Summary book Knechel (Ch. 1-6, 16 & 17) and all 24 articles
Chapter 1 - Assurance and Auditing
Informed decisions are made based on objective, reliable and understandable information.
How does an individual know that he or she has reliable information? That is the study of
auditing and assurance. The global business environment creates worries about information,
mistakes are made and information is manipulated, leading to unexpected or unacceptable
outcomes. People and organizations are wary when information comes from questionable
sources. Useful information is required, ideally assured. This is however not always available
and costly. The need for assurance rises from within the economy itself.
There are a lot of options for investors, they use the periodic statement as an important
source. Real time information is supplied about competitive pressures and environmental
forces. There are some information risks, it could be biased, irrelevant, inaccurate, sensitive
and complex. This could lead to poor decisions. The auditor is in place to reduce risks.
Sometimes it is claimed that individuals do not need information, but lately we have seen a
lot of abuse. Independent third parties evaluate financial performance using GAAP. But why
is an audit important? Managers may get sloppy if they are not subject to scrutiny,
stakeholders might miss experience, reliable reports reduce the cost of capital and investors
and creditors want assurance. The combination of risks and benefits create the demand for
auditing.
The demand for auditing is not new, early emphasis was put on asset stewardship,
where wealthy families hired local caretakers to run operations. Professionals followed assets.
The wealthy wanted protection of limited liability. The total loss to an investor would be the
amount they invested in the company, personal assets were not seized if the debt exceeded
paying liability. In the 1830s the statutory audit of statements was born. This early model
changed in the US in the 1990s. Large corporations needed to have sources of equity beyond
a small number of wealthy people. Common shares were issued and the role of accounting
and auditing changed because of outside investor concern with future profitability instead of
stewardship.
Modern enterprises need to procure capital, acquire productive assets, sell products or
services, collect payments and provide returns to investors. The specifics may differ, but all
organizations have some type of AIS. This can be complex or informal. Maintaining a
competitive advantage has become difficult. Reporting and using information became
dynamic and not only current performance, but also future performance needs to be
considered. Further complexity lays in the technological development and links with partners
creating interdependence. Access to good information is used to acquire wealth and power
and accountants and auditors are positioned to increase the usefulness.
The history of auditing suggest that it arises both naturally from economic activity
and is a social contract between government and entrepreneurs. Start-ups become successful
and bigger, more complexity in transactions is present and it is no longer possible to directly
observe all actions. Personal assets are protected, no expertise is available to evaluate
handling of transactions and stakeholders and firm are more dependent on reports, so
,accuracy is important. Integrity and trust are necessary. There are two offsetting forces that
influence misstatements. The first one is incentives, created by information asymmetry
causing the adverse selection and moral hazard. The second one is ethical principles, which
are utilitarianism, increasing one without harming another, golden role, treating others how
you want to be treated, theory of rights, rights should be balance, theory of justice, decisions
should treat fairly, and enlightened self-interest, make decisions in all parties’ long-term
interest.
The role of CG is to create oversight of activities. The board of directors, which is
voted in by shareholders, consists of mostly outsiders, but also some executives. The audit
committee monitors on behalf of the board and stakeholders. Criteria higher than for the
board exist, they need to be financially literate and experts. The Compensation committee
discusses the compensation for the board members. The internal auditors function as key
component of CG oversight. They monitor on behalf of board and senior management to
increase effectiveness and efficiency. There are limitations on effectiveness of all parties, as
the internal auditor works for managers, so external auditors play a critical role. This external
auditor is a trustee arbiter of information. He is free of conflicting interests, but faces
incentives that causes unethical behavior. The emphasis is placed on need for recognition of
effects of inherent conflicts of interest.
The audit of financial statements is central, surrounded by attestation and that is
covered by assurance. The attestation is the assurance about the reliability of specific
information provided. The practitioner plus the accountable party provide information to the
user. An assurance service is independent professional service that improves quality of
information or context for decision makers. In an assurance engagement, the practitioner aims
to obtain evidence to express a conclusion to enhance the degree of confidence of intended
users other than the responsible party about the measurement or evaluation outcome of the
underlying subject matter against criteria. Auditing is about providing assurance about
reliability of information in financial reports prepared in accordance with GAAP. There are
guidelines about when to undertake such an engagement, like adequate knowledge of the
context and objective evaluation together with independence and objectivity. Examples of
assurance services are environmental, ethics, software, royalty, utilization, investment
performance and cost audit. Criteria for the attestation are more specific. An assertion is made
by one party, whose accuracy is of interest by other parties. Existence of criteria are utilized
to assess this accuracy, it is amenable to verification by an independent party and conclusions
are written about the accuracy.
The focus of accounting and auditing standard setters was to avoid scandals like
Enron. The second decade was dominated by improving the profession, creating a wide
variety of rules and self-regulation. Process of becoming a CPA varies, but minimum
education is needed, applicants are tested, work experience is wished upon and continuing
post-professional education is provided. There are some forms of CPA firms, like local,
regional, emergent international and international. Concluding, the complexity of financial
statements grows and an expanded skill set is required.
