Internal control assessment and substantive testing
-
Upload
larisa-ionescu -
Category
Documents
-
view
220 -
download
0
Transcript of Internal control assessment and substantive testing
-
8/18/2019 Internal control assessment and substantive testing
1/31
The Interaction between Internal Control Assessment
and Substantive Testing in Audits for Fraud*
J. REED SMITH,
State University of New
ork
at Buffalo
SAMU EL L. TIRAS,
State University of New
ork
at Buffalo
SANSAKRIT S. VICHITLEKARN,
University of Oregon
bstract
We examine tbe interaction between internal control assessments and substantive testing in
a model of fraud detection. The purpose of our study is to examine a two-stage m odel of the
aud itor-m ana ger interaction in which the auditor assesses the likeliboo d or possibility of
fraud in tbe first stage and conducts substantive tests in the second stage. We examine the
allocation of audit resources across these two distinct facets of the audit. We find that,
regardless of the auditor's allocation, the probability of undetected fraud remains the same,
but the allocation of some audit resources to internal control assessment may provide cost
savings for the auditor.
Keywords Strategic aud iting; Internal control assessment; Aud its for fraud; Substantive
testing
ondense
La possibility que Ies gestionnaires se rendent coupables de fraude pr^occupe depuis long-
temps les investisseurs. Depuis I'adoption du Statement on Auditing Standards SAS) 53 et
du SAS 55, cette preoccupation est aussi celle des v^rificateurs. Le SAS 53 exige des v^rifi-
cateurs qu'ils planifient leurs missions de verification de fafon ^ foumir une assurance rai-
sonnable que les fraudes seront detect^es et le SAS 55 exige que Ies v6rificateurs ^tudient les
structures de controle interne des entreprises clientes afin de determiner quelles sont les
entreprises les plus vulnerables ^ la fraude. Pour clarifier davantage les responsabilites des
v^rificateurs quant ^ la prevention et a la detection de la fraude, I'American Insittute of
Certified Public Accountants (AICPA) a plus tard adopts le SAS 78, en remplacement du
SAS 55, et le SAS 82, en remplacement du SAS 53. Ensem ble, le SAS 78 et le 5 45 82 servent
de guide aux v^rificateurs en ce qui a trait la meilleure fa?on de r^partir leurs efTorts entre
I'appiication de tests con?us pour d^tecter la fraude (tests de corroboration) et de tests
confus pour ^valuer la probability qu'une fraude puisse etre commise (Evaluation du
-
8/18/2019 Internal control assessment and substantive testing
2/31
328 Contemporary Accounting Research
Les auteurs examinent I interaction entre rev aluation du contrdle inteme et les tests de
corrobo ration dans un m odele de detection de la fraude. Ils analysent en particulier I inter-
action en deux phases b a s ^ sur la th6orie des jeux entre un v^rificateur extem e et la direc-
tion de l en trep rise clien te. Le v^rificateur lv al ue Tefficacitd du controle dans un p remier
temps et effectue ensuite des tests de corroboration relatifs
k
la fraude dans un second
tem ps. L efficacit^ du eontrole est en relation inverse avec la propension du gestionnaire
h
cotnm ettre une fraude. Si le controle est efficace, le gestionnaire doit redoubler d effort pour
d^jouer le syst^me de controle, ce qui diminue rint6r6t de la fraude. Cependant, le gestion-
naire n a pas
k
d^ployer beaueoup d efforts pour d^jouer un syst^me de contro le deficient,
Une certaine probability est associee
h
I ̂ clairage que peut jeter r eva luation du con trole
inteme sur la d^ficience du systfeme de controle, d^ficience qui rendrait la fraude plus
at trayante pour le gest ionnaire. Sous reserve des resui tats de revaluat ion du controle
interne , le v^rificateur d^cidera d e I ^tend ue d es tests de corrobo ration qu il convien t
d effectuer.
Les auteurs eomparent ce module en deux phases
h
un module de base dans lequel Ie
v^rificateur n effectue que de s tests de corrobo ration. Cette com paraison met en relief la
fa^on dont revaluation du contrdle inteme influe sur les caract^Hstiques des strategies
d ^qu ilibre et les r^sultats du m odule. L analyse permet de prod uire certaines predictions
desc riptives en ce qui a trait S la fa9on d ont les diverses cara cteristiques du contexte de ia
mission influent sur la repartition du travail de verification entre Ies deux phases et k la
maniere dont elles influent sur ia decision des gestionnaires de commettre une fraude.
Les auteurs constatent que Ie volume de travail consacre
k
revaluat ion du controle
inteme n exe rce pas d influence sur la probabiiite d ^qu ilibre q u un e fraude soit com mise
sans etre detectee. D e plus, lorsque ies evaluations du contr61e intem e sont relativement effi-
cientes dans la detection des fraudes potentielles. des economies de coQts peuvent 6tre rea-
lisees par le verificateur grace h i affectation des ressources de verification k revaluation du
eontrole intem e p lutdt qu aux tests de corToboration.
Les auteurs constatent egalement q ue les econom ies de coOts decou lant de I evaluation
du systfeme diminuen t avec les facteurs qui augm entent I efficacite des p rocedes de corro bo-
ration. Si Ies procedes de corroboration sont suffisamment efficaces, Ie verificateur choisira
d affecter la totalite des ressources de verification aux tests de co rroboration.
Les auteurs commencent par une interaction premiere entre un gestionnaire qui se pro-
pose de commettre une fraude et un verificateur qui souhaite detecter la fraude. La probabi-
iite que le systeme de contrSle soit deficient est de ft et la probabiiite qu il soit efficace est
de (1 ~ ). L avantage q u obtient le gestionnaire lorsqu il com met une fraude qui n est pas
detectee est de F. Si Ie systeme de controle est efficace. toutefois, le gestionnaire doit
deploy er beaueoup d efforts (« ) pour le dejouer, ce qui fait que la fraude ne Iui rapportera
que F-Q). Si Ie gestionnaire commet une fraude et que la fraude est deteciee par le verifica-
-
8/18/2019 Internal control assessment and substantive testing
3/31
Internal Con trol Assessm ent and Substantive Testing in Audits for Fraud 329
supposent que la fonction de detection d(x) rev8t la forme suivante :
d(x)
=
-
Exp{-bx},
oub>0 est un param ^tre. Ce param ^tre repr^sente I'efficacit^ des tests de corrob oration
dans la detection de la fraude.
