Organizational Risk

8/6/2019 Organizational Risk

1/14

Organizational risk in largeaudit firms

Kim K. JeppesenDepartment of Accounting and Auditing, Copenhagen Business School,

Frederiksberg, Denmark

Abstract

Purpose The main purpose of the paper is to analyze and discuss organizational risk in large-auditfirms. A secondary purpose is to contribute to auditing theory on how organizational risk may beanalyzed.

Design/methodology/approach The study is conducted as a review of literature on audit-firmorganization, risk management, professions and organization theory.

Findings Large-audit firms are commonly organized as partnerships relying on hierarchy and

standardization of work processes to control work. The paper argues that this may be an effective wayof organizing audit work in a stable environment. In a volatile environment, however, the strategybecomes highly risky.

Research limitations/implications The focus of the paper is on the organization of large-auditfirms and its findings do, therefore, not necessarily apply to small audit firms. The paper presents ageneral view of the way large-audit firms are organized and controlled. Local variations may occur butthese are not analyzed in the paper.

Practical implications The paper analyzes the inherent organizational risk of the common way oforganizing audit work and is therefore of direct interest to partners and other professionals inlarge-audit firms. It may also be seen as an example of how organizational-risk analysis can be appliedin the audit process and it discusses the competences needed to perform such analysis. In this respect,the paper is also of interest to practicing auditors as well as teachers and students of auditing.

Originality/value Most of the literature on the organization of large-audit firms is relatively old

and this paper seeks to update and critically reinterpret knowledge in the area. It also contributes to anunderstanding on how to apply organizational-risk analysis in the audit process.

Keywords Risk analysis, Risk management, Auditing

Paper type Literature review

Why is it important for auditors to understand organizational risk?It is often claimed that the last decades have changed the traditional-industrial societyinto a post-industrial society with a knowledge-based economy. In the post-industrialsociety, products and services are increasingly sold on global markets which has madecompetition global and speeded up the life cycle of products. Post-industrial productionis therefore characterized by being flexible order production as opposed to the

standardized mass production of the past-industrial society. To be able to seizeopportunities in temporary niches by adapting production to the ever-changingdemands of costumers, flexible production in turn requires a better-educated andreflective workforce with broader skills, as well as a decentralized organization withouta distinct center of power. Flexibility is also created by vertical disintegration ofcompanies and outsourcing of tasks, and by an increasing use of IT to automate workprocesses, which has reduced the need for manual labor substantially. The shift tothe post-industrial society also involves a general shift from the production of

The current issue and full text archive of this journal is available at

www.emeraldinsight.com/0268-6902.htm

MAJ22,6

590

Managerial Auditing Journal

Vol. 22 No. 6, 2007

pp. 590-603

q Emerald Group Publishing Limited

0268-6902

DOI 10.1108/02686900710759398


2/14

standardized goods to the production of signs, i.e. goods where the primaryproduction takes place at the design stage and services where the primary content is ofan aesthetic character (Clegg, 1990; Parker, 1992; Lash and Urry, 1994; Alvesson, 1995).The only thing stable these days is change, as some put it, and to be able to survive

companies must therefore be organized in a way that enables them to adapt swiftly tochanges in the market. Organizational risk, broadly defined as the risk that theorganizational configuration of a company does not support the achievement of itsstrategy, therefore becomes vital to manage for companies in the post-industrial era.

Large-audit firms are an integrated part of the new production regime and they areparticularly sensitive to organizational risk, since they must understand and managethe organizational risk of the audit firm as well as understand the organizational risk oftheir clients. The latter is the case because organizational risk for the client eventuallymay turn into a going-concern problem for the auditor. The purpose of this paper isprimarily to analyze the organizational risks that large-audit firms face. Secondary,this analysis may also contribute to an understanding on how to analyze theorganizational risk of clients. The indirect approach to the last question inevitably hasits limitations when it comes to generalization since the analysis is focused onprofessional services firms and the way they organize, not on other industries and theirway of organizing. The aim is therefore not to produce a general checklist, but rather todiscuss the knowledge needed to analyze organizational risk.

The risk of partnershipsConsidering the importance of audit firms surprisingly little has been done in terms ofanalyzing their organizational structure and control systems. Furthermore, these firmshave undergone a great deal of change over the last 10-15 years making it worthreviewing the research previously done to reassess the results. The purpose of this andthe following sections is to analyze past and present literature on the subject in order to

contribute to an updated understanding of the general organizational risks thatlarge-audit firms face today. It starts, in this section, by analyzing the risk that followsfrom being organized as partnerships and subsequently goes on in the next section toanalyze the primary control mechanisms (often called coordination mechanisms) foundin audit firms: standardization of work procedures, hierarchy, and culture. Finally, therisk of these control mechanisms is analyzed.