,Article Knechel - The business risk audit: origins, obstacles and opportunities
Past years have been a watershed for the auditing profession. Not only in the US, but also
elsewhere have occurred failures regarding financial reporting and CG. Changes have
happened in the profession and new ideas in RM were pursued. Was business risk audit an
improvement over former methods? This paper examines how business risk audit may be
viewed as part culprit and part victim of events. Obstacles of the implementation are
addressed as well as future perspectives.
Original focus was more on structure and quantification. Audit structure suggests a
mechanistic approach to decision making. It was thought that more structure was better. Risk
and error would be minimized, but with growing complexity a new perspective, bottom-up
approach, came up. This reduced uncertainty and ambiguity. Judgment and individuality
became less relevant, which threatened to reach a level of dysfunctionality.
An increasing focus on RM was caused. It was known in the audit world, but not well.
It became more known and seeped in. Client RM could provide a basis for refocusing the
auditing and to control costs that were under pressure. On the other hand, gaps in RM could
become fodder for management letter comments. Recognition of limits on traditional auditing
and potential for RM led to debate on formalism and structure roles in the audit profession.
They might be problematic. Changes were made in response, but none of these shifted the
audit practice in a comprehensive manner. As result, the only thing that became
acknowledged is that judgment in the audit process is necessary.
Significant changes were needed, maybe even a paradigm shift. A notion was made
that business risk drives audit risk. This was a pivotal development in auditing concepts.
According to the business risk audit approach, the auditor needs to see the whole organization
and environment to understand the nature of the audit challenges faced. This was holistic.
Auditors need to appreciate the strategy and understand the position of the client, analyze
relationships for indications of potential risk, and prioritize risks based on significance.
Residual risks are significant to the author and become primary focus.
Change means challenging rituals. Most general one is purification. Audit processes
will provide support for auditor reports. Numerous rituals need to be addressed, those
regarding team interactions and stakeholder and societal interactions. Opportunistic behavior
and self-destructiveness was caused, followed by response with new rules and regulations.
Two developments led to new insights on how business risk auditing may survive and
improve audit quality, namely a new standard on fraud pushed through and the SOX
development.
Future role of business risk audits is questioned, but focus on fraudulent reporting and
internal control suggests that it still plays a big role.
Article Arena et al. - The organizational dynamics of ERM
ERM can be classified as different things in different organizations. Sometimes even within
an organization. The main goal of ERM is to organize uncertainty. The approach of ERM is
to link risk management with different strategies and setting objectives. This entails three
, domains of control, accountability and decision making. ERM provides its users with
information to optimize earnings while staying in the same risk tolerance levels.
Paper explores the organizational dynamics of ERM, looking at variations and
investigating dimensions in ERM implementation. Looked at how ERM is translated and
influences behavior and mindset of actors dealing with uncertainty. Institutional perspective
used. Three elements are important using this:
- risk rationalities, how uncertainty is translated into risk
- uncertainty expert, roles controlling uncertainty
- technologies, how different practices, procedures and instruments influence the
control of risk
Using those elements means that there is a mediating role for the environment framing RM.
Turbulence and complexity are important looking at the mediating factor. Three case studies
are done with different reasons for using ERM. Risk rationalities are studied looking at
different implementation reasons. Uncertainty experts are studied looking at responsible
actors. Last, technology has a crucial role.
Results show that implementation was different across three companies. It has a fluid
nature and ongoing reciprocal interactions with pre-existing practices for controlling
uncertainty. ERM and pre-established other RM practices are mutually interacting. The
authors also highlight that these translations could be seen as a continuum between
decoupling and embeddedness. Overall, evidence that holistic approach on ERM is important.
Consideration of behavior and interrelations with technology shape ERM.
Chapter 2 - Managing Risk - Role of Auditing and Assurance
Accounting standards and auditing technology have become complex, but the purpose
remained the same, namely to provide an opinion about fairness of reports. There is need for
audit for external stakeholders, gaining reliable information about the status and performance.
The auditor’s objective is to determine if statements fairly and consistently report according
to GAAP. An audit has four objectives. It ensures the presentation of statements in
accordance with GAAP, deters and detects material fraudulent reporting, evaluates the
likelihood that organizations will continue as going concern and reports conclusions from
evaluations. An additional fifth objective is to evaluate and report about effectiveness of
ICFR.
Straightforward objective are challenging, introducing risk and RM. Auditors have
focus for managing financial reporting risks and with RM in its broadest sense because any
risk can affect results.
The nature of risk is that it is a threat to an organization reducing the likelihood that
the organization will achieve one or more of its objectives. It prevents the organization from
growing and making profit and serious problems come up when improper action is taken.
Risk comes in many forms, but information risk is particularly relevant, which is the risk that
information used in decision making is inaccurate or insufficient. Misstatements come in
many forms, but distinguished is between errors, mistakes or unintentional inaccuracies and
fraud, dishonesty and intentional manipulation. Audit reduces information risk.
