Chapter 1 Biased, irrelevant, inaccurate, sensitive or complex information can lead to a distortin in decisions if the investor is unaware of the

lack of quality of the information. It is the role of the auditor to reduce the risks for uses of this information (by an evaluation of the quality). An audit furthermore provides insurance against significant errors or fraud associated with financial statements. Managers report their performance in annual financial reports. However, managers are subject to incentives and ethical principles that can affect financial reports. Incentives are motivational forces (such as bonuses or contingent compensation) that may push a manager to work hard to achieve goals and objectives, but may also motivate an individual to lie or employ accounting tricks. Information asymmetry occurs when one party knows more about the quality of the information provided than another party. Incentives and information asymmetry can lead to two situations: Adverse selection exists when a buyer of products or services cannot distinguish between good and bad alternatives, due to a lack of information. In order to make a distinction, managers have to present reliable information. Moral hazard refers to how individuals act when their actions cannot be observed by other stakeholders, or when they are not held responsible for their decisions. Ethical principals provide a counter weight to perverse incentives by defining norms of behaviour or conduct for individuals and organisations that define inappropriate actions and activities. Some ethical principles: Utilitarianism: maximal benefit to a well defined group of people. Golden rule: treat other the same as you would like to be treated. Theory of rights: rights of a decision maker and other parties should be equally balanced in a decision. Theory of justice: fairly, impartially and equitably treatment of stakeholders in decisions. Enlightened self interest: pursue long term self interest and avoid short term focus that might harm others. Individuals can react in three manners in situations with ethical suspicious decisions: remain loyal to the decision maker, exit from the situation or voice concern. Assurance means that investors want to be sure that the information they use for decisions is reliable. The auditor has to provide assurance over the financial reports. Assurance services are independent professional services that improve the quality of information, or its context, for decision makers. An assurance engagement is an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users, other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria. An assurance engagement consists of a direct reporting engagement and an attest engagement. Direct reporting engagement concerns the direct measurement and evaluation of information. Attestation is the process of providing assurance about the reliability of specific information provided by one party to another. It focuses on one specific assertion that is made. An audit is a systematic process of objectively obtaining and evaluating evidence regarding asserts to ascertain the degree of correspondence between these assertions and criteria, and communicating the results to interested users. Only a review does not provide a reasonable basis for expressing an opinion regarding the financial statements, because it provides no assurances that the auditor becomes aware of all significant matters.

J. Barton (2005) Auditor reputation

Managers can enhance the credibility of their firms financial reports by subjecting them to an independent audit. The higher the quality of the audit, presumably the stronger the assurance to investors that the financial reports are free from material misstatements. Investors do no observe directly the quality of an audit, though; instead, they tend to rely on the auditors reputation or brand name as an indicator of financial reporting credibility. Not surprising, then, managers point to reputation as a key factor in their choice of auditor. However, in the Enron case, 95% of the firms with this auditor waited until 150 days befor dismission of their auditor. This shows that reputation may not be that important for all firms. However, clients attracting more attention in the capital markets will dismiss auditors sooner and replace with another more reputable auditor.

K. Nelson, R. Price, and B. Rountree (2008) The market reaction to Arthur Andersens role in the Engrol scandal: loss of reputation or confounding effects?
Recent study finds that Anderson clients experiences significant negative stock market reactions after Andersen publicly acknowledged its employees had destroyed documentation related to the Enron audit. Moreover, clients of Andersens Houston office, where the alleged incidents at Enron occurred, suffered a larger stock price drop than the firms non-Houston clients. This loss has been interpreted as evidence that the damage to Andersens reputation caused by this admission was impounded in the equity prices of other Andersen clients. This study, however, provides new evidence that indicates the negative abnormal returns are not attributable to Andersens damaged reputation, but rather to confounding events. Negative macroeconomic and industry related new was concurrently released during the shredding announcement window. These confounding events, along with differences in the composition of the Andersen and other auditors samples attributable to auditor industry specialization, combine to produce the pattern of decreasing stock market returns. Andersens client portfolio contains a disproportionate share of companies in the energy sector, which was rocked by a sharp decline in oil prices during the shredding announcement window. The overall more negative market reaction for Andersen clients, particularly those in the energy heavy Housten office, is largely driven by these confounding effects. There is no evidence the shredding announcement had a significant reputation effect on the stock prices of Andersens audit clients controlling either for industry concentration or for oil price movements within the energy sector.

