Download as pdf or txt
Download as pdf or txt
You are on page 1of 13

Accounting Horizons

Vol. 18, No. 3


September 2004
pp. 173-184

Using Game Theory and Strategic Reasoning


Concepts to Prevent and Detect Fraud
T. Jeffrey Wilks and Mark F. Zimbelman
SYNOPSIS: This commentary examines academic research that can assist auditors in
detecting and preventing fraudulent financial reporting. We review theoretical and em-
pirical research from game theory, social psychology, judgment and decision making,
and auditing to identify improvements in audit practice and promising areas for future
research. This review focuses on the strategic fraud setting and suggests modifications
in auditing standards that should facilitate auditors' use of strategic reasoning in this
setting. We emphasize three critical audit tasks—^fraud risk assessment, audit planning,
and audit plan implementation—and recommend changes to current auditing standards
and identify potential research questions for each task.

Keywords: audit judgment; audit planning; fraud; game theory; risk assessment;
strategic reasoning.

INTRODUCTION

T
his commentary reviews academic research from several disciplines for insights regarding
how auditing standards and audit research can assist auditors in detecting and deterring
fraudulent financial reporting (hereafter fraud). Reducing and detecting fraud is a high prior-
ity in the audit profession as witnessed by recent regulations intended to improve auditors' ability to
detect fraud, such as SAS No. 99, and the oft-cited notion that actions taken to reduce the prospect of
fraud should dampen stock market volatility {Wall Street Journal 2002). We believe it will become
an even higher priority in the tuture. Some leaders in the profession argue that unintentional financial
statement error will diminish because of technology and that future demand for audits will depend
largely on their ability to detect or deter fraud (Elliott 2002). Accordingly, improving fraud detection
and deterrence may be critical for the viability of the audit profession.
We believe that auditing standards must compensate for auditors'judgment limitations to effec-
tively detect and deter fraud. Therefore, we encourage standards that explicitly recognize the strate-
gic nature of fraud and that help auditors effectively reason in the fraud setting. Our review focuses
on assisting auditors in performing three key tasks—fraud risk assessment, audit planning, and audit
plan implementation—and suggests four main findings and recommendations:
T. Jeffrey Wilks is an Assistant Professor and Mark F. Zimbelman is an Associate Professor, both at
Brigham Young University.
We are thankful for input on a prior version of this commentary from participants at the 2002 Deloitte & Touche/University
of Kansas Symposium on Auditing Problems. We also appreciate the comments and suggestions of our three anonymous
reviewers and Ella Mae Matsumura.

Editor's note: Jim Largay served as the editor of this manuscript.


Submitted: June 2002
Accepted: May 2004
Corresponding author: Mark F. Zimbelman
Email: mz@byu.edu

173
174 Wilks and Zimbelman

• Current fraud checklists may inhibit auditors' ability to predict fraud. We recommend that auditors
structure their fraud risk assessments to facilitate effective predictions and provide ideas on doing so.
• Because the auditee can manipulate some fraud cues, audit planning should emphasize that these
cues must be cautiously relied on when assessing fraud risk.
• Because audit procedures are generally quite predictable, audit plans should vary the timing, type,
and randomness of audit tests.
• Audit policy should encourage frequent updates of fraud judgments.

THE FRAUD SETTING


Careful distinction between the fraud setting and other audit settings facilitates our analysis of
prior research findings and observations of the practice environment. Unintentional nonfraudulent
financial statement errors are static in that their incidence is unaffected by the anticipated audit. But
fraud is intentional and strategic such that its incidence is affected by the anticipated audit. Bloomfield
(1997) argues that interdependence between the behavior of the auditor and the auditee characterizes
this intentional/strategic setting. Not surprisingly, fraud detection research suggests that audit risk is
misspecified when auditors ignore this interdependence (Fellingham and Newman 1985; Shibano 1990).
The analytic methods that incorporate strategic interdependence rely largely on game theory,
which seeks to predict behavior based on a player's best response given the player's motivations as
well as the anticipated actions of the opponent(s). Although experienced auditors often consider the
strategic implications of fraud in their audit plans, research suggests that audit standards and practice
aids inhibit this process.
Understanding the boundaries of game theory is important for determining how audit standards
might facilitate auditors' consideration of strategic behavior. For example, predicting an auditee's
response to anticipated auditor behavior is very difficult. Consider Morgenstem's (1935/1976)
example whereby Sherlock Holmes leaves London's Victoria Station for Dover, pursued by his
opponent, Moriarity. Holmes gets off when the train stops at an intermediate station, because he
correctly anticipated that Moriarity has taken a faster train to trap him in Dover. If Moriarity had
been more clever, then he also would have stopped at the intermediate station. But, if Moriarity was
that clever, then Holmes would have anticipated this and gone on to Dover, and so on. Morgenstem
(193 5/1976,174) states, "Because of so much thinking, they might not have been able to act at all or
the intellectually weaker of the two would have surrendered to the other."
In this simple example, Moriarity would have escaped if he correctly anticipated what Holmes
knew—a concept known as "common knowledge" (Sunder 2002). Sunder (2002, 313) discusses
how the concept of common knowledge applies to auditing and notes that this concept has "barely
been touched" in the field of auditing. While most researchers agree that determining prior knowl-
edge is difficult, audit standards should attempt to facilitate the thinking required to predict an
auditee's response. We refer to the auditor's ability to anticipate the auditee's response to auditor
choices as "strategic reasoning." Important empirical questions include how and to what extent
individuals engage in such reasoning (Camerer 1990, 1997). Exploring prior research can help
clarify how audit standards might facilitate such judgments.

