The Regulation of Public Company Auditing: Evidence from the Transition to AS5

The replacement of Auditing Standard No. 2 (AS2) by Auditing Standard No. 5 (AS5) creates a natural experiment that sheds light on (1) potential inefficiencies caused by regulatory responses to a political crisis and (2) audit efficiency and effectiveness improvements resulting from the risk‐based approach embodied in AS5. We study these effects by examining the impact of AS5 on audit fees. We find that AS5 audit fees are aligned with auditee fraud risk, but not AS2 audit fees. Second, relative to AS2 benchmark levels, AS5 audit fees are, on average, lower for all auditees. Third, relative to AS2 benchmarks, AS5 fees are lower for lower‐fraud‐risk auditees but greater for higher‐fraud‐risk auditees. Overall, the evidence is consistent with (1) initial overregulation (via AS2) followed by reform (via AS5) and (2) auditors deploying a risk‐based audit approach to obtain both efficiency and potential effectiveness gains in audit production.     

Alternatives for addressing major challenges in teaching introductory auditing courses

Due to the numerous and extensive recent changes in business, regulatory, and auditing environments, instructors are faced with difficult choices when designing an introductory auditing course that sufficiently meets the needs of students and the firms that will employ them. Instructors whose students are primarily hired by firms that audit SEC registered companies, for example, might allocate significant class time to PCAOB Auditing Standard No. 5 [Public Company Accounting Oversight Board (2007). Board proposes new standard on internal control over financial reporting. www.pcaob.com]. On the other hand, instructors whose students are primarily hired by firms that audit non-SEC registered companies, might allocate significant class time to reviews and agreed-upon procedure services. This paper presents four alternatives for designing introductory auditing courses, and discusses some of the major issues and constraints that instructors should consider in choosing which alternative best suits their needs. Finally, the paper provides an example that illustrates the differences among the four alternatives by discussing how each might incorporate one such specific regulatory change—PCAOB Auditing Standard No. 5.     

CFOs’ and public accountants’ perceptions of material weaknesses in internal control areas as required by Section 404 of the Sarbanes-Oxley act

One of the most controversial aspects of the Sarbanes-Oxley Act of 2002 (SOA) is related to Section 404, which requires management to assess the entity’s internal controls, and then its independent auditor to attest and report on management’s assessment. The auditing standard governing this requirement was promulgated by the Public Company Accounting Oversight Board (PCAOB). Its title is Auditing Standard (AS) No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements [Public Company Accounting Oversight Board (PCAOB) (2004). An audit of internal control over financial reporting performed in conjunction with an audit of financial statements. Auditing Standard No. 2, Washington, DC: PCAOB]. AS No. 2 requires, among other things, that management must disclose any “material weaknesses” in internal controls. However, absent any guidance other than definitions from the PCAOB, management and independent auditors are left to their own judgment to define and recognize “material weakness in internal control” or “significant deficiency” while implementing AS No. 2. The research question, then, becomes to what extent, if any, are weaknesses in internal control over financial reporting consistently assessed, recognized and agreed upon by both parties? Or does their professional judgment and point of view cause different perceptions? Most of the Section 404 research has focused on the characteristics of the material weaknesses disclosed (and the capital market or other impacts of reported material weaknesses). This study, in contrast, is behavioral in context, and examines the perceptions of CFOs and CPAs as to whether they believe an internal control material weakness exists under four independent scenarios. The results indicate that the CPAs were significantly more conservative in their assessments in two of the four cases.     

