Fee Assessment: The Audit Price Tag of Innovative IT Solutions
Now in its sixth decade, the field of business information systems continues to advance at an astonishing pace. As information technology (IT) based solutions continue to evolve, they get ever more sophisticated and integral to the operational processes of a company. Investment in information systems (IS) has benefitted companies by facilitating cost savings through implementation of operational efficiencies and adding value through differentiation of offerings and advanced data analysis. IT capabilities have also been credited with the creation of competitive advantage. While business success thrives on innovation and out-of-the-box thinking, financial audit relies on systematic, controlled and measurable processes and reporting. In this paper we explore the intersection of innovative information systems and the financial audit process. As information systems innovate the business strategy, we seek to understand the impact on the audit process. In this study, we capture auditors' perceptions through an analysis of the relationship between innovative IT solutions and audit fees. Findings indicate that sophisticated information systems contribute significantly to increases in audit fees. Seemingly, innovation in IS has induced auditors to expend more effort in minimizing the risk of financial misstatement rather than increasing their confidence in the controls that the systems provide.ABSTRACT
INTRODUCTION
Investors use financial statements to evaluate the business risks associated with a potential investment. These financial statements, however, are prepared by a company's management, who typically are biased to favorably portray the company's performance in order to preserve their jobs and meet performance targets to maximize their compensation. Companies can increase investors' confidence in their financial statements by having an audit performed on their financial statements by an independent party. Following a number of high-profile audit failures (e.g. Enron and WorldCom) and the prosecution and subsequent failure of Arthur Anderson, Congress passed the landmark Sarbanes-Oxley Act (SOX) of 2002 in an attempt to improve the quality of audits.
Auditing standards currently rely on a “risk-based approach”. This approach requires that the auditor identify and assess the risks that may impact the quality of the financial statements so that they may appropriately plan the nature and extent of the audit procedures. This risk assessment involves an intricate understanding of the company's business practices and information processing, and includes the consideration of a number of factors, including the following.
Auditors must determine the level of acceptable audit risk for the client (AAR), and the likelihood of material misstatements occurring. AAR will depend on the nature of the client and reflects the degree to which users are relying on the financial statements. (For example, AAR would typically be lower for a publicly held company.) The auditor will assess the likelihood of material misstatements occurring, by focusing on two risk factors when planning the audit; inherent risk and control risk. Inherent risk (IR) is the risk that material misstatements would occur, and typically depends on the industry and the manner in which the organization conducts its business operations. Control risk (CR) is defined as the risk that material misstatements will not be prevented or detected by the firm's internal controls.
The auditor's assessment of AAR, IR, and CR will determine the nature and extent of the audit procedures performed, and the evidence gathered. The higher the level of AAR, the less rigorous an audit that would be required. Likewise, the lower the likelihood of material misstatements, either because of a lower risk of misstatements occurring for this client (IR), or because of the effectiveness of the internal controls (CR), the less rigorous an audit that would be required.
Detection risk (DR) refers to the risk that the auditor's procedures will fail to detect material misstatements and is inversely related to the rigor of the audit. The auditor, when planning the audit, will determine the nature and extent of the audit procedures, based on a desired level of detection risk, referred to as planned detection risk (PDR). The lower the level of PDR on an audit, the more rigorous the auditor's procedures would need to be. This is because the auditor would only be willing to accept a lower level of risk that the audit procedures would fail to detect any material misstatements.
In the process of risk assessment, it is extremely important that the auditor correctly evaluate both, inherent and control risk, as this evaluation determines the level of DR the auditor is willing to accept, and thus, the nature and cost of the audit procedures performed. For example, the more reliable a firm's internal controls, and thus the lower CR, the higher the planned DR required to achieve a given level of AAR. Since there is a lower likelihood of misstatements occurring because the firm's internal controls are operating effectively, the auditor can accept a higher level of PDR. Detection risk, in turn, affects the level of audit procedures performed. Thus, the higher PDR, the less rigorous (and less expensive) the audit would need to be. Likewise, PDR would be higher, and an auditor will perform a less rigorous audit, the lower the auditor's assessment of IR, i.e. the risk of material misstatements occurring. Because there is a lower perceived likelihood of material misstatements, the auditor can accept a higher level of PDR and still achieve a desired level of AAR.