Levels of Strategic Reasoning


Auditing research specifies different levels of strategic reasoning. Zimbelman and Waller (1999)
define reasoning that is not strategic as zero-order reasoning and specify two levels of strategic
reasoning: first- and higher-order. Zero-order reasoning means players only consider conditions that
directly affect them but not others. The audit risk model and single-person decision theory imply
zero-order reasoning. When engaged in zero-order reasoning, the auditor simply considers his own
incentives, such as audit fees, sampling costs, and penalties. The auditor assesses misstatement risk
assuming auditee behavior is not affected by the audit procedures used and performs the audit to

Accounting Horizons, September 2004


Using Game Theory and Strategic Reasoning Concepts to Prevent and Detect Fraud 175

maximize the cost-benefit trade-off. If auditee behavior is not affected by the audit, which seems
unlikely whenfraudrisk is present, then zero-order reasoning is optimal (Fellingham and Newman 1985).
In contrast, first-order strategic reasoning means that the auditor considers conditions that
directly affect the auditee. Now auditors assume that auditees use zero-order reasoning and develop
audit plans that consider the auditee's incentives. For example, when an auditee has incentives to
conceal information, the auditor modifies the audit plan to detect the concealment. However, when
assessing fraud risk, the auditor does not consider whether the auditee has anticipated the auditor's
behavior. Because the auditor does not consider how the audit plan might impact management's
behavior, the auditor will likely use standard approaches familiar to management.
Higher-order strategic reasoning means that the auditor considers additional, potentially infi-
nite, layers of complexity, including how management may anticipate the auditor's behavior. For
example, management initially uses first-order reasoning to consider how a condition facing the
auditor, who uses zero-order reasoning, affects the auditor's standard tests, perhaps by adjusting
sample sizes. However, an auditor using higher-order reasoning may adjust the audit plan by intro-
ducing nonstandard procedures that anticipate management's decision induced by the condition
facing the auditor. Many researchers believe that this reasoning is, at least, unnatural and difficult;
only a handful of auditing studies examine this issue.

Auditing Studies on Strategic Reasoning


Bloomfield (1995,72) argues that strategic reasoning is challenging because of strategic depen-
dence: "the degree to which a change in the auditor's expectation of the manager's action affects the
manager's action." Strategic dependence is greatest when each player's best response changes dra-
matically based on the expected best response of the other player. Bloomfield (1997) collects
empirical data and concludes that both auditor and auditee have difficulty predicting each other's
best response when strategic dependence is high.
Zimbelman and Waller (1999) also examine strategic reasoning, finding that after repeated trials
in an experimental audit game, auditees are infiuenced by a condition that directly infiuences the
auditor—suggesting first-order strategic reasoning takes place. This study illustrates the difficulty of
determining the level of strategic reasoning involved in judgment. For example, the authors must
assume that higher-order reasoning is unlikely when generating and testing their predictions. Also,
because of the practical problems of using practicing auditors or managers to engage in a fraud study
such as this, Bloomfield (1997) and Zimbelman and Waller (1999) rely on college-level accounting
students' judgments for empirical data.
Limitations aside, important policy implications can come from behavioral game theory re-
search. Given that current audit standards based on the audit risk model fail to consider the strategic
interdependence of the auditor and auditee, we recommend that such standards identify processes
based on strategic reasoning (cf., Kinney 1988). Although we do not expect audit standards to
formally incorporate game theory, we believe that standards based on careful consideration of the
game-theoretic setting can encourage strategic reasoning and lead to significant improvements in
fraud detection and deterrence. Below, we describe how such efforts at strategic reasoning might
improve auditors' ability to detect and deter fraud and recommend audit practices that are designed
to facilitate such reasoning.

FRAUD RISK ASSESSMENT


Cognitive Challenges with Processing Fraud Cues
For many years, audit standards kept the auditor focused on red fiag cues for predicting fraud.
SAS Nos. 53 (AICPA 1988), 82 (AICPA 1997), and 99 (AICPA 2002) all contain extensive lists of
fraud risk cues. These standards led auditors to develop checklists that ensure each cue is considered