Herbal Pharma Inc.: Conducting an Effective Group Audit*

As the relative weight of global economic activity continues to shift toward non-OECD countries (OECD 2018), audit firms are more likely to encounter clients with significant business operations in foreign jurisdictions. The associated need to engage and oversee local component auditors in these jurisdictions can lead to challenges arising from different business cultures and the resulting intra-audit miscommunications. Audit deficiencies related to these challenges have been detected by regulators (PCAOB 2011, 2010; CPAB 2012, 2015). Standard setters such as the IAASB and the Auditing and Assurance Standards Board (AASB) have responded by issuing an exposure draft proposing revisions to ISA 600 (IAASB 2020) and CAS 600 (AASB 2020) to strengthen the auditor's approach and provide enhanced guidance to practitioners. In light of this evolving area of assurance, this case was developed to deepen students' understanding of both group and component audits in an international context. The case takes the perspective of the group auditor and features an audit senior in a specialized role overseeing the component audit of a client's increasingly material Chinese subsidiary. Deficiencies in the prior year component audit, along with a change in the component auditor, further underlines the importance of robust risk analysis for the upcoming engagement.     

美国内部控制审计制度及其对我国的启示

内部控制审计是提升企业内部控制有效性的重要制度安排。美国已建立起由SOX法案、SEC最终规则和PCAOB审计准则构成的内部控制审计制度体系,相关规定基本协调一致、相互配合。我国在充分借鉴美国经验的基础上,已于2010年4月初步确立了内部控制审计制度。我国内部控制审计制度演进的基本特征表现为：在注册会计师的保证程度上,从有限保证演变为合理保证;在审计范围上,从财务报告内部控制演变为广义的内部控制;在审计方法上,趋向于内部控制审计与财务报表审计的整合。     

A practical road map for assessing cyber risk

The increase in interconnectivity and developments in technology have caused cyber security to become a universal concern. This paper highlights the dangers of the evolution of cyber risk, the challenges of quantifying the impact of cyber-attacks and the feasibility of the traditional actuarial methodologies for quantifying cyber losses. In this paper, we present a practical roadmap for assessing cyber risk, a roadmap that emphasizes the importance of developing a company and culture-specific risk and resilience model. We develop a structure for a Bayesian network to model the financial loss as a function of the key drivers of risk and resilience. We use qualitative scorecard assessment to determine the level of cyber risk exposure and evaluate the effectiveness of resilience efforts in the organization. We highlight the importance of capitalizing on the knowledge of experts within the organization and discuss methods for aggregating multiple assessments. From an enterprise risk management perspective, impact on value should be the primary concern of managers. This paper uses a value-centric/reputational approach to risk management rather than a regulatory/capital-centric approach to risk.     

A note on perceptions of auditors’ internal control report mandated by the PCAOB: Can reformatting the report enhance perceived value added?

The auditor’s report is a critical link in communicating financial data to users. Because of substantial audit costs incurred in integrated audits, the perceived value added by the auditor’s report becomes even more important. The auditor’s report prescribed by Auditing Standard No. 2 (and the new Auditing Standard No. 5) issued by the Public Company Accounting Oversight Board (PCAOB) includes a limitations paragraph. The SAS 58 audit report format that has been in use over 15 years does not contain a limitations paragraph. The SAS 58 report likely serves as a mental frame of reference (a referent report) for users evaluating other independent auditor’s report formats relating to assurance services, including the AS2 and AS5 reports. Whether inclusion of a limitations paragraph could adversely affect the users’ evaluation of the AS2 report is the focus of this study. In light of the publicity given to fraudulent financial reporting and other prevailing economic/environmental conditions, it is reasonable for users to expect that the auditor’s report provide a high degree of assurance regarding material fraud.We extend the [Foster, B. P., McClain, G., Shastri, T. (2005). A note on Pre-Sarbanes-Oxley Act users’ and auditors’ perceptions of a limitations paragraph in the auditor’s internal control report. Research in Accounting Regulations, 18, 195-217] study, by focusing on the AS2 report using data obtained about user perceptions from a field experiment conducted with MBA students. Results suggest that users perceive that an internal control report format without the limitations paragraph will enhance the readability and reliability of the report, and reduce the level of accommodation (additional information) required for decision making. Users perceive that the auditors’ exposure/liability is likely to remain substantially the same whether or not the report format includes a limitations paragraph. Also, users perceive that incorporating fraud wording would further enhance the readability and reliability dimensions of the internal control report format without the limitations paragraph. Taken collectively, the auditor’s report format with fraud wording, but without the limitations paragraph likely maximizes economic benefit accruing to users by minimizing their information risk. Policy-making bodies may find the results and approach taken in this study useful to evaluate report formats for assurance services.     