Chapter 2 There are many stakeholders who rely on audited financial statements, including the client, investors, vendors, banks, employees, etc. However, auditing is a black box to outsiders, often also to managers. In addition, companies pay for audit services. Therefore it is important that there are safeguards in place for audit quality. There are two types of safeguards: the market (through reputational concerns) and legal (via civil and criminal liability). The need for audits of financial reports arises from the demand of external stakeholders for reliable information about the financial status and performance of an organisation. The objective of an auditor is to determine whether the financial statements of an organisation are fairly and consistently reported in accordance with GAAP. Furthermore the auditor has to make an evaluation over the possibility of fraudulent financial reporting, the likelihood that the organisation will continue as a going concern and of the internal control processes. Business risks refers to potential risks arising from the companys external environmental and internal activities that may have a negative impact on its operations and overall performance. Management controls reflect the efforts to reduce risks that are the responsibility of management. Business process controls encompass the activities designed to assure that the activities within a process are performed efficiently and effectively. Auditors are responsible for understanding risk management activities related to the information that is included in the financial statements. These activities are referred to as internal control over financial reporting. Currently most companies are using the COSO framework with five components of internal control: control environment, risk assessment, control activities, information and communication and monitoring. Risk management should be approach as a systematic and continuous process. This process consists out of the following steps: 1. Risk assessments (identification of risks). 2. Response by management (avoid, accept, share or reduct). 3. Information system (monitoring risk and response). 4. Performance results. 5. Reaction by management (continuous improvement). The audit of financial statements is an important component of risk management, especially in the case of information risk. Information risk is the risk that the information used in decision making is inaccurate or insufficient. In an integrated audit, the auditor passes the following phases: - Audit of management assessment of internal control over financial reporting. - Auditing actual effectiveness of internal control over financial reporting. - Audit the fairness of the financial statements.

Chapter 3 The primary responsibility of an auditor is to provide reasonable assurance that there are no significant deviations included in the financial statements. The auditor assess if the financial statements are prepared in accordance with the appropriate criteria on the basis of all the available evidence. The audit provides a report containing the conclusion. Assertions made by management The audit provides a basis for the auditors report on the financial statements, the auditors report on managements assessment of the effectiveness of internal controls over financial reporting and the auditors own assessment of the effectiveness of internal controls over financial reporting. Hereby, the auditor takes into account the assertions made by management about financial results and internal control systems. Financial statement assertions can be subdivided in 3 categories: transactions, accounts, and presentation and disclosure. Transactions: - Occurrence transactions and events that have been recorded have occurred and pertain to the entity. - Completeness all transactions and events that should have been recorded have been recorded. - Accuracy amounts and other data relating to recorded transactions and events have been recorded appropriately. - Cut off transactions and events have been recorded in the correct accounting period. - Classification transactions and events have been recorded in de proper accounts. Accounts: - Existence assets, liabilities and equity interests exist. - Rights and obligations the entity holds or controls the rights to assets, and liabilities are the obligations of the entity. - Completeness all assets, liabilities and equity interests that should have been recorded have been recorded. - Valuation and allocation assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded. Presentation and disclosure: - Occurrence and rights and obligations disclosed events and transactions have occurred and pertain to the entity. - Completeness all disclosures that should have been included in the financial statements have been included. - Classification and understandability financial information is appropriately presented and described, and information in disclosures is clearly expressed. - Accuracy and valuation financial and other information is disclosed fairly and at appropriate amounts. The auditor is responsible for determining if all important assertions about transactions, accounts, presentation and disclosure are reasonable. An internal control framework should be unbiased, subject to consistent measurement, comprehensive and relevant. After adoption of an internal control framework management must ensure effective internal control over financial reporting.

Responsibilities of an auditor In order to provide reasonable assurance that there are no significant deviations included in the financial statements, an auditor has 4 responsibilities in conducting the audit: - Provide reasonable assurance about detection and correction of errors and fraudulent misstatements. Errors are unintentional misstatements or omissions of financial information. Fraudulent misstatements are intentional misstatements or omissions of amounts or disclosures in financial statements to deceive users. This can be subdivided into: - Fraudulent financial reporting: manipulation of information in financial statements by management (management fraud) or other parties (for example employees, employee fraud). - Embezzlement: stealing of corporate assets on a large scale and leaving losses to others. Auditors usually focus on errors and fraudulent financial reporting, because of directs consequences to the financial statements. - Evaluation effectiveness of internal control over financial reporting, consisting out of two reports: an evaluation about managements assessment of the effectiveness of internal control over financial reporting and an assessment of the auditor about the effectiveness of internal control over financial reporting. - Evaluation potential or illegal acts on part of the client. An illegal act is a violation of laws or government regulation committed by individuals on behalf of the company. The auditor is responsible for detecting illegal acts that are mainly direct and material. In the case that the auditor detects proof of possible illegal acts, the auditor should take on further investigation. After collection of evidence, the auditor should step to the client. The client gets some time to take corrective actions, and if no corrective actions are taken, the auditor could resign. - Evaluation of the likelihood of going concern. If the auditor has concerns about the firm as going concern, an explanatory paragraph will be included. In general auditors take a conservative attitude, a lot of firms continue their operations. However, there is a self fulfilling prophecy effect, the auditors early warning could itself be the proximate cause of bankruptcy. Audit reports The output of an audit is a form of a written report. A traditional audit only reports about the information in financial statements. An integrated audit also reports about assessment of internal control over financial reporting. Audit reports over internal control over financial reporting In audit reports related to internal control over financial reporting, the auditor reports about deficiencies. Control deficiencies arise if the design or operation of the systems does not prevent or detect misstatements on a timely basis. - A significant deficiency is a control deficiency, or combination of deficiencies, that adversely affects the companys ability to initiate, authorize, record, process or report external financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the companys annual or interim financial statements that is more than inconsequential will not be prevented or detected. - A material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the annual or