Accounting Horizons, September 2004


176 fVilks and Zimbelman

(Shelton et al. 2001). The checklists assume first-order reasoning and alert auditors to management's
attitudes, incentives, or opportunities, but fail to consider how management could manipulate the
cues on the checklists. This failure to consider management's response prevents auditors from
designing procedures that management does not anticipate. For instance, when using subsequent
receipts to verify the validity of a receivable, the auditor may go beyond the standard procedure and
obtain additional information that ensures that the source of funds was not a related party. Designing
such "unanticipated" procedures will challenge auditors because existing procedures are viewed as
best practices that, at least in part, reflect the limitations of auditor cognition. But if auditors do not
engage in strategic reasoning, they will overlook opportunities to surprise the auditee by being
unpredictable in the nature, timing, or extent of audit procedures.
Pincus (1989) and Asare and Wright (2004) studied the effects of fraud checklists on risk
assessments. These studies used an actual fraud case that varied fraud checklist usage between
participants. Results indicate that auditors who use checklists are less sensitive to fraud than auditors
who do not use checklists. Asare and Wright (2004) suggest that this occurs because a checklist not
organized around an intuitive framework, such as the fraud risk model, keeps auditors from develop-
ing a "coherent story" when assessing fraud risk. They argue that checklist use results in reduced
cognitive processing. We conclude that these studies suggest that checklist use prevents auditors
from reasoning strategically. Although the cues in a fraud checklist may help auditors engage in first-
order reasoning, auditors' cognitive limitations make it difficult for them to put themselves in the
shoes of the auditee when simply reviewing a list of cues.

Fraud Checklists, the "Dilution Effect," and Strategic Reasoning


Research on the "dilution effect" in fraud risk assessments demonstrates other manifestations of
auditors' cognitive limitations. The dilution effect occurs when people rely too much on cues that are
irrelevant to the judgment at hand and too little on relevant cues (Nisbett et al. 1981). Thus, a cue list
that contains irrelevant cues impairs auditors' ability to appropriately consider relevant cues. Three
audit risk assessment studies report this effect. Hackenbrack (1992) presented two groups of auditors
with two sets of information. One group reviewed irrelevant information before reviewing relevant
information pertaining to fraud risk. The other group reviewed only the relevant information. Results
indicate that auditors who reviewed irrelevant information made less extreme fraud risk assessments
than auditors who reviewed relevant information. Hoffinan and Patton (1997) reported similar
results. Finally, Waller and Zimbehnan (2003) use archival data to provide evidence that the dilution
effect exists in auditors' field judgments. They also find that the dilution effect reduces the accuracy
of practicing auditors' risk judgments. We believe that fraud checklists can be structured to facilitate
strategic reasoning and increase this accuracy.
The above research suggests that fraud checklists inhibit auditors from reasoning strategically.
Assuming audit firms benefit from using fraud checklists,' one may ask whether checklists can be
designed to facilitate strategic reasoning. Fraud theory provides a potential solution. Fraud is be-
lieved to result from the interaction of three factors—incentive, opportunity, and attitude (Albrecht et
al. 1995; Loebbecke et al. 1989)—known as the fraud triangle:
• Incentive results from a perceived benefit from committing fraud such as accounting-based bo-
nuses or stock options.
• Opportunity results from working conditions, including control deficiencies and/or management
override, that result in circumstances allowing fraud to occur.
• Attitude involves the propensity of the individual to rationalize the fraud, perhaps because the
individual feels underpaid or underappreciated.
' It appears that the major audit firms all follow a relatively structured approach in this area (Shelton et al. 2001), perhaps
due to benefits that firms perceive from using such structure. For example, frauds tend to have predictable similarities as
reviews of SEC cases suggest that most frauds result from revenue overstatement. Also, firms utilize inexperienced staff
and rely on structure as a quality control mechanism. Finally, legal liability may also drive the use of structure.

Accounting Horizons, September 2004


Using Game Theory and Strategic Reasoning Concepts to Prevent and Detect Fraud 177

We believe that if fraud checklists incorporate this theory, auditors should be better able to process
fraud cues. Moreover, if upfront categorization of fraud cues according to incentives, opportunities,
and attitude requires less effort in cue processing, auditors may use their additional cognitive capac-
ity to reason strategically about how management will behave.

Decomposition, Attribution, and Strategic Reasoning


A recommendation to improve judgment accuracy is to decompose a decision into component
decisions, separately consider each component, and then recombine the components to make the
global decision (Raiffa 1968). Referred to as decomposition, this process is thought to improve
decisions for several reasons. Research suggests that decomposition leads decision makers to modify
their information search. Studies find that individuals who decompose a decision process cues
normally overlooked or underweighted when the decision is not decomposed (Jiambalvo and Waller
1984). For example, Zimbelman (1997) found that practicing auditors used more time reading and
processing information on fraud cues when required to decompose risk assessments into separate
assessments of fraud and error.
SAS No. 99 takes a step toward decomposing fraud judgments as it categorizes fraud cues using
the fraud triangle. While such categorization may help auditors think more broadly about fraud risk
factors, research suggests that frirther gains in auditors' sensitivity result from requiring separate
component risk assessments for each dimension of the fraud triangle. Thus, if auditors are required to
separately evaluate the fraud risk due to each fraud-triangle component, then auditors may be better
able to assimilate the cues, and focus more on cues that are naturally underweighted (Jones 1990;
Heiman-Hoffrnan et al. 1996).
Although an auditor may sense that management has high ethical values leading to low fraud
risk due to attitude, practitioners fear that focusing on low-risk attitude cues causes auditors to
erroneously assess fraud risk as too low when opportunity and incentive risks are high (Jonas 2001;
SAS No. 99). Wilks and Zimbelman (2004) explore the effects of a fraud-triangle decomposition on
auditors' sensitivity to opportunity and incentive cues when management's attitude suggests low
fraud risk. This study provides evidence that auditors who first decompose fraud risk assessments
into component assessments of attitude, opportunity, and incentive risks are more sensitive to the
opportunity and incentive cues. However, this effect appears to work only when opportunity and
incentive cues suggest low fraud risk. Because decomposition makes auditors' fraud risk assess-
ments lower in the low-risk case while making no difference in the high-risk case, a decomposition
that requires separate assessments for all three components of the fraud triangle probably will not
increase auditors' effectiveness, but may help them become more efficient.
Strategic reasoning can also help auditors make better fraud risk assessments. For example,
auditors could begin their assessments by considering whether opportunity and incentive cues sug-
gest other than low fraud risk. When these cues signal other than low fraud risk, auditors should look
for attitude cues that point in the same direction. Auditing standards that govern fraud risk assess-
ments should explicitly address auditees' ability to manipulate cues in order to influence auditors'
perceptions of fraud risk. We encourage fiiture research that examines these issues.

