The Effects of Fraud Risk and Management Representation on Auditors' Hypothesis Generation

Hypothesis generation is considered to be critical to the effectiveness and efficiency of diagnostic processes in auditing. Using a between-subjects experimental design, this work examines the impact of fraud risk and the availability of a non-misstatement management explanation on auditors' hypothesis generation performance. The context is when managers undertake analytical procedures at the planning stage of the audit. The results indicate that auditors are sensitive to increased fraud risk by generating more fraud hypotheses, while the number of misstatement hypotheses generated is not affected by fraud risk. The availability of a non-misstatement management explanation was found not to interfere with auditors' hypothesis generation performance, but facilitated the generation of proportionately more misstatement and fraud hypotheses from the same transaction cycle as that indicated by the management explanation. Together, these findings provide some insights on the sensitivity of auditors' hypothesis generation to fraud risk and whether this sensitivity could be undermined by the availability of management representations.     

The Dempster‐Shafer Theory: An Introduction and Fraud Risk Assessment Illustration

This article introduces the Dempster‐Shafer theory (DS theory) of belief functions for managing uncertainties, specifically in the auditing and information systems domains. The use of DS theory is illustrated by deriving a fraud risk assessment formula for a simplified version of a model developed by Srivastava et al. (2007). In this formulation, fraud risk is the normalised product of four risks: risk that management has incentives to commit fraud; risk that management has opportunities to commit fraud; risk that management has an attitude to rationalise committing fraud; and risk that an auditor's special procedures will fail to detect fraud. The article demonstrates how to use such a model to plan for a financial audit where management fraud risk is assessed to be high. In addition, it discusses whether audit planning is better served by an integrated audit/fraud risk assessment as now suggested in SAS 107 (AICPA 2006a, see also ASA 200 in AUASB 2007) or by the approach illustrated here where a parallel, but separate, assessment is made of audit risk and fraud risk.     

The effects of experience and explicit fraud risk assessment in detecting fraud with analytical procedures

This paper reports the results of an experiment that examined the effects of audit experience and explicit fraud risk assessment instructions on the effectiveness of analytical procedures in detecting financial statement fraud. The results of this study suggest that audit managers are more effective than audit seniors in assessing the risk of fraud with analytical procedures. Additionally, explicit fraud risk assessment instructions resulted in more effective assessments of the presence of fraud. These results have implications for the assignment of auditors to tasks and the structuring of these tasks.     

Corporate fraud and the audit expectations gap: A study among business managers

This paper presents the findings of an empirical study on the audit expectations gap concerning the role of the auditor in corporate fraud cases. The purpose of the study is to assess the significance of a reasonableness gap, a deficient performance gap and a deficient standards gap in the specific context of corporate fraud. In order to distinguish all three elements of the expectations gap, respondents need a certain level of expertise on fraud. Therefore, in this research the audit expectations gap is studied primarily from the perspective of three groups of business managers, based on the fact that they typically have a special responsibility in fraud cases. Bankers are used as a control group to assess the potential differences between the views of business managers and ‘society in general’. This study provides clear evidence of a substantial audit expectations gap in the context of fraud, both with respect to the auditor's performance as well as the auditor's formal obligations as laid down in existing standards. However, compared to bankers, business managers are less inclined to judge auditors’ performance of existing duties as inadequate, and see fewer points where auditing standards should be amended.     

Team discourse explains media richness and anonymity effects in audit fraud cue brainstorming

This article contributes by extending media richness (MRT) and media synchronicity theories (MST) to explore how media richness and anonymity influence team interactions and success in audit fraud brainstorming. Sixty-three, three-person teams, with 189 student participants from two Universities, identified fraud risk cues in a SAS 99 audit planning case. Participants were assigned to one of three conditions: electronic anonymity (EA; n = 18 teams), electronic identified (EI; n = 28 teams), or identified face-to-face (FtF; n = 17 teams). Compared with teams in the low media richness conditions, i.e., the EA and EI, discussions in FtF teams produced more and better dialog, which resulted in better identification of fraud risk cues. Additionally, compared with the discussions in the EA teams, FtF team discussions evidenced less narcissism and were more focused and inhibited. Mediation analyses of team interactions indicated that the quantity of dialog (team production) completely explains, fully mediates, the effects of media richness and anonymity on risk assessments. Contributions include extending MRT and MST, and using automated content analysis, to explicate the role of media richness, anonymity, and team interactions in explaining audit team fraud identification success. The concluding section identifies the sample, design, and method limitations, and, discusses the potential for group support technologies to enhance or detract from audit team processes, depending on task, context, and technology.     