Based on this description of the audit risk assessment, it is clear that germane to the process is an evaluation of the systems that automate a company's business processes. Therefore, auditing standards require that auditors understand the information systems related to the preparation of the organization's financial statements and related disclosures (SAS. No. 94, AICPA 2001). Similarly, the Panel on Audit Effectiveness (POE), established by the Public Company Accounting Oversight Board (PCAOB), by the SOX Act to regulate the auditing profession, expressed concern regarding auditors' ability to properly assess risks associated with the company's information systems (POE 2000). Additionally, as business information systems continue to advance and become more sophisticated and integrated, the importance of this issue will intensify.
To shed some light in this area, the current study addresses the relationship between information technology systems and the audit process. In particular, we seek some insight into how a more advanced approach to IT solutions within a company impacts the audit process. A priori, it is difficult to predict the effect of information technology on the audit process. For example, we might expect that more sophisticated information systems should improve the internal controls in the organization, lower the risk of material misstatements, and thus result in less rigorous audit procedures to be performed. On the other hand, it may be that more sophisticated information systems add complexity to the organization, which may increase the risk of material misstatements. This would result in a greater assessment of inherent risk and thus necessitate a more rigorous audit.
Although this topic is an extremely important one, it has not been sufficiently examined empirically because it is difficult to measure organizations' information systems. For example, Hunton et al. (2004) examine auditors' assessment of risks associated with Enterprise Resource Planning (ERP) systems, sophisticated information systems that link business processes, using an experimental study. Likewise, Knechel et al. (2012) cite recent experimental studies performed of auditors' assessments of the audit risk factors. The following analysis empirically investigates the impact of advanced IT solutions on the audit process.
THEORETICAL BACKGROUND
IT Systems and the Audit Process
Since the 1960's information technology (IT) has been used to improve business operations. As technology has developed and advanced, so have its uses within the business organization. Early information systems could automate data processing and report on business activities. Later, applications were developed to support decision making and knowledge sharing. While these functions are still of utmost importance to increasing the efficiency and effectiveness of business processes and management, the technologies being used to do so have evolved.
Curtis et al. (2009) identify a number of current technology trends that have redefined the roles and boundaries of information systems within the organization. This redefinition, in turn, has implications for the financial audit process. For example, increasingly, information systems can completely automate business processes such that no human intervention is required. Built into these systems are application controls that are important for auditors because they perform tests to ensure the accuracy of transactions, reducing the likelihood of misstatements. However, they can pose a risk if they are relied upon but do not work properly (Curtis et al., 2009).
In addition, ERP systems represent a relatively recent technology innovation that unifies all of the firm's processing into one system. With these systems, previously isolated information processing instances are redesigned and integrated with one another. While processing is streamlined, the result is often a very complex technology implementation. ERPs have been shown to take advantage of built in controls, reducing reports of internal control weaknesses (Morris, 2011). However, anecdotally, the complexity of their implementations has also been known to result in material misstatements (Clark et al., 2006). Grabski et al. (2011) further discuss the implications of ERP systems for audit.
Finally, current business innovations expand information processing even beyond the boundaries of the firm. For example, cloud computing, an extremely popular trend, hosts some or all information processing and data storage to the hardware and software platforms of third party companies. While this reduces costs for companies, audits can become complicated when security, controls and policies are dictated by multiple entities. Often, auditors won't have access to the data or information systems that are in the host company's domain causing over-reliance on controls or oversight of control differences among organizations. Alali and Yeh (2012) discuss the audit risks involved with cloud computing. In a similar vein, the prevalence of Internet capabilities and Web 2.0 technology enable systems to incorporate data from outside sources. E-commerce capabilities, social technologies, and user-generated information all contribute to expanding the scope of information processing, thereby broadening the purview of financial auditors' investigations.
From the above discussion, we discover that while advanced technology has the capability to enhance and streamline the audit process, there are many sources of increased complexity in the process of auditing companies that use these technologies.
IT Innovation and the Audit Process
Two debates about information technology have raged through its history. The first, "the productivity paradox," addresses the surprising lack of consistent empirical evidence that investment in technology is profitable. For many decades the relationship between investment in IT and firm performance has been tested to varying degrees of success. Researchers have cited conflicting anecdotal and case evidence with regard to the link between IT investment and firm performance. Still, a number of studies have found a positive relation between firm performance and IT expenditures (Bharadwaj, 2000; Bharadwaj et al., 1999; Brynjolfsson & Hitt, 1995, 1996, 2003; Dewan & Min, 1997; Melville et al., 2004). Their findings are the result of “improvement in business processes, practices, and structures needed to leverage technologies and better metrics to assess intangible IT benefits” ( Brynjolfsson & Hitt, 1998).