Le v6rificateur engage des coQts de verification de
ex
pour determiner si une fraude a
^te comm ise. o^
c
represente le cout unitaire de la verification. Si le v^rificateur ne parvient
pas k detecter une fraude qui a ^t^ commise, il encourt une p^nalit^ D, notamm ent des dom-
mages. une atteinte k sa reputation et des sanctions gouvemementales. Le v^rificateur peut
^viter ces couts s'il d^tecte la fraude.
Les auteurs d6rivent les strategies d'equilibre suivantes pour le modele de base. Si le
gestionnaire observe la d^ficience du syst6me de contrdle, la probability d'equilibre qu'il
c(E F )
choisira de comm ettre la fraude est la suivante
:
a^
=
^ ; si le gestionnaire observe
bD Fn
I'efficacite du systfeme de controle. il ne commettra pas la fraude. Le verificateur, k V6qu\-
l ibre, choisira
x'=
-Ln — - — . Cet equi l ibre es t semblable
k
celui observe dans
d'autres travaux relatifs k la verification strategique,
Puis,
les auteurs analysent l'interaction selon un modeie
k
deux phases, grace
k ajout
d'une strategie de la part du verificateur. Ce demier peut ^valuer la probabilite que le systdme
de contrdle soit deficient en effectuant un certain vo lume de travail dans un prem ier temp s.
En consequence de ces efforts, le verificateur constate soit que le systeme de controle est
deficient (et qu 'un e fraude peut facilement etre comm ise), soit qu'il ne Test pas (signal nul).
La nature du syst^me est detemiinee a la premiere phase et observee k titre pHv^ par le
gestion naire. Si le syst me de controle est deficient, le gestionnaire sait que la probability
que le verificateur decele la deficience du controle est de h{e^), et la probabilite qu'il com-
mette la fraude est de a^. Si le syst^me de contrdle est efficace, la probabilite que le gestion-
naire com mette la fraude es de a^.
Le verificateur tente de determ iner si le systeme de contr6le inteme est efficace ou deficient
en deployant un effort e^ > 0. Les auteurs supposent que la probabilite que le verificateur
jug e par erreur qu'u n syst^me de controle inteme efficace est deficient est de zero, et que la
probabilite que le verificateur juge qu'un systeme de controle inteme deficient est deficient
est de h(e^.). une valeur
k
croissance concave dans l'interva lle [0, 1], et h(0) = 0.
A partir de ses observations k la premiere phase du modele, le verificateur determine
re ten du e des tests de corroboration (intensite du travail de verification) k la seconde phase.
Le choix du verificateur est denote
XQ >
0. si ce dernier ne dec6Ie pas de deficience du sys-
teme de conu-ole, et x- ̂> 0, s'il decile une deficience du systeme de controle. Comme dans
le modele de base, si le gestionnaire choisit de commettre une fraude. la probabilite que le
verificateur detecte la fraude est de
d(x),
oti
x
represente soit
X Q,
soit
x^,,..
Contrairement au module de base, le modele k deux phases fait intervenir trois equilibres
-
8/18/2019 Internal control assessment and substantive testing
4/31
330 Contem porary Accounting Research
Pour les cas dans lesquels h'(0) < - — — ^ — . , , „ . , e = 0k I'dq uilib re. et le
c((
I — t j
+
WLnl tf})
module est a ssimilable au module de base. Si le v6rificateur cbo isit
e*
0, alors
hie*
) = 0
et le v6rificateur ne d^couvrira aucunemeni que le systfeme est deficient. II
s agit
Ik de
l'exacte situation du module de base. Une autre fa^on d 'exprim er la chose serait la suivante ;
le v6rificateur choisit entre la verification en une seule pbase et la verification en deux phases,
en fonction de l'importance relative de b'(0) et — — — —
.„.. . Une caractdristique
c ( ( l
w
+ v L n [ o j )
importante de cette condition est qu'elle depend uniquement des param^tres b. c et 8, et de
la pente de
bCê .
au seuil de 0. Elle ne depend ni de a strategic de l'entreprise v6rifi6e, ni de
celle du verificateur k la seconde phase.
Pour toutes les missions de verification, la probability prdvue d'une fraude non
c c
est de
T-T-
et le coQt privu de Tficbec de la verification est de 7
•
Si h (0) >
oD 0
, la strategie de verification qui reduit Ie coflt au minimum consiste k
cboisir e > 0. Si h'(0)
-
8/18/2019 Internal control assessment and substantive testing
5/31
Internal Con trol Assessm ent and Substantive Testing in Audits for Fraud 331
performs substantive tests for fraud in the second stage. The strength of controls is
inversely related to the propensity of a manager to commit fraud. If controls are
strong, a manager must exert costly effort to override the system of controls, which
diminishes the attractiveness of committing fraud. Costly effort is not required,
however, for the manager to override the controls of weak systems. With some
probability, the internal control assessment will reveal whether the system of con-
trols is weak, ind icating that it is more desirable for the manager to comm it fraud.
Depending on the outcome of the assessment of internal control, the auditor will
decide how much substantive testing to perform.
We compare this two-stage model to a benchmark model in which the auditor
pertbrms only substantive testing. This comparison highlights how internal control
assessment affects the characteristics of the equilibrium strategies and outcomes of
the model. The analysis yields some descriptive predictions about how various
characteristics in the audit environment affect the distribution of audit work across
the two stages and how these characteristics affect the manager's fraud decision.
We find that the equilibrium probability that fraud is committed and is not
detected is unaffected by the amount of effort allocated to assessing internal con-
trols.
In addition, when internal control assessm ents are relatively efficient at iden-
tifying the potential for fraud, cost savings for the auditor can be achieved by
allocating audit resources away from substantive testing and toward internal con-
trol assessment.
We also find that the cost savings from system assessment decrease in factors
that increase the effectiveness of substantive testing procedures . If substantive test-
ing procedures are sufficiently effective, the auditor will choose to allocate ail of
the audit resources to substantive testing.
The strategic auditing literature began with Fellingham and Newman 1985,
who examined the interaction between a client who chooses low or high effort that
translates directly into material e rror or no m aterial error. The auditor can choose
to extend tests and discover the material error or not, and subsequently must
choose to qualify or not qualify the audit report. The audit technology in the
authors' paper is perfect, so their study focuses on the trade-off between informa-
tion acquisition and the audit report. Following their study, several studies consider
the auditor-manager interaction assuming an imperfect audit technology. Newman
and Noe (1989) and Shibano (1990) both focus on the auditor's accept/reject deci-
sion given a fixed sample of audit data. Patterson (1993) extends these studies by
considering the auditor's accept/reject decision after a sample size decision. Our
model differs from these studies in two fundamental wa ys. First, we model
th
audit as a discovery problem with imperfect auditing, whereas Fellingham and
Newman, Newman and Noel, Shibano. and Patterson model an acceptance problem.
