External auditors' reliance on internal audit : the impact of sourcing arrangements and consulting activities

This study examines the impact of internal audit outsourcing and internal audit’s involvement in consulting on external auditors’ reliance on the work of internal audit. We test whether these factors influence (i) reliance on internal audit work already undertaken and (ii) the use of internal auditors as assistants. In each case, we distinguish between control evaluation and substantive testing. We find that involvement in consulting impacts reliance on work undertaken and the use of internal auditors as assistants for control evaluation. External auditors make greater use of internal auditors as assistants for substantive testing when internal audit is provided in-house. Overall, external auditors use internal audit more for control evaluation tasks than for substantive testing.

External auditors' reliance on internal auditing : further evidence.

Purpose – The purpose of this paper is to explore whether internal audit’s reporting relationship with the audit committee and the client’s business risk environment impact external auditors’ reliance on the work of internal audit. Design/methodology/approach – An experiment is conducted using a 2 £ 2 between-subjects design where we manipulate the above two factors at strong and weak levels. Participants are 66 audit partners, managers and seniors, all experienced with clients having internal audit functions. Findings – The results indicate that both factors affect external auditors’ reliance on work already undertaken by internal audit and their use of internal auditors (IA) as assistants. The results also indicate that external auditors are more likely to use internal audit for control evaluation tasks than for substantive tests of balances. The study does not find any significant interaction effects between the two factors. Originality/value – No prior studies have examined the influence of reporting relationship and client business risk on external auditors’ reliance decisions in the current governance environment. Further, the paper examines the impact of these factors on reliance on work already undertaken by internal audit and on using IA as assistants, with respect to both control evaluation work and substantive testing of balances.

Auditor communication in an evolving environment : going beyond SAS 600 auditors' reports on financial statements

In 1993 the Auditing Practices Board issued an expanded audit report, SAS 600 Auditors’ Reports on Financial Statements, in an attempt to educate users and to clarify certain matters pertaining to the audit function. This paper investigates the extent to which the new audit report, SAS 600, has been successful in aligning the views of auditors, preparers and users about issues dealt with in the expanded audit report, and the extent to which the three groups considered that it would be useful for additional matters, including corporate governance, to be reported upon by the auditor. Our findings suggest that SAS 600 has been successful in clarifying the purpose of the audit and the respective responsibilities of auditors and directors. However, to meet the expectations of users and to add more value, the audit report needs to provide more information about the findings of the audit.

A study of the informal interactions between audit committees and internal auditors in Australia

This paper finds evidence for the growing importance of informal interactions between the internal audit function and the audit committee (AC) in Australia – a relatively unexplored topic in the literature – using a survey of Chief Audit Executives (CAEs). It also describes the nature of these informal interactions. The most innovative elements of this paper are the findings that certain personal characteristics of CAEs, the specific knowledge and expertise of the AC chair, as well as some of the AC chair’s personal characteristics are associated with the existence (and increase) of informal interactions.

External auditors’ perceptions of cloud computing adoption in Australia

Adopting a multi-theoretical approach, I examine external auditors’ perceptions of the reasons why organizations do or do not adopt cloud computing. I interview forensic accountants and IT experts about the adoption, acceptance, institutional motives, and risks of cloud computing. Although the medium to large accounting firms where the external auditors worked almost exclusively used private clouds, both private and public cloud services were gaining a foothold among many of their clients. Despite the advantages of cloud computing, data confidentiality and the involvement of foreign jurisdictions remain a concern, particularly if the data are moved outside Australia. Additionally, some organizations seem to understand neither the technology itself nor their own requirements, which may lead to poorly negotiated contracts and service agreements. To minimize the risks associated with cloud computing, many organizations turn to hybrid solutions or private clouds that include national or dedicated data centers. To the best of my knowledge, this is the first empirical study that reports on cloud computing adoption from the perspectives of external auditors.

Social audit failure: Legal liability of external auditors

In this chapter, we look at the step beyond reporting, to the external audit or assurance function. The role of any audit engagement is to provide a professional opinion on a set of financial or non-financial assertions reported by an organization's management, based on an agreed evaluative framework. Any such opinion is not a guarantee that the underlying report is free from fraud or misstatement. Where an audit opinion on financial statements is incorrect, this is referred to as an audit failure. Specifically, the textbook definition of audit failure has two components: that the financial statements contain a serious error and that the auditor has failed to detect the error due to the auditor's failure during the audit process.

Business busts and U.S. auditors' interest in fraud detection: Evidence from the 20th century

We find evidence that U.S. auditors increased their attention to fraud detection during or immediately after the economic contractions of the 20th century, based on a content analysis of the 12 volumes of the 20th-century auditing reference series Montgomery’s Auditing. Contractions, however, do not seem to have affected auditors’ attention to the formal goal of fraud detection. The study suggests that auditors’ aversion to the heightened risks of fraud during economic downturns leads them to focus more on fraud detection at those times regardless of the particular guidance in formal audit standards. This study is the first to find some evidence of a recession-influenced difference between fraud detection practices and formal fraud detection goals.

