Online from: 1986
Subject Area: Accounting and Finance
Options: To add Favourites and Table of Contents Alerts please take a Emerald profile
|Title:||Do auditors assess inherent risk as if there are no controls?|
|Author(s):||Timothy C. Miller, (Kent State University, Kent, Ohio, USA and Xavier University, Cincinnati, Ohio, USA), Michael Cipriano, (Department of Accounting and Legal Studies, College of Charleston, Charleston, South Carolina, USA), Robert J. Ramsay, (Von Allmen School of Accountancy, University of Kentucky, Lexington, Kentucky, USA)|
|Citation:||Timothy C. Miller, Michael Cipriano, Robert J. Ramsay, (2012) "Do auditors assess inherent risk as if there are no controls?", Managerial Auditing Journal, Vol. 27 Iss: 5, pp.448 - 461|
|Keywords:||Auditing, Control risk, Finance and accounting, Inherent risk, Risk assessment, Risk of material misstatement|
|Article type:||Research paper|
|DOI:||10.1108/02686901211227931 (Permanent URL)|
|Publisher:||Emerald Group Publishing Limited|
|Acknowledgements:||The authors are grateful for the helpful comments of Dana Hermanson, Tom Kozloski, Bill Messier and Scott Vandervlede. The authors also thank Jeff Cohen and Dennis Hanno for providing them with their experimental instrument.|
Purpose – The purpose of this paper is to examine whether auditors interpret the risk of material misstatement (RMM) in accordance with current standards' definition of inherent risk (IR). It is argued that controls should not be presumed when assessing inherent risk and that inherent risk should be considered separate from and prior to control risk when it is practical to do so. Because auditing standards explicitly require auditors to assess IR without consideration of internal controls (i.e. control risk (CR)), RMM should not be adjusted upward for control deficiencies.
Design/methodology/approach – The authors survey and interview practicing auditors to gain an understanding of current risk assessment practice. They then evaluate whether their understanding of risk assessment is in line with current standards.
Findings – Contrary to auditing standards' definition of inherent risk, it appears that auditors presume some level of expected control effectiveness when assessing IR and they may increase RMM in response to internal control deficiencies. Such a presumption is inconsistent with the definition of inherent risk from the Auditing Standards Board (SAS No. 107), Public Company Accounting Oversight Board (AS 8), and International Auditing and Assurance Standards Board (ISA 200). Such misinterpretation may be an inadvertent result of guidance provided by standard setters in the form of SAS No. 109 from the ASB, AS 12 from the PCAOB and ISA 315 from the IAASB, which suggest combining IR and CR into RMM.
Research limitations/implications – The research is limited both by the small sample size and the small number of risk factors investigated.
Practical implications – If auditors presume a level of controls in assessing inherent risk, they may reduce audit effectiveness by estimating a lower RMM than is appropriate.
Originality/value – This study presents insights on the interpretation and assessment of audit risk in audit environments where inherent risk is no longer automatically set to be at the maximum. Namely that due to the definition of inherent risk, control information should have a unidirectional downward effect on the risk of material misstatement.
To purchase this item please login or register.
Complete and print this form to request this document from your librarian