interim financial statements will not be prevented or detected. This will have a potential material impact on the financial statements. On the basis of all the available evidence over the effectiveness of internal control over financial reporting, the auditor brings out an opinion. - Unqualified opinion: the auditor evaluates managements assertions about internal control over financial reporting as fairly stated in all materials aspects. - Adverse opinion: due to one or more weak points, the auditor evaluates internal control over financial reporting as not effective. An auditor can give these opinions together. Management assessment over control No material weakness No material weakness Material weakness Auditors assessment over control No material weakness Material weakness Material weakness Report over management assertions Unqualified Adverse Unqualified Report over actual effectiveness Unqualified Adverse Adverse

Audit reports on financial statements - Standard (unqualified) report: the auditor concludes that the evidence obtained supports the fairness and completeness of all management assertions. - Standard auditors report with explanatory paragraph (also modified unqualified report): the auditor concludes that management assertions are fairly and complete, but wishes to bring some extra information to the attention of the reader (for example changes in accounting method). - Qualified report: the auditor feels that he/she is unable to conclude that the assertions are completely reliable or faire, because of scope limitations or departures from GAAP. - Denial of opinion (or disclaimer): the auditor states that no opinion can be expressed, because of scope limitations of conflicts of interest. - Adverse auditors report: the auditor concludes that the financial statements assertions are largely incorrect or misleading. Core audit concepts A reasonable degree of assurance consists out of three concepts: - Risk reflects the reality that an auditor can never be completely certain that the assertions he/she is auditing are free of omissions or misstatements. - Materiality is the significance of financial statement information to decision makers. Information is material if omission or misstatements affect decision or lead to other decision. o Quantitative materiality considers the magnitude of an error that would make the financial statements materially misstated. o Qualitative materiality considers the nature of the misstatement. - Audit evidence concerns any information that gives the auditor an indication whether an assertion is reasonable or not. Risks concepts in auditing Client business risk is the possibility that an organisation will experience adverse outcomes as a result of organisation factors (such as management actions) and its environment (such as economic conditions, events, circumstances). Engagement risk is the risk for the audit firm due to loss or injury from litigation, regulatory penalties, loss of professional reputation or lack of profitability. An organisation can suffer due to

association with a client, although the firms satisfies relevant professional standards and disclosure of an appropriate report. Audit risk is the likelihood that an auditor will render an incorrect opinion about the financial statement in spite of the effort expended to conduct the audit effectively. Audit risk can be subdivided into: - Risk of material misstatement: the risk that the financial statements are misstated, prior to audit, due to business risk or limitations of the internal control system. Further subdivided into: o Inherent risk: the risks that misstatements might occur of there were no internal controls, it refers to the risk involved in the nature of business or transaction. o Control risk: the likelihood that the controls present in the system will not prevent or detect a material error in the financial statement. - Detection risk: the risk that the auditor will not detect a material misstatement that exists in an assertion, due to misapplying an audit procedure, misinterpreting audit results and selecting the wrong audit test method. An audit risk model (ARM) is used to help the auditor determine which auditing procedures for accounts or transactions on the financial statements are used to help decrease the audit risk to an appropriate level. AR = RMM x DR = IR x CR x DR The auditor assesses the inherent risk and control risk and then solves the audit risk by assigning detection risk to reduce the audit risk to an acceptable amount. DR = AR/(IR x CR) = AR/RMM If the detection risk is low, the auditor must collect additional appropriate evidence. If the detection risk is high, less evidence is need. The audit evidence that the auditor collects must be sufficient and appropriate. The relation is represented in the following figure:

