Selection of client’s business risks and client’s entity-level controls in an assessment task

The first two audit tasks selected in the experiment relate to the identification of client’s business risks and controls. With respect to the third audit task – assessing the impact of business risks and controls on audit risk – the selection of input cues to this decision needs separate consideration which is discussed hereafter.

Number of cues

In experimental settings comparable to this empirical study, the number of cues manipulated is regularly low (between four and six cues). At least two reasons are provided for this low number.

First of all, researchers need to decide on the number of cues in relationship with the design of the study since participant fatigue and/or boredom potentially influence the statistical results if too many cues are incorporated in the experiment design. Principally, a decision is necessary as to use a full or a fractional factorial design. In a full factorial

design, all cues selected for the experiment are presented to the participant in all possible cue combinations. In a fractional factorial design, all cues selected for the experiment are presented to the participant in a sub-set of possible cue combinations.

For example, a full factorial design with 6 cues (present/absent) result in 64 possible cases of cue combinations which would probably result in fatigue or boredom as all cases need to be assessed individually. A half fractional factorial design would in the given example result in 32 case combinations which are presented to a participant.

Making use of a fractional factorial design requires careful consideration of the researcher to which of the possible cue combinations are excluded and which are included in the experiment. A fractional factorial design is hence, somewhat more complicated compared to the full factorial designs. In this thesis, a full factorial design has been selected for reasons of straightforwardness (i.e., this implies a less complex design and given the low number of cues included in the design will potentially overcome participants’ fatigue and boredom).

Secondly, people in general appear to show bounded rationality in judgment and decision-making tasks (e.g. Cooksey, 1995; Solomon et al., 1995). This implies that for a single decision, people – whether they are experienced or not regarding the task at hand – consider only a limited number of cues which have impact on their decision.

In this empirical study, both business risks and entity-level controls are part of the selected cues. Prior studies related to audit risk decisions or studies related to the business risk audit approach, did not take these both categories of cues into account. In this regard, this thesis contributes to existing audit research literature. The full factorial design consists of four cues, of which two are related to business risks and two are related to entity-level controls.

Nature of cues

The decision with respect to including specific business risks and entity-level controls in the experiment is made in relationship with the research questions.

First, one of the research questions is concerned with the impact of industry-specific experience on the auditors’ judgment performance. As will be described in the sections 3.4 and 3.5, it will be investigated whether (and if so, to what extent) industry-specific experience influences the auditors’ judgment performance with respect to the impact of an industry-specific cue on audit risk, as well as the auditors’ judgment performance with respect to the impact of a not-industry-specific cue on audit risk. In other words, do industry-specialized auditors make different judgments – compared to non-specialists – with respect to all cues or with respect to only industry-specific cues? As a result of this

consideration, for both client’s business risks and entity-level controls a general and an industry-specific cue have been selected.

In order to select industry-specific cues for the factorial design, expert panel members were asked to indicate on a list of risk and control cues which of those risks and controls was industry-specific. For this list of risk and control cues, expert panel members were additionally requested to assess the individual impact of each of these cues on audit risk. In deciding on which risk and control cues to include in the experiment, the standard deviation of the panel members’ assessments has been considered. In addition, we have considered prior research studies related to financial statement risks.

Table 3.1 presents the cues which have been selected for the experiment in a full factorial design.

Table 3.1 Selection of cues in experiment (assessment) audit task

Code Description Industry-specific Expert panel’s

SD¹² CBR1 The financial condition of the company strongly

deteriorated.

X 2.22

CBR2 The company’s strategic focus changed from

“low-cost homes” to “luxury villas”.

√ 2.58

ELC1 Strengthened project-control by progress reports on Work in Progress.

√ 2.99

ELC2 More specialized personnel assigned to projects. X 1.91

Where CBR = Client’s Business Risk And ELC = Entity-Level Control

SD = Standard Deviation

The selection of CBR1 (the financial condition of the company strongly deteriorated) was specifically based on prior research literature (e.g., Pratt and Stice, 1994). This business risk is found as one of the most important risks which probably can result in a material misstatement. For example, when the financial conditions of a company are bad, the company’s rating (if it is listed) or the relationship with the financial institutions will deteriorate, which in turn puts pressure on the company’s management to manage

12 Expert panelists were asked to assess the impact of a list of individual client’s business risks and client’s entity-level controls on audit risk. The scale used to measure this impact ranges from -10 (maximum negative impact on audit risk, i.e. decreased audit risk) to +10 (maximum positive impact on audit risk, i.e. increased audit risk).

earnings. CBR1, hence, applies to all financial statement accounts (and disclosures), whereas CBR2, ELC1, and ELC2 are related to single accounts (most importantly Work in Progress). CBR2 and ELC1 were selected because they were classified by the expert panelists as “industry-specific”. ELC2 was selected based on the relatively low standard deviation as calculated on the effectiveness assessments of the expert panelists. This implied that – compared to other entity-level controls – panelists showed a relatively high consensus on ELC2. So, it can reasonably be expected that this cue is relatively stable.