Busy auditors, ethical behavior, and discretionary accruals quality in Malaysia

The required professional and ethical pronouncements of accountants mean that auditors need to be competent and exercise due care and skill in the performance of their audits. In this study, we examine what happens when auditors take on more clients than they should, thus raising doubts about their ability to maintain competence and audit quality. Using 2803 observations of Malaysian companies from 2010 to 2013, we find that auditors with multiple clients are associated with lower earnings quality, proxied by total accruals and discretionary accruals. Our results demonstrate that associating client firms’ reported discretionary accruals with individual auditors, rather than their firms or offices, is important in determining audit quality. Moreover, we demonstrate that the disclosure of auditors’ signatures on their reports is useful for assessing auditor quality at the individual level, thus contributing to the debate on the usefulness of having auditor identities on reports.

Detecting and resolving redundancies in EP3P policies

Current regulatory requirements on data privacy make it increasingly important for enterprises to be able to verify and audit their compliance with their privacy policies. Traditionally, a privacy policy is written in a natural language. Such policies inherit the potential ambiguity, inconsistency and mis-interpretation of natural text. Hence, formal languages are emerging to allow a precise specification of enforceable privacy policies that can be verified. The EP3P language is one such formal language. An EP3P privacy policy of an enterprise consists of many rules. Given the semantics of the language, there may exist some rules in the ruleset which can never be used, these rules are referred to as redundant rules. Redundancies adversely affect privacy policies in several ways. Firstly, redundant rules reduce the efficiency of operations on privacy policies. Secondly, they may misdirect the policy auditor when determining the outcome of a policy. Therefore, in order to address these deficiencies it is important to identify and resolve redundancies. This thesis introduces the concept of minimal privacy policy - a policy that is free of redundancy. The essential component for maintaining the minimality of privacy policies is to determine the effects of the rules on each other. Hence, redundancy detection and resolution frameworks are proposed. Pair-wise redundancy detection is the central concept in these frameworks and it suggests a pair-wise comparison of the rules in order to detect redundancies. In addition, the thesis introduces a policy management tool that assists policy auditors in performing several operations on an EP3P privacy policy while maintaining its minimality. Formal results comparing alternative notions of redundancy, and how this would affect the tool, are also presented.

Internal audit quality, audit committee independence, growth opportunities and firm performance

This study explores whether the relation between internal audit quality and firm performance is associated with firm characteristics of information asymmetry and uncertainty (growth opportunities) and certain governance controls (audit committee effectiveness). The results from this preliminary study of 60 Malaysian companies show that the association between internal audit quality and firm performance is stronger for firms with high growth opportunities and that this positive association is weakened by increasing audit committee independence. These findings demonstrate the internal auditors conflicting roles and question the governance recommendations that require all members of the audit committee to be non-executive directors.

Internal audit department characteristics/activities and audit fees : some evidence from Hong Kong firms

This study provides preliminary support for the notion that internal audit function assists in reducing external audit effort and fees. Data on internal audit characteristics and activities are obtained from survey respondents of Hong Kong companies and audit fee model data are acquired from their annual reports. The results of this study suggest that the external auditor of firms in Hong Kong rely on the internal audit function and subsequently charge a lower fee. Lower external audit fees are associated with a larger internal audit department and certain activities carried out by the internal audit. Specifically, lower external audit fees are associated with more internal audit effort spent on activities relating to financial statements, systems development and maintenance, operating efficiency and effectiveness, fraud investigations and unlimited access to internal auditors’ working papers. The results of this study suggest that the contribution of the internal audit may substitute for some substantive external auditing processes and lower monitoring costs.

Compliance with international financial reporting standards (IFRS) and the value relevance of accounting information in emerging stock markets : evidence from Kuwait