The Reliability of Fraud Cues


The strategic nature of fraud settings suggests that auditors consider the auditee's ability to
manipulate fraud cues. Risk assessment standards could encourage first- or higher-order strategic
reasoning by requiring auditors to identify all the cues that suggest low fraud risk and evaluate the
ways management may be manipulating the auditor's perception of fraud risk. We surveyed practic-
ing auditors to identify the categories of cues they consider to be most susceptible to management
concealment. We find that auditors generally agree that attitude cues are most easily concealed.

Accounting Horizons, September 2004


178 IVilks and Zimbelman

followed by opportunity cues. Therefore, cues that suggest low fraud risk and that can be manipu-
lated by management should not be relied on for assessing fraud risk. We recommend a risk assess-
ment policy that encourages strategic reasoning by prompting auditors to consider management's
ability to conceal fraud risk information. Future research should help determine the best means to
facilitate such reasoning.

PLANNING EFFECTIVE FRAUD TESTS


Varying the Nature, Timing, and Extent of Audit Plans
Current audit theory and practice require auditors to assess misstatement risks and to adjust
detection risk accordingly. Adjustments to detection risk can involve changes to the nature, timing,
or extent of audit tests and in staffing and supervising the audit. Our use of the terms "nature" and
"extent" involve the/orw of evidence collected to test an assertion and the sample size being tested,
respectively. Thus, a procedure that differs in the nature of the evidence involves testing a given
sample using a different form of evidence, such as analytical procedures, confirmations, or docu-
mentation. Because the sample is the same, extent is held constant.
An auditor tests a given assertion by collecting a set of facts. A given set of facts can include
documents, confirmations, examinations, observations, analytical relationships, inquiries, and so on.
Variation in the nature of the audit plan leads to differences in the composition of the set of facts.
Note that the nature of evidence from internal documents differs from, and is generally considered
less reliable than, the nature of evidence from outsiders' representations.
Audit standards require some specific procedures on all audits to minimize certain audit risks.
For example, auditors must confirm accounts receivable and physically examine inventory to detect
frauds that would otherwise be concealed. Although the objective of these procedures is to eliminate
future audit failures, one result is that a manager who is aware of these standard procedures can
design a fraud that will not be detected by the procedures. Thus, auditors should respond to fraud risk
by engaging in strategic reasoning and planning procedures that the auditee cannot predict.

Predictability as a Function of the Nature, Timing, or Extent of Evidence


Frauds can go undetected when the audit plan is too predictable. The predictability of audit tests
can be varied by changing the nature, timing, or extent of the evidence collected during the audit.
Although procedures such as confirming receivables are mandatory on all audits, the nature of the
procedures can be modified to limit the auditee's means of concealment. For example, when examin-
ing subsequent receipts for accounts receivable confirmations not returned, the auditor may use
unexpected forms of evidence to verify the source of funds. An auditor who is concerned about fraud
and suspects that funds shown on a bank deposit are from a related party instead of an independent
customer can go beyond normal audit procedures to determine the original source of funds. Simi-
larly, an auditor observing inventory could verify existence by requiring the client to open boxes that
are difficult to access. Procedures such as this can effectively detect or deter fraud if the client sees
that the auditor regularly modifies the nature of the evidence collected in ways that are unexpected or
unusual.
The timing of the evidence refers to when each fact is observed or collected, perhaps during the
year or at year-end. Finally, the extent of the evidence refers to the sample size or proportion of
the population of possible evidence items collected. Surprising the client by doing unannounced test
counts of inventory is considered a change in timing. Similarly, varying sample size may be effective,
especially when past scope limitations allowed the client to hide numerous small misstatements that
collectively comprise a material misstatement. In such a situation the auditor should use technology
or analytical procedures to test the entire population.