-
8/18/2019 Internal control assessment and substantive testing
6/31
332 Contemporary Accounting Research
examined allocations of audit work across time. Excep tions are Caplan 1999, Finn
and Penno 1996, and Matsumura and Tucker 1992. Caplan examines a multistage
audit setting in which the manager has a two-stage decision, but the audit work is
essentially a one-stage problem. Finn and Penno examine the issue of commitment
in a stop-and-go audit environment. Their paper focuses on when to stop auditing
if no fraud has been discovered. M atsumura and Tucker examine a tw o-stage audit
that is structurally similar to ours. The auditor chooses high or low compliance
testing, which then provides information about the probability of fraud. Based on
this information, the auditor then decides whether to exert high or low effort in
substantive tests. Matsumura and Tucker consider only a single type of audit client
(dishonest), and their information structure is much simpler. The first-stage effort
provides information about the likelihood that fraud actually was committed.
Our paper complements Matsumura and Tucker and Caplan in that we exam-
ine a two-stage audit in which the first stage is system-related. Unlike Finn and
Penno, detection of fraud cannot occur in the first stage. Caplan's focus is on the
manager's first-stage decision (system choice), while we simplify that choice and
focus on the auditor's first-stage decision (system assessment). Unlike Matsumura
and Tucker, the auditor in our model cannot obtain information about the probabil-
ity that fraud actually was com mitted in the first stage. Rather, the first-stage effort
only provides information about the manager's type.
This paper also relates to research into tax compliance auditing. Both Sansing
(1993) and Rhoades (1997) examine two-stage models in which the auditor, which
is a tax authority in their papers, gathers information about the likelihood that
fraud will be committed in the first stage and then performs substantive testing in a
second stage. Sansing examines how the taxing authority should respond to infor-
mation it has gathered and how the taxing authority's strategy would affect the
equilibrium likelihood of an aggressive taxpayer strategy. Sansing then computes
how much information the taxing authority should optimally gather, which is anal-
ogous to the system-assessment stage in our model.
While Sansing does examine a two-stage audit in which the first stage relates
to information acquisition, contextual differences between a tax audit and a finan-
cial statement audit induce important modeling distinctions. First, the second stage
of Sansing's model, which corresponds to the level of substantive testing in our
model, is a binary choice: audit the tax retum or not. This modeling choice is stra-
tegically descriptive for tax audits. On the other hand, this modeling choice is not
descriptive of financial statement audits. Public accountants must do some auditing
of each client. As a result, we model substantive testing as a continuous choice. Tn
addition, our model allows us to explicitly examine the allocation of audit resources
-
8/18/2019 Internal control assessment and substantive testing
7/31
Ititemal Control Assessment and Substantive Testing in Audits for Fraud 333
Both Sansing and Rhoades show results that are analogous to our finding that
undetected fraud is not affected hy the assessm ent of internal control. For example,
tax revenues in San sing s paper do not depend on the precision of the tax author-
ity s information. An investment by the tax authority in more prec ise information
must be aimed at reducing cost rather than on generating increased revenue. Gen-
erating revenue in the tax models is analogous to detecting fraud in our study.
Unlike Matsumura and Tucker 1992, Sansing 1993, and Rhoades 1997, we
focus on the continuous allocation of audit resources to two distinct types of audit
task: system assessment and substantive testing. Both of these tasks relate to detec-
tion, but only substantive testing can actually detect fraud.
The remainder of this paper is organized as follows: in section 2 we present
and discuss a simple benchmark model, in section 3 we describe our two-stage
model, in section 4 we describe our analysis, and in section 5 we discuss our
results and identify the limitations of our study.
2 Benchmark model
We begin with a restricted interaction between a manager who wishes to perpetrate
a fraud and an auditor who wishes to detect fraud. Tbe system of controls is either
weak, with probability 0, or strong, with probability (1 - 9). The benefit to the
manager of successfully committing fraud is F If the system of controls is strong,
however, the manager must exert costly effort
oji)
to override the controls, and the
net payoff to successfully com mitting fraud is only F - 6). If the manager com mits
fraud and the fraud is detected by the auditor, the manager incurs a penalty, Pp,
which could iticlude fines, loss of employment, or jail. The manager with system
type
t
€ {w.
s}
will commit fraud as a mixed strategy with probability
a, e
[0, 1].
In the benchmark model, the auditor cannot assess whether the system is
strong or weak.^ The auditor chooses a level of substantive testing (audit effort),
denoted x>0, based on knowledge of 6 If the manager chooses to commit fraud,
the auditor will detect the fraud with probability d x). We assume that the detection
function,
d x),
has the functional form
d x) =
1 -
EKp{~bx},
wh ere /? > 0 is a
parameter.3 This parameter represents the effectiveness of substantive testing at
identifying fraud.**
The auditor incurs audit costs of
ex
to determine w hether fraud has been com-
mitted, where c is the unit cost of auditing. If the auditor fails to detect fraud when
it has been perpetrated, he suffers a penalty, D , which includes legal dam ages, rep-
utation loss, and governmental sanctions. This cost is avoided if the auditor detects
fraud. These payoffs are shown in the game tree in Figure I.
The solution to this game is straightforward. The m anag ers choices of a^ and
0 ^ must make the auditor s equilibrium choice of x optimizing, and the aud itor s
-
8/18/2019 Internal control assessment and substantive testing
8/31
334 C on t em po ra i y A ccoun t i ng R esea rch
Fig ure 1 Benchmark model
Nature Manager Auditor {M anager's payoff. Auditor's payof }
{F(l - d(.«)) -
Fodix),
-ZXI -
dix)) - ex]
{F \ -
{0,-cx}
-
Ut
-ZHl - d{x -
cx\
1
-
e a
-
= 0
and the second-order condition is
The manager's payoff if the system is weak, is
2).
3).
4),
5).
and the manager's payoff if the system is strong, is
-
8/18/2019 Internal control assessment and substantive testing
9/31
Intemal Control Assessment and Substantive Testing in Audits for Fraud 335
bD9P
6).
D
If the manager observes a strong system of control, she will not commit
fraud.
«: =0 il).
