Search results

This study’s purpose is to examine whether providing prior consulting services influences internal auditors’ subsequent assessments when providing assurance services to assist management in its assessment of internal control over financial reporting. A behavioral experiment is used, with internal auditors as participants. We provide some evidence that internal auditors who perform prior consulting services are less likely than others to conclude that an identified control deficiency is a material weakness, but only when the deficiency is directly related to the prior consulting services performed. Limitations include relatively small sample sizes and manipulation check failure rates that, although consistent with several prior studies, are somewhat high. If internal auditors have provided consulting services, they may want to consider limiting the assurance services provided to management that are more directly related to their consulting services. While prior studies have examined the effects of internal auditors’ role in designing internal controls on subsequent services, this is the first study to focus on the impact of providing internal audit consulting services on subsequent assurance services.

The purpose of this paper is to teach students the fundamental and most critical aspects of performing a financial statement risk assessment, a skill vital to help ensure both auditor and public‐company compliance with guidance found in the Sarbanes‐Oxley Act of 2002 (SOX), the SEC's Interpretative Guidance regarding Management's Report on Internal Control over Financial Reporting, the control deficiency evaluation framework found in Auditing Standard No. 5 (AS5) of the Public Company Accounting Oversight Board (PCAOB), and the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

This instructional case study helps students assess the impact of a set of hypothetical internal control deficiency risks in various industries, including inherent and residual financial statement risk assessment, and concludes with determining which identified internal control weaknesses are significant deficiencies and material weaknesses in internal control. Included in the financial statement residual risk assessment process are example entity‐level and process‐level controls described in COSO. Learning objectives, implementation guidance, and the efficacy of using the case study in the undergraduate or graduate auditing or accounting information systems courses are also provided.

The results of classroom testing of the case study at two universities provides evidence the case study increases student understanding of the implications of internal controls and their impact on the reliability of the financial statements significantly. Students also found the case to be challenging, interesting, relevant, clear, understandable, and a realistic approximation of what they might expect to encounter in the real‐world when performing a financial statement risk assessment.

The case study includes the development of skills important to students in performing financial statement risk assessments, either as an auditor or when working in a private industry environment, including making professional judgments related to risk assessment.

This study aims to explore the effect of negotiating audit differences on auditors’ internal control deficiency (ICD) severity assessments, an ensuing, non-negotiated judgment, in an integrated audit.

The experiment manipulates the client’s concession timing strategy as either immediate or gradual, holding the outcome constant. A total of 34 auditors (primarily managers) resolve an audit difference with the client.

The client’s concession timing strategy during the negotiation of an audit difference spills over to affect auditors’ severity assessment of a related ICD. Auditors judged the ICD severity to be higher (lower) in the immediate (gradual) condition. Client retention risk inferences mediate this effect.

The effect on auditors’ ICD severity assessments may not ultimately affect the audit report. Participants did not control their negotiation strategy, allowing the client’s negotiation strategy and the outcome to be held constant; it is possible that interactive effects between the client and auditor’s strategy might affect the study’s implications.

Features of the auditor–client negotiation process may influence auditors’ downstream, post-negotiation judgments and may therefore help to explain empirical evidence and Public Company Accounting Oversight Board inspection findings that show auditors often fail to identify an internal control material weakness after identifying a financial statement misstatement.

This paper expands current negotiation research by exploring the impact of inferences made based on counterparty concession strategy for downstream, non-negotiated judgments and current integrated audit research by identifying client retention perceptions as a driving factor of lower ICD severity assessments.

This paper aims to explore whether an internal auditor’s evaluation of internal control deficiencies are influenced by the party with primary influence over the internal audit function and by the type of internal control deficiency.

A behavioral experiment is conducted with internal auditors as participants in a 2 × 2 between-subjects factorial design.