Accounting Horizons. September 2004


Using Game Theory and Strategic Reasoning Concepts to Prevent and Detect Fraud 179

The Nature of Audit Evidence and Fraud Detection


Some auditing research suggests that audit policy should encourage auditors to modify the
nature or timing of audit tests (Fellingham and Newman 1985; Nieschwietz et al. 2000). But archival
and experimental research indicates that practicing auditors plan to collect the same evidence items
from year to year, thereby holding the nature of their evidence constant (Bedard 1989; Glover et al.
2003). Additionally, fraud studies fmd that requiring auditors to explicitly assess fraud risk results in
changes to the extent but not the nature of planned evidence (Zimbelman 1997; Glover et al. 2003).
Numerous other studies report similar results in risk settings other than fraud (Bedard et al. 1999).
There are several reasons why auditors do not oflen vary the nature of their audit plans in the
face of increased fraud risk. One reason is that auditors do not have a vast array of new or unique
evidence items to choose from. Even so, research suggests that auditors fail to vary the mix of
standard procedures that differ in their nature as well as their perceived potential for fraud detection.
This fmding is troubling since modifying the extent of evidence is less likely to be effective in a
strategic setting than modifying the nature of evidence. Thus, if audit plans vary only in terms of the
extent of the evidence collected, then auditees can predict the nature of the audit evidence, stay under
the radar screen, and conceal a fraud.
Another explanation for the lack of variability in the nature of audit plans is that auditors find it
difficult to assess the effectiveness of various audit tests at detecting fraud. Glover et al. (2003)
collect evidence on highly experienced fraud experts' perceptions regarding the effectiveness of
standard audit procedures at detecting receivables fraud. The participating partners had an average
of over 25 years of experience and were deemed to be top fraud-audit experts by their firm. Using
standard procedures found in the audit literature. Glover et al. (2003) report significant variation in
these experts' perceptions of effectiveness. This finding could be explained in at least two ways.
First, auditors' lack sufficient understanding of the effectiveness of various audit tests at detecting
fraud to allow for consensus on this task. Second, auditors could have difficulty selecting among the
audit procedures because the various schemes for perpetrating receivables fraud make selecting a
few procedures problematic. This latter possibility suggests an important role for strategic reasoning
in designing procedures that are responsive to the circumstances of the auditee.

Increasing Variability in the Nature of Audit Evidence


We believe that requiring auditors to reflect on how they might prevent management from
concealing a fraud from planned audit evidence is likely to promote effective variation in the nature
of the evidence. Also, audit standards could require auditors to develop their audit strategy indepen-
dently of prior or standard procedures whenever fraud risk exists. To effectively do so, experienced
auditors such as audit managers likely need to be involved. Effective standards should be aimed at
encouraging strategic reasoning leading to more audit plans that consider how an auditee may be
concealing a fraud from standard procedures. The standard program could be used as a decision aid
to ensure completeness once the audit team develops key procedures aimed at areas of the audit
where fraud risk exists. At any rate, identifying and developing effective methods for getting auditors
to go beyond the standard audit programs and typical audit procedures should be pursued in future
research.

Standard Audit Programs and Strategic Reasoning


On a closely related theme, Asare and Wright (2004) examine how standard audit programs
affect audit-planning decisions for detecting fraud. In their study, practicing auditors reviewed an
actual audit case involving fraud, assessed fraud risk, and designed appropriate audit tests. As
expected, those auditors given a standard audit program generated fewer audit tests aimed at the
specific fraud scenario than auditors who did not use a standard audit program. This finding suggests

Accounting Horizons, September 2004


180 miks and Zimbelman

that standard audit programs inhibit auditors' ability to engage in strategic reasoning to select
effective procedures for fraud detection. Thus, audit standards should consider eliminating auditors'
use of standard audit programs for purposes of fraud detection.
Recent audit standards are evolving in a way that could facilitate strategic reasoning among
audit team members. For example, SAS No. 99 states that "members of the audit team should discuss
the potential for material misstatement due to fraud" (AICPA 2002, para. 14), implying an interactive
group discussion. One area of research relevant to this group "brainstorming" session is the decision-
making research on "groupthink" (Janis 1972). This research stream reports that many conditions
affect whether group communication sessions generate effective insights. For example, social pres-
sures in a group setting can be very influential to the outcome.
Group dynamics aside, we believe policymakers should require auditors to engage in strategic
reasoning that focuses on these two issues:
• Considering how the auditee may commit material fraud;
• Determining how management could conceal a fraud from the auditor.
Thus, audit standards should require processes that lead to the design of unpredictable audit ap-
proaches in any audit seeking to detect and deter fraud.

Training, Expertise, and Strategic Reasoning


Understanding the client's environment and business model is critical to designing unpredict-
able audit approaches. Moreover, a thorough understanding of the client's environment and business
risks significantly increases the auditor's ability to engage in strategic reasoning. Recent revisions in
audit methodology (Bell et al. 1997; Lemon et al. 2000) may enhance auditors' ability to detect fraud
by increasing their understanding of the competitive, economic, and regulatory forces affecting
clients' business risks and opportunities. This knowledge should aid in understanding the economics
underlying clients' transactions, and may be crucial for detecting fraud (Erickson et al. 2000).
However, Eilifsen et al. (2001) note that while a business risk audit approach may lead to a better
understanding of fraud conditions and pressures, there is potential for reduced fraud detection due to
less transaction testing. More research is needed to assess the effects of business risk audit methods
on strategic reasoning during fraud risk assessment, audit-planning decisions, and fraud detection.
The complexity inherent in fraud-related decision contexts may require bringing greater general
expertise to the audit. While research in this area is sparse, some findings suggest that more experi-
enced auditors are better at discovering fraud when performing analytical procedures (Knapp and
Knapp 2001). One area of expertise not yet studied is that of specific fraud training and experience.
Many firms employ Certified Fraud Examiners (CFEs) to perform forensic accounting and fraud
investigation services. Engaging these individuals early may help the audit team in strategic reason-
ing exercises aimed at identifying potential fraud schemes and developing procedures to detect such
schemes. Also, these professionals are trained to recognize verbal and nonverbal indicants of decep-
tion, a potentially effective tool for financial statement auditors (Wells 1992). Perhaps auditors can
use CFE expertise to more effectively implement SAS No. 99's interviewing requirements. Future
research should be aimed at determining how such expertise can improve auditors' fraud detection.