The auditor, in equilibrium, will choose x:
8).
PROOF.
The proof follows directly from equations 2,4. and 5.
•
Tbe comparative statics from our study for the auditor s strategy, x and the
manager s fraud strategy, a*,, are similar to those of Newman and Noel 1989 and
Sbibano 1990, even though we look at a different type of audit decision. For exam-
ple,
the equilibrium choice of x* is not affected by changes in the auditor s expo-
sure to audit failures, D. On the other hand, Patterson (1993) finds that detection
risk may be increasing in what we refer to as D. The difference between our study
and Patterson s results from the fact that Patterson considers the balancing of two
distinct strategic choices: sample size and acceptance. We do not consider type I
errors and, as a result, increased effort always serves to improve the auditor s
expected reporting decision. Patterson does consider the costs of type I errors and
the auditor, in her model, balances the costs of type I and type II reporting errors in
choosing the optimal effort and cutoff values.
We can examine the equilibrium probability of undetected fraud. Ex ante,
the probability of undetected fraud
(UF)
is Pr(C/F) =
dcc1(l
-
d(_x*)) =
bDBP (FP\
M 5
•
^^^
auditor s first-order condition in equation 2 can be
stated in terms of d(j:):
a =
1
Tbe (I
-
d(x)) and
6
terms then
bD0il-d(x))
cancel. As a result, the equilibrium probability that fraud is undetected is a con-
stant. The comparative statics in the other three studies are consistent with ours in
that the probability of undetected fraud is decreasing in the auditor s expected
costs for undetected fraud. They find, however, that the probability of undetected
-
8/18/2019 Internal control assessment and substantive testing
10/31
336 Contemporary Accounting Research
auditor s decision is determined hy the m anager s
payoff,
and the m anager s deci-
sion is determined by the auditor s
payoff.
In all four papers, the manager plays a
mixed strategy over two discrete choices. As a result, the auditor s choice of audit
effort (sample size, materiality thresholds, etc.) will either make the manager
strictly prefer one choice over the other or will make the manager indifferent. The
equilibrium in each of these papers requ ires that the audito r s ch oice m ake the
manager indifferent between choosing fraud and choosing no fraud.* As a result,
the trade-off of the m ana ger s expected payoff if he com mits fraud relative to the
payoff if he does not commit fraud dictates how much audit effort the auditor
chooses in equilib rium . In a similar m anner, it is the audito r s trade-offs between
failing to detect fraud and exerting costly effort that drive the manage r s mixed-
strategy choice of a^
^
As the au ditor s penalty for not detecting fraud increases,
the auditor s own cho ice is not affected, but the manager decreases the likelihood
of committing fraud.
3 . Two stage model
We extend the interaction in section 2 to two stages by adding a strategy for the
auditor. The auditor can assess the likelihood that the control system is weak by
exerting effort in a first stage. As a result of
this
effort, the auditor either teams that
the control system is weak (and fraud can be easily perpetrated) or does not (a null
signal).
In this section, we desc ribe the sequence of events in the two-stage model.
We then derive the payoffs to the auditor and the manager and define the equilib-
rium concept.
Sequence of events
The system type, strong s) or weak w), is determined in the first stage and is
observed privately by the manager. The weak system requires no effort in order for
the manager to perpetrate fraud. The strong system imposes costs of
ft
on the man-
ager if she wishes to override the system and perpetrate a fraud. The manager with
a weak system of controls knows that the auditor will discover the control weak-
ness with probability
h e^.),
and she conunits fraud with probability
cc^^.
The ma
ager with a strong system of controls comm its fraud with prohabiiity a ,.
The auditor attempts to determine whether the system of internal control is
strong or weak by exerting effort,
e^ >
0. We assume that the probability that th
auditor will mistakenly identify a strong system of internal control as weak is zero,
and the probability that the auditor will identify a weak system of internal control
as weak is h(ec), which is assumed increasing-concave over the range [0, I), and
h(0) = 0.9
-
8/18/2019 Internal control assessment and substantive testing
11/31
Internal Control Assessment and Substantive Testing in Aud its for Fraud 337
Fi gu re 2 Timeline: TVo-siage model
Nature delermines Manager observes Auditor Icams or Aud itor based on Auditor discovers
system type system type and does not leam)
strong, weak ). chooses whether that system is
to com mit fraud. weak if it is.
Auditor chooses
system evaluation
efToit
results of inlem ai fraud if it occurred
control evaluation) proba bilistically,
chooses substatUive
testing.
yoffs
The payoffs to the managers who face strong and weak systems are identical to
those in the benchmark ga me . M anagers w ho face a w eak system of control obtain
a benefit of F for undetected fraud, m anagers who must override a strong system of
controls in order to perpetrate a fraud obtain a net benefit of F - co for undetected
fraud, and the manager incurs a cost penalty) of Pp if she is detected c om mitting
fraud.
The auditor incurs audit costs of e^ in attempting to determine whether the
internal control system is weak. If the system is found to be weak, the auditor
incurs audit costs of cx^^, to determine whether fraud has been committed. If the
system is not found to be weak, the auditor incurs audit costs of
C XQ
to determine
whether fraud has been committed. The existence of a strong or a weak system
does not affect the probability, d jc), of detecting fraud. Again, if the auditor fails to
detect fraud when it has been perpetrated, he suffers a penalty, D, which is avoided
if the auditor detects fraud. The information structure and payoffs are shown in the
game tree in Figure 3.
The auditor will identify a weak system as weak with probability h e^), and
choose a level of substantive testing, x^^., that induces a detection probability
-
8/18/2019 Internal control assessment and substantive testing
12/31
8 Contemporary Accounting Research
f
^
f
d
a
I
u
as
S
2
c
f 2
2
1
-
8/18/2019 Internal control assessment and substantive testing
13/31
Internal Control Assessment and Substantive Testing in Audits for Fraud 339
If the auditor identifies the control system as weak, then he chooses x^. know-
ing that the probab ility that the manager com mitted fraud is o;,,. The expected pay-
off to the auditor in this information set is
If the auditor does not identify the control system as weak, then he computes
the probability that the system is weak using Bayes s rule: — ~ .
(1 h(^^) )0+ (1 0)
The manager in this situation committed fraud with probability oCy^, and w ith prob-
ability —— — —--^— —— — the manager faced a strong system of contro ls and
chose to commit fraud with probability a^. The auditor s assessment of the proba-
bility that the manager committed fraud if the system is not found to be weak is
(12).
