Article Preview
TopIntroduction
Enron, the USA’s largest energy company, collapsed as the largest corporate failure in US history in 2001. The role of Arthur Andersen in this event dented the public trust on the accounting and auditing profession and financial reporting practices. In response to the collapses, enormous efforts have concentrated on rebuilding investors and the public trusts. The Sarbanes-Oxley (SOX) Act of 2002, also known as the Public Company Accounting Reform and Investor Protection Act, was a US federal law in response to the corporate and accounting scandals. The Act establishes a new quasi-public agency, the Public Company Accounting Oversight Board (PCAOB) which is charged with overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies. The Act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure. The legislation is wide-ranging and establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms. The ultimate purpose of the legislation would be ideally to produce the most reliable financial information for different user of that information. If auditors are supposed to achieve this goal, they should manage and reduce the audit risk. The lower audit risks inevitably increase audit report quality.
Recent corporate collapses and the new guidelines and legislation of Sarbanes-Oxley Act emphasize the importance of audit risks. Risk assessment in an audit environment is one of essential tasks of every external auditor. Adams et al. (2005) argue that “… clients with greater risk of fraud are less likely to engage prospective auditors in competitive bidding, consistent with the theory that these companies seek to limit access to information that might reveal their high-risk status” (p. 417). Audit risks have three components in a classic view including inherent risk, control risk and detection risk. Auditors of the financial statements are practically exposed to minimize audit risk at the actual lowest possible level. If an auditor fails to do this, then not only nature, timing and extent of other substantive procedures will be affected but also it sometimes causes to issue a wrong audit report that indeed bears auditors with heavy legal penalties. As a result, the risk of producing wrong audit reports is high when audit risk is high. According to Chemuturi (2008, p. 6): “Evaluating fraud risk factors is probably the most difficult part of assessing overall audit risk, and owes its complexity to the fact that human behavior cannot be predicted with certainty. A recent study by the Association of Certified Fraud Examiners estimated that US organizations lose approximately 5% of annual revenue to fraud.”
The reliability of information is significantly affected by the design of the computerized internal controls systems (Kearns & Baker, 2011). As IT systems prevail all over today business entities’ systems of almost all-type sizes and integrated with the internal control systems in many ways (Fukukawa et al., 2006), therefore auditors should consider their due care and skill for understanding the internal control to perform control tests during audit engagements (ISA 315). IT systems are complex by its natures and detecting any types of risks related to information systems, frauds, crimes and IT attacks causes many financial and non-financial damages to their clients. As a result, IT frauds are complex in nature and auditor expose to higher risks to those IT frauds where those frauds eventually will affect the reliability of financial statement of auditors’ client.
Despite how to detect IT frauds, we evaluate how did IT frauds detections audit risks’ components in this study. Although there are recently plenty of research on audit risks and fraud, but effect on a lack of investigation exists on how the IT frauds impact on audit risk model. This research enhances to the previous literature by establishing a contractual framework to analysis IT frauds in audit risk model. Then, we measure arithmetically the frauds in term of either increase or decrease in audit risk components and model.