A good deal of the literature on the organization of audit firms assumes without muchargument that accountants are professionals and that audit firms consequently are whatMintzberg (1983) calls professional bureaucracies (see for instance Greenwood et al.,1990; Macintosh, 1985; Post, 1996). When organizations grow to a size where directsupervision becomes un-accomplishable organizations usually starts to bureaucratize,especially if their environment is relatively stable. The core of a bureaucracy is

standardization of which there are three possible objects; standardization of workprocesses, standardization of output and standardization of skills. Since, professionalwork by definition is too complex to be standardized, it is often argued that theprimary-control mechanism in the audit firm is the standardization of skills.Standardization of skills is combined with a tight system of recruitment, socializationand indoctrination that makes the accountant member of a clan (Ouchi, 1980), acommunity sharing a profound common agreement of what constitutes proper behaviorand of common goals and interests. Although clan control was intended to be an

Organizationalrisk in large

audit firms

591


3/14

alternative to the bureaucratic controls of standardization, most applications of Ouchisclan-ideas to accounting nevertheless see clan control as a supplement to bureaucracy,for instance Macintosh (1985), Hanlon (2004) and Pierce and Sweeney (2005).

To some degree, standardization of skills combined with clan control may have

been the way audit firms were controlled in the past. Hanlon (2004) analyzes thechanges in organizational structures that have taken place in professional service firmsover a 150-year period. He argues that whereas collegiate professionalism with clancontrol may have been the primary control mechanism from around 1920 up till 1980,the turn to commercialized professionalism of which the accounting profession isseen as the archetype (Hanlon, 1996) changed this over the last couple of decades.The tenet in the new form of professionalism is commercial behavior rather than socialservice, which has led writers such as Zeff (2003) and Wyatt (2004) to describe thechange as a decline in professionalism. The change came about because elite groupswithin the large-audit firms pushed for more centralized-bureaucratic controls in orderto enable a growth strategy. A second reason for the turn to bureaucratic control wasthat it was seen as a means of securing an acceptable and uniform quality of the auditservice as a reply to the many lawsuits against audit firms in the USA from around1980 onwards. And third, as a result of the internationalization of audit firms,bureaucratic controls were also needed to accomplish the seamless web that mostaudit firms were eager to create.

Similar to Hanlons collegiate professionalism, Greenwood et al. (1990) argue thataudit firms are professional partnerships emphasizing the collegiality, peerevaluation and autonomy of the partners in the firms. Later, the same writers talkabout pluralistic partnerships adding the autonomy of the partner to the traits abovewhile arguing that it is mainly the small audit firms that are organized this way(Greenwood et al., 1997). The large-audit firms are moving in the direction ofmanaged professional partnerships or managerial professional bureaucracies,[1]

characterized by a strong focus on commercialism and following centralized attemptsto position the firm strategically according to analysis of the market/client base to takeadvantage of market trends. This involves an entire repositioning of the firm asprofessional-business advisors instead of audit firms and such a repositioning cannotbe accomplished without centralized strategic decision-making and subordinatescomplying with the strategic decisions taken. For operating controls, these firms relyheavily on bureaucratic standardization of work. Large-audit firms are therefore underpressure to abandon the partnership structure in favor of a corporate structure, or atleast to adopt traits from this.

The pressure to adopt corporate structure is further reinforced by developments inthe mix of services marketed by these firms. It is often argued by practitioners thatconsulting tasks, such as giving advice and adapting standard solutions to specific

client needs, require a high degree of partner autonomy (Bruce, 1994). This is becausepartnerships create an entrepreneurial culture among the partners that clients like. Themore consulting being done, the better the professional partnership would thereforebe. Auditing, however, is widely seen as a standardized commodity by academics aswell as practitioners (see for instance Brown et al., 1996; Bruce, 1994), and to produce astandardized service the corporate structure is more adequate since it supportsbureaucratic controls in the form of formalized and standardized practices (Greenwoodand Empson, 2003). With the selling off of the consulting arms of the large-audit firms,

MAJ22,6

592


4/14

auditing has become more important for the audit firms and so is therefore theincentives to organize with a centralized-corporate structure. The partnershipstructure is nevertheless an ideal that is seldom completely abandoned when auditfirms incorporate. Although owners of incorporated-audit firms formally are

shareholders, they commonly refer to themselves as partners[2]. While this may beseen as a response to the divided nature of the audit firms services, it also tends tocause problems because elements of the egalitarian-decision processes are retained.

Finally, the size of the large-audit firms makes the professional partnershipideal problematic. Professional partnerships are founded on a consensus ideal,which is incompatible with the large number of partners in the big firms. KPMGand PricewaterhouseCoopers (PWC), for instance, have 6,667 and 8,019 partners,respectively, (2005 figures), and it is hard to imagine all these coming to consensuson strategic issues. In fact, the National Managing Partner of Grant Thornton inthe UK suggests that for a group of much more than 20 partners the essence andspirit of partnership is impossible (Bruce, 1994). Other practitioners see thepartnership structure as creating endless committees and having a lack of

direction (Bruce, 1996). In other words, as the audit firms grow in size, theegalitarian consensus ideal of the professional partnership comes under pressure.The large-audit firms therefore typically introduce control by hierarchy, creatingdifferent classes of partners in addition to the hierarchy among the salariedprofessionals. Typically three types of partners are found: salaried partners whodo not own equity or have voting rights; equity or national partners, who ownequity, have national voting rights and are eligible for election to thenational-management committee; and international partners, who in addition mayvote and participate in the international management of the firm. In spite of theintroduction of hierarchy, the equity-partners still expect influence and typicallyelect the partners for the national-management committee for a fixed-term of5-6 years after which they return to the normal partner ranks again (see forinstance Greenwood et al., 1990; Bruce, 1994). Sometimes they retain the right tovote on major-strategic decisions as well. The hierarchical organization of the largepartnership is relatively costly because tiers of middle line management is addedto the organization while it simultaneously maintains residual traces of thecollegial processes in small partnerships (Greenwood and Empson, 2003).