J. Bedard and K. Johnstone (2004) Earnings manipulation risk, corporate governance risk and auditors planning and pricing decision.
This paper investigates auditors assessments of earnings manipulation risk and corporate governance risk, and their planning and pricing decision in the presence of these identified risks. The researchers find that auditors plan increased effort and billing rates for clients with earnings manipulation risk, and that the positive relationships between earnings manipulation risk and both effort and billing rates are greater for clients that also have heightened corporate governance risk. These findings provide evidence that auditors assess situations involving both aggressive management and inadequate corporate governance, and that there is a relationship between those assessments and auditors planning and pricing decisions. By applying more engagement effort toward detecting possible instances of earnings manipulation and by charging higher average billing rates to cover the potential incremental costs associated with conducting, staffing and managing these engagements, auditors may reduce their exposure to litigation or reputation declines associated with earnings management risk. Audit firms may charge a higher billing rate to clients with higher earnings manipulation risk as a premium to compensate them for costs related to potential future litigation. While intervention by auditors may deter instances of earnings manipulation, regulatory and professional standards and the business press have increasingly emphasized the need for effective corporate governance to help mitigate financial reporting risks, including earnings manipulation risk. If external auditors perceive that they cannot rely on corporate governance mechanisms to help control the quality of financial reporting, they may increase audit effort and charge higher billing rates as a risk premium to cover potential incremental costs for clients with heightened corporate governance risk. The simultaneous presence of both types of risks implies both an aggressive management and inadequate corporate governance. This combination suggests particularly heightened risk, and implies a positive interaction of earnings manipulation risk and corporate governance risk in models of auditors planning and pricing decision. Results of the regression models indicate that heightened earnings manipulation risk, and the interactive effect of earnings manipulation risk and corporate governance risk, are both associated with increases in planned audit hours and planned billing rates. However, corporate governance risk alone is not associated with differences in planned hours of billing rates.

T. OKeefe, D. Simunic and M. Stein (1994) The production of audit services: evidence from a major public accounting firm.
This research examines the empirical relation between client characteristics and the nature and mix of labour resources used by an international CPA firm to obtain a desired level of assurance that clients financial statements are free of material misstatements. The level of assurance is the output of an audit, while the input resources measure the effort required to produce that output, under varying client circumstances. Disaggregated labour hours by rank within the firm (partner, manager, senior, and staff) are used as the measure of inputs, in order to examine how client characteristics affect both the amount of mix of labour used. Audit hours (by grade of labour) are regressed on measures of client size, complexity, business, and inherent risk, the degree of auditor reliance on internal controls, the number of years an engagement has been performed, and the extent of nonaudit services. The objective is to understand

the factors which determine the level and mix of labour inputs (auditor effort) used in performing audit engagements. The results show that crossectional variation in the quantity of labour inputs can largely be explained by the same client size, complexity and risk measures found to be important in previous research on auditors fees. However, client size and risk measures are also associated with significant changes in the mix of labour inputs. That is, audit labour inputs are not used in fixed proportion, and certain risk measures have a statistically significant effect only on some classes of labour. Disaggregated labour hours can therefore provide a more powerful test for such effects than an aggegration of hours. There is no evidence of auditor learning over time of any class of labour. Finally, reliance on client controls and/or the joint production of nonaudit services seem to have no systematic effects on either the level or mix of audit labour inputs. Evidence collection An audit must gather sufficient competent evidence to form an opinion. An auditor follows a process for obtaining the requisite evidence, conditional on the environment, circumstances and risks of the client. There are two main phrases in gathering information and evidence: risk assessment and tests of accounting information. 1. Risk assessment - Understanding an organisations environment, objectives, strategies and risk. - Understanding the design, reliability and effectiveness of ERM and internal control over financial reporting. - Performing preliminary analytical procedures (looking for early warning signals that result may be out of line or possible misstated). 2. Test of accounting information (building audit evidence) - Substantive analytical procedures (comparing account balances and expectations, for example: BS + purchase -/- ES = sales x price = revenue). - Test of transactions (verification of the details of a specific transaction). - Test of accounts (verification of the details of a specific account). - Test of presentation and disclosure (verification completeness of disclosures in financial statements). Types of audit evidence Independent of the underlying procedure of which evidence is received, there are 7 general categories of evidence used by auditors: - Inspection (or examination) of tangible assets. - Confirmation from independent third parties. - Inspection of records or documents in the possession of the client. - Observation (visual evidence) of client activities. - Recalculation and/or reperformance. - Analytical evidence from analysis. - Client inquiry (evidence from presentations made by management or other personnel). Auditors are required to accumulate sufficient competent evidence to support the opinion issued. However it is unlikely that the auditor will be completely convinced that the opinion is correct, due to the nature of audit evidence and cost considerations. The auditor must be convinces that the opinion is correct with a high level of assurance. The persuasiveness of audit evidence depends on competence (qualitative) and sufficiency (quantitative).

The competence of evidence depends on: degree of relevance, independence of providers, degree of direct observability, qualifications of the provider (= competence of the provider), degree of objectivity, quality (= effectiveness) of internal control, timing. An auditor collects in general evidence with more competence in the case that detection risk is low. In determining the competence of evidence the auditors carry out control tests (to verify if the organisations internal control are effective and thus reliable) and substantive tests (additional comprehensive analysis by the auditor itself.

Irrespective of the level of control risk, the audit always needs to perform substantive tests.