IMPLEMENTING THE AUDIT PLAN


Learning during the Audit
One theme in behavioral game theory is the need for individuals to learn about their opponent's
strategies through immediate, repeated feedback (Camerer 1990). Participants who are given the
opportunity to learn from repeated trials at a game will adjust to their opponent's strategies and
psychological biases. Thus, favorable conditions for learning are more likely to result in an optimal
solution than poor conditions for learning (Camerer 1997; Zimbelman and Waller 1999).

Accounting Horizons, September 2004


Using Game Theory and Strategic Reasoning Concepts to Prevent and Detect Fraud 181

Because auditors rarely get timely feedback, the audit environment is not generally considered
to be conducive to learning (Waller and Felix 1984). Given the importance of learning in strategic
settings, we believe audit standards should be designed to help auditors maximize all their opportu-
nities to learn. One potentially important opportunity for learning occurs when the auditor interacts
with client personnel. At times an auditor may sense that management is discouraging a specific audit
approach or is engaged in "legitimately" managing earnings. For example, management may lobby
for an aggressive accounting interpretation or engage the audit firm to assist in structuring transac-
tions that lack business purpose but help meet reporting objectives. Greater sensitivity to these
opportunities for learning could lead to more effective audits.
Another opportunity for feedback on efforts to manage earnings occurs when auditors detect
misstatements. When a misstatement is detected, the auditor should consider whether it is inten-
tional. Because determining intent is likely to be difficult (Jamal et al. 1995), the context of other
management actions relating to attempts to manage earnings may help to establish intent. The auditor
should therefore carefully note any attempts by management to manipulate accounting or auditing
results for current action or future reference.
In some cases, strategic actions by management may be difficult to detect because they are
dispersed throughout the organization and/or its accounting system. Reviewing the entire audit
team's interactions with management during the current and previous audits may help refine percep-
tions regarding management's strategic behavior. This becomes especially effective when it moti-
vates reconsidering the assessment of fraud risk during the audit or in the review stage. As auditors
discuss patterns of management behavior that suggest an attempt to manipulate the audit outcome,
they should engage in strategic reasoning and revisit the audit plan. The strategic reasoning should
again address the question of how management might conceal a fraud from the audit so that the
auditor can design unpredictability into the audit approach.

Anchoring on Prior Judgments


Decision-making predispositions may lead auditors to focus on their prior assessments of fraud
risk and not effectively learn from signals received during the audit. For example, Joyce and Biddle
(1981) report that auditors' fraud judgments are influenced by an initial anchor and Wilks (2002)
finds that auditors' cognition is influenced by the goals and motives of the decision maker. Anecdotal
evidence suggests that after performing pre-engagement acceptance procedures, auditors are un-
likely to change their beliefs that fraud risk is low. This initial "anchor" may be difficult to overcome,
especially when the auditor faces performance pressure to be efficient (Braun 2000). Some firms
give auditors "credit" for prior knowledge (Winograd et al. 2000) but, in the strategic setting, this
may cause auditors to overlook new fraud cues and enhance management's ability to predict auditor
behavior.
Research suggests that a prior belief is not likely to change even when new audit evidence
suggests that it should. Audit standards should therefore discourage auditors from anchoring on prior
fraud risk assessments or audit plans. For example, auditors could be required to document their
interactions with management after each area of an audit and how they considered the implications
that these interactions have on fraud risk. Another approach is to require rotations of audit personnel
to get a fresh perspective on the audit. Jamal et al. (1995) found that second-partner reviews were
more effective at detecting fraud when the partners continually viewed unexpected results as sugges-
tive of fraud. Audit standards designed to encourage a similar mindset among reviewing auditors
may prove effective at detecting fraud.