If the auditor does not identify the control system as weak, then his conditional
expected payoff is
In the first stage, the auditor chooses
e^.
which induces the probability hie^.
that a weak system will be identified as weak . The aud itor s expected payoff at this
decision point is
Cl
.
14 .
In the next section, we will formalize the equilibrium concept for our analysis.
-
8/18/2019 Internal control assessment and substantive testing
14/31
340 Contemporary Accounting Research
a^ =
the (mixed-strategy) probability that the manager facing a strong system
of controls will commit fraud.
e^ =
the effort that the auditor supplies to determ ine w hether the firm has a
weak system of intemal controls.
x^. =
the effort that the auditor supplies to detect fraud if he has found that the
firm has a weak system of intemal controls.
XQ = the effort that the auditor supp lies to detect fraud if he has not found that
the firm has a weak system of intemal controls.
Equilibrium requires that each of these strategies be a Nash best-reply to the
other player's strategy and that the auditor's beliefs are updated in accordance with
Bay es's rule. In addition, w e require that all choices be sequentially rational.
4. Analysis of the two stage model
In this section we describe equilibrium in the two-stage model and how intemal
control assessment affects tbe nature of the auditor-manager interaction. Unlike
the benchmark mo del, three distinct equilibria arise in the two-stage m odel. First,
if either /J or 0 is large, or if
c
is small, then
e =0
and tbe equilibrium strategies
are identical to those in the benchmark m od el . For these equilibria, the manager
will never com mit fraud if the system of controls is strong (a * = 0). On the other
hand, if
b
and
c
are not too large and
c
is not too small, then the auditor will choose
€*
> 0. For these equilibria, the manager will choose oc =0 for larger values of O
and 0< a < 0^ for sm aller values of
co.
We begin our analysis by describing the first-order conditions (FOCs) induced
by the seco nd-s tage payoffs in equa tion s 9, 10, 11 , and 13. For this analy sis,
we will assume that the auditor's first-stage equilibrium choice of
e
is greater
than zero. If the manager faces a weak system of control, then she will choose
0 ^ e (0,1) if and only if
0 (15).
If the manager faces a strong system of control, then she will choose a^e (0,1) if
and only if
-
8/18/2019 Internal control assessment and substantive testing
15/31
Internal Control Assessment and Substantive Testing in Audits for Fraud 341
In addition, since Xy^, is a continuous c hoice, the following second-order condition
must be satisfied: ̂
-bxJ
the manager will
also choose a*. If
(O
exceeds this ratio, it is imp ossible for equations 15, 16, 17.
and 19 to be solved simultaneously so that a* > 0. In any of these cases, a* = 0.
As a result, the FOC in equation 19 will reduce to
(21),
and the equilibrium choices of x^,, XQ, and a^, will be determined by the simulta-
neous solution of the FOCs in equations 15. 17. and 21.
^
We characterize the strat-
egies in the second stage of the two-stage game (for situations in which
e*
0)
in
Proposition 2.
-
8/18/2019 Internal control assessment and substantive testing
16/31
342 Contemporary Accounting Research » . : [
\he following strategies represent equilibrium choices by the auditor and
the manager in the second stage:
22 .
23 ,
a:. =
24 ,
and
a: =
bD \ -
25 .
Case 2: If a>> Min F,
, then the following strategies
represent equilibrium choices by the auditor and the manager in the
second stage:
D
(26),
27 ,
a . =
(28).
-
8/18/2019 Internal control assessment and substantive testing
17/31
Internal Control Assessment and Substantive Testing in Audits for Fraud 343
Suppose that
axF.
The expression for a* in equation 25 is positive if and only
if h(ep(fl)+ (I - 0)Po) - ft)> 0, which is true if and only if fi)< — . For
these cases, a strong system of controls is better than a weak system but is not
sufficiently strong to deter managers from committing fraud altogether. If ft) >
, on the other hand, the manager will not commit fraud with any
( i - M ^ ; ) )
positive probability (i.e., c^^ =0).
We now describe the auditor's equilibrium choice of e* in the first stage of the
g me In Proposition 2, the second-stage strategies for the auditor and the manager
are characterized assuming that e* > 0. We now characterize the auditor's first-
stage choice.
The auditor's payoff in the first stage was characterized in equation 14. This
payoff induces the following FOC with regard to ê .:
=
Substituting the FOC in equation 17. we find
h ' ( )
30 .
(31)
for any e* > 0 '** The second-order condition for e^ is
Q
(32).
Again, substituting in the FOC in equation 17, equation 32 reduces to
<
0 (33).
which is satisfied for all x^ and XQ Equation 31 and the equilibrium values of x*
and
x ^
in equations 26 and 27 imply that e* >
e^
whenever'^
-
8/18/2019 Internal control assessment and substantive testing
18/31
344 Contemporary Accounting Research
This result provides the basis for P roposition 3 .
P RO P O S I T I O N 3 . / / h ' (0 ) > — - - — ^ — - , . „ . . then c* > 0 in equilibrium
c((
I — u) +
a L n [ a | )
and the auditor s equilibrium choice ofe^ satisfies equation 31. Conversely
PROOF: See
appendix.
F or cases in which h '(0) < - — — — — . , ,-^,. , ^* = 0 in equilibrium and
c
—
7) + t7Ln[t7j) *
the gam e reverts to the benchm ark m odel. If the auditor choos es e* = 0, then
h(c*) = 0 and the auditor will never discover that the system is weak. This is pre-
cisely the situation in the benchmark model. Ano ther way of saying this is that the
auditor will choose between one-stage auditing and two-stage auditing based on
the relative magnitudes of h'(0) and
—————
—
—
r . An important c harac-
c(\\ — u) +
aLn[&J)
teristic of this condition is that it depends only on the parameters b, c, and 6, and
the slope of
\\ie^
at 0. It does not depend on either the aud itee's strategy or the audi-
tor's strategy in the second stage of the game.
The next section will discuss the characteristics of equilibrium in the two-
stage m odel and provide the results of our comparative static analysis.
Equilibrium characteristics of the two-stage model
For situations in which a* = 0. the expression for .r*, in equation 26 depends only
on the exogenous param eters. The expression for
JCQ
in equation 27 depends on the
parameters and the auditor's first-stage choice of h(e*). Conversely, for equilibria
in which a* > 0, x*^ in equation 22 depends in part on h(e*). but x^ in equation
23 does not. The reason for this differenee, which will also induce differences in
the comparative statics, is that the auditor's choice of
Jt ̂
and
XQ
is driven by the
manager's
payoff.