Chapter 4 There are three distinct sets of standards that apply to auditors and the conduct of an audit: Generally accepted auditing standards - General standards are the basic guidelines for an individual conducting and audit. - Examination standards (also standards of field work) are the basic guidelines for conducting an audit. - Reporting standards are the guidelines for communication of the results. Ethical standards can provide guidelines in decision making. A professional auditor has to be objective and independent. - Independent in appearance: interpretation of others about the independence of the auditor. - Independent in fact: actual independence of the auditor. Professional scepticism requires that the auditor forms an opinion on the basis of hard evidence an critical evaluation of evidence, in order to remain objective. Quality control standards provide guidelines to accounting firms for a proper way to conduct controls. Firms are required to have procedures to observe the independence of their employees, to manage personnel professional and observe the quality of agreements.

H. Blokdijk, F. Drieenhuizen, D. Simunic and M. Stein (2003) Factors affecting auditors assessments of planning materiality.
Definition planning materiality (found on the internet): During the planning phase of an audit, auditors establish materiality to determine the nature, timing, and extent of audit procedures to perform. Auditors commonly establish a quantitative amount for materiality during the planning phase. This quantitative amount will be referred to as "planning materiality" as it can change if audit circumstances change. This study investigates the planning materiality values used by auditors. The results show that planning materiality is not a constant percentage of a base, but increases at a decreasing rate with client size. In addition, the results show that planning materiality values increase with the quality of the clients control environment and the magnitude of the clients rate of return on assets, while decreasing with the complexity of the client. Another result is that big 5 firms use lower planning materiality values that non big 5 firms, ceteris paribus, which is consistent with the production of relative higher audit quality levels by the big 5. Finally, the results show that auditors use lower materiality values in situations where earnings might be managed to show a small profit of a small loss. The determination of planning materiality is an important judgement made by the auditor when designing an audit program, since the extent of auditor effort in performing the examination will vary inversely with the level of planning materiality (high materiality results in low effort). However, professional guideline for setting the level of planning materiality are purposefully nonprescriptive (non-complete, a lot of standards leave this to the professional judgement of the auditor). Because of the importance of the materiality judgment to audit program design and the fact that planning materiality is a quantitative threshold or cut-off value, auditing texts and practice guideline books provide a number of rules-of-thumb for determining planning materiality, for example misstatements greater than 10 % of net income before taxes are likely material. These heuristics imply that planning materiality is commonly conceived as a fixed percentage of some bases. This research finds that an empirical model of planning materiality using the clients size, the absolute value of the clients rate of return on assets, assessed strength of the control environment, and assess level of client complexity provides a good cross-sectional fit. InPM = -3.0263 + 0.856 inSIZE 0.268 Big5 + 0.1280 Controls + 2.7430 |ROA| - 0.1034 Complexity

They also find that, ceteris paribus, big 5 auditors assess planning materiality at a smaller amounts than non-big 4 auditors (big 5 auditors assess a level of 76% of the amount used by non-big 5 auditors) and that the relationship between planning materiality and client size increases at a decreasing rate. The evidence also suggests auditors decrease planning materiality for firms with small absolute reported earnings (using lower planning materiality when earnings might be managed). Overview of an integrated audit process Phase 1 plan and design an audit approach. In the first phase of planning and designing an audit approach, the auditor starts with client acceptance and retention. This is followed by a risk assessment (defining client business risk, audit risk, inherent risk, control risk and fraud risk) and on the basis of the results of risk assessment an overall audit plan and audit program is developed. Phase 2 perform tests of controls and substantive tests. Phase 3 perform analytical procedures and additional tests. Phase 4 complete the audit and issue audit report. Client acceptance and retention By evaluating a client, the firm has to trade off the returns of the client and the possible problems that can occur in the case that the auditor gets involved in engagement risk. There are a number of steps that an auditor should perform at deciding about acceptance or retaining a client. 1. Obtain background information about the client (experience, integrity, reputation and image, accounting practices, financial conditions and profitability). An auditor that is new to an engagement is required to contact the predecessor auditor if one exists (with permission of the client), to talk about the reason for transmission, identification of important risk areas and prior experience with fraud or illegal acts. 2. Evaluate the risk factors or changes in risk factors associated with the client. 3. Decide on the acceptability or retention of the client as part of the firm-wide risk portfolio. 4. Obtain an engagement letter (strongly recommended but not required) to avoid future misconceptions. The auditor will accept a new client or retain an existing client only if the expected revenues over the length of the engagement exceed the foreseeable costs. Preliminary planning The preliminary planning concerns the period following acceptation/retention of a client. This has two purposes: obtaining an understanding of the client and identification of possible problem areas that require special attention during the engagement.