SUMMARY AND CONCLUDING REMARKS


This commentary uses a game theory perspective of the fraud setting to develop audit policy and
practice action steps intended to improve fraud detection and deterrence. Our overall recommendation

Accounting Horizons, September 2004


182 miks and Zimbelman

is that, because of the strategic nature of fraud, audit policymakers should replace standards that
inhibit auditors' strategic reasoning with standards that encourage strategic reasoning. In particular,
we offer findings and recommendations for three key tasks—fraud risk assessment, audit planning,
and audit plan implementation. Specific findings and recommendations related to fraud risk assess-
ment include:
• Auditors who use long lists of fraud cues and fraud checklists are inaccurate in their fraud-risk
assessments.
• Auditors generally overweight cues indicative of management's character even though these cues
are the most likely cues to be unreliable.
• Audit standards should be designed to persuade auditors to consider how management might
manipulate their perceptions of fraud cues.
Findings and recommendations related to audit planning are:
• Auditors should develop audit strategies that are unpredictable, especially with regard to the
nature of their evidence.
• Audit plans are more predictable and less effective at detecting fraud when auditors use proce-
dures based on prior audits or standard audit programs.
• Audit standards should require auditors to engage in strategic reasoning by considering the types
of fraud that management might perpetrate and how these frauds might be concealed from the
audit.
• The goal of audit standards should be to encourage auditors to gather new, unusual, or random
audit evidence not easily anticipated by management.
Finally, our findings and recommendations related to the implementation of the audit are:
• Learning from experience is critical to effectively performing in a strategic setting.
• Auditors are often insensitive to new evidence regarding fraud risk and can more effectively learn
from their interactions with the client.
• Audit standards can improve learning by requiring activities such as documenting and communi-
cating the nature of their interactions with management.
The current body of research suggests that implementing our suggestions will help auditors to
detect fraud by facilitating auditors' strategic reasoning. Although there is considerable fraud re-
search, additional research will help audit policymakers design effective and efficient methods of
detecting fraud. We also believe our suggestions will help deter fraud as auditees see auditors
becoming more effective at strategic reasoning. However, other fruitful areas for deterring or detect-
ing fraud are not addressed in this paper, such as stronger Boards of Directors and anonymous
employee communication methods. Nor do we discuss independence issues that can influence both
fraud detection and deterrence. We encourage additional research in these areas and audit standards
based on this research.
Finally, we acknowledge that the research we rely upon for our recommendations cannot fully
simulate the complex economic, legal, and regulatory environments that influence audit practices.
Some practices that basic research finds detrimental may have benefits overlooked by the research.
For example, audit structure elements like checklists may be necessary in the auditors' current legal
environment and may have significant quality control benefits in audit firms. Although we focus on
detecting and deterring fraud, we encourage standard setters to consider the impact of our recom-
mendations in the context of the entire audit environment. We also encourage research designed to
examine these issues under several methodologies to obtain both external and internal validity
(Waller and Zimbelman 2003).

Accounting Horizons, September 2004


Using Game Theory and Strategic Reasoning Concepts to Prevent and Detect Fraud 183

REFERENCES
Albrecht, W. S., G W. Wemz, and T. L. Williams. 1995. Fraud: Bringing Light to the Dark Side of Business.
New York, NY: McGraw-Hill.
American Institute of Certified Public Accountants (AICPA). 1988. Consideration of Fraud in a Financial
Statement Audit. Statement on Auditing Standards No. 53. New York: AICPA.
. 1997. Consideration of Fraud in a Financial Statement Audit. Statement on Auditing Standards No.
82. New York: AICPA.
-. 2002. Consideration of Fraud in a Financial Statement Audit. Statement on Auditing Standards No.
99. New York: AICPA.
Asare, S., and A. Wright. 2004. The eifectiveness of alternative risk assessment and program planning tools in
a fraud setting. Contemporary Accounting Research (Summer): 325-352.
Bedard, J. 1989. Archival investigation of audit program planning. Auditing: A Journal of Practice & Theory
(Fall): 57-71.
, T. Mock, and A. Wright. 1999. Evidential planning in auditing: A review of the empirical research.
Journal of Accounting Literature 18: 96-142.
Bell, T., F. Marrs, I. Solomon, and H. Thomas. 1997. Auditing Organizations Through a Strategic-Systems
Lens: The KPMG Business Measurement Process. Montvale, NJ: KPMG Peat Marwick LLP.
Bloomfield, R. J. 1995. Strategic dependence and inherent risk assessments. The Accounting Review 70: 7 1 -
90.
. 1997. Strategic dependence and the assessment of fraud risk: A laboratory study. The Accounting
Review 11: 5X1-52,%.
Braun, R. L. 2000. The effect of time pressure on auditor attention to qualitative aspects of misstatements
indicative of potential fraudulent financial reporting. Accounting, Organizations and Society 25: 243-
259.
Camerer, C. 1990. Behavioral game theory. In Insights in Decision Making: A Tribute to Hillel J. Einhorn,
edited by R. M. Hogarth. Chicago, IL: University of Chicago Press.
. 1997. Progress in behavioral game theory. Journal of Economic Perspectives (Fall): 167-188.
Eilifsen, A., W. R. Knechel, and P. Wallage. 2001. Application of the business risk audit model: A field study.
Accounting Horizons (September): 193-207.
Elliott, R. K. 2002. Twenty-first century assurance. Auditing: A Journal of Practice & Theory March: 139-146.
Erickson, M., B. W. Mayhew, and W. L. Felix. 2000. Why do audits fail? Evidence from Lincoln Savings and
Loan. Journal ofAccounting Research (Spring): 165-194.
Fellingham, J. C , and D. P. Newman. 1985. Strategic considerations in auditing. The Accounting Review
(October): 634-650.
Glover, S. M., D. F. Prawitt, J. J. Schultz, Jr., and M. F. Zimbelman. 2003. A comparison of audit planning
decisions in response to increased fraud risk: Before and afler SAS No. 82. Auditing: A Journal of
Practice & Theory (September): 237-251.
Hackenbrack, K. 1992. Implications of seemingly irrelevant evidence in audit judgment. Journal of Accounting
Research (Spring): 126-136.
Heiman-Hoffman, V. B., K. P. Morgan, and J. M. Patton. 1996. The warning signs of fraudulent financial
reporting. Journal of Accountancy (October): 75-77.
Hoffman, V. B., and J. M. Patton. 1997. Accountability, the dilution effect, and conservatism in auditors' fraud
judgments. Journal of Accounting Research (Fall): 227-238.
Jamal, K., P. E. Johnson, and R. G Berryman. 1995. Detecting framing eifects in financial statements. Contem-
porary Accounting Research 12: 85-105.
Janis, I. L. 1972. Victims of Groupthink. Boston, MA: Houghton Miftlin.
Jiambalvo, J., and W. Waller. 1984. Decomposition and assessments of audit risk. Auditing: A Journal of
Practice & Theory 3 (Spring): 80-88.
Jonas, G 2001. Remarks given at the American Accounting Association National Meeting, August 14, Atlanta,
Georgia.
Jones, E. E. 1990. Interpersonal Perception. New York, NY: W.H. Freeman and Co.
Joyce, E., and G Biddle. 1981. Anchoring and adjustment in probabilistic inference in auditing. Journal of
Accounting Research 19: 120—45.