Assessing business risk: The case of Premier Punch, Inc

The recently issued Statement on Auditing Standards No. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, emphasizes the need for auditors to understand the client’s business and environment, particularly the client’s business risk [American Institute of Certified Public Accountants (AICPA) (2006a), understanding the entity and its environment and assessing the risks of material misstatement, Statement on Auditing Standards No. 109. New York, NY: AICPA]. However, the manner in which auditors obtain such an understanding, especially an auditor’s assessment of a client’s business risk, is often challenging for students because they lack the business experience necessary to perform such an assessment. This case provides students with an opportunity to assess business risk in a realistic context that includes evidence beyond the content of the financial statements. Company information is provided via a webpage (www.premierpunch.com) with content similar to that of an actual investor relations site. Students must evaluate the information presented in the company’s annual report, press releases and other sources, and consider the impact of that information on several facets of business risk. Students also perform an analytical review of the company’s financial statements and synthesize the case information into a professional memo containing their assessment of business risk.     

The influence of litigation risk and internal audit source on reliance decisions

External auditor reliance on the work of internal auditors in an integrated audit of the financial statements and internal control is an important audit planning procedure that can impact audit efficiency and effectiveness. The purpose of this study is to examine how perceived auditor litigation risk and internal audit source affect external auditors' reliance decisions in an integrated audit environment under varying levels of risk of material misstatement. In an experimental study using 89 practicing Big 4 auditors, this study finds that auditors who perceive low litigation risk from placing reliance on the work of internal auditors will rely more on outsourced internal auditors than in-house internal auditors. The results also show that auditors' reliance decisions are sensitive to the level of account risk consistent with the risk-based approach to the integrated audit encouraged by the PCAOB.     

现代风险导向审计与项目审计工时:来自中国证券市场的初步证据

2007年审计准则变更将现代风险导向审计引入了中国证券市场,旨在提高审计的效率和效果。本文为了检验2007年审计准则和现代风险导向审计在中国的应用效果,对准则变更前后审计项目投入的水平进行了比较。我们发现:(1)现代风险导向审计提高了会计师事务所的审计效率;(2)现代风险导向审计在一定程度上提高了会计师事务所对高风险客户的关注程度;(3)四大将新旧审计准则的转换成本部分转移给其客户,而非四大在市场竞争的作用下自行承担了转换成本。     

Audit quality indicators: Perspectives from Non-Big Four audit firms and small company audit committees

Through a combined study, we explore the professional perspectives of two distinct PCAOB constituent groups related to the PCAOB's proposed regulatory approach for audit quality indicators. First, we examine the comment letters of Non-Big Four audit firms and find that this specific constituent group views most of the PCAOB's proposed audit quality indicators as infeasible and redundant. Further, Non-Big Four audit firms contend that the indicators require greater clarification from the regulator as well as substantial accompanying qualitative context to avoid misinterpretation that may lead to unintended consequences. Second, we survey a collection of audit committee members from small, publicly-traded companies regarding the current evaluation and perceived effectiveness of eleven specific PCAOB audit quality indicators, each of which is well-established in the extant audit quality literature. We find indicators related to auditor personnel with specialized skill and knowledge, experience of audit personnel, and the timely reporting of internal control issues are perceived to possess the highest level of effectiveness in the evaluation of audit quality.     

Do PCAOB Inspections Improve the Accuracy of Accounting Estimates?

Despite issuing extensive guidance related to the evaluation of accounting estimates, the PCAOB continues to identify deficiencies related to the audit of estimates through their inspections process. We examine whether PCAOB inspections lead to more accurate audited accounting estimates, defined as those that more closely match economic reality, by examining a significant estimate within the banking industry. We find that in contrast with the PCAOB's goal of more accurate and unbiased estimates, allowance for loan losses (ALL) estimates become less accurate and more conservative with higher levels of ALL‐related inspection findings for public company audits. We find no evidence of auditor response to PCAOB inspection findings for private‐company audits, which are not subject to PCAOB inspection. Overall, our findings cast doubt on the efficacy of PCAOB inspections in improving estimate accuracy and suggest that firms are managing inspection risk to the potential detriment of audit quality.     