K. Johnstone and J. Bedard (2004) Audit firm portfolio management decisions.

The purpose of this paper is to examine the purposeful portfolio management decision of a large audit firm, focusing on differences in the risk and fee profiles of the firms newly accepted, continuing and discontinued clients and provide empirical evidence on the extent and nature of risk avoidance that the firm uses to purposefully manage its client portfolio. During the portfolio management process, auditors assess financial risk, audit risk, and auditor business risk, and consider whether engagement fees are sufficient to cover current and future expected engagement costs. These assessments are then used in auditors client continuance and client acceptance decisions. Three groups of clients result from these decisions: continuing clients, discontinued clients and newly accepted clients. Prior literature suggest that client continuance decisions results in the elimination of undesirable clients, includes those that the firms deems excessively risky or those that are no longer a good fit with the firms portfolio goals for some other reason.

Given the relatively low turnover of clients in the audit services market, it is apparent that audit firms do not simply reject all clients that present heightened litigation risk or are inconsistent with other firm objectives. Rather, they distinguish a subset of less attractive clients to reject from the portfolio from those they will continue serving. Understanding the client continuance decision is only one part of understanding purposeful portfolio management decisions because the composition of an audit firms portfolio is influence by both client continuance and client acceptance decisions. Prior research implies that audit firms assess risk when considering new clients and choose from among prospective clients on that basis. A portfolio approach implies that audit firms do not only consider how prospective clients compare with each other, but also how they compare with the characteristics of the existing client portfolio. Prior research provides mixed evidence regarding large audit firms over all willingness to tolerate and manage risk. A willingness on the part of large audit firms to maintain off increase the level of portfolio risk over time is consistent with the theory that these audit firms have a larger client base than smaller firms, allowing them to provide service to some higher risk clients but spread any given clients risk over a diversified portfolio of clients. In contrast, a desire on the part of large audit firms to increasingly avoid risk is consistent with the theory that these firms are risk avoiding because they have more to lose from an audit failure than do smaller firms, both in terms litigation losses and reputation declines. First, the results show that this firm is shedding the riskier clients in its portfolio, consistent with the risk avoidance theory of audit firm portfolio management. Second, the results show that the firms newly accepted clients are less risky than its continuing clients. Third, audit risk factors are found to be more important in audit firm portfolio management decisions than financial risk factors. Finanaly, no evidence is found that audit pricing affects the client acceptance and continuance decisions of this firm, controlling for risk and other client characteristics.

Chapter 8 In general, all financial reporting systems are composed out of 4 components: source documents and transactions, journals, general and subsidiary ledgers and financial statements. 1. Accounting transactions usually generate one or more source document (on paper or electronic, such as sales orders, bill of lading or sales invoices). 2. Transaction are in general presented in a general journal or a specific journal. 3. General ledgers aggregate the transaction on account basis and indicate the current balance at a point in time. A general ledger can be divided in subsidiary ledgers, provided more detail on an account. A trial balances contains the end balances for accounts in general ledgers. 4. Financial statements aggregate all balance sheet items into a single item (also line items). Internal control of financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statement for external purposes in accordance with generally accepted accounting principles. The Securities Act of 1933 This act requires appropriate consideration to the adequacy of the systems of internal checks and control. Auditors are required to obtain sufficient understanding of the systems of internal control, prior to planning the financial statement audit. Sarbanes Oxley section 404: assessment of internal control Section 404 requires management and the auditor to report on the adequacy of the companys internal control over financial reporting. Under this section, management is required to produce an internal control report. The report must affirm the responsibility of management for establishing and maintaining an adequate internal control. The report must also contain an assessment, as of the end of the most recent fiscal year of the company, of the effectiveness of internal control over financial reporting. In addition to a report on the adequacy of the companys internal control over financial reporting from the auditor, the auditor also has to provide a report on the assessment of management of the adequacy of the companys internal control over financial reporting. Understanding internal control over financial reporting 1. Obtain understanding of internal control (by written narrative, flow chart, control questionnaire or a walkthrough). However, companies change only rarely of system, so a lot of data about the system can be taken from the report of last year. 2. Assess control risk (probability of loss arising from the tendency of internal control systems to lose their effectiveness over time). 3. Tests of control (procedures directed toward the evaluation of the effectiveness of the design and implementation of internal controls). On the basis of the level of control risk, the auditor uses the internal control system or substantive tests. In the case of low control risk, controls are perceived to be effective and there is only a low risk that material deviations remain undetected. 4. Decided planned detection and substantive tests.

Ashton (1974) An experimental study of internal control judgements.

The work of independent auditors involves two basic activities evidence collection and evidence evaluation. Substantial agreement exists concerning the types of evidence that should be collected in particular situation and the appropriate collection techniques. The evidence evaluation activity, however, is less susceptible to codification. As a result, the auditing profession relies heavily upon professional judgment in evaluating audit evidence, mainly because it is practically impossible to write out a specific language how the auditor applies judgment (AICPA).

