New research performed with the help of the AICPA’s Assurance Research Advisory Group has provided new insights on ways to improve quality in group audits.
The research shows that when key planning decisions are based on a “decomposed” risk assessment approach rather than a “holistic” approach, audit quality is improved because the auditors plan the engagements with a greater focus on qualitative risk, which is typically underweighted by auditors.
A group audit is an audit of an organization that has multiple components. Often this organization is a large company with numerous affiliates, subsidiaries, or international operations, and many times the audit is performed by multiple auditors from more than one firm.
The group audit is typically overseen by a lead auditor (also known as a “group auditor”) who is charged with determining the amount of audit work that is necessary to be done on each component in order to obtain reasonable assurance that the financial statements of the organization as a whole are not materially misstated.
A component that represents a small portion of the organization’s business and has few qualitative risks to consider is likely to need less audit work than a component that represents a large portion of the business or a component that has many significant qualitative risks.
The researchers found that qualitative risks are more accurately identified with the “decomposed” approach, in which sub-judgments based on the evaluation, documentation, and consideration of both relevant quantitative risks and relative qualitative risks in each component inform auditors’ final planning decisions. Sub-judgments are not made or documented in the “holistic” approach, in which the group auditor is charged with considering all risk factors in a more informal way.
The conclusions are based on a controlled group audit planning simulation performed by 88 practitioners, all but one of whom had reached at least the manager level in their firms. The participants were from four national and eight regional firms and had an average of 14.5 years of experience.
The Assurance Research Advisory Group program provided the researchers with access to the practitioners. The research was performed by:
- Ann Backof, Ph.D., who is scheduled on Aug. 25 to be promoted from assistant professor to associate professor at the University of Virginia’s McIntire School of Commerce.
- Brant Christensen, CPA, Ph.D., an assistant professor of accounting at the University of Oklahoma.
- Steven M. Glover, CPA, Ph.D., the K. Fred Skousen distinguished professor at the Brigham Young University Marriott School of Business.
- Jaime Schmidt, Ph.D., an associate professor at the McCombs School of Business at the University of Texas at Austin.
The researchers answered questions about their findings in a Q&A with the JofA. This is an edited version of the conversation.
How did you narrow your research focus area to the decisions around the group audit planning process?
Brant Christensen: With an experiment, we need to limit the amount of data that we have partners work with out of respect for their time. Therefore, we focused on some of the key planning decisions that are made early on in the audit: Whether a component is defined as significant or not, and then within those significant components the level of work to be performed at each component, and the materiality level. So it’s those three key choices — the component significance, the level of work, and the materiality. We felt that by using those three, we really did capture the key elements of the planning process.
Can you tell me the difference between a holistic approach and a decomposed approach?
Backof: When we’re thinking about the two process that an auditor can take for making a judgment, we want to think about the alternative ways an auditor can reach his or her final judgment. Do they go look at the evidence as a whole and make one final judgment, or do they break it up into what we’ll refer to as sub-judgments that ultimately roll up into their final judgment? The decomposed approach is where you encourage an individual to consider each relevant piece of information and make a sub-judgment on that relevant information on its own before moving on to the next piece of relevant information. Then the individual looks at those sub-judgments together to make a final judgment. With the holistic approach, you’re going to take the evidence as a whole. You’re not going to break it down into relevant pieces, nor do you make any sub-judgments on those individual relevant pieces. Rather, you’re going to look at the whole pie of evidence and reach just one single judgment.
What did you learn in terms of the results when you use a holistic approach versus a decomposed approach to an audit?
Schmidt: Our results indicate that auditors are going to be more effective at achieving a high-quality audit if they use a decomposed approach instead of a holistic approach, and without any loss of efficiency. They’re able to focus in on the qualitative risks and devote the energy to addressing those risks without it being inefficient. In other words, a decomposed approach is superior to a holistic approach.
Christensen: We see that they plan the same level of total effort using either the holistic or decomposed approach. But what differs between the two approaches is where the participating auditors allocated the effort. There’s a greater allocation of effort to the qualitatively risky components [in the decomposed approach]. One of the benefits of a decomposed approach is that it increases focus to areas that are typically underweighted. We know from practice and from the limited guidance for group audits that there’s a heavy emphasis placed on quantitative size of components, and that makes a lot of sense. But auditing standards also require auditors to consider qualitative risks. So what we’re seeing is that this decomposed approach increases auditors’ attention to the qualitative risks without distracting from key quantitative risks.
