 73 Chief Audit Executives and deputy Chief Audit Executives determine the amount of adjustment required to correct a misstatement. We manipulate the financial reporting location of the misstatement (recognized vs. disclosed) and the level of audit committee expertise (high vs. low). The results indicate that financial reporting location has significant effects on internal auditors’ decisions to correct misstatements. Specifically, internal auditors are more willing to waive disclosed misstatements relative to recognized misstatements. Contrary to expectations, the results do not indicate that increased audit committee expertise and associated increases in audit committee members’ perceived powers cause internal auditors to be less willing to waive misstatements.     

U.K. AUDITORS' ATTITUDES TO EFFECTIVENESS AUDITING

The appropriateness of requiring external auditors to undertake an examination of the effectiveness of many public sector services has been widely debated. This paper seeks to contribute to this debate by reporting on a survey of the attitudes of auditors. A sample of auditors from the National Audit Office, the Audit Commission and a major firm of accountants took part in the survey. The results reveal that the respondents had few misgivings about their involvement with the audit of effectiveness and a majority from each group clearly felt that external auditors should play a prominent role when such audits are undertaken.     

客户重要性与审计谈判

审计谈判对审计质量和会计信息质量具有十分重要的影响。本文运用实验经济学的方法研究了客户重要性对审计谈判的影响。研究发现,在与重要的客户谈判时,审计人员接受的客户最终的资产价值比较高,与客户在谈判中达成一致的比例也比较高;在与非重要客户谈判时,审计人员接受的客户最终的资产价值比较低,与客户在谈判中达成一致的比例也比较低。同时还发现,在与重要客户谈判时,审计人员更倾向于采用合作型谈判策略;在与非重要客户谈判时,审计人员更倾向于采用竞争型谈判策略。本文的发现表明,客户重要性明显地影响了审计质量。     

An empirical examination of CobiT as an internal control framework for information technology

One commonly used framework for developing and evaluating technology intensive information systems is CobiT. This framework was originally a benchmark of best control practices developed and maintained by the Information Technology Governance Institute, the umbrella organization to the Information Systems Audit and Control Association. We empirically examine the conceptual model that underlies the CobiT internal control framework as it applies to an audit setting (including operational, compliance, and financial audit settings). We find that superimposing CobiT's conceptual model onto audit relevant assessments made by a panel of highly experienced IT auditors confirms the internal consistency between the underlying constructs of CobiT. Furthermore, we find that CobiT's conceptual model predicts auditor behavior in the field related to their seeking help and giving help as evidenced by their postings to a general IT audit listserv. Given the results of this study, we propose future research aimed at developing a general theory of internal control applicable to information technology based on CobiT.     

Measuring audit quality of local governments in England and Wales

The purpose of this paper is to model and test the audit quality provided to local governments in England and Wales. A key question is: are there major differences in audit quality provided? The Audit Commission, a national public body under Parliament, regulates the audits. It sets audit standards, appoints the auditors, and (although each auditor and client local government set the specific audit fee for that client) it establishes a formula to determine standard audit fees. The Audit Commission also conducts an annual review of the audit quality provided by the selected auditors, as well as a survey of client satisfaction. The majority of audits are conducted by District Auditors (public sector employees of the Audit Commission). About a quarter of local governments are audited by one of six private sector auditors (including three of the Big 4). Actual results indicate that audit quality differences are associated with the number of governmental audit clients and local government type. Generally, there were modest quality differences by auditor category.     

审计艺术研究

审计艺术是指审计机关和审计人员为达到审计目的和效果,在审计工作中采用的富有创造性的方式方法,是审计机关和审计人员在长期的审计实践中摸索出来的,建立在一定的素养、才能、知识、经验基础上的审计技巧。审计艺术与审计科学、审计文化之间存在着不可分割的关系。审计科学是审计艺术的前提和基础,审计艺术是审计科学的补充与完善,审计科学与审计艺术是相互融合的;审计艺术反映审计文化,审计文化影响和制约着审计艺术的发展和运用,审计艺术的发展推动审计文化的变迁。本文对审计工作中审计人员说话、访谈、询问、审计交换意见、审计机关与其他职能部门沟通这六个关键艺术做了简要介绍。运用审计艺术要遵循审计规范和审计原则、符合审计文化的基本要求、审计人员具有符合要求的能力和素质这三个基本要求,并把加强审计艺术的理论研究、提高审计人员运用审计艺术的能力和素质以及总结提炼和宣传审计艺术经典案例三个方面作为提高审计艺术运用能力和水平的主要途径。     