In case of Proposition 2, the aud itor's strategy must keep both
-
8/18/2019 Internal control assessment and substantive testing
19/31
Intemal Con trol Assessment and Substantive Testing in Audits for Fraud 345
the auditor chooses e^. and
x^^
to make the "wea k" m anager indifferent between
fraud and no fraud. The expected payoff to the weak manager is decreasing in both
e^. (since x ^ >
X Q )
and X y ^ . Therefore, in satisfying this manager's indifference
condition, there is a trade-off between
e^
and
jc ,̂.,
and the value of
J:̂ ^
that satisfies
the weak m anager's indifference condition depends on b(e *).
The reasoning for case 2 of Proposition 2 is different. In this case, the m anager
will not commit fraud if tbe controls are strong. As a result, the auditor's strategy
only needs to make managers with weak systems indifferent between fraud and no
fraud. The auditor's choice of x ̂ in equation 26 does not involve any Bayesian
updating; the auditor's choice of
X Q ,
on the other hand, does involve Bayesian
updating since it is no longer determined by equation 16. Therefore,
h(e*)
appears
in the expression for
X Q
but not for x ̂ in case 2 of Proposition 2.
Before providing the results of the comparative static analysis, we character-
ize the relative magnitudes of
jc*
, JtJ,
e*,
and
a^^
for the cases in which a* = 0
and a* > 0. In equation 26
x^^
is always greater than x^ , in equation 22, and
X Q
in
equation 27 is always less than ;cj in equation 2 3. These facts imply that xJ , -
X Q
is greater for situations in which
a* =0
than for situations in which a* > 0. Since
the right-hand side of equation 31 is decreasing in
x^ - X Q ,
h(e*) must be less for
situations in whicb a* =0 than it is for situations in which Cf > 0. As a result, e*
J S C
( (OMe) \
must be greater for situations in which a* = 0
a) >
Pp
than it is for
I
l-h«))
)
situations in which a* > 0 ft)<
—P^ .
Finally, a ^ in equation 28 is
I l-h 0.
Table I provides the comparative statics for the two-stage model for situations
in which
e*
> 0 . ' ^
Several of these comparative statics differ for situations in which ct* > 0 and
de ^g*
for those in which a* = 0. For example,
TT-Z
> 0 whenever a* > 0, and
i
<
0
^ de ' de
for situations in whieh a* =
0.
The reason for this sign change is that when
a ^
> 0,
the sign of -:r— is determined by the sign of =;—=7— :^—=;—
,
whereas when a* = 0,
-
8/18/2019 Internal control assessment and substantive testing
20/31
346 Contemporary Accounting Research
TABLE
1
Comparative static results
for the
two-stage game
For
changes
in
e
c
F
P
D
b
+
0
-
0
-
•
—
+
0
0
0
-
0
< •
-
+
-
0
Ind.
ind.
-
0
+
-
0
-
0
Changes
in
X
^
0
0
+
-
0
-
-
0
+
-
0
ind.
0
X*
0
ind.
0
+
•
•
+
-
0
0
0
+
0
«^
-
ind.
+
-
-
ind.
ind.
-
+
+
-
-
-
0
ind.
+
+
ind.
-
-
ind.
£„, will be affected in equilibrium. The change in sign for —̂ is due to the change
au
in the interaction between e* and XQ in the two equilibria. For a* = 0, XQ is a
function of h(e ) and 9 times h e*). For a* > 0, neither 6 nor h(e*) affects the
equilibrium value of XQ , since it is determined by equation 16 alone. This is the
same reason that both
-=r^
and ;̂— change sign. If a* > 0,
x*
is a function of
ac dc ^ ^
h e*), but XQ is not. If tt^ < 0,
x^
is not a function of h(e*). but XQ is. The shift
in sign for these comparative statics points to the shift in the structure of the inter-
action for larger values of (o and smaller values of a.
Comparison of the benchmark model and the two-stage model
In this section, we compare the benchmark model with the two-stage model and
identify differences and similarities in the strategies and outcomes across the two
models. Proposition 3 demonstrates that the auditor will choose e* >0 if and only
if equation 35 is satisfied. For these situations, equilibrium will be characterized by
the auditor s choice of e in equation 31 and second-stage choices in case 1 or
case 2 of Proposition 2, depending on the magnitude of
co.
If equation 35 is not sat-
isfied and e* = 0, then h(e*) = 0 and the interaction is identical to that in the
-
8/18/2019 Internal control assessment and substantive testing
21/31
Internal Control Assessment and Substantive Testing in Audits for Fraud 347
D D
and the expected cost of
an
audit failure is again - . Finally, if equation 35 is satisfied
b
and ft><
)
/ * p , then the ex ante probability of undetected error is again
-
d(jt;))
a *
= ^ (37).
Hence, the ex ante probability of undetected fraud and the expected cost of audit
failure do not depend on whether the auditor performs only substantive testing or
whether he allocates resources to internal control evaluation.
If h'(0) > ———————r——, the auditor's cost of auditing is strictly less if
he allocates audit resources to internal control evaluation, since he could always
choose e^ = 0 and play the benchmark game. But £̂ - 0 is not optimizing when
' . We conclude, therefore, that the auditor is obtaining
cost savings in achieving the expected cost of audit failures, 7 , by allocating audit
b
resources to internal control evaluation. This result is stated without proof as Cor-
ollary I.
COROLLARY 1. For
a ll
audits,
th e
expected probability of undetected
raud
s ~
and the
expected
cost of audit failures is r.ff
h'(0) > — — —
—
—
—
— T — T - ,
the cost-minimizing audit strategy for the auditor is to allocate effort of
e >Oas determined by equation 31, and x ̂ and jcj are characterized
b
in
Proposition 2. If h (0)
<
,
the
cost minimizing
-
8/18/2019 Internal control assessment and substantive testing
22/31
348 Con temporary Accoun ting Research
comparison, we observe that
dix*)
> d(jcj) and. since
-^
> 0. this difference i
also decreasing in ft A s a result, we conclude that d(x*,) > d{x*)
>
d(jcj) and that
d(x*) is a weighted average of d(jcp and d(.tj). As
9
inc reases. d(A:*) and d
JTJ )
converge to d(x*) from above and below, respectively. Also, as 9 increases, e*
decreases. When ©decreases to the point that equation 35 no longer holds, c* = 0
and the two models are identical.
