Transforming audit technologies: Business risk audit methodologies and the audit field

Business Risk Audit (BRA) methodologies have been promoted by a number of the large audit firms in response, they claim, to the challenges of the information age and corporate clients’ needs for assurance. This paper subjects their claim to critical scrutiny, drawing on the perspectives of neo-institutional theories of legitimacy, the sociology of professional knowledge and the sociology of science and technology. To bring into play new Business Risk Audit methodologies a number of the larger firms have sought, through their auditing practice, to renegotiate the bases of their professional identity and status within audit firms and to widen their jurisdictional claims over other areas of expertise. These moves have been accompanied by the legitimation and embedding of Business Risk Audit in revised constructions of the market for audit, in abstract academic knowledges, reforms of professional education, and professional regulations. In providing a constructivist account of Business Risk Audit technologies, we argue for a theory of audit change that recognises (i) the centrality of legitimation processes and (ii) the co-construction of audit technology and the audit field.     

The process audit

Few executives question the idea that by redesigning business processes--work that runs from end to end across an enterprise--they can achieve extraordinary improvements in cost, quality, speed, profitability, and other key areas Yet in spite of their intentions and investments, many executives flounder, unsure about what exactly needs to be changed, by how much, and when. As a result, many organizations make little progress--if any at all--in their attempts to transform business processes. Michael Hammer has spent the past five years working with a group of leading companies to develop the Process and Enterprise Maturity Model (PEMM), a new framework that helps executives comprehend, formulate, and assess process-based transformation efforts. He has identified two distinct groups of characteristics that are needed for business processes to perform exceptionally well over a long period of time. Process enablers, which affect individual processes, determine how well a process is able to function. They are mutually interdependent--if any are missing, the others will be ineffective. However, enablers are not enough to develop high-performance processes; they only provide the potential to deliver high performance. A company must also possess or establish organizational capabilities that allow the business to offer a supportive environment. Together, the enablers and the capabilities provide an effective way for companies to plan and evaluate process-based transformations. PEMM is different from other frameworks, such as Capability Maturity Model Integration (CMMI), because it applies to all industries and all processes. The author describes how several companies--including Michelin, CSAA, Tetra Pak, Shell, Clorox, and Schneider National--have successfully used PEMM in various ways and at different stages to evaluate the progress of their process-based transformation efforts.     

The association between audit committee effectiveness and audit risk

Audit committees (ACs) are expected to play a key role in improving financial statement integrity and as a consequence reduce audit risk. Companies reporting conformity with regulations can have an AC that appears effective but is not actually effective in substance. We surveyed audit partners and managers to identify their indicators of actual AC effectiveness (auditor‐chosen list). We hypothesize a negative association between AC effectiveness and audit risk, only when an auditor‐chosen list, rather than extent of conformity with regulations, is used to measure effectiveness. Results support our expectations.     

审计风险与注册会计师的执业质量

审计风险是注册会计师执行审计业务时所面临的风险.目前,我国会计界对审计风险的确切定义是:当会计报表存在重大错报和漏报时,注册会计师审计后发表不恰当审计意见的可能性.也就是说,注册会计师如果想要使发表的意见有比较大的把握,那么他就只能接受较低的审计风险,即如果要求有99%的把握,那么审计风险就为1%;而如果有95%的把握就能令人满意,那么审计风险就为5%.上述定义从理论上看似乎讲得通,但在实践上却有其缺陷,实际上它并不能很好地说明注册会计师为什么要关注审计风险.本文拟重新定义审计风险,并据此探讨审计风险与提高注册会计师执业质量的关系.     

银行信息安全审计与操作风险控制

近年来，银行IT系统对银行业务的发展起到极大的推进作用。同时，随着银行业务对IT系统的依赖程度越来越高，IT风险对业务风险的影响也越来越大。而IT风险中70％以上属于操作风险，即由人工操作不当（无意或故意）引起的风险。因此，有效地控制IT风险，尤其是操作风险，对银行业务的安全运营至关重要。     

The SOX 404 control audit and the effectiveness of additional audit effort in lowering the risk of financial misstatements

Review of Quantitative Finance and Accounting - We examine the effectiveness of additional audit effort in lowering the risk of financial misstatements for companies with internal control material...     

