Professional Documents
Culture Documents
32.AH04 3 Wilks
32.AH04 3 Wilks
Keywords: audit judgment; audit planning; fraud; game theory; risk assessment;
strategic reasoning.
INTRODUCTION
T
his commentary reviews academic research from several disciplines for insights regarding
how auditing standards and audit research can assist auditors in detecting and deterring
fraudulent financial reporting (hereafter fraud). Reducing and detecting fraud is a high prior-
ity in the audit profession as witnessed by recent regulations intended to improve auditors' ability to
detect fraud, such as SAS No. 99, and the oft-cited notion that actions taken to reduce the prospect of
fraud should dampen stock market volatility {Wall Street Journal 2002). We believe it will become
an even higher priority in the tuture. Some leaders in the profession argue that unintentional financial
statement error will diminish because of technology and that future demand for audits will depend
largely on their ability to detect or deter fraud (Elliott 2002). Accordingly, improving fraud detection
and deterrence may be critical for the viability of the audit profession.
We believe that auditing standards must compensate for auditors'judgment limitations to effec-
tively detect and deter fraud. Therefore, we encourage standards that explicitly recognize the strate-
gic nature of fraud and that help auditors effectively reason in the fraud setting. Our review focuses
on assisting auditors in performing three key tasks—fraud risk assessment, audit planning, and audit
plan implementation—and suggests four main findings and recommendations:
T. Jeffrey Wilks is an Assistant Professor and Mark F. Zimbelman is an Associate Professor, both at
Brigham Young University.
We are thankful for input on a prior version of this commentary from participants at the 2002 Deloitte & Touche/University
of Kansas Symposium on Auditing Problems. We also appreciate the comments and suggestions of our three anonymous
reviewers and Ella Mae Matsumura.
173
174 Wilks and Zimbelman
• Current fraud checklists may inhibit auditors' ability to predict fraud. We recommend that auditors
structure their fraud risk assessments to facilitate effective predictions and provide ideas on doing so.
• Because the auditee can manipulate some fraud cues, audit planning should emphasize that these
cues must be cautiously relied on when assessing fraud risk.
• Because audit procedures are generally quite predictable, audit plans should vary the timing, type,
and randomness of audit tests.
• Audit policy should encourage frequent updates of fraud judgments.
maximize the cost-benefit trade-off. If auditee behavior is not affected by the audit, which seems
unlikely whenfraudrisk is present, then zero-order reasoning is optimal (Fellingham and Newman 1985).
In contrast, first-order strategic reasoning means that the auditor considers conditions that
directly affect the auditee. Now auditors assume that auditees use zero-order reasoning and develop
audit plans that consider the auditee's incentives. For example, when an auditee has incentives to
conceal information, the auditor modifies the audit plan to detect the concealment. However, when
assessing fraud risk, the auditor does not consider whether the auditee has anticipated the auditor's
behavior. Because the auditor does not consider how the audit plan might impact management's
behavior, the auditor will likely use standard approaches familiar to management.
Higher-order strategic reasoning means that the auditor considers additional, potentially infi-
nite, layers of complexity, including how management may anticipate the auditor's behavior. For
example, management initially uses first-order reasoning to consider how a condition facing the
auditor, who uses zero-order reasoning, affects the auditor's standard tests, perhaps by adjusting
sample sizes. However, an auditor using higher-order reasoning may adjust the audit plan by intro-
ducing nonstandard procedures that anticipate management's decision induced by the condition
facing the auditor. Many researchers believe that this reasoning is, at least, unnatural and difficult;
only a handful of auditing studies examine this issue.
(Shelton et al. 2001). The checklists assume first-order reasoning and alert auditors to management's
attitudes, incentives, or opportunities, but fail to consider how management could manipulate the
cues on the checklists. This failure to consider management's response prevents auditors from
designing procedures that management does not anticipate. For instance, when using subsequent
receipts to verify the validity of a receivable, the auditor may go beyond the standard procedure and
obtain additional information that ensures that the source of funds was not a related party. Designing
such "unanticipated" procedures will challenge auditors because existing procedures are viewed as
best practices that, at least in part, reflect the limitations of auditor cognition. But if auditors do not
engage in strategic reasoning, they will overlook opportunities to surprise the auditee by being
unpredictable in the nature, timing, or extent of audit procedures.
Pincus (1989) and Asare and Wright (2004) studied the effects of fraud checklists on risk
assessments. These studies used an actual fraud case that varied fraud checklist usage between
participants. Results indicate that auditors who use checklists are less sensitive to fraud than auditors
who do not use checklists. Asare and Wright (2004) suggest that this occurs because a checklist not
organized around an intuitive framework, such as the fraud risk model, keeps auditors from develop-
ing a "coherent story" when assessing fraud risk. They argue that checklist use results in reduced
cognitive processing. We conclude that these studies suggest that checklist use prevents auditors
from reasoning strategically. Although the cues in a fraud checklist may help auditors engage in first-
order reasoning, auditors' cognitive limitations make it difficult for them to put themselves in the
shoes of the auditee when simply reviewing a list of cues.
