Transforming audit technologies: Business risk audit methodologies and the audit field

Business Risk Audit (BRA) methodologies have been promoted by a number of the large audit firms in response, they claim, to the challenges of the information age and corporate clients’ needs for assurance. This paper subjects their claim to critical scrutiny, drawing on the perspectives of neo-institutional theories of legitimacy, the sociology of professional knowledge and the sociology of science and technology. To bring into play new Business Risk Audit methodologies a number of the larger firms have sought, through their auditing practice, to renegotiate the bases of their professional identity and status within audit firms and to widen their jurisdictional claims over other areas of expertise. These moves have been accompanied by the legitimation and embedding of Business Risk Audit in revised constructions of the market for audit, in abstract academic knowledges, reforms of professional education, and professional regulations. In providing a constructivist account of Business Risk Audit technologies, we argue for a theory of audit change that recognises (i) the centrality of legitimation processes and (ii) the co-construction of audit technology and the audit field.     

How audit effort affects audit quality: An audit process and audit output perspective

Using a unique dataset of audit days in China from 2006 to 2011, this paper examines the relationship between audit effort and audit quality from the perspective of audit process and audit output. The results show that audit effort significantly increases the probability of audit adjustments, which inhibits positive earnings management and improves the quality of audited financial statements. We also find that audit effort does not have a significant effect on the issuance of modified audit opinions overall, but that a modified audit opinion is more likely to be issued in the absence of an audit adjustment. Furthermore, we find that the impact of audit effort on audit quality is attenuated when clients are more complex and when audit firms are larger. Collectively, our evidence suggests that audit effort plays an important role in improving audit quality by influencing audit process and audit output. Our study extends the literature on the impact of audit effort on audit quality in emerging markets, and the conclusions have important implications for the improvement of China’s audit market efficiency.     

The process audit

Few executives question the idea that by redesigning business processes--work that runs from end to end across an enterprise--they can achieve extraordinary improvements in cost, quality, speed, profitability, and other key areas Yet in spite of their intentions and investments, many executives flounder, unsure about what exactly needs to be changed, by how much, and when. As a result, many organizations make little progress--if any at all--in their attempts to transform business processes. Michael Hammer has spent the past five years working with a group of leading companies to develop the Process and Enterprise Maturity Model (PEMM), a new framework that helps executives comprehend, formulate, and assess process-based transformation efforts. He has identified two distinct groups of characteristics that are needed for business processes to perform exceptionally well over a long period of time. Process enablers, which affect individual processes, determine how well a process is able to function. They are mutually interdependent--if any are missing, the others will be ineffective. However, enablers are not enough to develop high-performance processes; they only provide the potential to deliver high performance. A company must also possess or establish organizational capabilities that allow the business to offer a supportive environment. Together, the enablers and the capabilities provide an effective way for companies to plan and evaluate process-based transformations. PEMM is different from other frameworks, such as Capability Maturity Model Integration (CMMI), because it applies to all industries and all processes. The author describes how several companies--including Michelin, CSAA, Tetra Pak, Shell, Clorox, and Schneider National--have successfully used PEMM in various ways and at different stages to evaluate the progress of their process-based transformation efforts.     

The association between audit committee effectiveness and audit risk

Audit committees (ACs) are expected to play a key role in improving financial statement integrity and as a consequence reduce audit risk. Companies reporting conformity with regulations can have an AC that appears effective but is not actually effective in substance. We surveyed audit partners and managers to identify their indicators of actual AC effectiveness (auditor‐chosen list). We hypothesize a negative association between AC effectiveness and audit risk, only when an auditor‐chosen list, rather than extent of conformity with regulations, is used to measure effectiveness. Results support our expectations.     

