Knowledge Representation Issues in Complex Decision Domains: an Example from Inherent Audit Risk Assessment

There has been significant discussion in artificial intelligence and expert systems concerning different representation systems for complex domain knowledge. This article discusses the strengths, weaknesses and psychological validity of two common systems, associational or rule- and model-based, and presents a computer model which incorporates both approaches into a hybrid system. The computer model reasons in the complex decision domain of inherent audit risk assessment.     

APX: An Integrated Knowledge-Based System to Support Audit Planning

Auditors who must express an opinion on the financial statements of publicly held enterprises must perform a series of risk assessments as the basis for selecting appropriate audit procedures to be performed. Although many auditing expert systems have been developed for individual components of the audit risk assessment process such as inherent and control risk assessment, none integrate these assessments to arrive at the ultimate objective of assessing the allowable level of detection risk which drives audit procedure selection. This paper discusses critical design concerns for audit planning expert systems in light of the integrated nature of the steps involved in the audit planning process. The design and development of an integrated audit planning expert system called APX (Audit Planning eXpert) is also discussed. A distinguishing feature of APX is that it not only performs the individual types of risk assessments but it also integrates the resulting assessments to arrive at allowable detection risk. The knowledge acquisition and system development process are described to illustrate some of the mechanics of developing such a system.     

PLANET: An Expert System for Audit Risk Assessment and Planning

PLANET is an expert system for audit risk assessment and audit test selection. At present it is undergoing worldwide field testing by Price Waterhouse audit teams. As a case study, PLANET illustrates a complex interplay of audit methodology issues and expert systems development techniques, and reinforces the validity of many of the widely reported lessons learned about successful expert systems development during the 1980s. However, the experience also challenges elements of this received wisdom while exposing special issues arising in the development of expert systems in the field of auditing.     

The effect of benchmarked performance measures and strategic analysis on auditors’ risk assessments and mental models

As the audit environment becomes more demanding and complex, so does the set of analytical tools available to an auditor. The purpose of this paper is to examine the effect of two complex audit technologies commonly used by auditors, benchmarking of performance measures and strategic analysis, on the risk judgments of auditors carrying out the initial planning of an audit. We conduct an experiment that utilizes a Balanced Scorecard for organizing and evaluating analytical evidence about the performance of business units within a large client. Our first principal finding is that external benchmarking can cause an auditor to focus on performance measures that are unique to a business unit and disregard performance measures that are common to multiple business units but not benchmarked. However, our second finding is that an in-depth strategic analysis completed prior to assessing a client’s business risk or risk of material misstatement allows an auditor to incorporate more information from performance measures in risk assessments regardless of whether the performance measures are benchmarked. Strategic analysis facilitates a more balanced and accurate assessment of the risks across the business units being evaluated. We also provide evidence that the latter result occurs because in-depth strategic analysis allows auditors to develop a more complete mental model of a client, which has been a long time belief of advocates of business risk audit methodologies and consistent with current and emerging auditing standards on risk assessment.     

人民银行信息技术审计中风险导向审计模式的应用研究

近年来,人民银行特别重视内审工作的转型与发展,在转型的切入点以及方式、方法上都进行了有益的探索.目前,将风险导向审计模式运用到人民银行内部审计中已成为一种共识.但是风险导向模式运用理论研讨居多,如何在实践中具体指导审计工作的研究却寥寥无几.本文以风险导向为切入点,结合目前信息技术审计面临的新情况、新挑战,分析了人民银行...     

The Dempster‐Shafer Theory: An Introduction and Fraud Risk Assessment Illustration

This article introduces the Dempster‐Shafer theory (DS theory) of belief functions for managing uncertainties, specifically in the auditing and information systems domains. The use of DS theory is illustrated by deriving a fraud risk assessment formula for a simplified version of a model developed by Srivastava et al. (2007). In this formulation, fraud risk is the normalised product of four risks: risk that management has incentives to commit fraud; risk that management has opportunities to commit fraud; risk that management has an attitude to rationalise committing fraud; and risk that an auditor's special procedures will fail to detect fraud. The article demonstrates how to use such a model to plan for a financial audit where management fraud risk is assessed to be high. In addition, it discusses whether audit planning is better served by an integrated audit/fraud risk assessment as now suggested in SAS 107 (AICPA 2006a, see also ASA 200 in AUASB 2007) or by the approach illustrated here where a parallel, but separate, assessment is made of audit risk and fraud risk.     

An examination of order effects in auditors' inherent risk assessments

While recency effects have been reported in a variety of audit tasks, recent studies suggest that these effects may be mitigated under certain conditions. The importance of investigating order effects in auditors' judgments rests with its potential to impact on the efficiency and effectiveness of audits. Since current studies suggest that recency effects may not impact on all audit situations, it is necessary to identify conditions or variables in the task environment that either induce or mitigate recency.
This study examines the occurrence of order effects in auditors' inherent risk assessments, a task not previously examined. Using a case study administered to 70 auditors, this study found that auditors' judgments were not influenced by the order in which audit evidence was evaluated. Rather, the results suggest that judgments of inherent risk may be biased towards conservatism. This may not be surprising given the negative consequences associated with failing to adequately plan an audit. This may cause auditors to act cautiously and thus mitigate recency effects.     