Evaluating the Work of Internal Audit: A Comparison of Standards and Empirical Evidence

Numerous changes have recently been proposed or made to audit standards providing guidance for external auditors' evaluations of internal audit work. This paper reports the results of a study to compare the UK's Accounting Practices Board Statement of Auditing Standard 500, first, with similar standards promulgated by international, Canadian and US societies, and second, with audit quality factors derived from practising internal auditors. The data for the latter comparison was obtained from a two-phase study that first generated a set of potential quality factors through intensive structured interviews with audit groups from six different and diverse organisations, and then obtained evaluations of these factors from a large sample of internal auditors worldwide. Results first indicate that there are strong similarities between the guidance provided by SAS 500 and that proposed or promulgated by the UK, international, Canadian and US audit groups. Furthermore, the guidance provided by these SASs for items to consider in evaluating the quality of internal audit work are largely in agreement with the factors determined by practising internal auditors. There are, however, several items listed in SAS 500 that are not considered useful by internal auditors and there are other factors considered crucial by internal auditors but not mentioned in the SASs.     

The potential impact of COSO internal control integrated framework revision on internal audit structured SOX work programs

The purpose of this research is to report the extent internal auditors employ structured work programs in SOX compliance programs and the extent external auditors are involved in development of internal audit work programs. Given the link between the internal audit framework established by the Committee of Sponsoring Organizations of the Treadway Commission and the development of SOX work papers, we also summarize and explain the May 2013 changes to the COSO Internal Audit Integrated Framework. We further posit the potential effects of these changes on extant structured SOX work papers.     

Embedding process mining into financial statement audits

The audit of financial statements is a complex and highly specialized process. Digitalization and the increasing automation of transaction processing create new challenges for auditors who carry out those audits. New data analysis techniques offer the opportunity to improve the auditing of financial statements and to overcome the limitations of traditional audit procedures when faced with increasingly large amounts of financially relevant transactions that are processed automatically or semi-automatically by computer systems. This study discusses process mining as a novel data analysis technique which has been receiving increased attention in the audit practice. Process mining makes it possible to analyse business processes in an automated manner. This study investigates how process mining can be integrated into contemporary audits by reviewing the relevant audit standards and incorporating the results from a field study. It demonstrates the feasibility of embodying process mining within financial statement audits in accordance with contemporary audit standards and generally accepted audit practices. Implementation of process mining increases the reliability of the audit conclusions and improves the robustness of audit evidence by replacing manual audit procedures. Process mining as novel data mining technique provides auditors the means to keep pace with current technological developments and challenges.     

The turnover intentions of information systems auditors

The turnover rate of Information Systems auditors is an emerging problem for the profession. In his study of factors affecting resource allocations to Information Systems Audit departments, Lucy [Lucy, R.F. Factors affecting information systems audit resource allocation decisions. Thesis, The University of Texas, Arlington, 1998.] found that the average Information Systems (IS) auditor has four years of IS Audit experience. Dunmore [Dunmore D.B. Farewell to the information systems audit profession. Internal Auditor 1989; February:42–48.] argues that this high turnover of IS auditors will limit systems audit knowledge. Unlike prior research investigating turnover intentions of IS auditors, this study specifically includes factors that reflect the higher level needs of IS audit professionals. The need to satisfy personal and professional growth exerts a particularly strong influence on IS auditors' turnover intentions. Further, our study confirms that IS auditors' share similar characteristics to other IS professionals rather than with general accountants and auditors. Organizations wanting to retain their IS auditors should provide regular opportunities for their IS auditors to satisfy their personal growth needs.     