审计风险与注册会计师的执业质量

审计风险是注册会计师执行审计业务时所面临的风险.目前,我国会计界对审计风险的确切定义是:当会计报表存在重大错报和漏报时,注册会计师审计后发表不恰当审计意见的可能性.也就是说,注册会计师如果想要使发表的意见有比较大的把握,那么他就只能接受较低的审计风险,即如果要求有99%的把握,那么审计风险就为1%;而如果有95%的把握就能令人满意,那么审计风险就为5%.上述定义从理论上看似乎讲得通,但在实践上却有其缺陷,实际上它并不能很好地说明注册会计师为什么要关注审计风险.本文拟重新定义审计风险,并据此探讨审计风险与提高注册会计师执业质量的关系.     

IT infusion within the audit process: Spreadsheet use in small audit firms

This study examines spreadsheet use during different phases of the audit process using a series of case studies on independent, local non-Big 4, audit firms in Thailand. Our study adopted the concept of infusion, i.e., the use of IT to its fullest potential within work processes. We used multiple data collection methods, including face-to-face interviews and the examination of commonly used spreadsheets. The study defined a way of measuring spreadsheet infusion in the audit process based on extended, integrative and emergent use. The data provides new insights into how spreadsheets are used by audit firms. Spreadsheet infusion varied considerably across the firms, which indicates significant opportunities for increased sophistication in spreadsheet use for some small audit firms. The study also identifies many enablers of spreadsheet infusion, including IT competence, IT champion, size and complexity of clients, external support, relative advantage and observability. In contrast, staff turnover, lack of partner support, and clients' willingness to provide soft copy data were noted as infusion inhibitors. By successfully extending infusion literature into the audit arena, this study provides a basis for studying the post-adoption behaviors associated with other applications of IT in auditing.     

银行信息安全审计与操作风险控制

近年来，银行IT系统对银行业务的发展起到极大的推进作用。同时，随着银行业务对IT系统的依赖程度越来越高，IT风险对业务风险的影响也越来越大。而IT风险中70％以上属于操作风险，即由人工操作不当（无意或故意）引起的风险。因此，有效地控制IT风险，尤其是操作风险，对银行业务的安全运营至关重要。     

The SOX 404 control audit and the effectiveness of additional audit effort in lowering the risk of financial misstatements

Review of Quantitative Finance and Accounting - We examine the effectiveness of additional audit effort in lowering the risk of financial misstatements for companies with internal control material...     

商业银行的内部审计与风险控制

加强商业银行内部审计,有效控制风险,既是当前国有商业银行的重要任务,也是维护国家金融秩序稳定和防范金融风险的重要战略决策。因此,探索商业银行内部审计存在的问题和根源并加以解决,以建立有效的内部审计机制,防范经营风险,正确引导商业银行内部管理制度的改革,已成为一项重要的现实课题。商业银行内部审计的功能商业银行内部审计是商业银行监控系统的重要组成部分。它通过采用系统、严谨的方法,独立地、客观公正地对商业银行的内部活动和监控系统进行审查,并提出指导性建议。有效的商业银行内部审计有助于提高商业银行内部控制与监管工…     

Triangulation of audit evidence in fraud risk assessments

Drawing on the triangulation framework of audit evidence ( and ), we experimentally test for the conditions, if any, under which financial-statement auditors alter their fraud-risk assessments based on whether external evidence provides positive or negative news about underlying business performance. We focus on the condition in which two kinds of management-controlled audit evidence – evidence from the financial statements and evidence from internal data depicting performance of a key business process – is contradicted by external evidence suggesting that a key business objective has not been attained. According to the triangulation framework, such contradictory external evidence should heighten auditors’ skepticism about the veracity of management-controlled evidence and increase their assessment of fraud risk.     