To sum up the argument: small-audit firms are traditionally organized aspartnerships, but the partnership organization becomes a source of risk when the auditfirm grows bigger. This is the case because the partnership organization with itsconsensus ideal makes strategic decision making slow and difficult. Without the abilityto make fast-strategic decisions audit firms may get in serious trouble when unforeseenthreats in the environment occur. In a call to rethink the partnership a former

Andersen partner notes: the partnership structure does not serve the publicaccounting firm nor the public particularly well. It makes decision-making, rapidresponse to change, and crisis management extremely difficult (Toffler, 2003,pp. 247-8). Seen in this light the fate of Andersen is not only the story of failed audits, itis also the story of failure to manage organizational risk.

Controlling the behavior of employed professionalsSo far, the paper has focused primarily on the partnership level. The partners arenevertheless only the top 10 percent of the professional iceberg with the remaining


audit firms

593


5/14

90 percent or more being salaried professionals[3]. To make sure their decisions arecarried out, partners therefore need an effective control or coordination mechanism.In professional partnerships, the primary operating control mechanism of theemployed workforce is socialization into accepting the objectives of the partners

(Greenwood et al., 1990). This is done by a selective recruitment policy where (at leastin certain cultures) minority groups and working class people are excluded (Hanlon,2004), by recruiting employees with a personality type that is robust to bureaucracy[4],and by application of a mentoring-training system, which installs a partner worldviewin the employees (Covaleski et al., 1998). One of the major rewards in this system is thepromise of future partnership often referred to as the lure of partnership (Greenwoodand Empson, 2003). As mentioned before, large-audit firms have moved away from theprofessional partnership structure and may now be seen as managerial professionalbureaucracies (Brown et al., 1996; Greenwood et al., 1997). The managerial-professionalbureaucracy is still a partnership, but a partnership where the egalitarian traits of theprofessional partnership have been abandoned in favor of centralized management forthe reasons stated above. Since, centralized management cannot rely solely ondecentralized recruitment and socialization as the primary-control mechanism, it has tobe supplemented by other mechanisms. In the managerial professional bureaucracy,auditors are primarily controlled by a combination of three types of controlmechanisms. These are presented below and in the following section the risks arediscussed.

First, auditors are supposed to conduct their work according to professionalstandards, whether these are local-auditing standards or international standards onauditing, and compulsory peer review systems are in place to secure compliance withthese. Auditing standards are by their nature normative although they usually allowfirms or partners a certain degree of autonomy. The higher management generallyconsiders risk, the more likely it is to try to control that risk by bureaucratic rules and

compliance controls (Bax, 2000). The audit-risk model still in use was the audit firmsanswer to the litigation boom in the USA in the early 1980s, and the models-primaryfunction is to coordinate and control-audit work by allowing centralized control withthe risk and materiality decisions in the audit process. The audit-risk model is usuallyimplemented in a highly structured version, where comprehensive-auditing manualsprescribe standardized working procedures (see for instance Post, 1996), and where keydecisions are centrally controlled by audit automation or decision-support systems asargued by Manson et al. (2001), Knechel (2007) and MacLullich (2003). The turn tobusiness-risk audits was expected to place greater emphasis on subjective judgmentand thereby make the audit process less structured, but MacLullich (2003) shows thatsubjective judgment and structure goes well together, as the large-audit firms now relyon the use of decision-support systems that guide auditors through the pre-planned

stages of the audit and standardize the documentation of their subjective work.Standardization of work procedures is therefore the primary-control mechanism in theaudit profession.

Secondly, as the audit firms grow in size, further levels of hierarchy are added to theorganization to enable control by direct supervision as well as leverage the personnelmore thoroughly. Although textbooks such as Hayes et al. (2005, pp. 28-39) onlymention four hierarchical layers, in practice there is sometimes more. In Denmark,for example, KPMG has eighth layers in the hierarchical structure of its auditors.

MAJ22,6

594


6/14

The same is the case for PWC but this firm appears to sub-divide each hierarchicallevel even further[5]. In other words, middle-line management becomes quite extensivemaking direct supervision a major-supplementary control mechanism in large-auditfirms. Recent studies by Pierce and Sweeney (2005) and Barrett et al. (2005) indicate

that partner and manager involvement in the audit-review process have increased inthe Big Four as a result of the adoption of the business risk audit approach and the useof electronic documentation. Although this development may reduce the need for amulti-layered hierarchy, it still emphasizes the importance of direct supervision as acontrol mechanism to supplement standardization of work procedures.

