Professional Documents
Culture Documents
com
Expert Systems
with Applications
Expert Systems with Applications 35 (2008) 10531067
www.elsevier.com/locate/eswa
a,*
a
Department of Accounting and Information Technology, National Chung Cheng University, Taiwan
Department of Information Management, National Yunlin University of Science and Technology, Taiwan
Abstract
The result of audit designation is signicantly inuenced by the audit evidence collected when planning the audit and the amount of
audit evidence depends on the degree of detection risk. Therefore, when the assessment factors of detection risk are more objective and
correct, audit costs and the risk of audit failure can be reduced. Thus, the aim of this paper is to design an audit detection risk assessment
system that could more precisely assess detection risk, comparing with the traditional determination method of detection risk in order to
increase the audit quality and reduce the possibility of audit failure. First of all, the grounded theory is used to reorganize 53 factors
aecting detection risk mentioned in literatures and then employed the Delphi method to screen the 43 critical risk factors agreed upon
by empirical audit experts. In addition, using the fuzzy theory and audit risk model to calculate the degree of detection risk allow the
audit sta to further determine the amount of audit evidence collected and set up initial audit strategies and construct the audit detection
risk assessment system. Finally, we considered a case study to evaluate the system in terms of its feasibility and validity.
2007 Elsevier Ltd. All rights reserved.
Keywords: Detection risk; Grounded theory; Fuzzy theory; Audit risk model
1. Introduction
Many accounting and law experts thought that the main
reason resulting in the lawsuits encountered by accounting
rms was that the policymaker using nancial statements
misunderstood the relation between business failure and
audit failure (Arens, Elder, & Beaslsy, 2005). Because of
external economic environment or the corporate situations
(for example, the industry is in depression and the managers capacity, integrity, and capital are insucient), the
enterprises could not pay o the debts or satisfy the investors expectation. The situation is called business failure.
The most serious business failure refers to bankruptcy.
When audit sta cannot practice the audit works according
to the acknowledged audit criteria and submit wrong audit
opinions (for instance, the audit sta do not pay professional attention and do not collect sucient evidence), it
*
0957-4174/$ - see front matter 2007 Elsevier Ltd. All rights reserved.
doi:10.1016/j.eswa.2007.08.057
1054
the degree of external users trust on the nancial statements; (4) the possibility of the auditees nancial diculties after submitting the audit report; (5) audit stas
assessment on the integrity of the managerial level. AICPA
(1983) believed that the following factors inuence the
assessment of audit risk: (1) the scale and complexity of
auditees; (2) audit personnels understanding of the audit
business; (3) audit sta were inuenced by the knowledge
of corporate operation.
Audit personnels assessment of audit risk would aect
the design of the following audit strategies. At the initial
stage of audit planning, improper audit risk assessment
would lead to wrong resource distribution and inecient
or ineective audit results (Helliar et al., 1996; Khurana
& Raman, 2004; Krishnan & Krishnan, 1997; Low,
2004). At present, the common basic audit risk assessment
methods include (Arens et al., 2005; Cushing, Graham,
Palmrose, Roussey, & Solomon, 1995; Low, 2004; Messier
& Austen, 2000; Taylor, 2000; Wustemann, 2004): risk factor analysis; fuzzy combined assessment; internal control
assessment; analytical audit; audit risk model; qualitative
risk assessment; and1 risk rate assessment. AICPAs
(1983) audit risk model provided the major conceptual
framework of the audit process, which described that when
the audit personnel plan the audit work, according to their
understanding of the auditees business, they should professionally judge and set up the audit risk level, which
could aect submit proper audit opinions for the nancial
statements, consider the remaining sum of each subject or
various exchange factors and related internal control, and
assess the degrees of inherent risk and control risk. According to the study of Arens et al. (2005), the factors inuencing the accountants professional judgment include the
audit work environment, audit personnels characteristics,
audit evidence, decision-making process and quality characteristics determined. Therefore, the audit personnel
should follow the audit risk limit accepted, the remaining
sum of each subject or dierent exchanges, inherent risk
and control risk to set up the acceptable detection risk limit
for establishing the audit process.
The audit risk model is expressed as AR = IR *
CR * DR. In other words, audit risk refers to the risk that
the auditees nancial statements could not reveal misstatement or fraudulence after their internal control activities
and audit personnels detection. In the audit risk model,
the items of (IR * CR) are sometimes called auditee risk
or occurrence risk, since these two risks mean the risk
that before the audit, the misstatement has already existed
in the nancial statement (Khurana & Raman, 2004; Low,
2004). The audit personnel could not control these two
risks; however, they must assess their levels in order to
determine the scale of audit test in the regulated audit risk
level (Messier & Austen, 2000). Taiwan Audit Criteria
Inherent risk
reverse
reverse
Reverse
Detection risk
control risk
Audit evidence
reverse
Positive
Significant level
1
Risk rate = the occurrence frequency of the risk x the average loss of
the risk.