Results indicate that internal auditors are less likely to evaluate a pervasive control deficiency related to “tone at the top” as a material weakness than a process-specific control deficiency. Furthermore, internal auditors are somewhat less likely to evaluate a process-specific internal control deficiency as a material weakness when management has primary influence over the internal audit function than when the audit committee has primary influence. It is also found that the best practice of internal audit oversight (i.e., primary oversight of internal auditors by the audit committee) may lead to potential internal under-reporting of instances where the audit committee represents a material weakness in internal control.

Limitations of this research include lack of economic consequences (e.g. future pay and job loss) associated with the internal control decisions made by the participants; less concise information provided to the participants than would generally be available to them; and lack of generalizability of the findings beyond the specific company setting and internal control scenario portrayed in the case materials.

Not evaluating a pervasive control deficiency related to “tone at the top” as a material weakness seems to not fully align with relevant professional guidance and can possibly result in inaccurate internal information about the quality of internal controls. Furthermore, having an internal auditor’s evaluation of a process-specific internal control deficiency influenced by the party with primary influence over the internal audit function would not appear to align with relevant professional guidance. Finally, primary oversight by the audit committee of the internal auditors may lead to potential internal under-reporting of instances where the audit committee represents a material weakness in internal controls and, thus, possible communication of inaccurate internal control information.

This study is the first to address whether the party with primary influence over the internal audit function influences an internal auditor’s evaluation of internal control deficiencies.

For the past 10 years, the Public Company Accounting Oversight Board (PCAOB) has operated as an independent overseer of public company audits. Over 70 percent of PCAOB studies have been published since 2010, evidencing the increasing relevance of PCAOB-related research in recent years. Our paper reviews the existing literature on the PCAOB’s four primary functions – registration, standard-setting, inspections, and enforcement. In particular, we examine PCAOB registration trends and evaluate the effects of PCAOB registration requirements on the issuer audit market, as well as discuss the relative costs and benefits (e.g., auditor behavior changes, improvements in audit quality, auditor perceptions) of the 16 auditing standards the PCAOB passed in its first 10 years of operation. Further, we summarize the literature’s findings on the effects of the PCAOB inspection process on various facets of audit quality. Finally, we analyze the research concerning the PCAOB’s enforcement actions to determine how markets have responded to sanctions against auditors and audit firms. We contend that understanding and reviewing the effects of the PCAOB’s activities are important to future audit research because of the PCAOB’s authority over and oversight of the issuer audit profession. We also identify PCAOB-related research areas that have not been fully explored and propose several research questions intended to address these research areas.

This research study aims to examine how differences in opinions on the material weaknesses identified in the auditor's assessment of the financial statements, and the auditor's assessment of internal control affect investment analysts' assessment of the financial strength of the company and willingness to recommend the stock for purchase to clients. It also aims to examine how the auditor's opinion on management's assessment of internal control affects investment analysts' assessment, providing additional evidence of the appropriateness of the elimination of this requirement under Auditing Standard No. 5.

The paper examines these research questions using data from a laboratory experiment with investment analysts as participants in the study.

The findings indicate that adverse audit opinions on the effectiveness of internal control result in investment analysts making a higher assessment of company risk, a lower assessment of the strength of internal control over financial reporting, and a marginally significant difference in the likelihood of recommending stock to their client.

These findings provide evidence that auditors' assessment of internal control risk provides information to investment analysts.

This study contributes to the literature by examining the implications of Section 404 of the Sarbanes‐Oxley Act on the judgment of users of financial statements.

The purpose of this paper is to examine information technology (IT) control deficiencies and their affect on financial reporting.

This study examines 278 companies reporting IT control deficiencies in the first three years of the SOX 404 requirements (2004‐2006). Using quantitative analysis, the study evaluates the impact of IT deficiencies on financial reporting and determines significant differences between companies that report IT deficiencies and companies that do not report IT deficiencies.