We believe that if fraud checklists incorporate this theory, auditors should be better able to process
fraud cues. Moreover, if upfront categorization of fraud cues according to incentives, opportunities,
and attitude requires less effort in cue processing, auditors may use their additional cognitive capac-
ity to reason strategically about how management will behave.
followed by opportunity cues. Therefore, cues that suggest low fraud risk and that can be manipu-
lated by management should not be relied on for assessing fraud risk. We recommend a risk assess-
ment policy that encourages strategic reasoning by prompting auditors to consider management's
ability to conceal fraud risk information. Future research should help determine the best means to
facilitate such reasoning.
that standard audit programs inhibit auditors' ability to engage in strategic reasoning to select
effective procedures for fraud detection. Thus, audit standards should consider eliminating auditors'
use of standard audit programs for purposes of fraud detection.
Recent audit standards are evolving in a way that could facilitate strategic reasoning among
audit team members. For example, SAS No. 99 states that "members of the audit team should discuss
the potential for material misstatement due to fraud" (AICPA 2002, para. 14), implying an interactive
group discussion. One area of research relevant to this group "brainstorming" session is the decision-
making research on "groupthink" (Janis 1972). This research stream reports that many conditions
affect whether group communication sessions generate effective insights. For example, social pres-
sures in a group setting can be very influential to the outcome.
Group dynamics aside, we believe policymakers should require auditors to engage in strategic
reasoning that focuses on these two issues:
• Considering how the auditee may commit material fraud;
• Determining how management could conceal a fraud from the auditor.
Thus, audit standards should require processes that lead to the design of unpredictable audit ap-
proaches in any audit seeking to detect and deter fraud.
Because auditors rarely get timely feedback, the audit environment is not generally considered
to be conducive to learning (Waller and Felix 1984). Given the importance of learning in strategic
settings, we believe audit standards should be designed to help auditors maximize all their opportu-
nities to learn. One potentially important opportunity for learning occurs when the auditor interacts
with client personnel. At times an auditor may sense that management is discouraging a specific audit
approach or is engaged in "legitimately" managing earnings. For example, management may lobby
for an aggressive accounting interpretation or engage the audit firm to assist in structuring transac-
tions that lack business purpose but help meet reporting objectives. Greater sensitivity to these
opportunities for learning could lead to more effective audits.
Another opportunity for feedback on efforts to manage earnings occurs when auditors detect
misstatements. When a misstatement is detected, the auditor should consider whether it is inten-
tional. Because determining intent is likely to be difficult (Jamal et al. 1995), the context of other
management actions relating to attempts to manage earnings may help to establish intent. The auditor
should therefore carefully note any attempts by management to manipulate accounting or auditing
results for current action or future reference.
In some cases, strategic actions by management may be difficult to detect because they are
dispersed throughout the organization and/or its accounting system. Reviewing the entire audit
team's interactions with management during the current and previous audits may help refine percep-
tions regarding management's strategic behavior. This becomes especially effective when it moti-
vates reconsidering the assessment of fraud risk during the audit or in the review stage. As auditors
discuss patterns of management behavior that suggest an attempt to manipulate the audit outcome,
they should engage in strategic reasoning and revisit the audit plan. The strategic reasoning should
again address the question of how management might conceal a fraud from the audit so that the
auditor can design unpredictability into the audit approach.
is that, because of the strategic nature of fraud, audit policymakers should replace standards that
inhibit auditors' strategic reasoning with standards that encourage strategic reasoning. In particular,
we offer findings and recommendations for three key tasks—fraud risk assessment, audit planning,
and audit plan implementation. Specific findings and recommendations related to fraud risk assess-
ment include:
• Auditors who use long lists of fraud cues and fraud checklists are inaccurate in their fraud-risk
assessments.
• Auditors generally overweight cues indicative of management's character even though these cues
are the most likely cues to be unreliable.
• Audit standards should be designed to persuade auditors to consider how management might
manipulate their perceptions of fraud cues.
Findings and recommendations related to audit planning are:
• Auditors should develop audit strategies that are unpredictable, especially with regard to the
nature of their evidence.
• Audit plans are more predictable and less effective at detecting fraud when auditors use proce-
dures based on prior audits or standard audit programs.
• Audit standards should require auditors to engage in strategic reasoning by considering the types
of fraud that management might perpetrate and how these frauds might be concealed from the
audit.