1055
Reverse
1056
A~ ( x1 )
x1
x2
1057
1058
Table 1
Results of selective coding
Category
Risk factors
Description
Related literatures
Audit
risk
Audit
base
Auditee
base
Inherent
risk
Financial
statement
level
Considering the possible audit costs when using the audit strategies
The risk that the auditee could not reach the operational goal
Category
Account the
remaining
sum level
Control
environment
Control
risk
1060
Table 1 (continued)
Category
Risk factors
Description
Related literatures
Control
activity
Do target enterprises ensure accounting records and the safety of corporate assets
and carry out the control?
Prevention, detection, error correction and fraudulence process set up by the target
enterprises and the executive results
Target enterprises independent conrmation process of corporate operational
performance such as inventory management
Supervision
Category
1061
1062
Fig. 4. Each audit detection risk factor analysis and comparison in expert questionnaires of the rst and second rounds.
consistency. Through the t-test scale of independent samples, only three risk factors are signicant (t is less than
0.05), which are auditors understanding toward target
business, HR policy, and installation and responsibility
division of audit department in internal target enterprises.
It shows that there are dierences among the audit experts
with regard to the importance degree of three risk factors.
It might be that there were too few internal auditors (six
people) who replied to the questionnaires during the second round.
Since the risk factors with averages more than 4 means
the experts all thought that the risk factor was impor-
1063
in the target enterprises and the signicance of the inuence of the possible risk on nancial statement. The possibility and signicance of the risk factors were divided
into ve levels: extremely possible, possible, ordinary, impossible, extremely impossible, and very
high, high, medium, low and very low (see
Fig. 6).
After all the respondents nish the assessment of target
enterprises detection risk, we can look at the fuzzy calculation results. This system sequentially lists the risk degrees
of the risk factors. The top of the picture also describe
the calculation of detection risk of target enterprises and
one simple conclusion to elaborate the risk degree of target
enterprises in terms of three major dimensions (audit risk,
inherent risk, and control risk), as well as the acceptable
detection risk degree of accounting rms authorized by
the target enterprises calculated by this system. In addition,
in order to allow the assessors to understand the interaction among the risks, we move the arrow to the location
of each risk degree and the picture will show the triangular
fuzzy number of the risk factor to serve as the reference of
the related personnel in the authorized accounting rms
when they plan audit strategies.
5. System evaluation
The case company is a manufacturing plant established
in 1954 and turned into a limited company in 1969 and the
stock became public in November, 1994. By 1998, its capital volume has reached 3 billion NT dollars. There were
1064
1065
Table 3
Reorganization of interview results of cases
Aspects
Empirical
results
External audit
Internal audit
Support of literatures
Conclusions
Audit
risk
Low
Auditors
understanding toward
target enterprises
External audit is
professional
Auditors have
professional capacities
Inherent
risk
Low
Rare changes of
managerial level and
accounting personnel
Low
Employees and,
accounting personnels
integrity
Simple operational
style of the managers
Regular risk
assessment
Control activity is
eective and actually
practiced
Complete functions of
audit department
Employees
integrity
Managerial level
does not pursue
risk
Regularly
having risk
control in internal
and external
environments
Valuing internal
control and
actually
practicing it
Regular
proposing
internal control
plan
1066
Table 3 (continued)
Aspects
Empirical
results
External audit
Internal audit
Acceptable
detection
risk
High
Audit deputy
manager usually does
not go to the auditee
company
The assessment result
of this system is close
to current situation of
the company
6. Conclusion
The new audit bulletin criteria involved the application
expected to strengthen the audit risk model and increase
audit quality. However, the audit risk model was regarded
as the theoretically ideal concept model. Since it was dicult to quantify the risk factors and we could not completely use precise numbers or terms to express their
meanings, they were criticized as having low practical
value. The assessment system constructed in this paper uses
the fuzzy theory to help auditors in rendering professional
judgment when facing fuzzy incidents and increasing the
preciseness of risk assessment. It also allows the audit risk
model to be more practical. At present, most of the risk
management adopted by large-scale accounting companies,
accounting rms and registered accountant business refers
to risk rate risk assessment. The advantage is that the risk
safety indicator is based on plenty of experience accumulation and statistical calculation, which considers the scientic technique standard, social and economic situations,
legal factors and human psychological factors at the time,
which are the least risk rate generally accepted.
This paper reorganizes 43 critical risk factors inuencing
detection risk assessment identied by academia and audit
empirical circles and allocates the above critical risk factors
into three dimensions and eight categories according to the
categorization of the related literatures. We believe that it
can function as the reference for future researchers when
they study the risk identication of audit planning. In addition, the fuzzy theory is a type of research method considerably suitable for being applied to aspects with a high
degree of subjectivity, such as audit. However, it is rarely
used by audit scholars. Regarding the construction of the
system, it is an encouragement for the future scholars in
the accounting audit domain to consider the fuzzy theory.
References
American Institute of Certied Public Accountants (AICPA): SAS
47(1983) and AU 312 (1984), Audit Risk and Materiality in Conducting an Audit.