How did you define quality in an audit so you’d know what the goal was?
Christensen: In the framing of our study, higher quality is captured by a greater focus on qualitative risks that are typically underweighted by auditors.
Glover: Before we conducted the study, we reviewed the case materials with auditing experts to ensure the qualitative risks in the case were considered significant. With the benefit of creating the case materials, we have a group audit where there are known qualitative and quantitative risks. There were also components that were somewhat large, but not stand-alone, quantitatively significant. The standards say it is important to consider both qualitative and quantitative risk, however, the tendency for auditors is to think primarily through a quantitative lens. So by formulating a realistic case with known risks, we can evaluate how the auditor participants responded to both the quantitative and qualitative risks. Auditors that followed the more common holistic approach allocated more effort to quantitatively smaller components, perhaps to achieve an overall coverage percentage, but their planned audit strategy would have been more effective if they had allocated that incremental effort to the components that posed higher qualitative risks.
Schmidt: Keep in mind, too, that we also kept track of which auditors identified the quantitative risks, so we had seven different components within our experiment, and two of them were quantitatively large enough to be considered quantitatively risky. So we made sure that the participants also identified those, which they did, and those also were considered important according to the standards.
Do you envision that the results of your research will have an impact on standards? Is it something that standard setters should be looking at?
Backof: We would hope so. I think one of the benefits of conducting experimental research like we’ve done, as Steve alluded to, is we can test things in a controlled setting that can tease out some of these effects that may be hard to see in practice. So by having this controlled setting and gaining some assurance from our results, there are benefits with little to no cost to following a decomposed approach. We would encourage standard setters to at least consider it as they are developing and revising standards to help auditors make the best decisions they can when faced with uncertainties and complexities.
What would your advice be to a group audit leader after going through your research and finding what you found?
Glover: I think we’d say that in our study with experienced practicing auditors we found benefits of having the participants consider and conduct risk assessments separately for the quantitative and qualitative risks. And even though auditors following the most common approach used in practice — the holistic approach — would say that they are doing that, we found that it is important to take a step back and really think about risk assessment through the lens of qualitative risks separately from quantitative risks.
Schmidt: I’d also encourage them to just pause for a second and write down the qualitative risk factors. Combining those separate sub-judgments tends to result in more effective judgments. I think if we talked to practitioners, they would say that they do consider qualitative risks. But I think they do it in a sort of black box in their heads that combines everything together, and quantitative risks tend to dominate that process. I think if auditors would take a moment just to write down, here is a component, here is a qualitative risk factor, before moving on and making the planning decision, that would improve audit quality.
Christensen: From that perspective, it’s not significantly more work for the auditors. It’s an additional check to make sure they’re really separately considering qualitative risk.
How can your findings affect audit quality going forward?
Schmidt: If they were to use a decomposed risk assessment approach, I think the concerns from the regulators about insufficient responses to risk would go down, and I think we’d get a more adequate response to risk that’s embedded within group audits.
Glover: It may be useful for the readers to know we’re not the first academics to find this benefit in breaking down judgments into separate pieces or potential improvements in auditor judgment by making separate risk assessments and documenting these sub-judgments. There is quite a bit of literature that says, even though we think we’re considering all risks naturally when we just look at the whole picture, by forcing ourselves to break risk assessments into separate judgments and jotting down our preliminary judgments, such an approach improves risk assessment not just in our particular setting but in other settings. So we were able to leverage this prior body of research and apply it in a place where there’s been an indication of difficult practice matters for auditors addressing group audits.
Schmidt: Part of why we moved the decomposition angle or approach into this setting is because the standards and the guidance provided to auditors is pretty broad. So this is an area that I think a lot of standard setters are working to improve, because as we move forward, we end up having bigger companies with more global reach and a larger number of group audits. This is an area that is pretty young in the standard-setting world, and I think there’s a need for some guidance.
— Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com) is the JofA’s editorial director.