• The goal of audit standards should be to encourage auditors to gather new, unusual, or random
audit evidence not easily anticipated by management.
Finally, our findings and recommendations related to the implementation of the audit are:
• Learning from experience is critical to effectively performing in a strategic setting.
• Auditors are often insensitive to new evidence regarding fraud risk and can more effectively learn
from their interactions with the client.
• Audit standards can improve learning by requiring activities such as documenting and communi-
cating the nature of their interactions with management.
The current body of research suggests that implementing our suggestions will help auditors to
detect fraud by facilitating auditors' strategic reasoning. Although there is considerable fraud re-
search, additional research will help audit policymakers design effective and efficient methods of
detecting fraud. We also believe our suggestions will help deter fraud as auditees see auditors
becoming more effective at strategic reasoning. However, other fruitful areas for deterring or detect-
ing fraud are not addressed in this paper, such as stronger Boards of Directors and anonymous
employee communication methods. Nor do we discuss independence issues that can influence both
fraud detection and deterrence. We encourage additional research in these areas and audit standards
based on this research.
Finally, we acknowledge that the research we rely upon for our recommendations cannot fully
simulate the complex economic, legal, and regulatory environments that influence audit practices.
Some practices that basic research finds detrimental may have benefits overlooked by the research.
For example, audit structure elements like checklists may be necessary in the auditors' current legal
environment and may have significant quality control benefits in audit firms. Although we focus on
detecting and deterring fraud, we encourage standard setters to consider the impact of our recom-
mendations in the context of the entire audit environment. We also encourage research designed to
examine these issues under several methodologies to obtain both external and internal validity
(Waller and Zimbelman 2003).
REFERENCES
Albrecht, W. S., G W. Wemz, and T. L. Williams. 1995. Fraud: Bringing Light to the Dark Side of Business.
New York, NY: McGraw-Hill.
American Institute of Certified Public Accountants (AICPA). 1988. Consideration of Fraud in a Financial
Statement Audit. Statement on Auditing Standards No. 53. New York: AICPA.
. 1997. Consideration of Fraud in a Financial Statement Audit. Statement on Auditing Standards No.
82. New York: AICPA.
-. 2002. Consideration of Fraud in a Financial Statement Audit. Statement on Auditing Standards No.
99. New York: AICPA.
Asare, S., and A. Wright. 2004. The eifectiveness of alternative risk assessment and program planning tools in
a fraud setting. Contemporary Accounting Research (Summer): 325-352.
Bedard, J. 1989. Archival investigation of audit program planning. Auditing: A Journal of Practice & Theory
(Fall): 57-71.
, T. Mock, and A. Wright. 1999. Evidential planning in auditing: A review of the empirical research.
Journal of Accounting Literature 18: 96-142.
Bell, T., F. Marrs, I. Solomon, and H. Thomas. 1997. Auditing Organizations Through a Strategic-Systems
Lens: The KPMG Business Measurement Process. Montvale, NJ: KPMG Peat Marwick LLP.
Bloomfield, R. J. 1995. Strategic dependence and inherent risk assessments. The Accounting Review 70: 7 1 -
90.
. 1997. Strategic dependence and the assessment of fraud risk: A laboratory study. The Accounting
Review 11: 5X1-52,%.
Braun, R. L. 2000. The effect of time pressure on auditor attention to qualitative aspects of misstatements
indicative of potential fraudulent financial reporting. Accounting, Organizations and Society 25: 243-
259.
Camerer, C. 1990. Behavioral game theory. In Insights in Decision Making: A Tribute to Hillel J. Einhorn,
edited by R. M. Hogarth. Chicago, IL: University of Chicago Press.
. 1997. Progress in behavioral game theory. Journal of Economic Perspectives (Fall): 167-188.
Eilifsen, A., W. R. Knechel, and P. Wallage. 2001. Application of the business risk audit model: A field study.
Accounting Horizons (September): 193-207.
Elliott, R. K. 2002. Twenty-first century assurance. Auditing: A Journal of Practice & Theory March: 139-146.
Erickson, M., B. W. Mayhew, and W. L. Felix. 2000. Why do audits fail? Evidence from Lincoln Savings and
Loan. Journal ofAccounting Research (Spring): 165-194.
Fellingham, J. C , and D. P. Newman. 1985. Strategic considerations in auditing. The Accounting Review
(October): 634-650.
Glover, S. M., D. F. Prawitt, J. J. Schultz, Jr., and M. F. Zimbelman. 2003. A comparison of audit planning
decisions in response to increased fraud risk: Before and afler SAS No. 82. Auditing: A Journal of
Practice & Theory (September): 237-251.
Hackenbrack, K. 1992. Implications of seemingly irrelevant evidence in audit judgment. Journal of Accounting
Research (Spring): 126-136.