Triangulation of audit evidence in fraud risk assessments

Drawing on the triangulation framework of audit evidence ( and ), we experimentally test for the conditions, if any, under which financial-statement auditors alter their fraud-risk assessments based on whether external evidence provides positive or negative news about underlying business performance. We focus on the condition in which two kinds of management-controlled audit evidence – evidence from the financial statements and evidence from internal data depicting performance of a key business process – is contradicted by external evidence suggesting that a key business objective has not been attained. According to the triangulation framework, such contradictory external evidence should heighten auditors’ skepticism about the veracity of management-controlled evidence and increase their assessment of fraud risk.     

商业银行的内部审计与风险控制

加强商业银行内部审计,有效控制风险,既是当前国有商业银行的重要任务,也是维护国家金融秩序稳定和防范金融风险的重要战略决策。因此,探索商业银行内部审计存在的问题和根源并加以解决,以建立有效的内部审计机制,防范经营风险,正确引导商业银行内部管理制度的改革,已成为一项重要的现实课题。商业银行内部审计的功能商业银行内部审计是商业银行监控系统的重要组成部分。它通过采用系统、严谨的方法,独立地、客观公正地对商业银行的内部活动和监控系统进行审查,并提出指导性建议。有效的商业银行内部审计有助于提高商业银行内部控制与监管工…     

财务报表审计风险及其规避

一、审计风险的影响 随着涉诉案件的一再发生,审计风险对注册会计师行业的影响越来越受到重视.这种影响有不利的方面,也有有利的方面.     

Internal control risk and audit fees: Evidence from China

This study examines the association between internal control risk and audit fees under the voluntary adopting regime of the Basic Standard of Enterprise Internal Control in China. We find that audit fees are positively related to disclosed internal control weaknesses (ICWs). In particular, they are significantly associated with non-financial reporting-related, but not with financial reporting-related, ICWs.Our results also indicate that voluntary assurance in internal control reports can mitigate higher audit fees associated with ICWs. Our study provides timely evidence relating to the debate on whether the scope of internal control should be expanded to non-financial reporting-related areas.     

The business risk audit: Origins, obstacles and opportunities

Is the business risk audit a better way to assess risks leading to focused audit testing, or is it simply a tool for generating opportunities to sell nonaudit services? Many feel strongly that the latter is more representative of the manner in which business risk audits were implemented. In this paper, I argue that the development of the business risk audit methodology in the 1990s was a complex process that arose naturally from the need to compensate for the commoditization of audits that occurred in the 1980s. The contemporaneous growth of risk management theories and processes provided a powerful perspective on which to base the re-engineering of the audit. However, the process of developing and implementing business risk audits was extremely difficult and may have run up against a number of unforeseen and unmanaged obstacles, particularly in regards to the existing rituals of the traditional audit. Given that the sales culture of consulting was taking hold among auditors at about the same time, it is possible that the well-intentioned efforts to revitalize the audit process were derailed by these difficulties and then diverted to support revenue growth via nonaudit services. When Enron and ensuing scandals occurred, questions arose as to whether the business risk audit was effective, or even appropriate. Regulatory initiatives that followed from the aftermath of Enron, such as an increased focus on management incentives for fraudulent reporting and greater in-depth analysis of internal controls, may provide a viable foundation for reconsidering business risk methods and melding the best of traditional substantive audits with the best of business risk auditing.     

The business risk audit – A longitudinal case study of an audit engagement

This study examines the impact of the Business Risk Audit (BRA), a development in audit methodology implemented in the late 1990s, on actual audit practice and on practitioners. Evidence is presented through a longitudinal case study developed from a set of actual audit files over a five year period spanning the implementation of the BRA, together with interviews with audit team members. The study contributes to our understanding of the nature of the audit techniques underlying the BRA and the difficulties experienced in implementing them within the existing organizational structures. In addition, the study illuminates the potentially conflicting roles of audit methodology in its organizational context, both in mediating the complex relationship between the administrators and practitioners in the large accounting firms and as the knowledge management structure used to support delivery of the “audit product”.     

小议审计项目风险控制制度的建立

一、建立业务洽谈与客户来访接待登记制度 为约束业务承接行为,在内部机构设置上,业务洽谈或客户来访接待登记部门与具体承办审计业务部门应分别设立,事务所应设立专门的机构人员负责客户的来访登记.     

