Properly understanding the economic role of auditing standards is an important step toward improving both audit effectiveness and efficiency. In this essay, I observe that auditing standards are most important when an auditor may have an incentive to under-audit. While this conclusion may not come as a surprise, the conditions under which standards may, or may not, have a desirable effect on audit quality are less obvious. More specifically, I present a number of observations about what standards can do: Standards can (1) compensate for the lack of observability of the audit outcome by focusing on the audit process; (2) partially mitigate the information advantage possessed by the auditor as a professional expert that might motivate the auditor to under-audit; (3) counterbalance the diversity of demand across multiple stakeholders that might drive the audit to the lowest common denominator and create a market based on adverse selection; and (4) provide a benchmark that facilitates the calibration of an auditor’s legal liability in the event of a substandard audit. However, I also present a number of observations about what standards should not try to do: Standards should not (1) discourage the use of judgment by auditors; (2) limit the potential demand for economically valuable alternative levels of assurance; (3) lead to excessive procedural routine or standardization in the conduct of the audit; and (4) be set based on an enforcement agenda. In the end, standards overreach may undermine the economic value of the audit to many stakeholders and lead to fee pressure for audit firms. Hopefully, these insights can inform future debates about the level and types of standards that are appropriate for the auditing profession.
The auditing profession is awash in standards. Standards dictate how audit firms should structure their practice; how to hire, train, and reward their professional staff; what services to offer and clients to accept; how to conduct engagements; and how, and to whom, they are obligated to report. Various professional and regulatory bodies have established ethical standards, independence standards, quality control standards, and audit performance and reporting standards. Whether issued by the American Institute of CPAs (AICPA), the Public Company Accounting Oversight Board (PCAOB), the International Auditing and Assurance Standards Board (IAASB), or various national bodies, all standards have the effect of dictating, coordinating, and/or constraining professional auditors’ activities and behavior. We generally presume that all of these standards improve the quality of financial reporting. While many will take this perspective as an article of faith, it is still worthwhile to ask: Do auditing standards matter? The purpose of this essay is to provide some insights into that question based on an interpretation of existing theoretical and empirical research in auditing.
In his seminal paper, Dye (1993) analyzes the effect of auditing standards on audit quality. His analysis shows that, when an auditor’s personal ‘‘wealth,’’ which is at risk in the event of litigation, is known to potential litigants, auditors who intend to comply with standards prefer tougher (higher) standards.1 Willekens and Simunic (2007) extend Dye’s work by considering the vagueness or ambiguity (i.e., flexibility) of standards. They show that vague standards can increase an auditor’s effort up to a point, but that overly vague standards eventually will yield lower levels of auditor effort. Finally, Ye et al. (2009) observe that auditors prefer vague standards when the toughness of the standards is perceived by auditors as less than optimal. While these findings are of conceptual interest, the fundamental question remains: Do auditing standards matter? A related question also follows: Why do auditing standards matter?
ACCOUNTING STANDARDS VERSUS AUDITING STANDARDS First
consider the potential differences between accounting and auditing and how those differences might influence the nature of standards. A critical distinction is that ‘‘accounting standards’’ define how to consistently measure and report an outcome across different companies, while ‘‘auditing standards’’ define a process to verify the outcome. This process may vary from audit to audit (Kanodia and Mukherji 1994; Causholli et al. 2013). Removing choice variation from the measurement and reporting of an outcome makes sense: two sets of similar facts should yield similar reported outcomes. However, the benefit of removing choice variation from a process is much less obvious: when auditing, there may be different ways to verify an outcome. Further, limits on a process may prevent innovation. Using mountain climbing as an analogy, outcome (accounting) standards indicate where the climbers wish to go (i.e., which mountain to climb), while process (auditing) standards pertain to the best way to get there (i.e., the path up the mountain). Different climbers may take different routes depending on their personal attitudes toward risk, their personal skills and experience, the technology and equipment they have available, and the time frame for completing the climb. Ultimately, the goal is the same—get to the top. Similarly, auditors differ in their attitudes toward audit risk, level of experience and expertise, audit methodologies, and deadline pressures. However, the goal is the same—get the ‘‘right’’ answer concerning reasonable assurance for the fair presentation of the financial report in accordance with applicable reporting standards.
