Add to collection(s) Add to saved
  1. Business
  2. Management

How do Auditors Assess Risks

advertisement 
Proceeding of the 10th International Conference on Multinational Enterprise
How do Auditors Assess Risks? An Exploration of the Risk
Determinants
Hsueh Ju Chen
Assistant Professor, Chung Hsing University, ROC
Kuang-Hsun Shih
Assistant Professor, Chinese Culture University, ROC
Shaio Yan Huang
Associate Professor, Feng Chia University, ROC
Abstract
The primary objective of this study is to identify what factors affect the assessments
of the auditor’s risk including audit risk, business risk, and personal risk in
under-researched area of Taiwan. Factor analysis and logistic regression were selected as
being analysis methods. The result shows that three factors including the effectiveness of
control activities, reporting bias of management and reliability of management are
strongly associated with identified risks’ assessment, which indicates that the client’s
control environment dominates auditor’s risk assessment.
Keywords: Auditing, Audit Risk, Business Risk, Personal Risk, Control Environment
1. Introduction
In today’s expanding global economy, accounting firms serve not only local but also
international companies. The increasingly complex audit procedures and the largely
complicated sets of investors’ portfolios have led to a question about the credibility of the
auditing profession, when faced with such large risks. The challenge facing the auditor
has been argued by Vinten (1991), “Auditors need to achieve a via media (middle way)
between abrogating risk-taking entirely and permitting totally uncontrolled and huge risk
exposures” (p. 3)
Following his perspective, how much risk can an auditor bear and in how can an
auditor assess it? This is a difficult question to answer, and undoubtedly the answer is
1
Proceeding of the 10th International Conference on Multinational Enterprise
influenced
by
several
factors,
including
the
resources
available
and
the
risk-taking/avoiding propensity of the auditors. In addition, a phenomenon noted by Stice
(1991), lawsuits against auditors are a continuing source of concern for members of the
public accounting profession. A great effort, therefore, to investigate what gets public
accountants into “trouble” with their clients and with third parties was made (Pierre and
Anderson, 1984). The responses of the accounting profession to a reduction in the
likelihood of litigation allegation via more audit effort input and fee billed has been
analyzed. However, these issues are prevailingly taking into consideration within a
Western world context. Whether the auditors from the non-Western world face the same
litigation environment and whether the auditors replicate similar strategies to responding
to such a threat still remain to be answered. For clarifying those questions, therefore, this
study aims to the identification of those factors that are associated with Taiwanese
auditor’s potential risks. Three potential risks identified in this study are audit risk,
business risk and personal risk.
2. Prior research
Under the study of audit risk model, the focus can be traced back to the question of
the adequacy of the audit risk concept. Kinney (1989) conducted an analysis by
examining the properties of a portfolio of one thousand audit clients simultaneously to
consider the risk of incorrect acceptance (IA) and the risk of incorrect rejection (IR) in
determining a complete audit outcome space. He argued that achieved audit risk
indicated by the AICPA (American Institute of Certified Public Accountants)audit risk
model is likely to be understated at the individual audit level and at the portfolio level
(i.e., audit-firm or economy-wide) under audit practice environment. Sennetti (1990)
developed a model in which each of the components (inherent and control risk) affect the
outcome space. He argued that a correct conceptual modeling should follow the general
understanding that “…the concept of the auditor’s risk includes his reliance risk on his
assessment of control risk, not the control risk itself (p.111).
