Search results

There is an increased emphasis on internal control in the governmental sector. We compare finance officer assessments of internal control to auditor assessments for a sample of Michigan municipalities. On average, the finance officers' assessments of their control systems were more favorable than the assessments made by auditors from a regional CPA firm with a large governmental practice, suggesting that auditor reports on internal control may result in a more conservative evaluation of the control system than reports provided by management. One measure of the effectiveness of the internal control system is its ability to prevent errors. We compare the finance officer and auditor assessments of internal control to the number of audit adjustments as an objective measure of the accuracy of the control assessments. The internal control assessments made by auditors were significantly more highly correlated with the number of audit adjustments than those made by finance officers. This suggests that the accuracy of internal control reports may be improved if the reports are prepared by auditors.

This research study aims to examine how differences in opinions on the material weaknesses identified in the auditor's assessment of the financial statements, and the auditor's assessment of internal control affect investment analysts' assessment of the financial strength of the company and willingness to recommend the stock for purchase to clients. It also aims to examine how the auditor's opinion on management's assessment of internal control affects investment analysts' assessment, providing additional evidence of the appropriateness of the elimination of this requirement under Auditing Standard No. 5.

The paper examines these research questions using data from a laboratory experiment with investment analysts as participants in the study.

The findings indicate that adverse audit opinions on the effectiveness of internal control result in investment analysts making a higher assessment of company risk, a lower assessment of the strength of internal control over financial reporting, and a marginally significant difference in the likelihood of recommending stock to their client.

These findings provide evidence that auditors' assessment of internal control risk provides information to investment analysts.

This study contributes to the literature by examining the implications of Section 404 of the Sarbanes‐Oxley Act on the judgment of users of financial statements.

This study’s purpose is to examine whether providing prior consulting services influences internal auditors’ subsequent assessments when providing assurance services to assist management in its assessment of internal control over financial reporting. A behavioral experiment is used, with internal auditors as participants. We provide some evidence that internal auditors who perform prior consulting services are less likely than others to conclude that an identified control deficiency is a material weakness, but only when the deficiency is directly related to the prior consulting services performed. Limitations include relatively small sample sizes and manipulation check failure rates that, although consistent with several prior studies, are somewhat high. If internal auditors have provided consulting services, they may want to consider limiting the assurance services provided to management that are more directly related to their consulting services. While prior studies have examined the effects of internal auditors’ role in designing internal controls on subsequent services, this is the first study to focus on the impact of providing internal audit consulting services on subsequent assurance services.

The purpose of this paper is to teach students the fundamental and most critical aspects of performing a financial statement risk assessment, a skill vital to help ensure both auditor and public‐company compliance with guidance found in the Sarbanes‐Oxley Act of 2002 (SOX), the SEC's Interpretative Guidance regarding Management's Report on Internal Control over Financial Reporting, the control deficiency evaluation framework found in Auditing Standard No. 5 (AS5) of the Public Company Accounting Oversight Board (PCAOB), and the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

This instructional case study helps students assess the impact of a set of hypothetical internal control deficiency risks in various industries, including inherent and residual financial statement risk assessment, and concludes with determining which identified internal control weaknesses are significant deficiencies and material weaknesses in internal control. Included in the financial statement residual risk assessment process are example entity‐level and process‐level controls described in COSO. Learning objectives, implementation guidance, and the efficacy of using the case study in the undergraduate or graduate auditing or accounting information systems courses are also provided.

The results of classroom testing of the case study at two universities provides evidence the case study increases student understanding of the implications of internal controls and their impact on the reliability of the financial statements significantly. Students also found the case to be challenging, interesting, relevant, clear, understandable, and a realistic approximation of what they might expect to encounter in the real‐world when performing a financial statement risk assessment.

The case study includes the development of skills important to students in performing financial statement risk assessments, either as an auditor or when working in a private industry environment, including making professional judgments related to risk assessment.

This study contributes to the cognitive processes and expertise research in judgment and decision-making in auditing. It uses the levels-of-processing theory (Craik & Lockhart, 1972) to investigate the amount of auditor attention given to information during internal control documentation procedures, and the effect of this attention on internal control information acquisition and risk assessment. Based on levels-of-processing, the attention required to complete an internal control questionnaire (ICQ) is predicted to result in the acquisition of more internal control information than when a completed ICQ is reviewed. In addition, auditors who complete an ICQ should assess control risk more like experts’ than auditors, who review an ICQ completed by another individual. Results suggest that the audit seniors who completed an ICQ retained significantly more internal control information than audit seniors who reviewed an ICQ completed by another individual. This result held when separately examining the internal control strengths and weaknesses. In addition, audit seniors who completed an ICQ-assessed control risk at a level comparable to the control risk assessments of audit managers in the same firm.