This study examines the extent of judgment inconsistency in the evaluation of a hypothetical internal control situation. The results show greater agreement between an individuals judgment at two points in time (judgment stability) than between different individuals at the same point in time (judgement consensus)

C. Caramanis and C. Lennox (2008) Audit effort and earnings management.

Audit quality is defined as the joint probability that an existing material error is detected and reported by an auditor. Audit effort affects the probability that the auditor detects and existing problem, whereas auditor independence affects the probability that the auditor reports a detected problem. In analytical research, hard-working auditors are more likely to detect that earnings are overstated. Auditors jeopardize (in gevaar brengen) their reputations (and risk litigation) if their clients are found to have overstated earnings, but there is generally no penalty when companies understate earnings. Consistent with auditors facing asymmetric loss functions, auditors and clients tend to disagree about accounting choices that are income increasing rather than income decreasing and auditors generally require their clients to adjust earning downwards. In this study, the focus is on the association between audit effort and income increasing earnings management. Earnings management is measured using abnormal accruals and the in incidence of small profits. Companies are said to have managed earnings upwards if reported earnings are small and positive, abnormal accruals are positive and reported earnings would have been negative if abnormal accruals had been zero. There are three main findings, each of which is robust to controlling for endogeneity in audit hours. First, companies are more likely to report income increasing abnormal accruals than income decreasing abnormal accruals when audit hours are lower. Second, the magnitude of income increasing abnormal accruals is negatively related to audit hours. Third, companies are more likely to manage earnings upwards to just meet or beat the zero earnings benchmark, when auditors work fewer hours. These results are consistent with managers reporting aggressively high earnings when audit efforts are low.

Chapter 17 A competent auditor must be ethical when making the various judgements that comprise an audit. The principle of double effects is a set of ethical criteria for evaluating the permissibility of acting in the case that an otherwise legitimate act will also cause an effect one would normally be obliged to avoid (for example relieving a terminally ill patient from pain and the patients death). An action having foreseen harmful effects practically inseparable from the good effect is justifiable if upon satisfaction the following: - The nature of the act itself is good, or at least morally neutral. - The agent intends the good effect and not the bad. - The agent exercises due diligence to minimize harm. An audit mainly consists out of making judgments, therefore it is also mentioned as a judgment process. A few important judgments are evaluation of prospective clients or deciding to retain an existing client, assessing various types of risk and evaluation of evidence. Sometimes professional judgements about collection and interpretation of audit evidence can turn into an ethical quandary for the auditor, in the case that there is a conflict of interests. The right action for the auditor to take may be readily apparent, but the choice of action may be influenced by the conflict between self interest and duty to society of the auditor. Judgment is the process by which the individual thinks about the relevant aspects of the decision problem. In general, this process has the following steps: 1. Definition of decision problem. 2. Identification of evaluation criteria. 3. Weighting of the relevant criteria. 4. Generation of alternatives. 5. Rationing of alternatives. 6. Selection best alternative. In complex environments, if the decision maker has insufficient information to choose among alternatives or lacks experience, the decision maker may search for the first viable solution that is consistent with prior experience. However, the individual auditor judgment can be affected risk (risk of mistakes during the collection and evaluation of evidence that allow material misstatements to go undetected), biases and heuristics. - Availability heuristics: influence of prior experience in the ability of an individual to identify and evaluate options. - Representativeness heuristic: use of stereotypes for evaluating new situations. - Anchoring and adjustment heuristic: approaching a decision with a preconceived notion or prior expectation of the appropriate choice to make. An auditor is often unwilling to adequately adjust prior decisions in the face of new information. - Confirmation bias: favour of evidence that support a preconceived opinion. Ethics are standards of behaviour (also a set of moral principles or values) that suggest how human beings should act. Because of ethics an individual will place boundaries on acceptable behaviour. Still people can act in an unethical way. Some rationalization models: everybody does it, legal equals ethical, no one will ever know (depends on the likelihood of discovery and consequences) and slap on the wrist (min. consequences). A few techniques that are used to reduce the potential effects of ethical dilemmas and judgment biases among professionals may have on the audit process are improving expertise, training, framing and perspective and rewarding.