In compensating the deficiency of existing risk models, Simunic and Stein (1990)
provided a much broader view of audit risk by arguing that audit risk is fundamentally
portfolio specific. They defined audit risk as “the change in the standard deviation of
2
Proceeding of the 10th International Conference on Multinational Enterprise
return of a particular portfolio caused by adding a particular audit to an existing set of
investments” (p. 330). Audit risk is therefore measured within a portfolio rather than for
an isolated single audit. Huss and Jacobs (1991) emphasized the need for audit risk
models to re-examine important decision points. They argued that the traditional view of
risk assessment which generally begins with the preliminary planning stage, i.e. after
acceptance of the engagement, does not reflect some firms’ practices of risk assessment
in the client acceptance process. They also recognized the multiple and interrelated risks
faced by the auditors, which were the client’s business risk, audit risk, and the auditor’s
business risk. Huss et al. (2000), following Huss and Jacobs’s (1991) research, proposed
a complex “audit practice risk” model to overcome the limitations involved in the
existing audit risk model. Their model encompassed the elements related to the
non-compensatory nature of the client acceptance/continuation decision and the audit
process which are omitted in the professional standards concerning audit risk.
3. Risk identification
For the purpose of assessing the relevant risks that an auditor faces when conducting
an audit engagement, the risks in this study can be thought of as having three
components:
First, the auditor’s audit risk (Audit risk)- the risk that the auditor may unknowingly
fail to appropriately modify his or her opinion on financial statements that are materially
misstated. Second, the audit firm’s business risk (Business risk)– the risk to the audit firm
from association with the client, consisting of the risk of potential litigation costs and the
related effect on the audit firm’s reputation and the risk of other costs (not related to
litigation) such as problems with fee realization (bad debts). Finally, the auditor’s own
personal risk (Personal risk)– the risk of damage to the individual auditor’s own personal
reputation from being associated with the client as distinct from the risk to the audit firm
overall.
4. Major hypothesis
4.1. Control environment
3
Proceeding of the 10th International Conference on Multinational Enterprise
SAS No. 82 “Consideration of Fraud in Financial Statement Audit” acknowledges
that audit risk includes the risk related to misstatement due to fraud, and hence that
auditors have a significant responsibility to discover management and employee fraud.
Fraudulent acts may be committed by a single individual, or may involve collusion
among employees or perhaps, in conjunction with external parties. Whether such acts are
detected will depend on the auditor’s understanding of the entity’s internal control system.
The control environment provides the atmosphere in which people conduct their
activities and carry out their responsibilities. Thus, a good understanding of the control
environment will often affect the auditor’s consideration of the possibility of fraud and
hence influence the auditor’s evaluation of audit risk.
Empirical evidence suggests that correctly assessing the control environment is
beneficial to assessing the identified risks. Sullivan (1988) emphasized that fraudulent
financial reporting is often found at the very top of the organisation – what the Treadway
report (1992) called “the tone at the top” and what auditors call the control environment.
A similar result was also found by Loebbeoke et al. (1989), the control environment was
found to be one of the significant factors associated with management fraud. Where
controls are weak, an important condition exists that can allow either management fraud,
a defalcation, or an error to occur. The control environment also serves to enhance or
mitigate the assessment of inherent risk and control risk (Haskins & Dirsmith, 1995;
Marden et al., 1997). Accordingly, an incorrect evaluation of the control environment
will lead to an incorrect assessment of inherent risk, control risk and fraud risk, and
possibly result in audit errors, such as failing to detect material errors and misstatements
in the financial statements and then forming an improper opinion. An increasing
likelihood of lawsuit and litigation cost can then be expected. As a result, we argue that
the condition of a client’s control environment is related to the risks perceived by
auditors in conducting an audit engagement.
4.2. Client’s characteristics
4.3. Auditor’s characteristics
The name of the audit firm, especially the grouping called the “Big Five”, is argued
4
Proceeding of the 10th International Conference on Multinational Enterprise
by many to be influential in contributing to the assessment of client risks for the
following reasons. Firstly, as a result of their “deep pockets” (Lennox, 1999) the Big Five
firms will be more able to pay a higher level of damages, which motivates litigation
against auditors. Secondly, economic losses resulting from the damage to firm is
reputation leads to the Big Five firms being more aware of the risks that they confront.