State audit budgets and market assessments of credit risk

While financial statement auditing dominates the market for corporate auditing, internal controls and operational auditing appear to be emphasized in governmental markets. The size of the governmental audit budget (beyond the minimum level prescribed by generally accepted auditing standards) is ultimately a cost/benefit decision, with lower borrowing costs being one of several potential benefits. In testing for empirical regularities between auditing quantity and investor decisions, we found the size of the audit budget to be indeed associated with borrowing costs, but the direction of the relationship was anomalous. The anomalous positive sign for the audit budget variable could be due to self-selection bias. Self-selection bias is a confounding effect that has come up repeatedly to muddy the interpretation of empirical findings in prior (corporate) market based research on discretionary accounting variables. The supply of (discretionary) internal and operational audits may be driven by operational considerations (e.g., internal control weaknesses), which cannot be directly observed by outsiders. The bond markets may be interpreting the size of the audit budget as a signal about underlying economic characteristics that make the state a more risky investment. Alternatively, larger state audit budgets may signal less use of private sector auditors and be interpreted as less useful to investors (though, possibly more useful to governmental concerns focusing on compliance issues). Despite the inclusion of CPAs' audit fees in state budgets, the signal “inferred” for the state's municipalities may have a carryover effect onto state issues.     

财务报表审计风险及其规避

一、审计风险的影响 随着涉诉案件的一再发生,审计风险对注册会计师行业的影响越来越受到重视.这种影响有不利的方面,也有有利的方面.     

Internal audit reporting lines,fraud risk decomposition,and assessments of fraud risk

The main purpose of this research is to examine the effects of internal audit reporting lines on fraud risk assessments made by internal auditors when the level of fraud risk varies. Significant emphasis has been placed on the importance of reporting lines in maintaining the autonomy of internal auditors, but the perceived benefits of requiring internal audit to report directly to the audit committee have not been validated or systematically investigated. Results of an experiment involving 172 experienced internal auditors and additional survey findings indicate that internal auditors perceive more personal threats when they report high levels of risk directly to the audit committee, relative to management. Perceived threats lead internal auditors to reduce assessed levels of fraud risk when reporting to the audit committee relative to when reporting to management. This finding runs counter to the anticipated benefits of requirements that the internal audit function report directly to the audit committee, and it reveals potential conflicts of interest and independence threats created by the audit committee itself. We also investigate the effects of fraud risk decomposition on risk assessments made by internal auditors. We find that fraud risk assessment decomposition does not have the same effects on internal auditors as it has on external auditors, and the effects of decomposition do not align with the expected benefits of decomposition.     

The business risk audit: Origins, obstacles and opportunities

Is the business risk audit a better way to assess risks leading to focused audit testing, or is it simply a tool for generating opportunities to sell nonaudit services? Many feel strongly that the latter is more representative of the manner in which business risk audits were implemented. In this paper, I argue that the development of the business risk audit methodology in the 1990s was a complex process that arose naturally from the need to compensate for the commoditization of audits that occurred in the 1980s. The contemporaneous growth of risk management theories and processes provided a powerful perspective on which to base the re-engineering of the audit. However, the process of developing and implementing business risk audits was extremely difficult and may have run up against a number of unforeseen and unmanaged obstacles, particularly in regards to the existing rituals of the traditional audit. Given that the sales culture of consulting was taking hold among auditors at about the same time, it is possible that the well-intentioned efforts to revitalize the audit process were derailed by these difficulties and then diverted to support revenue growth via nonaudit services. When Enron and ensuing scandals occurred, questions arose as to whether the business risk audit was effective, or even appropriate. Regulatory initiatives that followed from the aftermath of Enron, such as an increased focus on management incentives for fraudulent reporting and greater in-depth analysis of internal controls, may provide a viable foundation for reconsidering business risk methods and melding the best of traditional substantive audits with the best of business risk auditing.     

Internal control risk and audit fees: Evidence from China

This study examines the association between internal control risk and audit fees under the voluntary adopting regime of the Basic Standard of Enterprise Internal Control in China. We find that audit fees are positively related to disclosed internal control weaknesses (ICWs). In particular, they are significantly associated with non-financial reporting-related, but not with financial reporting-related, ICWs.Our results also indicate that voluntary assurance in internal control reports can mitigate higher audit fees associated with ICWs. Our study provides timely evidence relating to the debate on whether the scope of internal control should be expanded to non-financial reporting-related areas.     