The second debate is over whether or not IT “matters” (Carr, 2003a, 2003b). The argument made by Carr is that since IT is “ubiquitous, increasingly inexpensive, and accessible to all firms,” a competitive advantage cannot be gained through IT capabilities. In response, IS researchers have gone to great lengths to verify that managing IT capability plays a role in the creation of competitive advantage (Bharadwaj, 2000; Bhatt et al., 2005). According to the Resource-Based View of the Firm (RBV), a sustainable competitive advantage results when firms acquire resources that are rare, imperfectly imitable, and not substitutable by other common or imitable resources (Barney, 1991). Since IT resources such as infrastructure components are available on the open market, some might argue that IT is a commodity and does not qualify as a resource as described by the RBV theory (Carr, 2003a, 2003b). However, researchers have successfully applied RBV to IT resources and shown that “firms can and do differentiate themselves on the basis of their IT resources” (Bharadwaj, 2000; Wade & Hulland, 2004). These studies indicate that it is not the IT components alone that facilitate competitive advantage. Rather, the know-how, effort, and time responsible for leveraging those IT components might be responsible (Pavlou & El Sawy, 2006). “A firm's IT infrastructure, its human IT skills, and its ability to leverage IT for intangible benefits serve as firm-specific resources, which in combination create a firm-wide IT capability.” (Bharadwaj, 2000). Thus, strategic and innovative use of IT is considered a resource as per RBV and therefore can stimulate competitive advantage.
As a result of the above debates, we have learned that IT itself does not create payoff and advantage. Rather, ultimately, it is the innovative use of information technology that helps leverage its benefits and sets one company apart from others, affording it a competitive advantage that is inimitable and sustainable. Accordingly, “Technology Leveraging” is listed as one of the Innovation Strategies for Competitive Leadership (Bowonder et al., 2010). Business strategists who are looking to achieve advantage from their IT will always look for new and different ways to implement and leverage technology to get ahead. This out-of-the-box approach might be at odds with the environment of consistent, systematic, controlled and measurable processes and reporting upon which the audit process relies.
In the context of the current sophisticated and rapidly advancing nature of business information technologies, in conjunction with the prevalent and sought after unique uses of these technologies to achieve competitive advantage, we might expect a significant relationship between innovative IT use and the audit process. In particular, we would expect that more innovative IT solutions add perceived complexity to an audit, causing auditors to lower their DR, take extra precautions, expend greater efforts, and charge higher prices for their audits. We therefore hypothesize that:
Hypothesis: Firms that are considered innovative users of information technology will incur significantly higher audit fees than those that are less innovative in their use of IT.
METHODOLOGY
In order to test the relationship between use of innovative IT solutions and the audit process of firms using those solutions, we look for a correlation between InformationWeek 500 rankings and audit fees.
We use the InformationWeek 500 rankings of firms' innovations and uses of information technology, as the proxy for the firms' innovative information technology capabilities. InformationWeek is a weekly print magazine read by nearly a half million business technology professionals. The InformationWeek 500 has tracked the technology practices of the nation's largest and most innovative firms and is one of the most detailed sources of industry-specific IT budget information available. While the InformationWeek 500 ranking originally was based on the size of the IT investment alone, it soon began to incorporate the innovation and efficiency of IT. Therefore, this ranking is an appropriate measure for our purposes, because it takes into account both the value and the innovativeness associated with IT expenditure. These rankings have been used in prior research to measure the sophistication of firms' information technology (Altschuller et al., 2010; Bharadwaj, 2000).
Prior research has examined the effect of various variables that may affect the overall risk of material misstatements, by focusing on audit effort. These studies have typically used audit fees as a proxy for audit effort (after controlling for other firm characteristics, such as size and industry, etc.) (Canada et al., 2009; Charles et al., 2010). Thus, prior research would interpret a positive finding between a variable and audit fees as evidence that the variable increased the auditors' assessment of risk, and therefore resulted in a more rigorous audit. The current study examines the relationship between the IT ranking and audit fees (after controlling for other factors identified by prior research that would affect audit fees). A positive relation between IT ranking and audit fees would suggest that IT sophistication results in a higher assessment of overall risk and thus, more rigorous audit procedures.
RESEARCH DESIGN
We use the following equation to test the impact of the sophistication of the firms' information technology on audit fees. The equation is based on the analysis used in Charles et al. (2010) and is designed to control for factors that have been established in the literature as determinants of audit fees.