T he last characteristic of the gam e that we investigate is the ex ante prob a-
bility that fraud is com mitted and detected. T his analysis w ill hinge critically
on whether h'(0) >
— —
—^r-—
—
— r^r- and, if this condition is met. whether o >
c({l
—
u) + crLnl u\)
( l - f t ) h ( < )
Pp . If e* = 0, then the ex ante probability of fraud is computed as
where
a*^
is given by equation 6. If ^ ' > 0 and a* = 0, then a* is given by equa
tion 28, which is the same as equation 6. Hence, equation 38 is still the ex ante
probability of fraud. Finally, if e* and a* are both greater than zero, then cC ̂ i
given by equation 24 and a* is given by equation 25 . For these cases, the ex ante
probability of fraud will be
(39).
Pp)(h(el){(0+ Pp)- 6
T he expression in equation 39 is strictly less than that in equation 38 for all
l-e)h e*)
Q}< Pp. T his result implies that if e* and a* are both greater than
i-h e;
zero, one-stage auditing is not only cost-ineffieient but also induces a greater prob-
ability of fraud. T he probab ility of undetected fraud, how ever, is not affected by
-
8/18/2019 Internal control assessment and substantive testing
23/31
Internal Control Assessment and Substantive Testing in Aud its for Fraud 349
5 . Discussion
This paper provides a simple m odel of the au ditor s allocation problem , in w hich
the auditor can choose to spend scarce audit resources on internal control assess-
ment. Internal control assessments help the auditor determine whether the man-
age r s control system is weak, and a w eak system of internal controls leads to a
greater potential for managers to commit fraud. We find that the probability of
undetected fraud is invariant to whether the auditor does or does not spend
resources on internal control assessmen t, but internal control assessments can p ro-
vide a cost savings to the auditor.
The auditor will always choose to perform internal control assessments un less
substantive testing procedures are very cost-effective at identifying fraud or the
proportion of weak systems in the population is relatively high. As the cost effec-
tiveness of substantive testing increases and the proportion of weak systems
increases, the relative benefit of performing internal control assessments decreases
to the point where the auditor should choose to perform only substantive testing.
Our theory argues that as audit effectiveness decreases the relative importance
of internal control assessment increases. The influence that a particular audit situation
faced by practitioners m ay have on audit effectiveness, and hence on the auditor s
allocation of effort to internal control assessment, is an empirical question. An
example of such an audit situation that could be tested is how much effort the auditor
exerts to distinguish errors from fraud. A second example that relates to audit
effectiveness may be the type of testing that must be employed. S ome procedures
(such as negative confirmations) may be less informative than other audit proce-
dures (such as positive confirmations). Still another example that may affect audit
effectiveness is the difficulty in obtaining substantive test data (such as inventory
observations), a typical problem in decentralized organizations. The infiuence of
these issues and others on the aud itor s allocation p roblem can be emp irically
tested within the scope of our theory.
Our finding that the benefit of internal control assessments decreases as the ex
ante probability that the system is weak increases m ay appear counterintuitive, but
it follows directly from B aye s s rule. The inform ation con tent of learning that
internal controls are weak does not substantially update the auditor s expectations
regarding fraud, and thus does not substantially reduce the required level of sub-
stantive testing.
A limitation of our study is that we do not allow the manager to select the
information system quality. While we believe that allowing system quality to vary
could alter the results, we expect that many results would be similar since it is the
m anage r s payoffs that drive many of the audito r s decis ions . In addition, future
-
8/18/2019 Internal control assessment and substantive testing
24/31
350 Contem porary Accounting Research
ppen ix F
Proof of Proposition 3
If equation 35 is satisfied, then the
e*
that solves equation 31 is optimizing unless
the equilibrium solution to the benchmark game provides a lower total expected
cost to the auditor. If the equilibrium solution to the benchmark game provides a
lower cost, then the auditor could choose e* =0 and effectively choose the bench-
mark gam e. The manager could infer that the aud itor s optimal choice was e* =0
and would choose a^, and a* accordingly. The only way that this situation might
arise is if the ma nag er s best-reply was discontinuous at
Min
F
. For these cases, the man-
ager s strategy in equation 28 is the same as her strategy in equation 6 for all e^ As
a result, we conclude that if Q>> Min
onlyifh (0)>
F,
, then e* > 0 if and
Suppose next that fl)< Min
. For these cases, the man-
ager s strategies in equations 24 and 25 do not converge to tbe strategies in equa-
tions 6 and 7 at
ê
= 0 a^^ in equa tion 24 is zero , and a* in equation 25 is negative
if
e* =
0. For these situations, therefore, we must compare the auditor s equilib-
rium payoff under the benchmark with the auditor s equilibrium payoff in Proposi-
tion 2. If the equilibrium payoff to the auditor is higher under the benchmark
solution, the auditor will choose e* = 0. The equilibrium payoff to the auditor, if
he chooses
e* -
0, is
40 .
-
8/18/2019 Internal control assessment and substantive testing
25/31
Internal Control Assessm ent and Substantive Testing in Audits for Fraud 351
Note that the expected cost of an audit failure is the same, - r , in both exp ressions.
If f
,
= 0, the cost of substantive testing is
ex
= Ln
b
F+P,
D
42).
If ê , > 0, the expected cost of substantive testing is
F+P,
D
43).
The cost in equation 42 is greater than the cost in equation 43 w henever
Ln
D
D
F P
D
CD+P
D
44).
Smce w e are considering situations in which ox
, we observe that
F+P
D
F+P
D
(O+P
D
(45).
Equation 45 implies that
F+P,
Ln
D
D
+ 1 -
F+P.
(46).
Since the Ln[ ] operator is concave,
Ln
E P,
-
8/18/2019 Internal control assessment and substantive testing
26/31
352 Contem porary Accounting Research
than at e*) is strictly greater than the audi tor's payoff in equation 40 . But the opti-
mizing choice of
e
e*) will make equation 41 the highest over all
e^.