The business risk audit – A longitudinal case study of an audit engagement

This study examines the impact of the Business Risk Audit (BRA), a development in audit methodology implemented in the late 1990s, on actual audit practice and on practitioners. Evidence is presented through a longitudinal case study developed from a set of actual audit files over a five year period spanning the implementation of the BRA, together with interviews with audit team members. The study contributes to our understanding of the nature of the audit techniques underlying the BRA and the difficulties experienced in implementing them within the existing organizational structures. In addition, the study illuminates the potentially conflicting roles of audit methodology in its organizational context, both in mediating the complex relationship between the administrators and practitioners in the large accounting firms and as the knowledge management structure used to support delivery of the “audit product”.     

The effect of audit market structure on audit quality and audit pricing in the private-client market

This study examines whether audit market structure affects audit quality and audit pricing. We analyze two conceptually distinct dimensions of market structure: audit market concentration and client mobility. Focusing on the private-client segment of the Belgian audit market, we compare the pricing and quality effects of market structure between the segment of small and medium-sized (SME) clients and the segment of large clients to test how audit complexity moderates such effects. We find that market concentration impairs price and quality competition in the SME-client segment. Market concentration is unrelated to audit quality in the large-client segment, where we argue that concentration is endogenous to audit complexity. Furthermore, we find that client mobility stimulates price competition in both segments but improves audit quality only in the large-client segment. We interpret our findings as evidence that (a) audit market concentration impairs competition especially when audits have low complexity and that (b) the large-client market segment, characterized by higher audit complexity and higher market concentration, can also be price and quality competitive if clients are sufficiently mobile, and change auditors relatively frequently.     

Large audit firm premium and audit specialisation in the public sector

The outsourcing of public‐sector audits to the private sector is an important issue. This study examines the fee premium in the public sector by comparing audit fees between the government auditor and the Big5. The study (i) statistically adjusts for self‐selection bias, (ii) allows the slope coefficients in the audit fee model to vary between the Big5 and the government audit and (iii) estimates the counterfactual audit fee premium. The Big5 premium is around 23 percent. However, the variation in premium depends on whether the Big5 auditor is an industry or city specialist.     

Effect of audit report disclosure on auditor litigation risk

Internationally, the escalating number of cases levelled against auditors and the costs of defending such actions has led to the auditing profession calling for measures to reduce their liability burden. Relatively few measures have been taken by the auditing profession by way of adapting the disclosure contained in the audit report to mitigate their litigation risk. This study examines whether the issuance of an audit opinion with a going concern related ‘emphasis of matter’ paragraph or work practices disclosure has any effect on potential litigants' likelihood of pursuing litigation against the auditor. An analysis of 69 responses from advanced law students and 18 practitioners working in corporate liquidation demonstrate that a modified (but not qualified) audit report effectively acts as a ‘red flag’ and reduces potential litigants' propensity to initiate litigation. However, work practices disclosure did not significantly alter potential litigants' inclination to recommend litigation. Despite this finding, respondents (particularly liquidators) indicated that work practices disclosure was an important factor in their litigation decision. These results suggest that further investigation into how to effectively disclose the work done on audit and assurance engagements is needed. This has implications for standard setters and the auditing profession, especially considering recent changes in the disclosure contained in audit and assurance reports.     

Auditor specialization, perceived audit quality, and audit fees in the local government audit market

Prior governmental research implies a positive relation between auditor specialization and audit quality, but the effect of specialization on audit fees is mixed. However, no single governmental study investigates the effect of auditor specialization on both audit quality and audit fees. Also, prior studies focus on either large- or small audit firms and often employ indirect proxies for audit quality. We study the effects of auditor specialization on perceived audit quality and audit fees. Our data represent both Big 5 and smaller audit firms and include three market-based measures of specialization. We survey 241 Florida local government finance directors and find that specialization is positively associated with perceived audit quality but not with audit fees. We also find that Big 5 auditors, often used as a proxy for higher audit quality in prior research, are not uniformly associated with increased perceived audit quality but consistently charge higher audit fees. Our results confirm a relation between measures of audit firm specialization and audit quality and raise questions regarding audit firm size and audit quality in the municipal sector. Our findings suggest that engaging specialized auditors may be good policy for many local governments.