For example, Wilson and Grimlund (1990) suggested that a question mark about the
auditors’ credibility has created by those of the Big Six firms’ clients listed by the
Securities and Exchange Commission (SEC) as a result of enforcement actions. Rollins
and Bremser (1997) further argued that the loss of market share was connected with the
brand name of the Big Six firms in the national or international audit market. David and
Simon (1992) found that a reduction of audit fee results from the impairment of auditors’
reputation by a SEC disciplinary action. As to the local firms, their practice is generally
performed on a personal level and regional areas so that their reputation may not suffer to
the same extent from the effects of negative publicity. In a sense the Big Five firms have
more to lose than local firms when an audit failure is alleged.
Tirole (1996) argued that a group’s reputation is only as good as that of its members,
and vice verse. If, in fact, a group reputation is an aggregate of its individual’s reputation,
and then the degree to which an individual suffers is related to the increasing probability
of reputation impairment of the group. On the one hand, we could argue that large
accounting firms would have given more attention to maintain and/or improve the quality
of their personnel when considering the “deep-pocket” and/or “reputation” effects.
Promotion policies seem to be directly associated with those maintenance and/or
improvement. Certain factors such as education level, professional certification, the year
of experience and gender have been found to have a significant influence on the
promotion probability of managerial accountants (Wier and Hunton, 1995), and it is
reasonable to expect that similar factors will affect the promotion probability of members
in large accounting firms. On the other hand, a member who has a position of high status
in an audit firm would have a strong incentive to maintain or enhance his/her individual
reputation, and by extension his/her firm’s reputation.
Based on the above reasoning, the following hypothesis is explored.
H1: The assessed levels of audit risk, business risk, and personal risk are subject to the
5
Proceeding of the 10th International Conference on Multinational Enterprise
evaluation of client’s control environment, client’s characteristics, and auditor’s
characteristics.
5. Research methodology
5.1. Variable
Three individual dependent variables (AR, BR and PR) and three groups of
independent variables (control environment, client’s and auditor’s characteristics) were
measured in the study. The variables on the control environment were chosen from those
of Haskins (1987) to take account of the differences between Taiwan and US. For
example, in Taiwan, family firms are the dominant organizational forms throughout the
economy. Those are of small to medium size with no more than 300 employees or total
assets of less than US.$20 million. Therefore, audit clients are too small to be equivalent
to Haskins’ “referent client” (1987, p. 544). As a result, some control factors used by
Haskins were either irrelevant or inappropriate for Taiwanese enterprises. Moreover,
measures were elicited using a seven-point, Likert-type scale ranging from “strongly
disagree” to “strongly agree”. To reduce ambiguity among a wide variety of clients, a
“not applicable” response was supplied in case the statement of control factor was
considered not to be suitable for the example audit client. As the questions were adopted
from Haskins (1987) and the Cronbach’s Alpha is 0.864, therefore the validity and
reliability were regarded as considerably acceptable. A brief description of independent
variables and their abbreviations are presented in Table 1.
5.2. Sample and procedure
5.3. Research methods
5.3.1. Factor analysis of independent variables
Preliminary data analysis related to computing correlations among the dependent
variables (DVs) and independent variables (IVs) was undertaken to examine for potential
problems relating to multicollinearity. Table 2 presents the highest correlation coefficient
was .790, showing that multicollinearity should not be a significant problem
6
Proceeding of the 10th International Conference on Multinational Enterprise
(multicollinearity becomes a serious problem when the coefficient is higher than 0.90,
Tabachnick and Fidell, 2001, p.82).
5.3.2. Logistic regression model
6. Results
6.1. Results for audit risk
Table 5 shows that there were three significant (p < 0.5) factors: the effectiveness of
control activities, the reporting bias of management, and the reliability of management.
Not surprisingly, the effectiveness of control plays a key role as they help prevent
mistakes from occurring in the financial statements. Hence, it would be expected that the
more effective the control activities are, then the lower level of audit risk that will be set.