Internal control evaluation is a critical component of the overall audit process, mandated by auditing standards worldwide. These standards divide internal control structures into a number of elements, summarised as the control environment, information systems, and control procedures. Significant research exists as to auditors’ evaluations of internal controls. However, little work appears to consider the elements’ inter‐actions and relative significance. This study attempts to gauge the relative importance external auditors assign to the three elements. 94 practicing auditors evaluated internal control structures in two fictitious companies, one with strong internal control elements throughout, the other with one of the three set at a lower reliability level. The results indicate auditors consider control environment the most important element of internal control. The effect of weakening this element was that auditors assessed all three elements and overall evaluation as less reliable. Varying the other two elements did not have such significant effects. The findings carry ramifications for the auditing profession, particularly in drafting auditing standards on risk assessment.

Using Bonner's model, this paper aims to examine the effects of skill level and the two task complexity dimensions – clarity and quantity of information – on subjects' internal control risk assessments.

The research expands the literature by isolating the individual components of task complexity and examining how skill interacts with either component in affecting decision making. It uses a 2×4 mixed factors laboratory experiment. This design allows the effects of task complexity and skill between and within subjects to be examined. The mixed factors design includes two levels (high and low) for each dimension of task complexity (clarity and quantity) on a between‐subjects basis, with four separate cases on a within‐subjects basis. Skill level is measured as the subject's task‐related knowledge. The subjects are senior‐level students in auditing courses at three Midwest universities.

It is found that subjects assess control risk too high, consistent with the conservatism principle. Skill level mediates this finding: high‐skill subjects make more accurate risk assessments; low‐skill subjects consistently assess control risk too high. Over repetitions of complex tasks, high‐skill subjects make more accurate assessments, while low‐skill subjects initially overstate, then improve. For repetitive simple tasks, both skill levels get worse, increasingly overstating their assessments. These findings support current practice, indicating that experienced auditors make complex risk assessments, where repetitive performance of complex tasks improves risk assessments. However, repetitive simple tasks may result in assessing control risk too high, resulting in excessive testing.

Consistent with prior research, the results suggest task complexity and subject skill are important considerations in experimental research designs.

The purpose of this paper is to describe and compare in a qualitative way how internal auditors perceive their current role in risk management within US and Belgian companies.

In order to get adequate data, Chief audit executives from 10 different companies were interviewed and relevant documents were analyzed.

In the Belgian cases, internal auditors' focus on acute shortcomings in the risk management system creates opportunities to demonstrate their value. Internal auditors are playing a pioneering role in the creation of a higher level of risk and control awareness and a more formalized risk management system. In the US cases, internal auditors' objective evaluations and opinions are a valuable input for the new internal control review and disclosure requirements mentioned in the Sarbanes Oxley Act.

Given the qualitative nature of this study, generalization to all Belgian and US companies is not possible. The time specific character of the subject is an opportunity for future longitudinal research.

In Belgium, the internal auditing profession is actually in a kind of “transition phase”. In order to survive this transition phase, internal auditors need to assume a “teaching role” vis‐à‐vis the different management levels to make them aware of their responsibilities in risk management. After this transition period, internal auditors will be able to focus more on their core activities.

In addition to a number of quantitative studies, this paper extends in a qualitative and comparative way the understanding of the specific role of internal auditors in risk management within US and Belgian companies.

The purpose of this paper is to examine the impact of internal control opinions on individuals' judgments about investments.

The approach used is a behavioral experiment where risk assessments and judgments about investments are made for four internal control opinion scenarios.

The results indicate that the type of internal control opinion made no difference for either risk assessments or investment decisions.

Participants are provided with data sets that do not contain all of the information they may acquire when they make actual investment decisions. Also, there is a lack of real consequences for making good or poor investment decisions.

The type of internal control opinion has no effect on risk assessments or investing intentions. Thus, other considerations apparently dominate internal control opinions when making judgments about investments.

This is the first paper to examine whether intentions to invest might be affected by internal control opinions.

The purpose of this paper is to report on the suitability of an ISO standard to create an internal control assessment model, which effectively acts as a control system template and mental model to evaluate compliance with the Know Your Customer (KYC) and anti‐money laundering (AML) requirements in the Luxembourg retail and private banking sector.

This paper used a qualitative approach with various focus groups and case studies, to elaborate and validate the developed model through methodological triangulation.

The proposed assessment model has a matrix structure that facilitates the incorporation of checklists and narratives to ensure effective testing of controls and its structure allows targeting specific areas of risk in the identified KYC/AML processes.

The development of the model tended to be time consuming and could explain why matrix formats are used less often and the traditional limitations of a qualitative research apply.

The model can be used to combine various reporting formats on internal control, hence the audit effectiveness can be increased and information asymmetries can be reduced.

The proposed assessment model offers an innovative approach because it combines a process view of the business with an internal control view. Research in internal control assessment models has been very limited in the past years.