Factors That Influence Auditors During Risk Assesment
Essay by Nazife Oner • January 5, 2016 • Essay • 2,291 Words (10 Pages) • 1,561 Views
Paper 8
Introduction
One of the key elements of audit quality is the individual risk assessments auditors make (Fukukawa & Mock, 2011). Contemporary there is more focus on clients' business risk. It’s the auditors’ task to perform these risk assessment procedures. A PCAOB report identifies significant deficiencies in auditors' compliance with risk assessment standards (Sherry, 2015). Several factors may be the cause of deficient assessment of risks. In this paper three factors that may impact the assessment of risks will be discussed. The potential need for improvement in these areas will also be investigated. The first factor that will be discussed is the auditors’ understanding of the entity’s internal control. Hereby the paper is focused on the involvement of an IT-auditor. Second, the contrast effect will be discussed. Finally, the influence of industry specialization on risk assessment will be discussed.
Auditors and IT auditors
A risk based audit entails that the auditor should first understand the entity and its environment in order to identify risks. This means that part of that understanding is the entity’s internal control framework. One of these internal controls are the information systems relevant to the financial reporting. Information systems poses specific risks to an entity’s internal control, but information system, specifically the use of an IT auditor, also influences the risk based audit.
The factor that influences the risk based audit is the use of a specialist for the information systems. Some studies have shown that risk assessment clarity is significantly increased when a specialist is used (Fogleman, Peterson, Heninger, & Romney, 2007) (Carcello & Nagy, 2004). The IT specialists are becoming more integrated in the audit as a whole instead of only providing a part of the evidence in the risk assessment (Bauer & Estep, 2014). The most important factor for involving a specialist is that the use should add to the reliability of the evidence for the audit of a financial statement and during almost any stage of an audit engagement (Bauer & Estep, 2014).
Bauer and Estep find an asymmetry between financial and IT auditors. First of all they both feel dependent on each other in completing their work, however auditors feel they are significantly more dependent on IT (Bauer & Estep, 2014). Another asymmetry is accountability, both groups feel that the auditors can be held accountable for the work of the IT auditor, but this is not true for the reverse. They come to the conclusion there is a knowledge gap between the two groups.
In another study by Bauer and Estep (2015) they focus on the relationship between auditors and IT specialists, including the view of there being one team or two teams. They also focus on differences in relationship quality and if they are associated with audit team view and audit quality. The results of the study show that audits where auditors and IT specialists have a difficult relationship (characterized by less coordination and communication and a two-team view) are at risk of underutilizing IT specialists and their expertise, or failing to identify IT-related issues, which can lead to insufficient understanding of audit risk areas or changes to the audit plan (Bauer & Estep, 2015). In a study by Stoel, Havelka and Merhout (2012) there is also an emphasis on the effective working relationship among team members and that it can have a significant impact on positive professional judgments. In this study there were factors examined that determined the quality of an IT audit. There are three frequent predictors of quality determined: an adequately planned audit, all team members have high ethical standards, and all team members communicate effectively.
The potential need for improvement in the area of understanding the entity’s internal control
The potential need for improvement in this area is the collaboration of auditors and the (specialist) IT auditor. As is discussed above IT auditors are becoming more and more a part of the audit team, only this is not yet the case. There are still some misconceptions, a knowledge gap, between the two kinds of auditors and here lies need for improvement. That this relationship needs to be improved is emphasized by Bauer and Estep (2015) and Stoel, Havelka and Merhout (2012). An effective working relationship among team members can have a significant impact on positive professional judgments. The negative side of a (difficult) relationship between the two kinds is that this can eventually lead to insufficient understanding of the audit risk areas or changes to the audit plan, it negatively influences the risk-based audit.
Contrast effect
Another factor that influences the risk assessment of auditors is the contrast effect. Auditors operate in a multiple client audit environment and have to make comparable types of decisions regarding different clients, projects, and/or employees within a relatively short time period. One effect that rises in this environment is the contrast effect: the information associated with a given decision task will be evaluated differently depending on the nature of the prior contextual information (Bhattacharjee et al., 2007).
For example, an auditor’s judgement of the internal controls of a current client may be a function of a similar judgement made on a prior client, which could lead to overreliance or under-reliance on the strength of those internal controls. Thus, despite the cumulative standards that are established from prior experiences against which the current information may be benchmarked, auditors may use a comparison-based evaluation process that over utilizes readily available contextual information (Bhattacharjee et al., 2007).
In their study Bhattacharjee et al. (2007) conclude that after evaluating a strong prior client, auditors assessed the internal audit quality of a target client as being significant lower in quality than did auditors who evaluated a weak prior client or did not evaluate a prior client. The auditor’s judgement and their documentation for the target client were influenced by the existence of a prior client.
The results of this for a risk-based audit are that similar risks are perceived differently for different companies. Meaning that the risk assessment will also differ. For instance, in the prior client the internal controls may have been very effective, while in the target client they are still OK, but not excellent. The internal controls of the target client will then be assessed and prioritized differently than if the internal controls of the prior client would have been very weak.
The potential need for improvement in the area of prior experience
It is important to reduce the contrast effect for several reasons. The contrast effect weakens an auditor’s objectivity, because it shows that the auditor’s judgement is influenced by prior experiences. The effect could also reduce the audit efficiency, because auditors may under-use the internal audit department of the target client if they have prior experiences with a client with a strong internal audit department. But if the auditors have prior experience with a client that has a weak internal audit department, they may overuse the target client’s internal audit department. This can lead to reduced audit effectiveness (Bhattacharjee et al., 2007).
...
...