EDITOR’S NOTE: Goizueta Newsroom regularly shares news on the school, its faculty, staff, students and alumni. But we also take pride in sharing vital pieces of research from the world-class business school faculty. Look for regular updates on published pieces of research like this one…
Allegations of improper revenue recognition have been common over the years in enforcement actions by the Securities and Exchange Commission. Revenue reports are key to investors’ decisions about whether to buy or sell a stock, so it’s crucial that auditors can sleuth out distortions in revenue statements. But recent research from Kathryn Kadous of Emory University’s Goizueta Business School and colleagues suggests that at least one group of auditors might need more training about how audit programs should be tailored to better investigate such fraud risks. The researchers found that auditors in a study who were given better access to material about a material weakness actually implemented lower-quality programs. What’s more, those auditors tended to propose audit program modifications that were both inefficient and not effective in detecting the fraud.
How Do Audit Seniors Respond to Heightened Fraud Risk? (Auditing: A Journal of Practice & Theory)
The study focused on the work of “audit seniors” – those who plan, perform and supervise much of the audit process. Audit seniors are in a position to filter and frame the available evidence, the researchers noted, and thereby impact what’s available to higher-ranking members of the audit team and, ultimately, the users of financial statements. To conduct the experiment, researchers asked 54 audit seniors with an average of more than three years experience to design a revenue cycle audit program for a hypothetical client. The case featured clues about an embedded revenue cycle fraud modeled on an actual enforcement release in which SEC alleged channel-stuffing and bill-and-hold schemes involving a company and a small subset of its distributors. There were enough signs of trouble in the case that auditors could have formed a specific, testable fraud hypothesis, but researchers manipulated whether auditors also were told about a material weakness in the hypothetical client’s ongoing internal controls testing. One group of auditors in the experiment was told that results from the testing weren’t yet available. Those in a second group learned that a material weakness had been identified related to recording revenue; they also received a description of the identified weakness, which was unrelated to the seeded fraud. Auditors who received information about the material weakness didn’t ignore it – they were more likely to assess both the fraud risk and the need to consult a risk management partner, the researchers found. These auditors also made significantly more modifications to the audit program than those who didn’t receive information about the material weakness. But most of the modifications were indiscriminate increases in sample size, the researchers found, noting that such actions were no more effective in uncovering fraud while also being less efficient. Few of these auditors attempted to tailor the sample selection or procedures to focus on specific risks, the researchers noted.
There are limitations to the study. Audits are conducted in teams whereas the experiment was conducted with auditors working in isolation. So, the failure of audits seniors to appropriately respond to heightened fraud risk in the study doesn’t necessarily mean that those same professionals working in real-world settings would produce ineffective audits, the researchers noted. By communicating the risk to superiors, seniors working on actual audits might effectively tap the expertise of partners and managers who can offer guidance on selecting appropriate procedures. Even so, audit seniors could do more for the audit team if they are able to identify specific risk factors and then specify effective and efficient tests, the researchers wrote. A second limitation is that the study does not really explain why audit seniors specified lower-quality plans when the fraud risk was heightened. Nonetheless, the research clearly offers some ideas about how to improve auditor training.
“While auditors have apparently learned that increased sample size is one way to respond to risk, they do not appear to have learned when increased sample sizes will be effective and when targeting of specific transactions is necessary,” the researchers wrote. “Training on the importance of targeting is therefore critical. … Training in recognizing the patterns of risk factors associated with various fraud schemes may also improve fraud detection.”
ABOUT THE EXPERT
Kathryn Kadous is a Professor at the Goizueta Business School at Emory University, where she teaches financial reporting to MBA students and seminars in judgment and decision making and experimental accounting research to doctoral students. She earned a PhD from the University of Illinois at Urbana-Champaign. Kathryn’s research considers judgment and decision-making issues in auditing and accounting. Her current research is focused in three areas: using psychology judgement and decision making theory to improve auditor decision making, identifying determinants of litigation against authors, and identifying how investors’ motivations influence their decision making.
– Chris Snowbeck