Heiman-Hoffman, V. B., K. P. Morgan, and J. M. Patton. 1996. The warning signs of fraudulent financial
reporting. Journal of Accountancy (October): 75-77.
Hoffman, V. B., and J. M. Patton. 1997. Accountability, the dilution effect, and conservatism in auditors' fraud
judgments. Journal of Accounting Research (Fall): 227-238.
Jamal, K., P. E. Johnson, and R. G Berryman. 1995. Detecting framing eifects in financial statements. Contem-
porary Accounting Research 12: 85-105.
Janis, I. L. 1972. Victims of Groupthink. Boston, MA: Houghton Miftlin.
Jiambalvo, J., and W. Waller. 1984. Decomposition and assessments of audit risk. Auditing: A Journal of
Practice & Theory 3 (Spring): 80-88.
Jonas, G 2001. Remarks given at the American Accounting Association National Meeting, August 14, Atlanta,
Georgia.
Jones, E. E. 1990. Interpersonal Perception. New York, NY: W.H. Freeman and Co.
Joyce, E., and G Biddle. 1981. Anchoring and adjustment in probabilistic inference in auditing. Journal of
Accounting Research 19: 120—45.
Kinney, W. R. 1988. Attestation research opportunities: 1987. Contemporary Accounting Research (Spring):
416-425.
Knapp, C. A., and M. C. Knapp. 2001. The effects of experience and explicit fraud risk assessment in detecting
fraud with analytical procedures. Accounting, Organizations and Society 26: 25-37.
Lemon, W. M., K. W. Tatum, and W. S. Turley. 2000. Developments in the Audit Methodologies of Large
Accounting Firms. London, U.K.: Auditing Practices Board.
Loebbecke, J. K., M. M. Eining, and J. J. Wiilingham. 1989. Auditors' experience with material irregularities:
Frequency, nature, and detectability. Auditing: A Journal of Practice & Theory (Fall): 1-28.
Morgenstem, 0.1976; Perfect foresight and economic equilibrium. In Selected Writings ofOskarMorgenstern,
edited by A. Schotter, 169-183. New York, NY: New York University Press. Originally published in
1935.
Nieschwietz, R. J., J. J. Schultz, Jr., and M. F. Zimbelman. 2000. Empirical research on external auditors'
detection of financial statement fraud. Journal ofAccounting Literature 19; 190-246.
Nisbett, R. E., H. Zukier, and R. E. Lemley. 1981. The dilution effect: Nondiagnostic information weakens the
implications of diagnostic information. Cognitive Psychology (April): 248-277.
Pincus, K. 1989. The efficacy of a red flags questionnaire for assessing the possibility of fraud. Accounting,
Organizations and Society 14: 153-163.
Raiffa, H. 1968. Decision Analysis: Introductory Lectures on Choices under Uncertainty. Boston, MA: Addison-
Wesley.
Shelton, S. W., O. R. Whittington, and D. Landsittel. 2001. Auditing firms' fraud risk assessment practices.
Accounting Horizons (Maich): 19-33.
Shibano, T. 1990. Assessing audit risk from errors and irregularities. Journal of Accounting Research 28
(Supplement): 110-140.
Sunder, S. 2002. Knowing what others know: Common knowledge, accounting and capital markets. Account-
ing Horizons (December): 305-318.
fVall Street Journal. 2002. Accounting woes roil stock markets as nervous investors stampede exits. (January
30). Interactive Edition.
Waller, W. S., and W. F. Felix. 1984. The auditor and learning from experience: Some conjectures. Accounting,
Organizations and Society 9: 383-406.
, and M. F. Zimbelman. 2003. A cognitive footprint in archival data: Generalizing the dilution effect
fi-om laboratory to field settings. Organizational Behavior and Human Decision Processes (July): 254-
268.
Wells, J. T. 1992. Fraud assessment questioning. Internal Auditor (August): 24-29.
Wilks, T. J. 2002. Predecisional distortion of evidence as a consequence of real-time audit review. The Account-
ing Review (January): 51-72.
, and M. F. Zimbelman. 2004. Decomposition of fraud risk assessments and auditors' sensitivity to
fraud cues. Contemporary Accounting Research (forthcoming).
Winograd, B. N., J. S. Gerson, and B. L. Berlin. 2000. Audit practices of PricewaterhouseCoopers. Auditing: A
Journal of Practice & Theory (Fall): 175-182.
Zimbelman, M. F. 1997. The effects of SAS No. 82 on auditors' attention to fraud risk factors and audit
planning decisions. Journal of Accounting Research (Supplement): 75-97.
, and W. S. Waller. 1999. An experimental investigation of auditor-auditee interaction under ambiguity.
Journal of Accounting Research (Supplement): 135-155.