The PCAOB in 2007 raised concerns about accounting firms meeting the brainstorming mandates of SAS no. 99, which requires auditors to brainstorm to determine possible fraud risks, and SAS no. 109, which requires auditors to brainstorm to identify additional causes of potential material misstatements in financial statements.
Given the dynamics of teams, one way to increase the number of ideas generated in a session is to use computer mediated communication. It can be as simple as a conference call or instant messaging software, or more complex software packages called group decision support systems. These software packages offer voting tools, electronic bulletin boards and preprogrammed agendas to facilitate group discussions.
Ideally, an audit partner should lead the brainstorming session. Checklists, if they are used, should be limited to use by the brainstorming leader as a discussion guide. Without a checklist in front of them, audit team members are more likely to consider the ideas generated in the group discussion as their own ideas rather than considering them to be suggested by the checklist. Thus, team members are less likely to underestimate the importance of those items.
A portion of each brainstorming session should specifically address the ramifications of the session’s findings on the audit plan. At one international accounting firm, auditors categorize potential risk areas as having a high, medium or low likelihood of occurring. Team members then develop specific audit procedures to reduce the risks to acceptable levels. Brainstorming sessions are documented in a formal risk assessment memo.
Mark Landis, Ph.D., is an assistant professor of accounting, Scott I. Jerris, Ph.D., is a professor of accounting, and Mike Braswell, Ph.D., is an assistant professor of accounting, all at San Francisco State University. Their e-mail addresses are, respectively, email@example.com, firstname.lastname@example.org and email@example.com.
I n a report issued in January 2007, the PCAOB raised concerns about accounting firms falling short of brainstorming requirements in auditing standards. It cited three issues: brainstorming sessions sometimes occurred after the planning phases of the audits; some audits did not include a brainstorming session; and key members of the audit team did not always attend the brainstorming sessions.
Two auditing standards, SAS no. 99, Consideration of Fraud in a Financial Statement Audit, and SAS no. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, mandate brainstorming sessions. SAS no. 99 requires that auditors brainstorm to determine possible fraud risks, while SAS no. 109 requires that auditors brainstorm to identify additional causes of potential material misstatements in the financial statements.
Now that several years have passed since the first SAS no. 99 brainstorming sessions were implemented in 2002, the profession has had an opportunity to study which aspects of these sessions are most effective. The recommendations in this article are based primarily on the findings of academics and regulators, with some observations from a partner at an international firm. The suggestions are designed to improve the productivity of brainstorming sessions.
One surprising finding (not specific to the auditing profession) consistently documented by psychologists is that people participating in brainstorming sessions tend to produce fewer unique ideas than when those people act alone. In a study conducted by Tina Carpenter at the University of Georgia, this phenomenon was observed in auditors when brainstorming teams and individual auditors were asked to identify fraud risks for the same company. Brainstorming sessions, on average, generated fewer unique ideas than auditors acting individually.
However, these findings do not mean auditors are better off scrapping the brainstorming sessions. In fact, brainstorming sessions are quite useful. While groups may not be able to generate as many ideas as individuals, brainstorming teams tend to generate a greater number of better ideas than individuals.
Given the dynamics of teams, one effective tool for boosting the number of ideas is to use computer-mediated communication. This can be as simple as a conference call or instant messaging software, or may be more complex software packages called group decision support systems. These software packages offer voting tools, electronic bulletin boards and preprogrammed agendas to facilitate group discussions.
One purpose of group decision support systems is to reduce inefficiencies that occur in face-to-face meetings. In conference calls, people can jot down notes for later without appearing disinterested in the conversation. In instant messaging, participants can relay a message at any time without interrupting anyone else. Additionally, the physical distance between members can make people feel less inhibited and can reduce the social anxieties of participating in discussions. One additional benefit of computer-mediated communication systems is the reduction in travel expenses that results when auditors don’t need to be physically in the same place to conduct the brainstorming sessions.
A second recommendation is to briefly discuss past cases of fraud or sources of misstatements. These discussions may stimulate ideas and lead team members to consider how those past lessons apply to the current engagement.
If checklists are used, teams should fully flesh out an item on the checklist—for example, fully explore a potential high-risk area—before proceeding to the next item. Psychology research has shown that if brainstorming teams spend adequate time on a given topic, the teams will typically generate as many ideas as individuals brainstorming alone.
We also recommend that the group leader allow the discussion to veer away from the checklist so other areas of potential risk may be explored. A checklist may be an essential guide for discussions, but the discussions should not be limited to risk areas indicated on the checklist.
Ideally, an audit partner should lead the brainstorming session. Studies have shown that average members of brainstorming groups rise to the level of the best members. If there aren’t strong members available, they will actually fall to the level of the least engaged members. Therefore, it is crucial to have a highly qualified person leading the session. If an audit partner does not lead the session, someone who is recognized as an expert on the audit should.
While forensic specialists have expertise that may serve as a standard of quality in the brainstorming session, partners are generally perceived as possessing the expertise and organizational status that newer members of the brainstorming team usually aspire to achieve. Thus, partners are ideal brainstorming leaders, and other team members are more likely to try to “rise to the level” of the partner.
Three common trouble spots can arise as auditors evaluate ideas stemming from brainstorming sessions. First, the evaluation— especially critical assessments— may stop the flow of new ideas. Outside of the auditing profession, the first two phases of brainstorming sessions—generating and evaluating ideas—tend to be strictly separated. Some audit brainstorming sessions combine those phases. This can increase the efficiency of the audit by shortening the session and quickly allowing auditors to dismiss inaccurate suggestions from members, but at some risk.