Inherent risk: An investigation of auditors' judgments

The assessment of inherent risk is a judgment required of auditors by Statement on Auditing Standards 47 (Auditing Standards Board, AICPA, New York, 1983) that normatively affects the scope of work performed on audit engagements. This study explores the judgments of auditors concerning inherent risk in inventory. Four inherent risk factors were examined: turnover of the controller, financing pressure, the amount of complexity of overhead in inventory, and the quality of the personnel responsible for the inventory calculation. A human information processing approach employing ANOVA was utilized to determine the relative reliance on these factors in the inherent risk judgments of 65 practicing auditors. Correlation techniques were used to measure consensus, reliability, and self-insight.The results suggest that although all four inherent risk factors were important to auditors, quality of personnel was the most significant. Reliability was slightly lower than in previous research, but was still fairly high. Self-insight was moderate.     

Assessing inherent risk during audit planning: The development of a knowledge based model

Within the academic and professional auditing communities there has been growing concern with accurately assessing the various risks associated with the performance of an audit. One approach to developing sophisticated risk assessment models is to study how experienced expert auditors use industry and firm specific factors in making audit judgements. This study presents a model of inherent risk assessment based on literature reviews and a field study that involved structured and unstructured interviews and observations of experts in audit planning meetings. Analysis of the data gathered led to the specification of a conceptual model of inherent risk assessment which has been implemented as a computer program (a computational model). Auditors were asked to assess the behavior and performance of the computational model as a first step in evaluating the expert model.     

Comparing self-regulation and statutory regulation: Evidence from the accounting profession

The accounting profession in the United States recently shifted from self-regulation by peer review to statutory regulation by the Public Company Accounting Oversight Board (PCAOB). Using this shift, I compare outcomes from self-regulation and statutory regulation for the same group of firms. I find that firms choosing their own reviewers, and firms choosing reviewers likely to be connected through prior relationships, tend to receive peer review opinions more favourable than their subsequent PCAOB reports, suggesting that some firms obtained ‘friendly’ reviews in the peer review era. On the other hand, reviewers with relevant industry knowledge are less likely to give such favourable reviews. Further, reviewers from the same geographic area are likely to give peer reviews that are more negative than the subsequent PCAOB reports. Additional analysis suggests that peer reviewers from similar industry or geographic areas bring greater firm-specific expertise to the reviewing process. In the PCAOB regime, I find that firms inspected later tend to receive PCAOB reports more favourable than their peer reviews, suggesting some trends over time in PCAOB reporting. Overall, the findings help in understanding the influences on each approach to regulation, and suggest a nuanced understanding of both approaches as having strengths as well as weaknesses.     

Risk assessment based on the analysis of the impact of contagion flow

This paper presents a new framework to model and calibrate the process of firm value evolution when an unanticipated exogenous event impacting one firm can contagiously affect other firms. The nature of propagation of such contagion is determined by the underlying connections between firms, which can adversely affect the tail risks of firm value, hence the securities issued by the firm. This paper combines the insights gained from the existing firm-value models and historical events into a structural model for flow of contagion among firms using a network-based approach. Rather than using stylized networks, we develop a data-driven approach for network construction where we define and calibrate several contagion variables to model the spread of contagion. This framework is applied for assessing firm-level risk under downside risk measures. Using actual data, our model illustrates how connections between firms can lead to heavy-tailed default distributions and default clustering observed in practice.     