Audit Effort and Stock Price Crash Risk

We examine how stock price crash risk is affected by audit effort, as measured by audit hours. Using a unique dataset of audit hours in China, we find that audit effort is negatively related to crash risk. The negative impact of audit effort on crash risk is more pronounced for listed firms that have higher inherent risks and weaker external monitoring of their information environment. Our findings are robust to various tests, including a two-stage regression analysis, controlling for listed firm-fixed effects and audit firm-fixed effects, and using alternative measures of crash risk. In addition to audit output measures, audit effort has an incremental influence on crash risk. The effects of audit effort on crash risk continue to hold after controlling for auditor industry expertise and auditor tenure.     

Inherent risk: An investigation of auditors' judgments

The assessment of inherent risk is a judgment required of auditors by Statement on Auditing Standards 47 (Auditing Standards Board, AICPA, New York, 1983) that normatively affects the scope of work performed on audit engagements. This study explores the judgments of auditors concerning inherent risk in inventory. Four inherent risk factors were examined: turnover of the controller, financing pressure, the amount of complexity of overhead in inventory, and the quality of the personnel responsible for the inventory calculation. A human information processing approach employing ANOVA was utilized to determine the relative reliance on these factors in the inherent risk judgments of 65 practicing auditors. Correlation techniques were used to measure consensus, reliability, and self-insight.The results suggest that although all four inherent risk factors were important to auditors, quality of personnel was the most significant. Reliability was slightly lower than in previous research, but was still fairly high. Self-insight was moderate.     

CEO political ideologies and auditor-client contracting

We investigate whether CEOs’ political ideology, as captured by their political contributions, is related to audit risk and, consequently, to audit pricing. We find that Republican CEOs are associated with lower inherent risk and control risk, which represent the two components of audit risk related to the firm, while their Democratic counterparts are seen to have higher risks. Consequently, Republican (Democratic) CEOs are associated with lower (higher) audit fees. The results are robust to controlling for religiosity, executive incentives and ability, obtaining alternative measures of inherent and control risk, and to using propensity score matching and entropy balancing. We further show that changes in political ideology are associated with changes in audit risk and fees. In sum, the evidence implies that auditors view the political ideology of CEOs as an important determinant of engagement risk, which may have important implications for disclosure policy.     

The Contribution of Internal Audit as a Determinant of External Audit Fees and Factors Influencing This Contribution

Despite extensive research on the determinants of external audit fees, there is little empirical evidence on the effect of internal audit contribution on the external audit fee. Using a cross-sectional regression model based on prior audit fee research, this study provides evidence that internal audit contribution is a significant determinant of the external audit fee. Further, a second model that provides evidence on the determinants of internal audit contribution is developed and tested. This second model indicates that internal audit contribution is influenced by internal audit quality and, conditional on the level of inherent risk, the availability of internal audit and the extent of coordination between internal and external auditors. These results are based on a unique data-set comprised of publicly available data matched with survey responses from internal and external auditors affiliated with 70 non-financial services Fortune 1000 firms. The sample includes all of the former "Big 6" international accounting firms and clients from twenty-nine different industries.     

Explaining the (non-) adoption of advanced data analytics in auditing: A process theory

Audit firms are increasingly engaging with advanced data analytics to improve the efficiency and effectiveness of external audits through the automation of audit work and obtaining a better understanding of the client’s business risk and thus their own audit risk. This paper examines the process by which audit firms adopt advanced data analytics, which has been left unaddressed by previous research. We derive a process theory from expert interviews which describes the activities within the process and the organizational units involved. It further describes how the adoption process is affected by technological, organizational and environmental contextual factors. Our work contributes to the extent body of research on technology adoption in auditing by using a previously unused theoretical perspective, and contextualizing known factors of technology adoption. The findings presented in this paper emphasize the importance of technological capabilities of audit firms for the adoption of advanced data analytics; technological capabilities within audit teams can be leveraged to support both the ideation of possible use cases for advanced data analytics, as well as the diffusion of solutions into practice.     

Internal audit reporting lines,fraud risk decomposition,and assessments of fraud risk

The main purpose of this research is to examine the effects of internal audit reporting lines on fraud risk assessments made by internal auditors when the level of fraud risk varies. Significant emphasis has been placed on the importance of reporting lines in maintaining the autonomy of internal auditors, but the perceived benefits of requiring internal audit to report directly to the audit committee have not been validated or systematically investigated. Results of an experiment involving 172 experienced internal auditors and additional survey findings indicate that internal auditors perceive more personal threats when they report high levels of risk directly to the audit committee, relative to management. Perceived threats lead internal auditors to reduce assessed levels of fraud risk when reporting to the audit committee relative to when reporting to management. This finding runs counter to the anticipated benefits of requirements that the internal audit function report directly to the audit committee, and it reveals potential conflicts of interest and independence threats created by the audit committee itself. We also investigate the effects of fraud risk decomposition on risk assessments made by internal auditors. We find that fraud risk assessment decomposition does not have the same effects on internal auditors as it has on external auditors, and the effects of decomposition do not align with the expected benefits of decomposition.     