In addition, the assessed level of audit risk was also found to be influenced by the degree
of the reporting bias of management. The greater the desires and opportunities for
management to bias the annual accounts, the higher the likelihood that material mistakes
will remain undiscovered in the financial statements, and hence, the higher the level of
audit risk that will be assessed. This result is consistent with the requirement in SAS No.
5 of Taiwan: ‘Investigation and Appraisal of Internal Accounting Control’ which states
that the auditor has to consider management integrity and honesty when evaluating the
existence of those internal accounting control defaults, that could cause material errors or
irregularities. Furthermore, the reliability of management is also one of the key factors in
explaining the changes of audit risk. The negative sign indicates that the higher reliability
of the management, the fewer will be the expected number of material mistakes. Audit
evidence is more reliable when the management of the client can be trusted. If the
reliability of management is suspect, then the information contained in the financial
statements will become questionable.
6.2. Results for business risk
6.3. Results for personal risk
7
Proceeding of the 10th International Conference on Multinational Enterprise
7. Conclusion and discussion
In conclusion, it would appear from the evidence of the postal questionnaire that
client’s control environment are significant explanatory variables when assessing audit,
business and personal risk. In particular, the factors relating to the effectiveness of
control activities, management reporting bias and management reliability dominate these
three risks’ assessments. Not surprisingly, the assessments of identified risks are
influenced by the same factors as a result of the inter-relationship among audit, business
and personal risk. In practice, audit risk is adjusted to reflect the level of business risk.
The auditor may reduce audit risk to a low level to respond to a high level of business
risk, and vice verse. Further, following the perspective of Tirole (1996), a group
reputation is an aggregate of its individual’s reputation, and their interdependence
stimulates the group and its individual members to sustain a good reputation for each
other. For that reason, auditors might consider the same risk factors influentially on the
assessments of audit, business and personal risk. However, the failure to discover the
relationship between risk assessment and auditor characteristics might have less
explanatory power over the assessment of engagement risk found in the Western
countries. Future research could shed light on the investigation of this inconsistent result.
Moreover, it would extend analysis to consider “other attributes” of control environment
excluding from this study or “other factors” such as the individual “personality’ variables,
which might be influential in auditor’s risk assessment, but have not been properly
identified.
Two limitations of the current study have to be drawn The first limitation is referring
to the questions asked relating to the description of the client’s control environment.
The design of the control environment is primarily accounted on the client’s size. The
larger the client size, the more effective the control environment. However, the samples
are reduced from 141 to 111 because the internal audit function is not operated in small
or medium companies. The size effect may violate the present results in explanation. The
second limitation lies on the weaknesses of using questions in a questionnaire survey
(Lee-Wong, 2000). As a questionnaire survey is entirely relied on the respondent’s self
report, it is possible that the information given by the respondent is untrue.
8
Proceeding of the 10th International Conference on Multinational Enterprise
Reference
Anderson, J. C., Johnson, E. N. and Reckers, P. M. (1994). Perceived Effects of Gender,
Family Structure, and Physical Appearance on Career Progression in Public
Accounting: A Research Note. Accounting, Organizations and Society, 19(6),
483-491.
Carcello, J. V. and Palmrose, Z. (1994). Auditor Litigation and Modified Reporting on
Bankrupt Clients. Journal of Accounting Research, 32(l), 1-30.
Daniel, S. J. (1988). Some Empirical Evidence about the Assessment of Audit Risk in
Practice. Auditing: A Journal of Practice & Theory, 7 (2), 174-181.
Davis, L. R. and Simon, D. T. (1992). The Impact of SEC Disciplinary Actions on Audit
Fees. Auditing: A Journal of Practice & Theory, 11(1), 58-68.
Haskins, M. E. (1987). Client Control Environments: An Examination of Auditors’
Perception. The Accounting Review, 62(3), 542-563.
Haskins, M. E. and Dirsmith, M. W. (1995). Control and Inherent Risk Assessments in
Client Engagements: An Examination of Their Interdependencies. Journal of
Accounting and Public Policy, 14, 63-83.