Debate: Increasing the impact of academic research on public policy

Audit committees were perceived as overcoming the difficulties of operating in a political environment. In general, they achieved good ratings for monitoring internal audit but were seen as less effective in engaging with external auditors and risk management. In some key aspects the attitudes of internal auditors differed from those of committee chairs and CFOs.     

Disclosure Of Audit Committees by Public Companies in Australia 1988–1990

The existence of audit committees in public companies can improve the quality of the financial reporting process, aid the actual and perceived independence of both the internal and external auditors, and improve financial statement users' confidence in the quality of the information. These benefits will be enhanced by disclosure of audit committees in the financial statements. This study examined the incidence and form of the disclosure of audit committees in annual reports by major Australian public companies over the period 1988–1990. The results showed that disclosures by larger companies increased during this time. Rates of disclosure varied considerably depending on the auditor and was positively associated with the size of the organisation. Companies with audit committees are encouraged to consider enhanced methods of disclosure such as those outlined in AUP 31 Communication with an Audit Committee.     

The influence of litigation risk and internal audit source on reliance decisions

External auditor reliance on the work of internal auditors in an integrated audit of the financial statements and internal control is an important audit planning procedure that can impact audit efficiency and effectiveness. The purpose of this study is to examine how perceived auditor litigation risk and internal audit source affect external auditors' reliance decisions in an integrated audit environment under varying levels of risk of material misstatement. In an experimental study using 89 practicing Big 4 auditors, this study finds that auditors who perceive low litigation risk from placing reliance on the work of internal auditors will rely more on outsourced internal auditors than in-house internal auditors. The results also show that auditors' reliance decisions are sensitive to the level of account risk consistent with the risk-based approach to the integrated audit encouraged by the PCAOB.     

Information technology acceptance in the internal audit profession: Impact of technology features and complexity

Although various information technologies have been studied using the technology acceptance model (TAM), the study of acceptance of specific technology features for professional groups employing information technologies such as internal auditors (IA) has been limited. To address this gap, we extended the TAM for technology acceptance among IA professionals and tested the model using a sample of internal auditors provided by the Institute of Internal Auditors (IIA). System usage, perceived usefulness, and perceived ease of use were tested with technology features and complexity. Through the comparison of TAM variables, we found that technology features were accepted by internal auditors in different ways. The basic features such as database queries, ratio analysis, and audit sampling were more accepted by internal auditors while the advanced features such as digital analysis, regression/ANOVA, and classification are less accepted by internal auditors. As feature complexity increases, perceived ease of use decreased so that system usage decreased. Through the path analysis between TAM variables, the results indicated that path magnitudes were significantly changed by technology features and complexity. Perceived usefulness had more influence on feature acceptance when basic features were used, and perceived ease of use had more impact on feature acceptance when advanced features were used.     

Financial process mining - Accounting data structure dependent control flow inference

The increasing integration of computer technology for the processing of business transactions and the growing amount of financially relevant data in organizations create new challenges for external auditors. The availability of digital data opens up new opportunities for innovative audit procedures. Process mining can be used as a novel data analysis technique to support auditors in this context. Process mining algorithms produce process models by analyzing recorded event logs. Contemporary general purpose mining algorithms commonly use the temporal order of recorded events for determining the control flow in mined process models. The presented research shows how data dependencies related to the accounting structure of recorded events can be used as an alternative to the temporal order of events for discovering the control flow. The generated models provide accurate information on the control flow from an accounting perspective and show a lower complexity compared to those generated using timestamp dependencies. The presented research follows a design science research approach and uses three different real world data sets for evaluation purposes.     

A Maturity‐level Assessment of Generalised Audit Software: Internal Audit Functions in Australia

The advancement of information technology in today's technologically driven era has had a significant impact on the way corporate organisations are conducting their business, especially in a developed country such as Australia. Consequently, it is now almost impossible to conduct effective and efficient audits without the use of technology‐based tools in control environments that are dominated by big data and increasing volumes of electronic audit evidence. Generalised Audit Software (GAS) is one of the most frequently used technology‐based tools available for the internal audit function for tests of controls purposes. The objective of this article is to explore the maturity of the use of GAS by internal audit functions in Australia. The literature review reveals that the use of GAS by internal audit functions globally is still at a relatively low level of maturity, despite the increased adoption of information technology and the generation of big data within organisations. Similarly, the empirical results also confirm the low level of maturity in the use of GAS by internal audit functions in Australia. Only 17.4% of the respondents displayed a high level of maturity with regard to the use of GAS.     

