Assessing the risk of fraud in audit planning

Abstract

The ASB recently proposed that auditors explicitly assess fraud risk and document their planned response to the level of fraud risk. Researchers and practitioners have recommended that auditors perform separate risk assessments for intentional misstatements (e.g., management fraud) and unintentional misstatements (e.g., errors) in order to improve auditors' ability to detect fraud. This study examines the effects of this requirement on auditors' planning decisions. In comparison with auditors who make combined inherent risk assessments, auditors who make a separate inherent risk assessment are expected to spend more time attending to fraud cues and react to changes in fraud risk indicators more readily. Additionally, auditors who make separate risk assessments are expected to report less confidence in their fraud risk assessment when compared to their error risk assessment due to the difficulty of interpreting the implications of strategic behavior. A computerized test instrument monitored auditors' time attending to fraud cues. Four versions of the software manipulated, between subjects, the type of inherent risk assessment required (i.e., separate assessments for intentional and unintentional misstatements or a combined assessment) and the indicators of fraud risk in an audit case (i.e. 'low' or 'high' fraud risk). Auditors' planning decisions are used to measure their response to the indicators of fraud risk. Evidence of the effects of performing a separate fraud risk assessment may provide policy makers with information to evaluate the economics of the ASB's proposed policy change. Data analyses indicate that auditors who separately assessed fraud risk used significantly more time attending to the fraud cues. Additionally, the group who separately assessed fraud risk budgeted significantly more hours for the case that indicated higher fraud risk than the lower fraud risk case while the other group reported no significant difference in planned hours. Analyses of audit procedure selections revealed no significant differences between groups suggesting that auditors do not modify the nature of their audit tests as a response to perceived fraud risk. Finally, comparisons of auditors' confidence in their risk assessments showed that they were significantly less confident in their fraud risk assessment than in their error risk assessment.