To mitigate the pressure on audit team members, audit teams should designate time for the generation of ideas and set aside time to evaluate those ideas. This prevents the “shutting down” of team members because their ideas were criticized during the evaluation stage.
Another potential pitfall is group shift. If a group of like-minded people gets together and discusses a topic, the discussion very often leads group members to intensify their initial beliefs. This is referred to as “group polarization” or “group shift.” Audit research has shown that when auditors are discussing client risks in general, they intensify their beliefs regarding the client’s risks. The group tends to consider the identified risks more troublesome than if each individual auditor assessed the risks alone.
Group shift can be used to the auditors’ advantage. To encourage a conservative group shift, include a partner in the evaluation of ideas. Academic research has shown that when partners, managers and audit associates examine the same potential risk, partners tend to believe the risk is more severe than managers or associates do.
If one team member believes that a potential risk area is more serious than other team members believe, that team member should be given time to make an argument. And the team leader should remind members of the purpose of the brainstorming session, as well as the importance of professional skepticism when evaluating information, at the beginning of the evaluation stage. Such framing has been shown to have profound effects on decisions.
Teams should frame the goal of the brainstorming session as identifying potential areas of risk rather than, for example, using the session as a means to whittle away low-risk areas so the audit team can focus on high-risk areas. This positioning makes the team more likely to induce a conservative group shift, leading to a more thorough assessment of potential risk areas.
Checklists also can change the course of idea evaluation. A study by Stephen K. Asare and Arnold M. Wright published in Contemporary Accounting Research in 2004 found that auditors who use checklists tend to believe that a risk factor on that checklist is less serious than auditors who don’t use checklists. The phenomenon appears to be rooted in the fact that people are more likely to consider their own ideas more important and relevant to a decision than information suggested by other people, or in this case, a checklist.
Checklists, if they are used, should be limited to use by the brainstorming leader as a discussion guide. Without a checklist in front of them, audit team members are more likely to consider the ideas generated in the group discussion as their own ideas rather than considering them to be suggested by the checklist. Thus, team members are less likely to underestimate the importance of those items.
Once ideas regarding potential risks of fraud and sources of financial misstatements have been generated and evaluated, the audit team must consider what to do with them. A portion of each brainstorming session should specifically address the ramifications of the session’s findings on the audit plan. Adjustments to the scope of audit tests, a redeployment of specialists, or increased involvement by higher-ranking members of the audit team in higherrisk areas may be just some of the changes to the initial audit plan.
A substantial amount of accounting and psychology research details how these discussions can affect judgments regarding the materiality or potential severity of identified risk factors. These findings come with a very serious caveat: Research is unclear as to whether auditors are actually modifying the initial audit plan to account for risk factors identified in the brainstorming session.
A study by Jody Bellavory and Karla Johnstone at the University of Wisconsin– Madison found that auditors reported they did in fact modify the audit plan. However, the PCAOB, in its 2007 report, found that auditors were not sufficiently investigating identified fraud risk factors. Preliminary results of some academic work in progress suggest that the audit plan was modified, but only when the brainstorming sessions were of high quality.
At one international accounting firm, once potential risks are identified, auditors categorize them as having a high, medium or low likelihood of occurring. Team members then develop specific audit procedures to reduce the risks to acceptable levels. Brainstorming sessions are documented in a formal risk assessment memo that lists the participants, risks identified, the rationale of the likelihood assessment, and the planned audit procedures. The PCAOB examines the risk assessment memo while performing reviews of the audits of public companies and uses the memo as a guide in its inquiry into the procedures employed throughout the audit.
The auditing standards place considerable emphasis on the brainstorming sessions. To be most effective, the sessions should occur near the beginning of the audit so the audit plan may be appropriately modified, even though SAS no. 99 calls for continued group discussions throughout the course of the audit to be sure that potential areas of fraud are adequately sought out and identified. Ultimately, the goal of these sessions is to increase the quality of audit services provided to clients, and, if done properly, brainstorming sessions can be a particularly useful tool for the auditor to provide reasonable assurance against material misstatements of financial statements due to fraud or error.
Better Brainstorming Recommendations
Use group decision support systems.
Discuss cases of fraud or sources of material misstatements from prior audits.
Checklists should only be used by the team leader.
If checklists are used, fully discuss each item on the list.
Don’t limit discussions to items on the checklist.
Have the engagement partner or another expert on the audit lead the brainstorming session.
Separate the idea generation phase from the idea evaluation phase.
Include a partner in the evaluation of ideas.
Encourage members to discuss why they feel an identified risk is important.
Remind members of the purpose of the brainstorming session and the importance of professional skepticism.
Set aside time at the end of the brainstorming session to indicate how the audit plan should be modified as a result of the session.
Detecting Misstatements: Integrating SAS 99 and the Risk Assessment Standards, a CPE self-study course
For more information or to place an order, visit www.cpa2biz.com or call the Institute at 888-777-7077.
“Audit Team Brainstorming, Fraud Risk Identification, and Fraud Risk Assessment: Implications of SAS 99,” The Accounting Review, Oct. 2007
“Descriptive Evidence from Audit Practice on SAS No. 99 Brainstorming Activities,” Current Issues in Auditing, Sept. 2007
PCAOB study, Observations on Auditors’ Implementation of PCAOB Standards Relating to Auditors’ Responsibilities With Respect to Fraud, www.pcaobus.org/Inspections/Other/2007/01-22_Release_2007-001.pdf.