0. Hence
equation 41 must be strictly greater than equation 40 in equilibrium . •
Proof of comparative statics
Suppose first that
0>
—
Q
which implies that a* = 0. The comp ara-
tive statics for jc*. and a^, are obtained directly from partial differentiation of
equations 26 and 28. The comparative statics for
e*
and xJ are obtained by
applying the implicit function theorem over the system of equations. We begin hy
building a vector of first-order conditions. We will simplify the process by substi-
tuting the first-order condition for;c^ in equation 17 into the FOCs in equations 15,
21, and 30. We define the vector
FOC
=\^ ^>
,
where equation 17
has been substituted into each of these partials. We then construct a Jacobian
matrix of partials of these conditions as follows:
J
dFOC[l] dFOC[\] dFOC[\]
dFOC[2] dFOC[2] dFOC[2]
de.
dx.
c w
-^O
dF0C[3] dF0C[3]
de. dx.
d A
(48)
The implicit function theorem implies that the partials of e*
respect to a parameter,
X,
are given by
C^,
and
XQ
with
dFOC{2]
-
8/18/2019 Internal control assessment and substantive testing
27/31
Internal Control Assessm ent and Substantive Testing in Audits for Fraud 353
5 <
To demonstrate that the sign of |y| > 0, we shall compute 3-7^ using direct paitial
a
differentiation of equation 26 and by using the implicit function theorem.
-J *
Using the implicit function theorem, we obtain an expression for -^ that
ou
depends on \J\. From direct partial differentiation of equation 26. we know that
^ < - I
vector is as follows:
O bu
dFOC[l] 3FQC[2 dFOC[3rf _ f I c
Smce. after subsUtutmg,
Aj[2,
2] is compu ted as
- c
where V Exp{fe;co}(-I + Exp{b{x
| y i>Oi fandoi i ly i f
, the sign of
(50).
(51).
0
- XQ)} - b x^ -XQ))>0 (52).
Equation 52 is positive if and only if equation
5
is positive. We know, however, that
equation 51 must be positive since 3 — < 0. Hence, | / | > 0.
de Bx*
Now we proceed to determine the signs of 3 - and -r^ .
au 69
-
8/18/2019 Internal control assessment and substantive testing
28/31
-
8/18/2019 Internal control assessment and substantive testing
29/31
Intem al Con trol Assessment and Substantive Testing in Audits for Fraud 355
5. If this cond ition is violated, then the cost of substantive testing is too high to be a
credible deterrent to fraud.
6. We simplify our discussion by referring to the manager's choice as a choice of fraud or
no fraud, which is how we m odel the problem. The m anager's choices in some of the
other papers are not labeled precisely the same as in ours, but the same general trade-
offs are present. Newman and Noel, for example, allow the manager to choose material
error or no material error rather than fraud or no fraud.
7.
The net expected benefit to the dishonest manager w ho comm its fraud is the gross
benefit, F, multiplied by the probability that the fraud goes undetected less the grass
penalty, P^, multiplied by the probability that the fraud is detected.
8. Again, Newman and Noel and Shibano do not consider sampling or effort costs
directly. Rather, they consider the trade-offs between rejecting and accepting a sample.
Still, the same qualitative issues arise.
9. The m odels of detection in this papter for both assessing internal control and detecting
fraud assume that the auditor cannot find evidence of a "wea k" system when it is
strong or evidence of "fraud" when no fraud ex ists.
10. We assume that dix) is identical to the detection probability in the benchmark game
and has all of the same characteristics.
11 . A specific condition for e* > 0 is pravided in Proposition 3 .
12. Since the decision is sequential, we can consider this second-order condition in
isoladon.
13. The FOC in equation 16 is no longer relevant since a^ = 0.
14. If e^ 0, then the first-order condition need not be m et.
15. The equilibrium values of J:*, in equation 22 and XQ in equadon 23 are never relevant
for small values of e* and hence are not a con cem . A proof is available from the
authors.
16. Several of the comparative statics are indeterminate in sign. The reason for these
indeterminacies is that we have made no specific assumptions regarding the relative
magnitudes of
h(e(.), h {e^),
and
h {e^).
In cases in which com ponen ts of a derivative
that have different signs are weighted by these factors, we frequently cannot determine
the overall sign .
17. ^ is the aud itor's payoff in equation 14,
A/H /
is the m anager's payoff in equaUon 9 , and
Ms is the mana ger's payoff in equation 10.
de: dx o
18 . We dem onstrate our approach with -r ^ and ^77 for the situation in which a = 0.
o o
[)etails of the remaining comparative statics are available from the authors on request.
de*
19.
The approach that we used to esu bli sh that - r ^ < 0 could again be used, but this
au
-
8/18/2019 Internal control assessment and substantive testing
30/31
356 Contemporary Accounting Research
. 1988.
Statement o n auditing standards No. 55: C onsideration of the internal
control structure in a financial statemen t
audit
New York AICFA.
. 1995.
Statement on auditing standards N o. 78: Consideration of the internal
control in a financial statement
audit:
An amendm ent to statement on au diting
standards Number 55.
New York: AlCPA .
. 1997.
Statement on auditing standards No. 8 2: C onsideration of fraud in a
financial statement audit
New York AICPA,
Caplan, D. 1999. Internal controls and the detection of management fraud.
Journal of
Accounting Research 37 1): 101-18.
Chiang, A. 1984. Fundam ental methods of mathematical econom ics 3d ed .. New York:
McGraw-Hill.
Fellingham, J., and P, Newman. 1985. Strategic considerations in auditing. Accounting
Review 60 4): 634 -50.
Finley, D. 1994. Game theoretic analysis of discovery sam pling for internal fraud control
auditing. Contemporary Accounting Research 11 1):91-1 14,
Finn, M., and M . Penno. 1996. Real-time inspection gam es with varying levels of
conmiitmeni. Working paper, Northwestem University.
Matsumura, E., and R. Tucker. 1992. Fraud detection: A theoretical foundation. AccoHoring
Review 67 4): 753^8 2.
New man . P.. and J. Noel. 1989. Error
rates,
detection rates, and payoff functions in auditing.
Auditing:
A Journal of Practice and Theory
8 Supplement): 50-66.
New man, P., J. Park, and R. Smith. 1998. Allocating internal audit resources to minimize
detection risk due to theft.
Auditing:
A Journal of Practice and Theory 17 1) : 69-82.
Patterson, E. 1993, Strategic sample size choice in auditing. Journal of Acco unting
Research 3\ 2): 27 2-93 .
Rhoades, S. 1997. Costly false detection errors and taxpayer rights legislation: Implications
for tax compliance, audit policy and revenue collections. Journal of the American
x tion
Association 19 Supp lement): 27 -4 7.
Sansing. R. 1993. Information acquisition in a tax compliance gam e.
Accounting Review
68 4): 874-8 4.
Shibano, T. 1990. Assessing audit risk from errors and irregularities. Journal of Accounting
Research 28 Supplem ent): 110-4 7.
-
8/18/2019 Internal control assessment and substantive testing
31/31