The Regulation of Public Company Auditing: Evidence from the Transition to AS5

The replacement of Auditing Standard No. 2 (AS2) by Auditing Standard No. 5 (AS5) creates a natural experiment that sheds light on (1) potential inefficiencies caused by regulatory responses to a political crisis and (2) audit efficiency and effectiveness improvements resulting from the risk‐based approach embodied in AS5. We study these effects by examining the impact of AS5 on audit fees. We find that AS5 audit fees are aligned with auditee fraud risk, but not AS2 audit fees. Second, relative to AS2 benchmark levels, AS5 audit fees are, on average, lower for all auditees. Third, relative to AS2 benchmarks, AS5 fees are lower for lower‐fraud‐risk auditees but greater for higher‐fraud‐risk auditees. Overall, the evidence is consistent with (1) initial overregulation (via AS2) followed by reform (via AS5) and (2) auditors deploying a risk‐based audit approach to obtain both efficiency and potential effectiveness gains in audit production.     

Predicting fraud by investment managers

We test the predictability of investment fraud using a panel of mandatory disclosures filed with the SEC. We find that disclosures related to past regulatory and legal violations, conflicts of interest, and monitoring have significant power to predict fraud. Avoiding the 5% of firms with the highest ex ante predicted fraud risk would allow an investor to avoid 29% of fraud cases and over 40% of the total dollar losses from fraud. We find no evidence that investors receive compensation for fraud risk through superior performance or lower fees. We examine the barriers to implementing fraud prediction models and suggest changes to the SEC's data access policies that could benefit investors.     

The relation between earnings management and financial statement fraud

This paper provides new evidence on the characteristics of firms that commit financial statement fraud. We examine how previous earnings management impacts the likelihood that a firm will commit financial statement fraud and in doing so develop three new fraud predictors. Using a sample of 54 fraud and 54 non-fraud firms, we find that fraud firms are more likely to have managed earnings in prior years and that earnings management in prior years is associated with a higher likelihood that firms that meet or beat analyst forecasts or that inflate revenue are committing fraud. We further find that fraud firms are more likely to meet or beat analyst forecasts and inflate revenue than non-fraud firms are even when there is no evidence of prior earnings management. This paper contributes to the fraud detection literature and the earnings management literature, and can help practitioners and regulators develop better fraud detection models.     

Internal audit,alternative internal audit structures and the level of misappropriation of assets fraud

In recent years, the importance of good corporate governance has received significant public and regulatory attention. A crucial part of an entity's corporate governance is its internal audit function. At the same time, there has been significant public concern about the level of fraud within organizations. The purpose of this study is to assess whether organizations with an internal audit function are more likely to detect and self‐report fraud than those without. In this study, we use a unique self‐reported measure of misappropriation of assets fraud for the first time. The fraud data are from the 2004 KPMG Fraud Survey, which reported fraud from 491 organizations in the private and public sector across Australia and New Zealand. The internal audit data are from a separate mail survey sent to the respondents of the KPMG Fraud Survey. We find that organizations with an internal audit function are more likely than those without such a function to detect and self‐report fraud. Furthermore, organizations that rely solely on outsourcing for their internal audit function are less likely to detect and self‐report fraud than those that undertake at least part of their internal audit function themselves. These findings suggest that internal audit adds value through improving the control and monitoring environment within organizations to detect and self‐report fraud. These results also suggest that keeping the internal audit function within the organization is more effective than completely outsourcing that function.     

An evidential reasoning approach to Sarbanes-Oxley mandated internal control risk assessment

In response to the enactment of the Sarbanes-Oxley Act 2002 and of the release of the Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5, this study develops a risk-based evidential reasoning approach for assessing the effectiveness of internal controls over financial reporting (ICoFR). This approach provides a structured methodology for assessing the effectiveness of ICoFR by considering relevant factors and their interrelationships. The Dempster-Shafer theory of belief functions is utilized for representing risk.First, we develop a generic ICoFR assessment model based upon a Big 4 audit firm's approach and apply it to a real-world example. Then, based on this model, we develop a quantitative representation of various levels of ICoFR effectiveness and related risk-assessment as defined by the PCAOB and contrast these representations with levels implied by Auditing Standard No. 5. In doing so, we demonstrate the potential value of formal risk assessment models in both facilitating the assessment of risks in an individual engagement and in assessing the effects of different regulations.