At a minimum, auditing standards can serve the purpose of preventing auditors from taking a particularly dangerous path. Auditors, like mountain climbers, have no interest in falling off a cliff. An audit that has little chance of uncovering misstatements in the financial statements is undesirable. Consequently, to the extent to which auditing standards provide guidance on paths that are unlikely to achieve an auditor’s goal, they can be useful to the profession. On the other hand, ‘‘one path fits all’’ would not be an appropriate rule to impose on expert mountain climbers and is probably no more appropriate for expert auditors. In the end, when the focus is on a process, getting to the appropriate destination is much more important than the route used to get there. Consequently, while restricting decision choice may be appropriate for accounting and reporting, it is less obviously a good thing for the audit process.2 Within the constraints of the process view of auditing, we now examine how standards might be beneficial for the auditing profession.
EFFORT VERSUS ASSURANCE
There has been a great deal of commentary and research on defining audit quality.3 A critical element of much of the theoretical work on auditing standards is the assumption that ‘‘audit quality’’ can be represented by a probabilistic outcome as embedded in the audit risk model (i.e., the likelihood that an auditor issues the correct audit opinion). In this essay, I equate audit quality to the level of residual risk that a material misstatement goes undetected or uncorrected after the conduct of an audit, which is consistent with the traditional view of audit quality that exists in the audit literature (e.g., DeAngelo 1981). However, with the introduction of PCAOB inspections in the U.S., the consideration of audit quality has shifted from a focus on whether an auditor has issued an appropriate audit opinion to a focus on whether the auditor has completed an ‘‘acceptable’’ audit process. The firms that audit public companies are routinely criticized by the PCAOB for ‘‘failures’’ (i.e., audit deficiencies) in their audit process or documentation even though they are rarely accused of outright errors (i.e., issuing an incorrect opinion on a materially misstated financial report).
Dye (1993) defines audit quality as the probability that an auditor identifies and reports correctly on a firm’s investment activity when performance has been poor. This stylized approach is consistent with the classic DeAngelo (1981) definition of audit quality: ‘‘The market-assessed joint probability that a given auditor will both (1) discover a breach in the client’s accounting system and (2) report the breach.’’ While this approach has some intuitive appeal, it suffers from at least two mundane limitations. First, the actual level of assurance on an audit engagement is not observable (Francis 2004; Barton 2005; Knechel et al. 2009). The probability that an auditor fails to discover an existing misstatement cannot be known to the client, public, or auditor either before or after the conduct of an audit.4 Second, these definitions are not consistent with the professional representation of audit risk because they imply that it is desirable to drive audit risk to zero. However, existing audit standards recognize that audit risk can never be zero, nor is it the expectation that audits should be planned with that objective in mind.5
A bigger issue arises when one realizes that the level of assurance (an outcome) is not the same as audit effort (a process). In general, auditing standards do not dictate the appropriate level of assurance for an audit (i.e., standards do not dictate that residual audit risk should be 5 percent or 1 percent).6 Further, the assurance or risk level is idiosyncratic to an engagement (i.e., every audit will be conducted to achieve a slightly different level of assurance, albeit generally ‘‘high’’). What standards do dictate are some constraints on how to go about obtaining a given level of assurance. While treating effort and assurance as equivalent can be expedient for economic modeling, it creates gaps in our conceptual understanding of auditing. If we define a as the level of assurance obtained on an audit—implying that 1 a is the residual probability that a material misstatement is undetected by the auditor—then we can also consider a (or 1 a) to be the unobservable outcome of the audit. As noted above, auditing standards define process rather than outcome. Consequently, we need a separate construct to reflect the audit process in order to discuss the role of standards.
A commonly used measure of the audit process is audit effort, so I denote Q as the auditor’s effort on an engagement (typically measured in hours). Q is a direct function of the audit process and reflects the amount of work that an auditor has performed (e.g., procedures, testing, and evidence obtained).7 As noted, effort (Q) is not the same as assurance (a).8 However, the link between Q and a is important if one wishes to examine why standards matter. While it is reasonable to presume that a increases with more work (higher levels of Q), the nature of that relationship is unobservable. Further, as the ‘‘expert’’ in the audit process, the auditor may have an informational advantage in understanding this link, making it difficult for clients to question whether the audit is being conducted appropriately. In the end, the client can partially observe Q, either through direct observation of the audit team, or as a result of audit firm billings, but the client cannot know how effort links to the outcome of the audit (a).