Audit Flexibility and Information Technology Infrastructure Complexity: Effects on Internal Control Systems
Posted: 19 Apr 2008
Date Written: April 2008
Abstract
The introduction of the Sarbanes-Oxley Act of 2002 that was driven by the changed financial reporting environment in the last few years has created new dynamics in the external audit environment. These new environmental constraints have necessitated the development of guidelines by the PCAOB that would be useful to auditors in planning and carrying out audit engagements. Most recently, auditing standard number 5 (AS5) has been developed and adopted so as to facilitate the application of auditor judgment in audit engagements. At the same time, there has been some criticism expressed in the professional literature about the effectiveness of AS5 to address the limitations of prior standards (such as AS2) and whether this enhanced latitude in audit judgment would lead to more effective audits (Libenson, 2008). In addition, the auditor's capacity to adequately evaluate systems of internal control when information technology is present has been questioned both in the professional (e.g., Libenson, 2008) as well as in the academic (e.g., Hunton, Wright and Wright 2004) literatures.
For these reasons, it is important to examine the effects of audit flexibility and the complexity of information technology infrastructure on the effectiveness of auditors to properly assess internal control systems in business organizations. We thus attempt to study audit related variables that have not been adequately researched in literature. The variables include audit quality, IT capability, and internal control weakness. Recent literature has begun to study the effect of firm characteristics such as CFO quality on internal control weakness. There is some evidence that IT capability leads to increased audit quality. In addition, we propose a new variable which we label audit flexibility. This variable effectively captures the leeway that auditors have, when they use 'principles based accounting' as specified in AS5. In spite of a general sentiment that this approach is superior to 'rules based accounting' there are skeptics who believe that audit quality is not adequately affected by either approach. We use AS5 implementation as a proxy for audit flexibility, in the sense that audits after the introduction of AS5 are presumed to be done with greater 'flexibility'. We study the joint effect of audit flexibility and IT capability on audit quality. Finally, we propose that audit quality affects internal control weakness (ICW). We discuss implications for theory and practice.
Keywords: Sarbanes Oxley Act, Audit quality, Audit flexibility
JEL Classification: G38, G34, M49
Suggested Citation: Suggested Citation