Affiliation:
1. Hasselt University
2. Maastricht University
3. Humboldt University of Berlin
4. Vienna University of Economics and Business
Abstract
ABSTRACT
In risk-based auditing, data-driven analyses are often used to automatically detect process deficiencies. This introduces a challenge: the number of deficiencies is too large to inspect manually. Current approaches addressing this challenge neglect integrating the risk dimension or rely on auditors to manually integrate it. This study aims to increase the effectiveness of such data-driven analysis approaches by including the risk dimension when presenting process deficiencies for further inspection. We investigate how the deficiency type and the affected control activity are associated with perceived risk. We run a discrete choice experiment with 58 auditors interpreting deficiencies that occur in a procure-to-pay or an order-to-cash process and find that (1) deficiencies of type “missing” or deficiencies related to asset-decrementing activities are perceived as the riskiest, (2) the control activity contributes 75 percent of the risk perception, and (3) external and internal auditors share a similar risk perception.
Publisher
American Accounting Association
Reference54 articles.
1. Adriansyah,
A.
, B. F.Van Dongen, and N.Zannone. 2013. Controlling break-the-glass through alignment. Proceedings of the 2013 International Conference on Social Computing, Alexandria, VA, September 8–14. https://doi.org/10.1109/SocialCom.2013.91
2. Auditor risk assessment: Insights from the academic literature;Allen,;Accounting Horizons,2006
3. Putting continuous auditing theory into practice: Lessons from two pilot implementations;Alles,;Journal of Information Systems,2008
4. An experimental study of internal control judgements;Ashton,;Journal of Accounting Research,1974
5. Designing information systems to optimize the accuracy-timeliness tradeoff;Ballou,;Information Systems Research,1995