Thirdly, although the Public Oversight Board (2000, pp. 104-5) emphasized theimportance of giving the performance of high-quality audits highest priority inperformance evaluations on all levels in the audit firm, little appears to havechanged since then. According to Hanlon (2004) commercial behavior is stillencouraged by incentive systems where partners usually eat what they kill,where elevation to partnership is restricted to the few demonstrating the ability to

acquire new clients, and where salaried professionals are remunerated according toscorecard evaluations of their performance. PWC for instance, has initiated aperformance appraisal and development programme (PADP), according to whichemployee performance on all engagements of a certain size (typically, engagementson which the employee has been working for more than two weeks) must beevaluated. At the yearly appraisal interviews, the employee must bring along atleast 3-4 such Appraisals. Based on these a personal development plan is drawnup and remuneration decided. The PADP program measures the employee on a 1-5scale on eight areas: the ability to exceed client expectations, efficiency,

performance, risk management, supervision and development of subordinates, useof technology, communicative skills and performance gaps. Formalized incentivesystems are therefore another supplementary control mechanism, in particular inthe large-audit firms.

In addition to the control mechanisms discussed above Martinez and Jarillo (1989)provide an overview of a number of other control mechanisms such asdepartmentalization/divisionalization, budgeting systems, informal communication,and socialization into a corporate culture. All of these are also applied in variousdegrees by audit firms. According to Stevens (1991) Price Waterhouse and ArthurAndersen in particular relied heavily on corporate culture for coordination, Andersento a degree where their auditors nicknamed themselves Arthur Androids (Squires

et al., 2003; Toffler, 2003). Arthur Andersen was fairly successful in centrallycontrolling the culture, mainly because all auditors from around the world from time totime had to attend the St Charles Training Center in Illinois, where they were socialized

to accept the corporate culture. This, however, is a costly coordination mechanism andit was still supplemented by formalized standard operating procedures for conductingaudits as well as for general management (Squires et al., 2003). Nevertheless, corporateculture is a control mechanism that plays a supplementary role in some audit firms.Bell et al. (1997, p. 28) consider corporate culture a source of risk in itself to the extent itdoes not support the chosen business strategy. A particular cultural risk mentioned is

command-and-control tactics by upper management that inhibit employee flexibilityand learning, a culture, which often develops in hierarchical bureaucracies.


audit firms

595


7/14

Although many writers are critical towards bureaucracy, there are exceptions.Adler and Borys (1996) and Adler (1999) argue that too much focus has been on thecoercive side of bureaucracy and point to the possibility of creating enablingbureaucratic structures. These are characterized by a general desire to empower

employees, mainly by creating bureaucratic structures in the form of best practicemethods, on which employees are given influence. Where the coercive bureaucraticsystem sees errors as costly mistakes that need to be corrected by designing foolproofsystems, the enabling bureaucratic system sees errors as learning opportunities thatmust be used to correct the best practice system. In this respect, the idea of enablingbureaucracy is related to the perspectives that follow from applying theknowledge-based theory of the firm. From this perspective, Hatherly (1998a, b)argues that the audit firm should be seen as a serial learning business. In such abusiness, the organization develops a set of principles that govern business activityand these principles are applied to a variety of situations. Positive as well as negativefeedback from employees is looped back through the organization and the principlesare updated accordingly, thereby empowering employees.

The chances for creating enabling bureaucratic structures in audit firms areunfortunately reduced by the presence of some of the forces mentioned by Adler andBorys (1996) as encouraging a coercive logic; that is asymmetries of power, knowledge,skills, and rewards. The partnership ideal is based on a clear distinction between therelatively few partners and the many employees. Since, partners are usually owners ofthe audit firm they bear the downside financial risk of the behavior of their employees.As discussed earlier, this risk was the driving force behind the development of theaudit risk model and its implementation in the form of structured-audit methodologies.Structure in auditing is defined as a systematic approach to auditing characterized bya prescribed, logical sequence of procedures, decisions, and documentation steps, andby a comprehensive and integrated set of audit policies and tools designed to assist

the auditor in conducting the audit (Cushing and Loebbecke, 1986, p. 32). In theinternational audit firms, the audit policies and the structured methodologies areusually centrally defined, with the US branch playing a prominent role in the process.Feedback from employees in the periphery of the world has to travel a long way andpass through many layers of hierarchy before reaching the center. If it is at all possibleto establish a feedback loop it will become fairly sluggish. Auditing is therefore morelikely a formula application business, where knowledge is applied in the audit processrather than systematically generated. Or to put it differently, audit innovation onlytakes place to the extent it is initiated, organized and fully controlled by topmanagement in the big audit firms[6]. The price for this control is paid in terms of thespeed at which innovation takes place. It is interesting to note that it took the big auditfirms 5-10 years to develop and implement the business risk audit approaches. The

centrally controlled learning strategy is clearly best suited in a stable-businessenvironments.

The risk of the applied control mechanismsSo far, the paper has argued that the large-audit firms have centralized their strategicand much of their operational decision making. Audit work and innovation is controlledby highly standardized work processes as well a by direct supervision in an extensivelyhierarchical organization, sometimes supported by a uniform corporate culture.