Beyond the audit firm, there are a number of professional, regulatory and other institutional forces that provide guidance on acceptable auditor judgement and conduct. Code of conduct Auditors throughout the world must follow a code of professional conduct that defines unacceptable ethical behaviour (in Nederland de Verorderings gedragscode). This conduct should consists out of 3 components: principles, rules of conduct and interpretations. The fundamental principles in a code of conduct should incorporate rules of professional behaviour in the following areas: integrity, objectivity, competence and due care, secrecy and responsibility. The value of the audit depends on auditor independence. Independence in auditing means taking an unbiased view in performing tests, evaluating tests en issuing the audit report. Independence in appearance is the result of others interpretation of the independence of the auditor. Independence in fact is the actual unbiased attitude of the auditor throughout the audit. If auditors are independent in fact, yes users believe them to be advocates for the client, most of the value of the audit function is lost. Some threats to independence are self interest, self review, advocacy, familiarity and intimidation. A few safeguards against these threats are regulation, professional practice (education and training), client safeguard (approval of non audit services by audit committee, presence of competent management), and auditor safeguard (second partner review, mandatory rotation of audit team). There are some concerns about the potential effects of consulting services on auditor independence. Additional restrictions on non audit services have been put in place and disclosure of audit and non audit services is required. In the Verordening gedragscode is stated that auditors should not perform for a contingent fee assurance services. A contingent fee is a fee established for the performance on a service pursuant to an arrangement in which no fee will be charged unless a specified finding or result is attained or in which the amount of the fee is otherwise dependent upon the finding or result of such service. A contingent fee impair the independence of the auditor. Regulatory intervention A key factor in determining the effectiveness of any regulatory rules or codes of conduct is the extent to which the specific body actively polices these rules. The existence of these rules and codes of conduct encourage auditors to behave in a professional and ethical manner. However, evaluation and punishment mechanisms are needed to enforce the rules when auditors violate regulations or the code of conduct. Legal liability According to the concept of joint and several liability, the auditor can be held responsible for the entire amount of an adverse judgment even though he or she may have been only partially responsible for the losses incurred by the plaintiff. Common law is the consensus of reasoned judicial decisions and precedents that have been formalized over many years and many cases. Auditors who are engaged to deliver audit services are expected to comply with the terms of the contract established with the client, also law of contracts. In the case of a breach of contract, the client can go to court. The suing party is referred to as the plaintiff and the party being sued is the defendant. Under de law of torts, an auditor can be sued by someone who is damaged by the production of an inferior audit. In common law countries, statutory laws may supplement rights and obligations established by court precedent, often expanding or limiting rights of persons to sue an auditor.

C. Lennox (2005) Audit quality and executive officers affiliations with CPA firms.
Executives are affiliated if they previously worked for their companies audit firms. Audit quality can be impaired when executives previously worked for their companies audit firms. This paper addresses to the arise of affiliations between executive officers and their companies audit firms and impairment of affiliations to audit quality. There is made and distinction among three different types of affiliation: - Employment affiliation occurs if an individual leaves the audit firm to work for a client. - Alma mater affiliation occurs when an executive persuades her company to appoint her former audit firm. - Change affiliation occurs randomly, namely there is no causal factor underlying the affiliation. There are three ways in which employment affiliations might impair audit quality. The first relates to impairment before the individual leaves the audit firm, and the other two relate to impairment when the former auditor works at the client. Audit quality can be impaired before the individual leaves the audit firm if she is, or expects to be, negotiating an employment contract with an audit client. There are two ways in which audit quality can be impaired when the affiliated executive works at the company. First, audit team member might be overly friendly with, or respectful of, their former colleague and so they might be unwilling to challenge her assertions. Second, the former auditor might be sufficiently familiar with the audit firms testing methodology that she can circumvent its design. Audit quality is defined as the joint probability that an existing problem is discovered and reported by the auditor. Given that a problem exists, the probability of problem discovery depends on the auditors competence and effort, and on the ability of executives to hide of minimize the problems appearance. The probability that an auditor reports a discovered problem depends on auditor independence. Executive auditor affiliations might impair audit quality by reducing the likelihood of problem discovery and/or by reducing auditor independence. The results indicate that affiliated companies are more likely to receive clean opinions compared to unaffiliated companies. This result is consistent with the view that executive auditor affiliations significantly impair audit quality. Affiliated executives are not always able to prevent the issuance of unfavourable audit opinions. If companies maintain affiliations in order to influence audit reporting, one would expect companies perceive affiliations are more (less) valuable following the issuance of clean (unfavourable opinions). Executive turnover is significantly infrequent for affiliated executives following the issuance of clean opinions. Moreover, the association between unfavourable opinions and executive turnover is significantly more positive for affiliated executives compared to unaffiliated executives.

J. Gaver and J. Paterson (2007) The influence of large clients on office-level auditor oversight: evidence from the property-casualty insurance industry.
Larger audit firms are argued to be more successful in constraining opportunistic earnings manipulations by client firms (DeAngelo 1981). Reynolds and Francis (2001) make a subtle, but important refinement. Instead of a nation-wide view on an audit firm, they note that the individual practice office is the locus of contracting between the client and the firm. Therefore, they argue that the variable of interest is the importance of the client to the practice office, rather than the total size of the firm. Auditors allow less accounting discretion to their more influential clients. This research investigates whether accounting discretion in the property-casualty insurance industry depends on the significance of the client to the auditor. An analysis indicates that, on average, audit quality is not compromised when the client is economically significant to the local practice office. Financially struggling insurers are given less latitude to understate reserves when they are important to the auditor.