The model of risk assessment of greywater discharges from the Danube River ships

Having in mind the immense value of the Danube River and knowing that risk assessment of its pollution is one of the key elements for ecology and the health of people in its region, in this paper we emphasized the importance of risk assessment of ship-generated wastewater – particularly in the case of greywater discharges. Although, a number of methods for measuring and analysing different environmental risks have been developed, previous research shows that the failure mode and effect analysis (FMEA) method is applicable in solving environmental issues. Therefore, we conducted our research with the main purpose to develop a model of FMEA method application for assessing the risks of ship-generated greywater discharges based on estimated data for total quantity of greywater, the size of the exposed population to the pollution of greywater and the possibilities of this pollution detection. Risk analysis was performed on official data for nine ports on the Danube River on inland waterways of the Republic of Serbia. Based on the obtained results, we concluded that measures, recommendations and risk prevention strategies for ship-generated greywater discharges should go into two major directions: (1) decreasing the pollution caused by greywater discharges; (2) increasing the number of water quality monitoring stations.     

Can the academic literature contribute to the debate over mandatory audit firm rotation?

Recently, the Public Company Accounting Oversight Board (PCAOB) issued a concept release soliciting public recommendations to improve auditor independence and audit quality (PCAOB, 2011). The focus of the release is on mandatory audit firm rotation (MAFR) with a request for commentaries addressing the advantages and disadvantages of MAFR. In this paper, we briefly summarize the recent literature on mandatory audit firm rotation and suggest how it can be useful to regulators as they consider the implementation of mandatory rotation. We find that the conclusions reached about the possible effectiveness of MAFR appear to depend on the type of data used (voluntary vs. mandatory auditor changes), suggesting that regulators should exercise care when drawing inferences from past audit firm rotation research.     

MEASURING HEDGE EFFECTIVENESS FOR FAS 133 COMPLIANCE

Financial Accounting Standard (FAS) 133 requires business entities to document their anticipation of hedge effectiveness in order to qualify for hedge accounting treatment of gains and losses from financial derivatives. In the absence of specific guidelines, the accounting industry has espoused the "80–125" rule for determining hedge effectiveness. But the authors observe that meaningful assessment of anticipated hedge effectiveness must consider two distinct aspects of a firm's hedging strategy: (1) the strength of the hedging relationship, which is determined by the choice of the hedging instrument; and (2) the position taken in the hedging instrument relative to the holdings of the hedged item. They take both aspects of hedging into consideration in developing alternative measures of hedge effectiveness and distinguishing between the potential and attained effectiveness of a particular hedge. This approach enables the user to evaluate the relative merits of alternative hedging strategies to support risk management decisions, and also to document a selected hedging strategy's anticipated effectiveness for purposes of compliance with FAS 133. While the authors endorse a fairly broad interpretation of hedge effectiveness, their approach can also be used in the narrower context of an "80–125" rule.     

A Framework for Identifying (and Avoiding) Fraudulent Financial Reporting*

This commentary analyzes the relationship of fraud risk assessments to other risk assessments by auditors. The Public Company Accounting Oversight Board notes that this is a problem area of current practice. Effective detection of fraudulent financial reporting requires an integrative accounting/auditing conceptual framework. As a result, this paper is as much about accounting theory as it is about auditing. To simplify the development of such an integrated framework, this paper uses an expanded risk model. This effectively results in a risk perspective on fraudulent financial reporting. There are many potential implications but the major findings are as follows. First, the study identifies the crucial role of benchmarks based on acceptable levels of risk to help differentiate between intentional and unintentional misstatements. Such differentiation is critical to successfully implementing the American Institute of Certified Public Accountants' Statement on Auditing Standards (SAS) No. 99 and international standards ISA Nos. 240, 540, and 700. Second, the paper shows the importance of not allowing the major categories of risks identified here from getting too high. This paper explains the need to set acceptable levels of these risks, either by standard‐setters as a matter of broad policy, or by individual practitioners as part of the terms of specific engagements. I propose that a major factor in the concept of “present fairly” be the acceptable levels of accounting risks that are defined here, especially the risks due to intentional forecast errors. Third, this paper clarifies how the fraud risk of SAS No. 99, and similar international standards, relates to the current audit risk model framework.