MAJ22,6

596


8/14

Large-audit firms are therefore not professional bureaucracies in Mintzbergs (1983)terms and probably have not been so for a long time judging from Sorensen andSorensens (1974) analysis of the professional-bureaucratic conflict in large-audit firmsand its consequences in terms of job dissatisfaction and migration. Fogarty (1992,

p. 141) also questions the influence of professionalism in the socialization ofaccountants. It seems that the argument for classifying audit firms as professionalbureaucracies is that since auditors are professionals, and since professional work perdefinition is too complex to be standardized, then audit firms must be professionalbureaucracies controlled by standardization of knowledge. As it is argued above,organizational reality at the large-audit firms suggests that it is now possible tostandardize professional work, perhaps because of the development of automateddecision-support systems in auditing. Large-audit firms are now centrally managedfirms with standardization of work processes and direct supervision through anextensive middle line management as the central-control mechanisms, usuallysupported by some degree of corporate culture. Therefore, they closely resembleMintzbergs (1983) description of the machine bureaucracy, although most audit

partners probably would hesitate to acknowledge this, just as the CEO commenting wedont refer to the controls we are establishing by using the B word (Adler, 1999, p. 47).The paradox of bureaucracy is that its popularity in practice is inversely proportionalto its reputation.

As long as the environment remains stable being a machine bureaucracy does notnecessarily cause problems. It is, according to Mintzberg (1983), an effective way ofcontrolling mass-production. However, if the environment becomes unstable, hierarchybecomes dysfunctional. In these cases, the operating core experiencing problemsproducing, adapting or selling the standardized product typically do not have theauthority to deviate from the standards. Operative problems are consequently referredup through the hierarchy, often ending at the top level in the cases where the problems

are of a fundamental character. This has the effect that top-management is beingoverburdened with operative decisions at a time where it is crucial that it concentrateson making strategic decisions. Generally, the combination of bureaucracy andhierarchy will slow down corporate decision making, making it dysfunctional in thenew economy of flexible specialization where fast decisions are required to seizeopportunities in temporary niches. Auditors must be aware of this to understand theirclients business:

Perhaps, the greatest challenge an external auditor faces during a period of rapid changeis to develop an understanding of the implications of recent shocks to the economicsystem within which the client operates, and to anticipate the speed with which suchshocks will impact his clients profitability and survival (Bell et al., 1997, p. 23).

There is also evidence that large-audit firms consider their own business subject to thisdevelopment. Ernst and Youngs (1994) Audit Innovation Project was partly initializedbecause of perceived changes in the environment:

We must adapt to rapid change in the global business environment. We have been successful,but that does not ensure future success. We need a dynamic service delivery model to addressthese evolving issues, and we need to adapt to our marketplace from a position of strength.

According to Elliott (1994, 1996, 1997, 1998) the accounting profession is generallyexperiencing the threats as well as opportunities of change in information technology


audit firms

597


9/14

and change in investors need for information. These changes allegedly necessitated theneed to reengineer auditing to focus on business risk and also lead to opportunities inthe form of assurance services. If the large-audit firms find themselves in rapidlychanging environments their organizational form could therefore be a cause of severe

problems.Adding to these problems, the standardized routine work in the machine

bureaucracy is also a source of risk. The well-known downside of suchstandardization is that it deprives employees of autonomy and control over theirwork situation, as well as of the stimulation of innovative challenges. Working inmachine bureaucracies therefore often leads to dissatisfaction and demotivation,which is why it is often recommended that such organizations recruit people withlow expectations of work (Adler and Borys, 1996). However, as Sennett (1998) pointsout, routine also has a positive side in the sense that it provides people with a highdegree of predictability in their lives, a predictability that can serve as thebackground on which to evaluate alternatives. Without a certain degree of routine,people would completely loose control over their lives. How much control a personneeds is in the end a question of personality, and Mintzberg (1983, p. 179) notes thatwhereas some people are quite happy to subject to standardized routine work,there appear to be more jobs in Machine Bureaucracies than people happy to fillthem. The personality of auditors has been studied in a number of geographicalsettings, and the findings are remarkably similar. In MBTI tests, the ESTJ and ISTJpersonalities (2 out of 16 possible types) generally comprise 30-50 percent of allauditors, in some cases even more (Wheeler, 2001). The J in the type indicates thatauditors are generally people who prefer to live a planned and structured life, peoplewho do not easily set aside plans, standards and customs. Research indicates thatJ-types generally comprise between 60 and 90 percent of all auditors (Wheeler,2001). Seen in this light it is really not a surprise that auditors do not always see

themselves as working in highly bureaucratic organizations. Rahman and Zanzi(1995) for instance show how Big-Six auditors find their work only moderatelystructured, whereas Pierce and Sweeney (2005) report different opinions amongpartners and managers about the degree of perceived structure in the audit process.Older studies indicate that perceived bureaucracy is much greater at the lowerlevels of the hierarchy (Montagna, 1974). The results probably reflect the fact thatwhat is moderately structured to a J-personality could be seen as excessivelystructured by the opposite personality type with a much lower routine tolerancethreshold. These people will tend not to take jobs in audit firms or, if they do, toloose motivation and leave for other jobs after a short time.

