Does the Type of Business Process Representation Affect Auditors’ Ability to Assess Control Risk?
40 Pages Posted: 3 Jan 2012 Last revised: 31 Oct 2014
Date Written: December 30, 2011
The Sarbanes-Oxley Act (SOX) mandates managers and auditors to assess the effectiveness of internal controls over financial reporting. Our study investigates two methods that organizations commonly use to document their business processes – descriptive narrative (hereafter, textual) and diagrammatic – and their effect on the accuracy of auditors’ assessment of internal controls and audit risk. Further, we consider whether auditors’ general ability and/or perception of their ability (termed self-efficacy) moderate the effectiveness of the type of representation. We conduct an experiment where 115 master of accounting (MACC) students with 15 months of practitioner experience complete a modified version of the task developed by Borthick, Schneider, and Vance (2011). We find that those using textual representation were more accurate at identifying internal control and audit risks than those using diagrammatic representation. Further, those higher in ability and lower in self-efficacy were also more accurate in their assessments. Finally, ability and efficacy are found to moderate the effects of representation on performance. Implications for practice and training are discussed.
Keywords: business process diagrams, system documentation, audit documentation methods, risk assessment, BPMN, narrative, self-efficacy
Suggested Citation: Suggested Citation