Lynford Graham scite author profile

We examine detection and severity classification of internal control deficiencies (ICD) identified under Section 404 of the Sarbanes-Oxley Act of 2002. While the cost/benefit balance of auditor testing of internal controls is highly controversial, prior research has not examined auditor versus client detection of ICD, nor has it examined factors auditors consider in judging ICD severity. We find that auditors detect about three-fourths of unremediated ICD, usually though control testing. This finding contrasts with extant research inferring control deficiency detection effectiveness from publicly available data, underscoring the value of Section 404 auditor testing in improving financial reporting quality. Auditors judge greater severity when a misstatement has already occurred. In the absence of a misstatement, severity is contingent on client and ICD characteristics, implying a more complex and nuanced judgment process without objective evidence of control failure. We also find that clients often underestimate ICD severity, but this tendency is lower among well-controlled companies with a well-designed Section 404 process.

show abstract

The Effects of Decision Aid Orientation on Risk Factor Identification and Audit Test Planning

Bedard

Graham²

2002

View full text Add to dashboard Cite

In auditing, risk management involves identifying client facts or issues that may affect engagement risk, and planning evidence-gathering strategies accordingly. The purpose of this paper is to examine whether auditors' identification of risk factors and planning of audit tests is affected by decision aid orientation, i.e., a “negative” focus wherein client risk and its consequences are emphasized, or a “positive” focus where such factors are not emphasized. Specifically, we expect that auditors will identify more risk factors using a negatively oriented risk identification decision aid, but only when engagement risk is relatively high. We address this issue in the context of auditors' knowledge of actual clients, manipulating decision aid orientation as negative or positive in a matched-pair design. Results show that auditors using the negative decision aid orientation identify more risk factors than do those using a positive orientation, for their higher-risk clients. We also find that decisions to apply substantive tests are more directly linked to specific risk factors identified than to direct risk assessments. Further, our results show that auditors with repeat engagement experience with the client identify more risk factors. The findings of this study imply that audit firms may improve their risk management strategies through simple changes in the design of decision aids used to support audit planning.

show abstract

Auditors' Internal Control over Financial Reporting Decisions: Analysis, Synthesis, and Research Directions

Asare

Fitzgerald

Graham

et al. 2012

View full text Add to dashboard Cite

SUMMARY We synthesize the literature on auditors' evaluation of, and reporting on, internal control over financial reporting (ICOFR), as required by the Sarbanes-Oxley Act. The purpose of the synthesis is (1) to provide information on how and how well auditors perform the task, which serves as feedback to the Public Company Accounting Oversight Board on implementation issues and problems related to auditors' application of the professional standards on ICOFR; and (2) to identify gaps in the current literature and fruitful areas of future research. Consistent with Auditing Standard No. 5, we delineate five phases of the ICOFR audit: (1) planning; (2) scoping; (3) testing; (4) evaluation; and (5) reporting. We structure our synthesis using a framework that classifies the determinants of performance in each phase into five broad areas: (a) the auditor's attributes, (b) the client's attributes, (c) the interaction between the auditor and the client, (d) task attributes, and (e) environmental attributes. Key contributions include providing an ICOFR tasks taxonomy, proposing a model of the determinants of performance for each task, evaluating auditors' performance of the tasks in our taxonomy, highlighting findings and gaps of importance to regulators, and providing a road map for future research.

show abstract

Setting a research agenda for auditing issues in the People's Republic of China

Graham

1996

The International Journal of Accounting

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Lynford Graham

Detection and Severity Classifications of Sarbanes-Oxley Section 404 Internal Control Deficiencies

The Effects of Decision Aid Orientation on Risk Factor Identification and Audit Test Planning

Auditors' Internal Control over Financial Reporting Decisions: Analysis, Synthesis, and Research Directions

Setting a research agenda for auditing issues in the People's Republic of China

Contact Info

Product

Resources

About