Advanced Auditing - Week 3, 4 en 5

Assurance engagement

1. Three seperate parties

2. Subject matter to audit

3. Criteria to evaluate against it

4. Sufficient and appropriate evidence

5. Written report with the auditor’s conclusions

4 phases of an audit

1. Acceptance - Johnstone & Bedard (2003)

=> Should we take this client?

2. Understanding and risk analysis

=> What are the risks of this specific client?

3. Executing the audit plan - Sherwood (2025)

=> Doing the actual audit work

4. Completing & reporting - Reid, et al (2019)

Why auditing standards?

1. Guideline for the auditor

2. Legal reason (they cannot be sued under the negligence law if they can prove they followed the standards)

Testing management assertions - income statement

1. Occurrence

2. Completeness

3. Accuracy

4. Cutoff

5. Classification

6. Presentation

Testing management assertions - balance sheet

1. Existence

2. Rights and obligations

3. Completeness

4. Accuracy

5. Valuation

6. Classification

7. Presentation

The audit risk model

Audit Risk = IR × CR × DR

Audit Risk = IR × CR × DR

IR = inherent risk

CR = control risk

DR = detection risk

==> always non zero

Audit opinion categories

1. Unqualified opinion

2. Unqualified opinion with emphasis of matter

3. Qualified opinion

4. Adverse opinion

5. Disclaimer of opinion

3 types of risk - Johnstone 2003

1. Audit risk

2. Client business risk

3. Auditor business risk

Strategies for acceptance risk

1. Assigning specialist personnel

=> mitigates risk through lower error en fraud, But they cannot save a financially dying company (client business risk) and cannot shield the firm from public scandal if a publicly traded client collapses (auditor business risk).

2. Higher billing rates

=> accepts the risk and ask for compensation. Charging more does not make the team better at finding problems — it cannot mitigate audit risk.

Paper completing and reporting Reid, et al 2019

KAM (uk reform that extends the report)

Three measures

Abnormal accruals (decrease)

Earnings risk management (decrease)

Meeting and just beating the analyst forecast (decrease)

=> Can be driven by two types of mechanisms

1. Threat of disclosure

2. Increased auditor accountability

==> Conclusion: All measures decrease, so quality increases. This is driven mostly by mechanism 1, because there is no increase in costs.

Professional skepticism

Indicated by auditor judgment and decisions that a reflect a heightened assessment of risk that an assertion is incorrect, conditional on the information available

Skeptical judgment

Noticing that a potential problem exists

Skeptical action

Actually doing something about it

1. Informing the manager

2. Requesting additional docs

3. Adding audit hours

4. Seeking a second opinion

4 determinants of PS - Nelson 2009

1. Knowledge

2. Incentives

3. Evidence

4. Traits

PS gap between judgment and action - Nelson 2009

1. Incentive to stay silent

2. Trait suppresses action

3. Knowledge gap

How to improve PS? - Nelson 2009

1. Hiring and training

2. Evaluation and rewarding

3. Safe channels and strong culture

Outcome effect and PS - Brazel, et al 2016

The outcome effect is when people judge a decision based on the result even if the decision was perfectly reasonable at the time.

Brazel et al, 2016

Method: same decision different outcome ==> performance as a dependent variable

Performance was rated worse when outcome was that there was nothing found after flagging. Consultation did not fix it, and made it even worse in some situtations as it seemed that the auditor was trying to shift the blame.

CONCLUSION: Underinvestigating, the auditor will only investigate and flag something when they are absolutely sure they will find something, because other wise it will be seen as waste of time and making the client unhappy.

Theory of planned behaviour - Hardies,et al 2025

Your actions are driven by intentions

Intention comes from 3 things

1. attitudes

2. Subjective norms

3. Perceived control

Findings firm level paper Hardies, 2025

Firm level

Firms professional orientation

=> if the culture is doing the right thing auditors are more skeptical

Firm quality control system

Individual accountability

Findings client and auditor level - Hardies 2025

Client => client identification

Auditory:

These all predict more skeptical action:

• Trait skepticism

• Moral courage

• Motivation to perform well

• Audit knowledge

• Industry expertise

Fraud triangle

1. Incentive and pressure ==> inherent risk

2. Opportunity ==> control risk

3. Attitude or rationalization ==> inherent risk

Control are limited when it comes to fraud

1. Human judgment is biased

2. Human error

3. Collusion

4. Management override

5. External factors

Anti fraud measures examples

1. Job rotation

2. Mandatory vacation policies

3. SOD

4. Surprise audits

5. Whistleblower hotline

ANTI fraud measures

1. The fraudulent act

2. Concealement

3. Conversion

Most common fraud techniques

Improper revenue recognition: 61% of cases — example: channel stuffing (booking sales

before they are real)

• Overstatement of assets: 51%

• Understatement of expenses or liabilities: 31%

• Misappropriation of assets: 14%

Targeted risk assessment (TRA)

1. Identifying fraud schemes specific for the industry, business model and environment

2. Likelihood that the scheme could be executed and completed

3. Identify the weakest point in the control environment.

Channel stuffing

side agreements with suppliers and customers that are withheld from

auditors

6 motives for fraud - Andon and free 2025

Justification

1. Incosequnetiality motive

2. Permission motive

3. Unfair treatment

Excuses

1. Personal

2. Appeasement

3. Addiction

Paper alternative risk assessment - asare & wright

Fraud is rare, SALY heuristics, anchoring and decion aids create an illusion of control

Research:

Checklist vs no checklist

Standards vs zero based

The use of checklists and standards reduce the fraud risk assessment effectiveness because they encourage mechanical thinking