Accounting Horizons, September 2004


184 tVilks and Zimbelman

Kinney, W. R. 1988. Attestation research opportunities: 1987. Contemporary Accounting Research (Spring):
416-425.
Knapp, C. A., and M. C. Knapp. 2001. The effects of experience and explicit fraud risk assessment in detecting
fraud with analytical procedures. Accounting, Organizations and Society 26: 25-37.
Lemon, W. M., K. W. Tatum, and W. S. Turley. 2000. Developments in the Audit Methodologies of Large
Accounting Firms. London, U.K.: Auditing Practices Board.
Loebbecke, J. K., M. M. Eining, and J. J. Wiilingham. 1989. Auditors' experience with material irregularities:
Frequency, nature, and detectability. Auditing: A Journal of Practice & Theory (Fall): 1-28.
Morgenstem, 0.1976; Perfect foresight and economic equilibrium. In Selected Writings ofOskarMorgenstern,
edited by A. Schotter, 169-183. New York, NY: New York University Press. Originally published in
1935.
Nieschwietz, R. J., J. J. Schultz, Jr., and M. F. Zimbelman. 2000. Empirical research on external auditors'
detection of financial statement fraud. Journal ofAccounting Literature 19; 190-246.
Nisbett, R. E., H. Zukier, and R. E. Lemley. 1981. The dilution effect: Nondiagnostic information weakens the
implications of diagnostic information. Cognitive Psychology (April): 248-277.
Pincus, K. 1989. The efficacy of a red flags questionnaire for assessing the possibility of fraud. Accounting,
Organizations and Society 14: 153-163.
Raiffa, H. 1968. Decision Analysis: Introductory Lectures on Choices under Uncertainty. Boston, MA: Addison-
Wesley.
Shelton, S. W., O. R. Whittington, and D. Landsittel. 2001. Auditing firms' fraud risk assessment practices.
Accounting Horizons (Maich): 19-33.
Shibano, T. 1990. Assessing audit risk from errors and irregularities. Journal of Accounting Research 28
(Supplement): 110-140.
Sunder, S. 2002. Knowing what others know: Common knowledge, accounting and capital markets. Account-
ing Horizons (December): 305-318.
fVall Street Journal. 2002. Accounting woes roil stock markets as nervous investors stampede exits. (January
30). Interactive Edition.
Waller, W. S., and W. F. Felix. 1984. The auditor and learning from experience: Some conjectures. Accounting,
Organizations and Society 9: 383-406.
, and M. F. Zimbelman. 2003. A cognitive footprint in archival data: Generalizing the dilution effect
fi-om laboratory to field settings. Organizational Behavior and Human Decision Processes (July): 254-
268.
Wells, J. T. 1992. Fraud assessment questioning. Internal Auditor (August): 24-29.
Wilks, T. J. 2002. Predecisional distortion of evidence as a consequence of real-time audit review. The Account-
ing Review (January): 51-72.
, and M. F. Zimbelman. 2004. Decomposition of fraud risk assessments and auditors' sensitivity to
fraud cues. Contemporary Accounting Research (forthcoming).
Winograd, B. N., J. S. Gerson, and B. L. Berlin. 2000. Audit practices of PricewaterhouseCoopers. Auditing: A
Journal of Practice & Theory (Fall): 175-182.
Zimbelman, M. F. 1997. The effects of SAS No. 82 on auditors' attention to fraud risk factors and audit
planning decisions. Journal of Accounting Research (Supplement): 75-97.
, and W. S. Waller. 1999. An experimental investigation of auditor-auditee interaction under ambiguity.
Journal of Accounting Research (Supplement): 135-155.

Accounting Horizons, September 2004

You might also like