The combination of extensive hierarchy and partnership is also a cause ofmotivational problems, since it clearly shows that very few will become partners. The

lure of partnership does therefore not work that well anymore, in some cases causinga brain drain problem with large numbers of professionals leaving for betteropportunities elsewhere. This has allegedly caused some consulting firms to considerabandoning the partnership structure and incorporating instead (Greenwood andEmpson, 2003, p. 926). Audit firms are knowledge intensive firms who depend on beingable to attract end keep talented young professionals. A centralized organizationrelying mainly on standardization of work processes and hierarchy for control ishardly suited for this purpose and is therefore also a source of risk.

MAJ22,6

598


10/14

ConclusionLarge-audit firms are commonly organized as partnerships relying primarily onhierarchy and standardization of work processes to control work. This is anorganizational structure, which has its roots in the industrial society that auditing itself

is a product of. It is therefore an organizational structure that is adapted tostandardized mass-production in a stable environment. As long as the environmentremains relatively stable, as long as the needs of users of financial statements andclients does not change frequently, the common way of organizing audits firmstherefore works well from an audit firms perspective. There is, however, signs thatsociety is changing into what some writers call the post-industrial society, i.e. a societycharacterized by constant changes in demand, to which industry adapts by switchingto flexible order production. Flexible production in turn calls for supportiveorganizational structures that enable swift strategic responses, decentralized operativedecisions, and organizational learning from experience.

Large-audit firms are part of this change in the production regime. Although theaudit market hardly changes with the same speed as the markets for industrial goods,it is nevertheless subject to changes in demand too, as evidenced by the recent reportfrom the CEOs of the international audit networks (Global Public Policy Symposium,2006). The large-audit firms do need to adapt to changes in their environment and theyacc ording ly n ee d an org an iz at ional s truc tu re t hat e nables t his. Th ecommon-partnership structure has for some time been considered problematic inthis respect because its makes strategic decision-making difficult and slow. It maytherefore be a source of fundamental risk when strategic decisions are most needed, i.e.in cases where the basis for the present strategy is changing. The reliance onstandardization of work procedures combined with hierarchy and culture as controlmechanisms are sources of risk too, although this is not as commonly recognized.Standardization of work procedures makes production extremely inflexible, it does not

encourage innovation, it de-motivates employed professionals, and it inhibits theestablishment of a learning organization. The extensive hierarchy makes learning evenmore difficult since it delays and filters the information flow upwards in theorganization and usually also creates a competitive culture among employees whichdiscourage knowledge sharing. Hierarchy and bureaucracy are usually supplementedwith attempts to create a corporate culture that controls the behavior of employees.This too is a source of risk since corporate culture is fundamentally uncontrollable andmay turn dysfunctional as in the case of Arthur Andersen.

The present way of organizing large-audit firms therefore only works well to theextent that the environment is relatively stable. The more volatile the environment is,the higher the inherent organizational risk becomes. Organizational risk in large-auditfirms therefore calls for management but the common responses provide an

organizational dilemma. On one hand, the common organizational response to thepartnership element of organizational risk is to adopt a corporate structure wherepower is centralized in order to facilitate strategic decision-making. The bureaucracyelement of organizational risk, on the other hand, is best responded to by buildinglearning capabilities into the bureaucracy. This requires the establishment of aknowledge-sharing system where local experiences quickly lead to revisions of globalstandardized working procedures. For this to work, the audit firm will need short linesof communication and a relatively flat organization, which does not allow for hierarchy


audit firms

599


11/14

as a mechanism of coordination and control. Organizational risk in large-audit firms istherefore not easy to manage. The managerial problem is how to centralize strategicdecision-making while simultaneously decentralizing operational decision making.A solution will inevitably require that strategic and operational-decision processes are

detached, but this is hardly possible within the traditional egalitarian frames of thepartnership. Large-audit firms therefore often incorporate or otherwise adopt traitsfrom the corporate structure to support strategic decision making.

Although this paper has focused on the organizational risk of large-audit firms, itmay also be seen as an example of the kind of analysis expected of auditors tounderstand the entity as required by ISA 315. This paper implicitly suggests that suchan understanding is not possible without competence in risk management andorganizational theory. Present auditing textbooks support this view. Eilifsen et al.(2006, p. 187), for example, note that The appropriateness of an entitys organizationalstructure depends on its size and the nature of its activities and give as examples thathigh-tech industries need flexible organizational structures whereas highly regulatedindustries need tightly controlled structures. The theoretical framework to assessorganizational risk is nevertheless not set out explicitly in textbooks such as Eilifsenet al. (2006) and Hayes et al. (2005), which both seem to assume that students arealready familiar with organizational theory. Whether this assumption is realisticcertainly calls for consideration by those in charge of educational programs inauditing. Furthermore, the need to understand organizational risk is just one of thesources of risk that the auditor is expected to assess according to the conceptualframework set out by Bell et al. (1997). Others may be found in an entitys culture, in thepolitical environment and in internal communication, to mention a few of the moreunconventional sources of risk that the auditor is expected to assess too. The focus onbusiness risk in the audit process therefore increases the complexity and risk of theaudit process and calls for auditor qualifications that go far beyond technical auditing.