企业集团统一审计能降低审计收费吗

审计收费是审计研究的重要问题。已有审计研究文献通常关注的是对单个公司的审计收费,本文则关注在同一实际控制人控制下的企业集团中,多家上市公司选择同一家会计师事务所审计,即集团统一审计对审计收费的影响。研究发现,集团统一审计不但不能降低审计收费,反而会增加审计收费;选择大所进行统一审计可以降低审计费用,而小所执行统一审计则可能存在牺牲独立性以获得更多审计收费的情形。此外,事务所尤其是小规模事务所,在招揽集团客户时存在激烈的低价竞争。     

Audit office size,audit quality and audit pricing: evidence from small- and medium-sized enterprises

Using Swedish data, we investigate how audit quality and audit pricing vary with audit firm and office size. In contrast to prior studies, we use disciplinary sanctions issued against auditors not meeting the quality requirement as the measure of audit quality. We find no significant differences in the likelihood of sanctions between Big 4 audit firms and the fifth and sixth largest audit firms in Sweden (Grant Thornton and BDO). We refer to these collectively as ‘Top 6’. However, we find that the probabilities of warnings or exclusions from the profession are much higher for non-Top 6 auditors in Sweden than for Top 6 auditors. Furthermore, we find a strong negative association between the likelihood of sanctions and audit office size for non-Top 6 auditors. This association is insignificant for Top 6 audit firms. Audit fees follow a similar pattern and indicate that larger audit firms and offices put in more effort or have greater expertise. These results suggest that audit quality is differentiated in the private segment market. However, contrary to prior studies, our results suggest that the important dimensions are Top 6 versus non-Top 6 and the office size of non-Top 6 audit firms.     

Effectiveness of cybersecurity audit

The aim of this paper is to analyze the effectiveness of internal audit of cybersecurity. We developed a Cybersecurity Audit Index composed of three dimensions – planning, performing and reporting – to address this question. We hypothesize that cybersecurity audit effectiveness is positively related to cyber risk management maturity and negatively to the probability of a successful cyber attack. We tested our hypotheses in a survey with auditors and Chief Audit Executives from various countries and industries. We found that Cybersecurity Audit Index scores significantly vary, with a mean of 58 on a scale from 0 to 100. While the planning and performing phases are strongly and positively correlated, they are less strongly related to reporting about cyber risk management effectiveness to the Board of Directors. As predicted, the Cybersecurity Audit Index is positively associated with maturity, but contrary to expectations, it is not related to the probability of a successful cyber attack. This is the first paper that comprehensively measures the effectiveness of cybersecurity audit and its effects on cyber risk management.     

The case for process mining in auditing: Sources of value added and areas of application

Process mining aims to extract knowledge from the event logs maintained by a company's ERP system. The objective of this paper is to make the case for why internal and external auditors should leverage the capabilities process mining offers to rethink how auditing is carried out. We do so by identifying the sources of value added of process mining when applied to auditing, which are as follows: 1. process mining analyzes the entire population of data and not just a sample; 2. critically that data consists of meta-data—data entered independently of the actions of auditee—and not just data entered by the auditee; 3. process mining allows the auditor to have a more effective way of implementing the audit risk model by providing effective ways of conducting the required walkthroughs of processes and conducting analytic procedures; 4. process mining allows the auditor to conduct analyses not possible with existing audit tools, such as discovering the ways in which business processes are actually being carried out in practice, and to identify social relationships between individuals. It is our argument that these sources of value have not been fully understood in the process mining literature, which has focused on developing it as a statistical methodology rather than on applying it to audit practice. Only when auditors and audit researchers appreciate what is new and unique about process mining will its acceptance in auditing practice become feasible.