Our dependent variable, LOGAF, is calculated as the log of the sum of audit fees and audit-related fees. We use LOGAF as a proxy for audit effort. When an auditor determines that a particular engagement will necessitate a larger degree of effort, the auditor charges higher fees. IW is the key variable in our study. IW is an indicator variable set equal to 1 for firms that are ranked in the Information Week 500. Information Week ranks firms based on the sophistication of their information technology as well as on the innovative ways that they put that technology to work. The impact of this innovation on audit effort is the focus of our study. We hypothesize that the complexity of innovative IT solutions necessitates a greater level of auditor effort leading to higher audit fees, thus β1 is expected to be positive.
The other variables included in the model control for other factors that affect audit fees. We include SIZE, measured as the log of total assets, to control for the impact of firm size on audit fees. Prior studies have shown that larger firms pay higher audit fees and so β2 is expected to be positive. We include COMPLEX, an indicator variable set equal to 1 for firms that pay foreign taxes, as a proxy for the complexity of the firm's operations. The more complex a firm's operations, the greater the audit effort required. Thus, we expect β3 to be positive.
We include two controls for profitability, ROA and LOSS. ROA is measured as the firm's income before extraordinary items scaled by total assets, and LOSS is an indicator variable set equal to 1 for firms who reported negative income before extraordinary items in any of the last three years. Poor financial performance, especially losses, increase the potential litigation risk faced by auditors. This would lead to higher audit fees, thus we expect β4 to be negative and β5 to be positive.
AR_INV is the sum of the firm's accounts receivable and inventory scaled by total assets, and is used in the literature as a proxy of the firm's inherent risk. Higher levels of inherent risk should lead to higher audit fees, thus β6 is expected to be positive.
LEV is the firm's leverage ratio and is measured as the sum of long term debt and debt in current liabilities scaled by total assets. Leverage is a measure of financial risk and one would expect firms with more debt to be charged higher audit fees, thus β7 is expected to be positive. Another measure of risk included in our model is SPECIAL, an indicator variable set equal to 1 for firms that reported special items on their income statement. We expect the existence of special items to require increased audit effort and hence higher audit fees, thus β8 is expected to be positive.
The firm's market to book ratio, MB, is a widely used measure of future growth prospects. We measure MB as the market value of equity divided by the book value of equity. There is, however, increased risk associated with future growth, thus we expect β9 to be positive.
Our last group of control variables relate to the auditor. We use MODIFY, an indicator variable set to 1 if the auditor issued anything other than an unqualified opinion, as a gauge of the auditors assessment of the firm. Firms that do not receive unqualified opinions are riskier clients and their audit fees should be higher. Thus, β10 is expected to be positive. We also include the log of the sum of the non-audit related fees, LOGNAF. Prior literature has found that audit fees are positively related to the level of non-audit related fees, thus β11 is expected to be positive. We also include an indicator variable set to equal to 1, CHGAUD, for any firm that is in the first year of a new auditor. Often auditors will charge lower fees during the initial engagement year (known as low-balling) as a method of attracting new clients, so β12 is expected to be negative. Finally, we include the year dummy variable, YEAR.
SAMPLE AND DESCRIPTIVE STATISTICS
Our sample consists of all firms with all necessary data from both Compustat's Audit Analytics and Industrial Annual datasets for the years 2000 to 2011. Information Week data was hand collected from the magazine's annual Information Week 500 issue. Our final sample consists of a total of 40,763 firm year observations, of which 2,467 are Information Week ranked firms (IW firms) and 38,296 are non-IW firms. See Table 1 for the sample distribution across the sample years. Information Week firm years represent 6% of the total sample years, ranging from a low of 4.85% in 2000 to a high of 7.2% in 2008.
Table 2 presents descriptive statistics for our sample firms. Panel A reports statistics for the non-IW firms and Panel B reports statistics for the IW firms. The IW firms seem to be different than the non-IW firms. They pay higher audit fees (AF) as well as higher non-audit fees (NAF). They are larger (TA), more profitable (ROA), and less leveraged (LEV). At the same time they may have a slightly larger amount of inherent risk (AR_INV).
To see if the differences reported in Table 2 are indeed statistically significant, we conduct t-tests on the difference in means for our IW firms and our non-IW firms. In addition to those variables reported in Table 2 we also included the other variables in Equation (1). The results of the t-tests are reported in Table 3. We can see that in every measure employed in this study the IW firms are different from their counterparts who were not as innovative in their IT development and use. The IW firms are larger (SIZE), more profitable (ROA), have higher inherent risk (AR_INV), are less leveraged (LEV), are more complex (COMPLEX), report fewer losses (LOSS) and more special items (SPECIAL), and exhibit higher growth potential (MB). The IW firms are less likely to change auditors (CHGAUD) and, somewhat surprisingly, more likely to receive an opinion other than an unqualified opinion (MODIFY).