Since the 1960s, the value relevance of accounting information has been an important topic in accounting research. The value relevance research provides evidence as to whether accounting numbers relate to corporate value in a predicted manner (Beaver, 2002). Such research is not only important for investors but also provides useful insights into accounting reporting effectiveness for standard setters and other users. Both the quality of accounting standards used and the effectiveness associated with implementing these standards are fundamental prerequisites for high value relevance (Hellstrom, 2006). However, while the literature comprehensively documents the value relevance of accounting information in developed markets, little attention has been given to emerging markets where the quality of accounting standards and their enforcement are questionable. Moreover, there is currently no known research that explores the association between level of compliance with International Financial Reporting Standards (IFRS) and the value relevance of accounting information. Motivated by the lack of research on the value relevance of accounting information in emerging markets and the unique institutional setting in Kuwait, this study has three objectives. First, it investigates the extent of compliance with IFRS with respect to firms listed on the Kuwait Stock Exchange (KSE). Second, it examines the value relevance of accounting information produced by KSE-listed firms over the 1995 to 2006 period. The third objective links the first two and explores the association between the level of compliance with IFRS and the value relevance of accounting information to market participants. Since it is among the first countries to adopt IFRS, Kuwait provides an ideal setting in which to explore these objectives. In addition, the Kuwaiti accounting environment provides an interesting regulatory context in which each KSE-listed firm is required to appoint at least two external auditors from separate auditing firms. Based on the research objectives, five research questions (RQs) are addressed. RQ1 and RQ2 aim to determine the extent to which KSE-listed firms comply with IFRS and factors contributing to variations in compliance levels. These factors include firm attributes (firm age, leverage, size, profitability, liquidity), the number of brand name (Big-4) auditing firms auditing a firm’s financial statements, and industry categorization. RQ3 and RQ4 address the value relevance of IFRS-based financial statements to investors. RQ5 addresses whether the level of compliance with IFRS contributes to the value relevance of accounting information provided to investors. Based on the potential improvement in value relevance from adopting and complying with IFRS, it is predicted that the higher the level of compliance with IFRS, the greater the value relevance of book values and earnings. The research design of the study consists of two parts. First, in accordance with prior disclosure research, the level of compliance with mandatory IFRS is examined using a disclosure index. Second, the value relevance of financial statement information, specifically, earnings and book value, is examined empirically using two valuation models: price and returns models. The combined empirical evidence that results from the application of both models provides comprehensive insights into value relevance of accounting information in an emerging market setting. Consistent with expectations, the results show the average level of compliance with IFRS mandatory disclosures for all KSE-listed firms in 2006 was 72.6 percent; thus, indicating KSE-listed firms generally did not fully comply with all requirements. Significant variations in the extent of compliance are observed among firms and across accounting standards. As predicted, older, highly leveraged, larger, and profitable KSE-listed firms are more likely to comply with IFRS required disclosures. Interestingly, significant differences in the level of compliance are observed across the three possible auditor combinations of two Big-4, two non-Big 4, and mixed audit firm types. The results for the price and returns models provide evidence that earnings and book values are significant factors in the valuation of KSE-listed firms during the 1995 to 2006 period. However, the results show that the value relevance of earnings and book values decreased significantly during that period, suggesting that investors rely less on financial statements, possibly due to the increase in the available non-financial statement sources. Notwithstanding this decline, a significant association is observed between the level of compliance with IFRS and the value relevance of earnings and book value to KSE investors. The findings make several important contributions. First, they raise concerns about the effectiveness of the regulatory body that oversees compliance with IFRS in Kuwait. Second, they challenge the effectiveness of the two-auditor requirement in promoting compliance with regulations as well as the associated cost-benefit of this requirement for firms. Third, they provide the first known empirical evidence linking the level of IFRS compliance with the value relevance of financial statement information. Finally, the findings are relevant for standard setters and for their current review of KSE regulations. In particular, they highlight the importance of establishing and maintaining adequate monitoring and enforcement mechanisms to ensure compliance with accounting standards. In addition, the finding that stricter compliance with IFRS improves the value relevance of accounting information highlights the importance of full compliance with IFRS and not just mere adoption.

Detecting collusive fraud in enterprise resource planning systems

In today's technological age, fraud has become more complicated, and increasingly more difficult to detect, especially when it is collusive in nature. Different fraud surveys showed that the median loss from collusive fraud is much greater than fraud perpetrated by a single person. Despite its prevalence and potentially devastating effects, collusion is commonly overlooked as an organizational risk. Internal auditors often fail to proactively consider collusion in their fraud assessment and detection efforts. In this paper, we consider fraud scenarios with collusion. We present six potentially collusive fraudulent behaviors and show their detection process in an ERP system. We have enhanced our fraud detection framework to utilize aggregation of different sources of logs in order to detect communication and have further enhanced it to render it system-agnostic thus achieving portability and making it generally applicable to all ERP systems.

Regulatory responses to auditor independence dilemmas – who takes the stronger line?

A key part of corporate governance reforms in Australia, as represented by CLERP 9, addresses concerns over the audit function and the role of independent auditors in monitoring managers and providing useful information to stakeholders about the financial position of the company. In comparing the regulatory responses to auditor independence dilemmas, there have been claims that CLERP 9 is less ‘stringent’ than the reforms imposed by the Sarbanes Oxley Act in the US. This paper looks at three particular situations that have been the subject of recent reform to strengthen independence: the mandatory rotation of auditors, recruitment of former auditors as board members, and provision of non-audit services to clients. In each case, we compare the similarities and differences of the regulatory response between Australia and US, to distil the efficacy of the CLERP 9 approach.