Huss, H. F. and Jacobs, F. A. (1991). Risk Containment: Exploring Auditor Decision in
the Engagement Process. Auditing: A Journal of Practice & Theory, 10(2), 51-60.
Kreutzfeldt, R. W. and Wallace, W. A. (1994). The Relation of Inherent and Control
Risks to Audit Adjustments. Journal of Accounting, Auditing & Finance,
459-481.
Loebbecke, J. K., Eining, M. M., and Willingham, J. J. (1989). Auditors’ Experience with
Material Irregularities: Frequency, Nature, and Detestability. Auditing: A Journal
of Practice & Theory, 9 (1), 1-28.
Lennox, C. S. (1999). Audit Quality and Auditor Size: An Evaluation of Reputation and
Deep Pockets Hypotheses. Journal of Business Finance & Accounting, 26(7&8),
779-805.
Marden, R. E., Holstrum, G. L. and Schneider, S. L. (1997). Control Environment
Condition and the Interaction between Control Risk, Account Type and
Management’s Assertions. Auditing: A Journal of Practice & Theory, 16(1),
51-68.
9
Proceeding of the 10th International Conference on Multinational Enterprise
Palmrose, Z. V. (1987). Litigation and Independent Auditors: The Role of Business
Failures and Management Fraud. Auditing: A Journal of Practice & Theory, 6(2),
91-103.
Pratt, J. and Stice, J. D. (1994). The Effects of Client Characteristics on Auditor
Litigation Risk Judgments, Required Audit Evidence, and Recommended Audit
Fees. The Accounting Review, 69(4), 639-656.
Rollins, T. P. and Bremser, W. G. (1997). The SEC’s Enforcement Actions against
Auditors: An Auditor reputation and Institutional Theory Perspective. Critical
Perspectives on Accounting, 8, 191-206.
Sennetti, J. T. (1990). Toward a More Consistent Model for Audit Risk. Auditing: A
Journal of Practice & Theory, 9 (2), 103-111.
Simunic, D. A. and Stein, M. T. (1990). Audit Risk in a Client Portfolio Context.
Contemporary Accounting Research, 6 (2), 329-343.
Stice, J. D. (1991). Using Financial and Market Information to Identify Pre-Engagement
Factors Associated with Lawsuits Against Auditors. The Accounting Review,
66(3), 516-533.
Sullivan, D. J. (1988). Why the Auditing Standards on Evaluating Internal Control
Needed to be Replace. Auditing Symposium, 40, 47-54.
Wilson, T. E., Jr. and Grimlund, R. A. (1990). An Examination of the Importance of an
Auditor’s Reputation. Auditing: A Journal of Practice & Theory, 9(2), 43-59.
Wier, B. and Hunton, J. E. (1995). Promoting Management Accountants. Management
Accounting, 76(11), 47-51.
10
Proceeding of the 10th International Conference on Multinational Enterprise
Table1 Summary of Independent Variables for Input into the Audit, Business and Personal Risk
Regression
Control Variables
AR
BR
PR
Abbreviation Definition
Predicted Sign
CA1
There is an appropriate policy for the authorisation of transactions
There is appropriate segregation of duties for client employees
CA2
whose work is related to financial matters
There are effective general Computer Information Systems (CIS)
CA3
controls
CA4
There are effective physical safeguards over assets
There is effective co-ordination between different financial
CA5
functions (e.g. sales, purchases, cash, etc.)
There are appropriate procedures for the review of variances from
CA6
budgeted performance
There are appropriate practices in place to cover the holidays of
CA7
employees whose work is related to financial matters
There are appropriate duties and responsibilities assigned to the
CA8
internal auditors
The internal auditors are effective at remedying weaknesses in
CA9
internal control
There are strong factors that might motivate senior management to
CA10
override existing controls (e.g. tight credit, low working capital,
+
+
+
bonus plans, need to meet forecasts, declining industry, etc.)
