Jean C. Bedard

Evidence from the United States on the Effect of Auditor Involvement in Assessing Internal Control over Financial Reporting

Securities regulators around the world are considering the costs and benefits of alternative policies for providing information to financial markets on corporate internal control. These policy options differ on the level of auditor involvement, among other dimensions. We examine the association of relative auditor involvement and auditor characteristics with Section 302 internal control disclosures made by US ‘non-accelerated filers’ from 2003 to 2005. We find more material weaknesses disclosed in the fourth quarter, when there is relatively more auditor involvement, relative to the first three quarters. Clients of larger audit firms have higher disclosure rates (although they are probably less risky due to more stringent client acceptance standards), but this difference is due to fourth quarter disclosures. Audit firms with Section 404 experience also have greater material weakness disclosure, implying process improvement associated with knowledge sharing across engagements. Collectively, our results shed light on ways to increase the effectiveness of internal control regulation.

Issues And Risks In Performing Systrust® Engagements: Implications For Research And Practice

Abstract This paper identifies issues related to the delivery of SysTrust® services by public accounting firms. We first review the professional and academic literatures relating to trust services, analogizing to the literature on financial statement audits. Our review reveals that there are a number of articles in the professional and academic literatures on trust services relating to user issues, most of which address the nature and extent of the potential demand for these services. However, very little attention has been paid to issues relating to engagement issues for service providers. In contrast, the auditing literature provides a large body of conceptual and empirical research devoted to the management of audit engagement risk. We identify several specific issues relating to trust services engagement risk, including sources of potential expectation gaps and barriers to attestation risk reduction. In order to facilitate further research on providing trust services, we use a case situation to illustrate specific aspects of these issues in a complex client environment.

SOX 404, Auditor Effort, and the Prevention of Financial Report Misstatements

Prior research shows that the Sarbanes Oxley (SOX) Section 404(b) integrated audit is associated with lower incidence of misstatements. We predict that the knowledge gained from internal control testing under 404(b) should improve the auditor’s ability to detect misstatements relative to other internal control regimes that do not require control testing, and that this benefit will vary with the incremental effort applied to the engagement. Our baseline tests show that the association between incremental audit effort (proxied by abnormal audit fees) and misstatement reduction is greater under SOX 404(b) vs. other regimes (including SOX 404(a)). These findings imply that the value of incremental audit effort is not uniform, but is greater when control testing is required and sufficient resources are available to thoroughly understand client controls. We further examine the conditions under which knowledge gained from auditor control testing is more valuable. We find that the benefits from control testing do not vary across internal control regimes under AS2 vs. AS5, and are more pronounced for engagements with shorter auditor tenure, non-Big 4 auditors, firms disclosing material weakness in internal controls, and firms misstating core accounts.

Managing group audit risk in a multicomponent audit setting

This paper considers the challenges in planning the scope of auditing procedures in a group audit setting for an entity with geographically dispersed components which vary in risk characteristics. Auditing all the components for a complex group entity is often infeasible, hence the auditor faces risk from components not audited, as well as the normal sampling risk resulting from applying audit procedures to certain components. Auditing standards do not explain how to consider the risk factors and consider what portion of a multiple component entity should be selected for audit to be able to issue an unqualified audit opinion on the group. In this paper we describe a step-by-step method for determining a minimum number of component audits needed to support an aggregate low level of audit risk of material misstatement. The paper responds to calls from academics, practitioners, and standards-setters for theoretically valid and practically feasible solutions to the group audit problem, using a method that combines professional judgment and experience with basic statistical principles in an ensemble approach.

Auditors' Use of Inconsistent Evidence

Analytical procedures are an important audit tool worldwide (ISA 520, SAS 56). Auditors use analytical procedures to develop explanations for unexpected changes in accounts, and evaluate those explanations on the basis of further audit evidence. Research has found that people have difficulty using evidence inconsistent with proposed explanations, and thus may accept explanations that are false. The purpose of this paper is to study how auditors treat evidence inconsistent with analytical procedures explanations. Practising auditors at three levels of experience completed a two?stage task, generating explanations for an initial set of financial information and then revising their explanation list after receiving an expanded information set. Decision processes were captured through verbal protocols. Process analysis showed that the ability to evaluate evidence varied by experience level. Managers and seniors were better than assistants at recognizing inconsistent evidence, while managers outperformed other experience levels in integrating inconsistent evidence. Further, managers generated more and better explanations than other ranks after encountering new information. The implications for auditing research and practice are discussed.