Four accounting errors: revenue recognition issues; receivables, investments and cash issues; inventory, vendor and cost of sales issues; and financial statement, footnote, US GAAP, and segment disclosures issues stand out as common financial reporting problems in companies reporting weak IT controls. This study also suggests that companies with IT control deficiencies report more internal control (IC) deficiencies, are smaller, pay higher audit fees, and are typically audited by smaller accounting firms.

This research is limited in scope since only SOX accelerated filers are included in the analysis. As of this study, smaller, non‐accelerated filers are not required to report IC control weaknesses under SOX.

As of this research, no analysis exists to support or refute the relationship of IT controls and accounting errors. This study re‐affirms the widespread impact that deficient IT controls can have on the overall IC structure of the business. Our study reveals some of the important issues associated with IT in the financial reporting process. The role of IT in financial reporting systems is destined to escalate. Studies, like ours, can help managers and auditors identify IT problems that affect financial reporting and take remedial steps to correct these weaknesses.

The purpose of this paper is to examine whether auditors interpret the risk of material misstatement (RMM) in accordance with current standards' definition of inherent risk (IR). It is argued that controls should not be presumed when assessing inherent risk and that inherent risk should be considered separate from and prior to control risk when it is practical to do so. Because auditing standards explicitly require auditors to assess IR without consideration of internal controls (i.e. control risk (CR)), RMM should not be adjusted upward for control deficiencies.

The authors survey and interview practicing auditors to gain an understanding of current risk assessment practice. They then evaluate whether their understanding of risk assessment is in line with current standards.

Contrary to auditing standards' definition of inherent risk, it appears that auditors presume some level of expected control effectiveness when assessing IR and they may increase RMM in response to internal control deficiencies. Such a presumption is inconsistent with the definition of inherent risk from the Auditing Standards Board (SAS No. 107), Public Company Accounting Oversight Board (AS 8), and International Auditing and Assurance Standards Board (ISA 200). Such misinterpretation may be an inadvertent result of guidance provided by standard setters in the form of SAS No. 109 from the ASB, AS 12 from the PCAOB and ISA 315 from the IAASB, which suggest combining IR and CR into RMM.

The research is limited both by the small sample size and the small number of risk factors investigated.

If auditors presume a level of controls in assessing inherent risk, they may reduce audit effectiveness by estimating a lower RMM than is appropriate.

This study presents insights on the interpretation and assessment of audit risk in audit environments where inherent risk is no longer automatically set to be at the maximum. Namely that due to the definition of inherent risk, control information should have a unidirectional downward effect on the risk of material misstatement.

This paper aims to examine whether increasing the salience of the internal auditor’s professional identity, defined by the expectations of their professional group, increases internal auditors’ judgments of the severity of internal control concerns when their organizational identity is high.

This paper tests the hypothesis using a laboratory experiment with internal auditors as participants.

The results support the hypothesis that professional identity salience moderates the relation between organizational identity and the assessed severity of identified internal control weaknesses. Increasing the salience of professional identity results in a more severe assessment of identified internal control weaknesses when organizational identity is high than when it is low.

Prior research in the lab and in the field provides mixed results about the impact of organizational identity on internal auditors’ judgments of the severity of identified internal control concerns. This paper contributes to the discussion on this issue. In addition, the results have implications for the debate about the benefits and costs of in-house versus out-sourced internal audit functions.

Part IV provides readers with the extant requirements for the application of materiality to recognition, measurement, presentation, and disclosure in the financial statements. This part also includes a detailed critical review of the recent Practice Statement on materiality, the FASB’s proposed ASU on the notes and the amendments to the Conceptual Framework proposed by the IASB and the FASB.

The part expands to issues that are typical of Management Commentary, including the SEC guidance on materiality in Management Discussion and Analysis.

It informs about the complexities and subtle differences between financial statements and bookkeeping and the different standards of reasonableness versus materiality.

A section moves from materiality to material misstatements and covers the application of materiality in auditing.

Another section goes in depth on internal control over financial reporting, showing the linkages between materiality and risk appetite and risk tolerance and the related application guidance.