Notes

1. In some sense, the managerial professional bureaucracy is a contradiction in terms, sinceprofessional bureaucracies are generally not easily manageable according to Mintzberg(1983).

2. Of the Big Four in Denmark, only KPMG remains a formal partnership. PWC, Deloitte andErnst & Young have now incorporated but still refer to their leadership as partners.

3. Typically around 8 percent of the professionals are partners. To take a few examples from2005 annual reports: PWC has 8,019 partners and a client service staff of 94,877. KPMG has6,667 partners and a client service staff of 76,073.

4. Andersen, for instance, MBTI-tested their employees as part of the effort to get ahomogeneous internal culture. They also taught auditors to identify the personality types ofclients to facilitate interaction (Squires et al., 2003, pp. 50-51).

5. From the bottom up, the KPMG hierarchy in Denmark is: Junior assistant, Assistant,Assistant Manager, Manager, Senior Manager, Partner, Managing Partner and SeniorPartner. The equivalent PWC hierarchy is: Junior 1-2, Associate 1-2, Senior Associate 1-4,Manager 1-4, Senior Manager, National Partner (salaried), Equity Partner and InternationalPartner. See also Table 2 in Post (1996).

6. Ernst & Youngs Audit Innovation project is a typical example of how audit innovationtakes place in large-audit firms. Ernst & Youngs International Council formed the Future

MAJ22,6

600


12/14

Vision Task Force in October 1992 and a steering committee comprised of partners fromseven countries was appointed to oversee the project. The Vision Task Force analysedpractices on over 100 engagements in 10 countries identifying problems and potentialimprovements. It reported in 1994 and on the basis of this vision the new audit approach was

centrally developed by in Ohio, Cleveland between 1994 and 1997. In 1997, the worldwideimplementation process was initiated and it was generally considered completed by the turnof the century.

References

Adler, P.S. (1999), Building better bureaucracies, The Academy of Management Executive,Vol. 13 No. 4, pp. 36-49.

Adler, P.S. and Borys, B. (1996), Two types of bureaucracy: enabling and coercive,Administrative Science Quarterly, Vol. 41 No. 1, pp. 61-89.

Alvesson, M. (1995), The meaning and meaninglessness of postmodernism: some Ironicremarks, Organization Studies, Vol. 16 No. 6, pp. 1047-75.

Barrett, M., Cooper, D.J. and Jamal, K. (2005), Globalization and the coordination of work in

multinational audits, Accounting, Organizations and Society, Vol. 30 No. 1, pp. 1-24.

Bax, E. (2000), The paradox of bureaucratic risk control,Risk Management, February, pp. 19-22.

Bell, T., Marrs, F., Solomon, I. and Howard, T. (1997), Auditing Organizations Through aStrategic Systems Lens, KPMG Peat Marwick LLP, Amsterdam.

Brown, J.L., Cooper, D.J., Greenwood, R. and Hinings, C.R. (1996), Strategic alliances within abig-six accounting firm, International Studies of Management & Organization, Vol. 26No. 2, pp. 59-79.

Bruce, R. (1994), Doomed but dedicated, Accountancy, Vol. 114 No. 1212, pp. 44-6.

Bruce, R. (1996), Whiter than white?, Accountancy, Vol. 117 No. 1233, p. 56.

Clegg, S. (1990), Modern Organizations. Organization Studies in the Postmodern World, Sage,London.

Covaleski, M.A., Dirsmith, M.W., Heian, J.B. and Samuel, S. (1998), The Calculated and theavowed: techniques of discipline and struggles over identity in big six public audit firms,

Administrative Science Quarterly, Vol. 43 No. 2, pp. 293-327.

Cushing, B.E. and Loebbecke, J.K. (1986), Comparison of Audit Methodologies of LargeAccounting Firms, American Accounting Association, Sarasota, FL.

Eilifsen, A., Messier, W.F., Glover, S.M. and Prawitt, D.F. (2006), Auditing & Assurance Services(International Edition), McGraw-Hill Education, Maidenhead.

Elliott, R.K. (1994), Confronting the future: choices for the attest function, Accounting Horizons,Vol. 8 No. 3, pp. 106-24.

Elliott, R.K. (1996), Auditing reborn, CA Magazine, August, pp. 36-8.

Elliott, R.K. (1997), Adding value to audits, CA Magazine, November, pp. 35-7.

Elliott, R.K. (1998), Assurance services and the audit heritage, The CPA Journal, June, pp. 40-7.

Ernst & Young (1994), The Audit Innovation Vision Summary, Ernst & Young, New York, NY.

Fogarty, T.J. (1992), Organizational socialization in audit firms: a theoretical framework andagenda for future research, Accounting, Organizations and Society, Vol. 17 No. 2,pp. 129-49.

Global Public Policy Symposium (2006), Global Capital Markets and the Global Economy: A Vision From the CEOs of the International Audit Networks, November, available at: www.globalpublicsymposium.com


audit firms

601


13/14

Greenwood, R. and Empson, L. (2003), The professional partnership: relic or exemplary form of

governance?, Organization Studies, Vol. 24 No. 6, pp. 909-33.