The rate of turnover of senior management has been low in the
CA11
last three years
CA12
The client's senior management has a good business reputation
The client's senior management usually tends to report the most
CA13
+
+
+
favourable financial picture
The client's major operating decisions are usually made by just
CA14
+
+
+
one or two individuals
The client usually investigates the background of new employees
CA15
whose work is related to financial matters
There are appropriate training programmes for employees whose
CA16
work is related to financial matters
CA17
The client is effective at monitoring competitors' activities
The client is effective at monitoring changes in customer
CA18
requirements
The audit process usually produces changes in the client's draft
CA19
financial statements
TAST
Client size
+
+
+
TSALES
Client size
+
+
+
LISTD
Whether client lists on the Stock Exchange
+
+
+
CYINV
Tenure of auditor/client relationship
?
Age
How old the auditor is
?
+
+
Sex
Which gender the auditor is
?
+
+
WKY
How many years of auditing experience the auditor has
?
+
+
PART
The auditor’s position
?
+
+
CPAY
The length of being a CPA
?
+
+
The approximate percentage of the auditor’s time spent on
ATMP
?
auditing
Big 5
Whether the respondent works for a Big Five auditor firm
?
+
+
11
Proceeding of the 10th International Conference on Multinational Enterprise
Table2 Correlation Matrix of Audit Risk, Business Risk, Personal Risk, Client and Auditor
Characteristics by Taiwan
BR
AR
BR
PR
LISTD
TAST
TASLES
AGE
SEX
WKY
PART
CPAY
ATMP
.762
PR PR
.598
LISTD
-.141
TAST TASLES CYINV
-.130
-.138
-.098
.033
.032
.070
.035
-.084
.050
BIG 5
-.052
(.000)
(.000)
(.097)
(.125)
(.102)
(.246)
(.696)
(.707)
(.411)
(.683)
(.320)
(.561)
(.539)
.720
-.094
-.028
-.072
-.167
.024
.101
.003
.099
-.028
-.070
.066
(.000)
(.270)
(.740)
(.394)
(.048)
(.782)
(.233)
(.974)
(.243)
(.744)
(.413)
(.436)
-.175
-.137
-.110
-.028
-.113
.074
.073
.116
-.019
-.025
.072
(.039)
(.106)
(.194)
(.740)
(.184)
(.387)
(.389)
(.172)
(.824)
(.767)
(.397)
.516
.453
-.090
-.026
.091
-.008
-.049
.082
-.082
.093
(.000)
(.000)
(.292)
(.759)
(.289)
(.923)
(.564)
(.333)
(.336)
(.273)
.779
.032
.000
.187
.046
.018
.1880
.112
.137
(.000)
(.708)
(.999)
(.027)
(.590)
(.832)
(.025)
(.186)
(.106)
.057
.031
.193
.044
.042
.277
.105
.222
(.503)
(.717)
(.023)
(.606)
(.620)
(.001)
(.216)
(.008)
.525
.200
.658
.332
.211
-.220
-.192
(.000)
(.018)
(.000)
(.000)
(.012)
(.009)
(.022)
CYINV
AGE
.412
.790
.458
.317
-.330
-.238
(.000)
(.000)
(.000)
(.000)
(.000)
(.004)
.261
.271
.205
-.267
.034
(.002)
(.001)
(.015)
(.002)
(.690)
.485
.333
-.283
-.208
(.000)
(.000)
(.001)
(.013)
SEX
WKY
PART
CPAY
ATMP
.579
-.180
-.125
(.000)
(.034)
(.140)
-.151
.100
(.076)
(.236)
.245
(.004)
* The first number listed is the correlation; the number in parentheses is the significance level
12
Related documents
Case
Case
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
Green Impact Auditor
Green Impact Auditor
Accounting 241 Outline
Accounting 241 Outline
Senior Financial and Operational Auditor
Senior Financial and Operational Auditor
(financial and operational) auditor internal (financial and operational
(financial and operational) auditor internal (financial and operational
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Download
advertisement