Akhter, F., Hobbs, D., & Maamar, Z. (2005). A fuzzy logic-based system
for assessing the level of business-to-consumer (B2C) trust in electronic
commerce. Expert Systems with Applications, 28(4), 623628.
Support of literatures
Conclusions
Although the detection risk assessment
acquired by this research is consistent with
the assessment results of internal and
external auditors, there is the dierence
between the internal audit of audit deputy
manger who assesses detection risk at
usual and audit chief who audits in the
case company most frequently. Thus, there
is signicant error to only allow audit
deputy manager to subjectively judge and
determine the detection risk
Arens, A. A., Elder, R. J., & Beaslsy, M. S. (2005). Auditing and assurance
services: An integrated approach (10th ed.). Upper Saddle River, New
Jersey: Prentice Hall.
Beattie, V., Fearnley, S., & Brandt, R. (2002). Auditor independence and
audit risk in the UK: A Reconceptualisation, Presented at The
American accounting association professionalism and ethics symposium,
August.
Beaulieu, P. R. (2001). The eects of judgments of new clients integrity
upon risk judgments, audit evidence, and fees. Auditing, 20(2), 8599.
Bedard, J. C., & Graham, L. E. (2002). The eects of decision aid
orientation on risk factor identication and audit test planning.
Auditing, 21(2), 3956.
Behn, B. K., Kaplan, S. E., & Krumwiede, K. R. (2001). Further evidence
on the auditors going-concern report: The inuence of management
plans. Auditing, 20(1), 1328.
Committee of Sponsoring Organizations of the Treadway Commission
(COSO) (1996). Internal Control Issues in Derivatives Usage, AICPA.
Cushing, B. E., Graham, Jr, L. E., Palmrose, Z.-V., Roussey, R. S., &
Solomon, I. (1995). Risk orientation. In T. B. Bell & A. M. Wright
(Eds.), Auditing practice, research, and education: A productive collaboration (pp. 1154). New York, NY: AICPA.
Davutyan, N., & Kavut, L. (2005). An application of data envelopment
analysis to the evaluation of audit risk: a reinterpretation. Abacus,
41(3), 290306.
Dubois, D., & Prade, H. (1980). Fuzzy sets and systems. New York:
Academic Press.
Friedlob, G. T., & Schleifer, L. L. F. (1999). Fuzzy logic: Application
for audit risk and uncertainty. Managerial Auditing Journal, 14(3),
1213.
Glaser, B. G. (1992). Basics of grounded theory analysis: Emergence vs
forcing, Mill Valley.
Haskins, E. H., & Dirsmith, M. W. (1993). Control and inherent risk
assessments in client engagements: An examination of their interdependencies. Journal of Accounting and Public Policy, 14, 6383.
Helliar, C., Lyon, B., Monroe, G. S., Ng, J., & Woodli, D. R. (1996). UK
auditors perceptions of inherent risk. British Accounting Review, 28(1),
4572.
Johnstone, K. M. (2000). Client-acceptance decisions: Simultaneous eects
of client business risk, audit risk, auditor business risk, and risk
adaptation. Auditing, 19(1), 125.
Khurana, I. K., & Raman, K. K. (2004). Litigation risk and the nancial
reporting credibility of big 4 versus non-big 4 audits: Evidence from
Anglo-American countries. The Accounting Review, 79(2), 473495.
Krishnan, J., & Krishnan, J. (1997). Litigation risk and auditor resignations. The Accounting Review, 72(4), 539560.
Lee, D. H., & Park, D. (1997). An ecient algorithm for fuzzy weighted
average. Fuzzy Sets and Systems, 87, 3945.
Linstone, H. A., & Turo, M. (1975). The Delphi method: Techniques and
applications. Addison Wesley.
Low, K. Y. (2004). The eects of industry specialization on audit risk
assessments and audit-planning decisions. The Accounting Review,
79(1), 201219.
1067
Shailer, G., Wade, M., Willett, R., & Yap, K. L. (1998). Inherent risk and
indicative factors: senior auditors perceptions. Managerial Auditing
Journal, 13(8), 455464.
Taiwan Audit Criteria Bulletin No. 24, Signicance and Audit risk,
announced in 1993.
Tanaka, K., & Sugeno, M. (1992). Stability analysis and design of fuzzy
control systems. Fuzzy Sets and Systems.
Taylor, M. H. (2000). The eects of industry specialization on auditors
inherent risk assessments and condence judgments. Contemporary
Accounting Research, 17(4), 693712.
Toshiro T. (1994). Fuzzy engineering and LIFE project, Fuzzy Systems. In
IEEE World congress on computational intelligence, proceedings of the
third IEEE conference.
Turner, J. L., Mock, T. J., & Srivastava, R. P. (2002a). A conceptual
framework and case studies on audit planning and evaluation given the
potential for fraud. In Proceedings of the 2002 Deloitte & Touche
University of Kansas symposium on auditing problems.
Wustemann, J. (2004). Evaluation and response to risk in international
accounting and audit systems: Framework and German experiences.
Journal of Corporation Law, 29(2), 449466.
Zadeh, L. (1965). Fuzzy sets. Information and Control, 8, 338353.