The role of audit evidence in a strategic audit

This study examines how audit risk (the probability of false acceptance) and its components change when the auditor obtains audit evidence in an acceptance sampling model. Inherent risk and audit risk increase with audit evidence if the auditee has a sufficiently strong incentive for committing fraud. Detection risk always increases when audit evidence is introduced. If the auditor has a sufficiently strong incentive for avoiding false rejection, audit risk also increases with audit evidence. The analysis indicates that requiring auditors to obtain information is not effective in preventing material misstatements in at least some instances.     

The attitude of Libyan auditors to inherent control risk assessment

Previous empirical evidence contradicts the practices of audit risk assessment recommended by the professional auditing standards. Key differences represent the presumption that auditors can readily distinguish between different categories of risk, how they assess such risks in practice, their application to the different account levels and their capacity to differentiate between what may constitute potentially high or low risks. The paper addresses these differences in the context of the Libyan auditors’ perceptions and practices. The nature and development of the audit profession in Libya makes this a good comparator for the US and UK contexts of audit behaviour. Equally importantly, the religious, political and socio-cultural context combined with Libya's role as an emergent economy is representative of many other economies in the world, thus providing a good comparator for assessing the validity and applicability of the established auditing management principles and procedures. One hundred and sixty four practicing auditors in Libya were investigated, initially by questionnaire and subsequently interview of a smaller sample of 20 auditors. The evidence reinforces prior empirical evidence that inherent and control risks are assessed interdependently, auditors are aware of the risk differentials depending on the level of account and are cognizant of factors normally associated with potentially high and low risk levels.     

An Application of Data Envelopment Analysis to the Evaluation of Audit Risk

This article demonstrates how data envelopment analysis can be used to weight audit risk factors. Data from a previously reported study applying the analytic hierarchy process is used to facilitate a comparison between these two methods. Data envelopment analysis (DEA) has several advantages, including the ability to accommodate a range of expert opinions on the importance of a specific risk factor, rather than using the median or mean value. DEA can be used to provide high-risk and low-risk assessments and provides benchmark audit units from which other units can be evaluated.     

The 'Independence' of Expert Opinions in Corporate Takeovers: Agreeing With Directors' Recommendations

Abstract:   The impact of non‐audit services on auditor independence has been the recent focus of regulators worldwide. Using expert reports provided in Australian takeovers, this study investigates a context where the audit independence issue is reversed. As approximately a quarter of expert reports are prepared by the target firm's auditor, concerns have been expressed over the independence of the opinion provided. This paper finds that, relative to other experts, there is no difference in the rate at which experts with other business dealings with the target, including the target's auditor, provide an opinion that agrees with that of directors. However, the capital market reaction around the release of the report indicates that reports produced by auditors are viewed as non‐independent.     

The Role of Risk Management and Governance in Determining Audit Demand

Abstract:  Most prior research into audit fees has been based on a theoretical model which treats audit fees as the by-product of a production function ignoring potential demand forces that may drive the level of the audit fee. Inspired by prior 'anomalous' results, we take a different perspective by focusing on demand factors that may affect the level of the audit fee. Using data collected from a sample of listed companies in Belgium, we consider both disclosures about risk and risk management and actual decisions about corporate governance to examine whether audit fees are higher when these demand forces exist. In general, we expect that external auditing will increase in situations where there are multiple stakeholders with individual risk profiles who can shift some of the cost of monitoring to other stakeholders. Consistent with our theory and expectations, our results indicate that audit fees are higher when a company has an audit committee, discloses a relatively high level of financial risk management, and has a larger proportion of independent Board Members. Audit fees are lower when a company discloses a relatively high level of compliance risk management. The latter result indicates that controls are only complementary as long as they are voluntary, as mandated controls act as substitutes for non-mandated controls.     

Triangulation of audit evidence in fraud risk assessments

Drawing on the triangulation framework of audit evidence ( and ), we experimentally test for the conditions, if any, under which financial-statement auditors alter their fraud-risk assessments based on whether external evidence provides positive or negative news about underlying business performance. We focus on the condition in which two kinds of management-controlled audit evidence – evidence from the financial statements and evidence from internal data depicting performance of a key business process – is contradicted by external evidence suggesting that a key business objective has not been attained. According to the triangulation framework, such contradictory external evidence should heighten auditors’ skepticism about the veracity of management-controlled evidence and increase their assessment of fraud risk.