Greenwood, R., Hinings, C.R. and Brown, J. (1990), P2-form strategic management: corporate

practices in professional partnerships, Academy of Management Journal, Vol. 33 No. 4,

pp. 725-55.

Greenwood, R., Hinings, C.R., Brown, J. and Cooper, D. (1997), Promoting the professions,

Business Quarterly, Vol. 61 No. 4, pp. 64-70.

Hanlon, G. (1996), Casino capitalism and the rise of the commercialised service

class an examination of the accountant, Critical Perspectives on Accounting, Vol. 7No. 3, pp. 339-63.

Hanlon, G. (2004), Institutional forms and organizational structures: homology, trust and

reputational capital in professional service firms, Organization, Vol. 11 No. 2, pp. 187-210.

Hatherly, D. (1998a), Is the risk-driven audit too risky?, Accountancy, August, p. 72.

Hatherly, D. (1998b), Learning audits, Accountancy, November, pp. 75-6.

Hayes, R., Dassen, R., Schilder, A. and Wallage, P. (2005), Principles of Auditing: An Introductionto International Standards on Auditing, 2nd ed., Pearson Education Ltd, Harlow.

Knechel, W.R. (2007), The business risk audit: origins, obstacles and opportunities, Accounting,Organizations and Society, Vol. 32 Nos 4/5, pp. 383-408.

Lash, S. and Urry, J. (1994), Economies of Signs & Space, Sage, London.

MacLullich, K.K. (2003), The emperors new clothes? New audit regimes: insight from Foucaults

technologies of the self, Critical Perspectives on Accounting, Vol. 14 No. 8, pp. 791-811.

Macintosh, N. (1985), Social Software of Accounting and Information Systems, Wiley, Chichester.

Manson, S., McCartney, S. and Sherer, M. (2001), Audit automation as control within audit

firms, Accounting, Auditing & Accountability Journal, Vol. 14 No. 1, pp. 109-30.

Martinez, J.I. and Jarillo, J.C. (1989), The evolution of research on coordination mechanisms in

multinational corporations, Journal of International Business Studies, Vol. 20 No. 3,pp. 489-514.

Mintzberg, H. (1983), Structure in Fives: Designing Effective Organizations, Prentice-Hall,Englewood Cliffs, NJ.

Montagna, P.D. (1974), Certified Public Accounting. A Sociological View of a Profession in Change,Scholars Book Co., Houston, TX.

Ouchi, W.G. (1980), Markets, bureaucracies & clans, Administrative Science Quarterly, March,pp. 129-41.

Parker, M. (1992), Post-modern organizations or postmodern organization theory, OrganizationStudies, Vol. 13 No. 1, pp. 1-17.

Pierce, B. and Sweeney, B. (2005), Management control in audit firms partners perspectives,

Management Accounting Research, Vol. 16, pp. 340-70.Post, H.A. (1996), Internationalization and professionalization in accounting services,

International Studies of Management & Organization, Vol. 26 No. 2, pp. 80-103.

Public Oversight Board (2000), Report of the Panel on Audit Effectiveness, available at: www.pobauditpanel.org/

Rahman, M. and Zanzi, A. (1995), A comparison of organizational structure, job stress, and

satisfaction in audit and management advisory services (MAS) in CPA firms, Journal of Managerial Issues, Vol. 7 No. 3, pp. 290-305.

MAJ22,6

602


14/14

Sennett, R. (1998), The Corrosion of Character. The Personal Consequences of Work in the NewCapitalism, W.W. Norton & Company, Inc., New York, NY.

Sorensen, J.E. and Sorensen, T.L. (1974), The conflict of professionals in bureaucraticorganizations, Administrative Science Quarterly, Vol. 19 No. 1, pp. 98-106.

Squires, S.E., Smith, C.J., McDougall, L. and Yeack, W.R. (2003), Inside Arthur Andersen: ShiftingValues, Unexpected Consequences, Prentice-Hall, Englewood Cliffs, NJ.

Stevens, M. (1991), The Big Six, Touchstone, New York, NY.

Toffler, B.L. (2003), Final Accounting: Ambition, Greed, and the Fall of Arthur Andersen,Broadway Books, New York, NY.

Wheeler, P. (2001), The Meyers-Briggs type indicator and applications to accounting educationand research, Issues in Accounting Education, Vol. 16 No. 1, pp. 125-50.

Wyatt, A.R. (2004), Accounting professionalism they just dont get it!, Accounting Horizons,Vol. 18 No. 1, pp. 45-53.

Zeff, S. (2003), How the US accounting profession got where it is today, Accounting Horizons,Vol. 17 No. 3, pp. 189-205 & Vol. 17 No. 4, pp. 267-286.

Corresponding authorKim K. Jeppesen can be contacted at: [email protected]


audit firms

603

To purchase reprints of this article please e-mail: [email protected] visit our web site for further details: www.emeraldinsight.com/reprints

Organizational Risk

Documents

Transcript of Organizational Risk