Effect of audit report disclosure on auditor litigation risk

Internationally, the escalating number of cases levelled against auditors and the costs of defending such actions has led to the auditing profession calling for measures to reduce their liability burden. Relatively few measures have been taken by the auditing profession by way of adapting the disclosure contained in the audit report to mitigate their litigation risk. This study examines whether the issuance of an audit opinion with a going concern related ‘emphasis of matter’ paragraph or work practices disclosure has any effect on potential litigants' likelihood of pursuing litigation against the auditor. An analysis of 69 responses from advanced law students and 18 practitioners working in corporate liquidation demonstrate that a modified (but not qualified) audit report effectively acts as a ‘red flag’ and reduces potential litigants' propensity to initiate litigation. However, work practices disclosure did not significantly alter potential litigants' inclination to recommend litigation. Despite this finding, respondents (particularly liquidators) indicated that work practices disclosure was an important factor in their litigation decision. These results suggest that further investigation into how to effectively disclose the work done on audit and assurance engagements is needed. This has implications for standard setters and the auditing profession, especially considering recent changes in the disclosure contained in audit and assurance reports.     

Large audit firm premium and audit specialisation in the public sector

The outsourcing of public‐sector audits to the private sector is an important issue. This study examines the fee premium in the public sector by comparing audit fees between the government auditor and the Big5. The study (i) statistically adjusts for self‐selection bias, (ii) allows the slope coefficients in the audit fee model to vary between the Big5 and the government audit and (iii) estimates the counterfactual audit fee premium. The Big5 premium is around 23 percent. However, the variation in premium depends on whether the Big5 auditor is an industry or city specialist.     

Inherent risk assessment and audit firm technology: A contrast in world theories

Breaking from traditional thought, it has been increasingly argued that the observers of organizational action and the organizations that they observed are inextricably linked rather than independent of one another. Following this position, the world theories adopted and related root metaphors employed by these observers serve as an image of the structural relations that underlie human activities and are thus a mediating factor between the observer and the observed. It is positioned that world theories are not only reflective of reality, but also constitutive of it. This article considers the role of the mechanistics and organic world theories, along with their corresponding root metaphors and language, in shaping the independent audit with reference to a five-phase field study of how auditors assess inherent risk. Implications for research are considered.     

Auditor specialization, perceived audit quality, and audit fees in the local government audit market

Prior governmental research implies a positive relation between auditor specialization and audit quality, but the effect of specialization on audit fees is mixed. However, no single governmental study investigates the effect of auditor specialization on both audit quality and audit fees. Also, prior studies focus on either large- or small audit firms and often employ indirect proxies for audit quality. We study the effects of auditor specialization on perceived audit quality and audit fees. Our data represent both Big 5 and smaller audit firms and include three market-based measures of specialization. We survey 241 Florida local government finance directors and find that specialization is positively associated with perceived audit quality but not with audit fees. We also find that Big 5 auditors, often used as a proxy for higher audit quality in prior research, are not uniformly associated with increased perceived audit quality but consistently charge higher audit fees. Our results confirm a relation between measures of audit firm specialization and audit quality and raise questions regarding audit firm size and audit quality in the municipal sector. Our findings suggest that engaging specialized auditors may be good policy for many local governments.     

Friction in the trading process and the estimation of systematic risk

This paper considers how estimates of the market model beta parameter can be biased by friction in the trading process (information, decision, and transaction costs) that (a) leads to a distinction between observed and ‘true’ returns; (b) causes observed returns to be generated asynchronously for a set of interdependent securities; and (c) thereby introduces serial cross-correlation into security returns. Several propositions are derived from which consistent estimators of beta are obtained, and the effect of differencing interval length on beta estimates is specified. The formulation is contrasted with the related analyses of Scholes-Williams (1977) and Dimson (1979).     

如何降低房地产开发企业年报审计风险

从行业的经营特征来看,房地产开发企业的成本、收入、税金和资产确认的主观性都高于一般的工商企业.这就相应加大了注册会计师合理把握相关审计准则的难度.从1999年深沪两市的房地产开发企业的审计报告来看,总共33家公司,出具标准无保留意见审计报告的22家,占67%;而出具非标准无保留意见审计报告的却有11家,占33%.     

The influence of litigation risk and internal audit source on reliance decisions

External auditor reliance on the work of internal auditors in an integrated audit of the financial statements and internal control is an important audit planning procedure that can impact audit efficiency and effectiveness. The purpose of this study is to examine how perceived auditor litigation risk and internal audit source affect external auditors' reliance decisions in an integrated audit environment under varying levels of risk of material misstatement. In an experimental study using 89 practicing Big 4 auditors, this study finds that auditors who perceive low litigation risk from placing reliance on the work of internal auditors will rely more on outsourced internal auditors than in-house internal auditors. The results also show that auditors' reliance decisions are sensitive to the level of account risk consistent with the risk-based approach to the integrated audit encouraged by the PCAOB.