As far as fees are concerned, IW firms pay both higher audit and not-audit fees. These results obtain for both the raw data (AF and NAF) or their logged values (LOGAF and LOGNAF).
UNIVARIATE RESULTS
Table 4 reports the correlation matrix. Consistent with prior literature, audit fees (LOGAF) are positively related to size (SIZE), complexity (COMPLEX), inherent risk (AR_INV), and non-audit fees (LOGNAF). The increased risk associated with reporting special items (SPECIAL), future potential growth (MB), and auditor opinions that are not unqualified (MODIFY) are all associated with higher audit fees. Also consistent with prior literature, auditor change (CHGAUD) is associated with lower fees. The increased financial risk of debt does not lead to higher audit fees. In fact, LEV is negatively related to audit fees. Also surprising is that LOSS is negatively related to audit fees.
The results in Table 4 confirm those reported in Table 3. IW is positively related to audit fees (LOGAF) and non-audit fees (LOGNAF). IW is also positively related to SIZE, COMPLEX, ROA, AR_INV, SPECIAL, MB, and negatively related to LOSS and CHGAUD. Finally, MODIFY is positively related to IW, consistent with these firms having more opinions that are not unqualified, confirming the result presented in Table 3.
MULTIVARIATE RESULTS
The results of regression analysis using equation (1) are reported in Table 5. Our coefficient of interest, IW, is positive and significant, consistent with IT innovation leading to greater complexity and requiring greater audit effort and confirming our hypothesis. The results for the control variables are all in the predicted direction and consistent with prior studies, with the exception of LEV which is not significant. The results indicate that audit fees are higher for larger firms (SIZE), more complex firms (COMPLEX), and firms that report lower income (ROA) or losses (LOSS). The results further indicate that higher inherent risk (AR_INV) leads to higher audit fees. Risk associated with reporting of special items (SPECIAL), future growth (MB), and qualified opinions (MODIFY) are all associated with higher audit fees. Consistent with prior literature, non-audit fees (LOGNAF) are associated with higher audit fees and auditor change (CHGAUD) is associated with lower audit fees.
ROBUSTNESS ANALYSIS
The descriptive statistics presented in Table 2 and the t-tests reported in Table 3 indicate that our IW firms are very different from the non-IW firms in the sample. To ensure that our findings are not due to the inherent differences between these firms, we rerun our analysis on a matched sample. Each of the 2,467 IW firms is matched with a non-IW firm based on total assets. The resulting sample is comprised of a total of 4,934 observations. The results of running Equation (1) on this subsample of firms are reported in Table 6. Our main result, the coefficient on IW, remains positive and significant, confirming our results presented in Table 5, and indicating that IT innovation leads to greater complexity and requires greater audit effort. The results for most of the control variables are consistent with those obtained using the full sample. Audit fees are higher for firms that are larger (SIZE), more complex (COMPLEX), report losses (LOSS), have higher inherent risk (AR_INV), report special items (SPECIAL), were issued a qualified opinion (MODIFY), or pay higher non-audit-fees (LOGNAF). The coefficients on ROA, MB, and CHGAUD are still in the predicted direction but they are no longer statistically significant. The coefficient on LEV is now marginally significant, although still not in the predicted direction.
DISCUSSION AND CONCLUSION
In this study, we have modified the existing audit fee model by including a firm's Information Week 500 ranking as a measure of its IT innovation in the analysis. Results of our analysis indicate that there is in fact a strong relationship between companies who have innovative IT investments and auditors' perception of the audit effort required to service those companies. Specifically, we find that IT innovation is strongly correlated with higher audit fees.
This is consistent with auditors viewing innovative IT systems as more challenging to audit, requiring a greater level of audit effort. Our results remain significant even after controlling for other factors that have been shown in the literature to be determinants of audit fees. While these results do not tell us anything specific about the nature of the auditors' concern regarding the audit effort involved with IT innovation companies, it is clear that auditors perceive an increased level of risk in the assessment of these engagements. Whether they are expecting material weaknesses in internal controls as suggested by Canada et al. (2009), or they are observing the operational complexities involved with sophisticated IT systems, or they are unfamiliar with the cutting edge technologies and anticipate engaging higher paid IS audit specialists (Curtis et al., 2009), IT innovation seems to come with a high audit price.
Contributor Notes
Editors Note: Article published by virtue of winning the Best Paper Award at the 2013 AIS Educator Conference.