We commend the International Auditing and Assurance Standards Board (the Board) on its efforts to determine “whether the auditing standards related to fraud and going concern need to be updated to reflect the rapidly evolving external reporting landscape.” We especially commend the Board on the timeliness of the call for input into these issues in that there is sufficient time to conduct research to further inform questions raised in the Discussion Paper and the questions that will inevitably arise as deliberations continue and progress is made on the project. We note below insights from the extant research literature as they relate to the questions posed in the Discussion Paper, but there remain many unanswered questions. We believe that many members of the Auditing Section of the American Accounting Association stand ready to work with the Board and other stakeholders to inform deliberations in this area.
Data Availability: Information about and access to the Discussion Paper are available at: https://www.iaasb.org/publications/fraud-and-going-concern-audit-financial-statements.
I. RE: INVITATION TO COMMENT ON: FRAUD AND GOING CONCERN IN AN AUDIT OF FINANCIAL STATEMENTS: EXPLORING THE DIFFERENCES BETWEEN PUBLIC PERCEPTIONS ABOUT THE ROLE OF THE AUDITOR AND THE AUDITOR'S RESPONSIBILITIES IN A FINANCIAL STATEMENT AUDIT
February 1, 2021
Members of the International Auditing and Assurance Standards Board (IAASB)
Dear Board Members:
The Auditing Standards Committee of the Auditing Section of the American Accounting Association (the Committee) is pleased to provide comments on the discussion paper: Fraud and Going Concern in an Audit of Financial Statements: Exploring the Differences between Public Perceptions about the Role of the Auditor and the Auditor's Responsibilities in a Financial Statement Audit.
The views expressed in this letter are those of the contributing members of the Committee and do not reflect an official position of the American Accounting Association. Although the comments reflect the consensus view of the Committee, they do not necessarily reflect the views of every member.
We hope that our comments and suggestions are helpful.
Auditing Standards Committee
Auditing Section—American Accounting Association
What do you think is the main cause of the expectation gap relating to fraud and going concern in an audit of financial statements?
For over 50 years, researchers have been investigating the potential causes of the expectation gap across a broad range of countries. A recent review of the expectation gap literature by Quick (2020) suggests that a primary cause of the expectation gap likely results from differences in understanding auditors' responsibilities. In their review of the academic literature related to the auditor's report, Church, Davis, and McCracken (2008, 81) reached a similar conclusion, that although communications to financial statement users have been enhanced over time, “users do not appear to fully understand the auditor's responsibility, the extent of work performed in an audit, and the level of assurance provided by the auditor's report.”
Several studies examine perceptions of different stakeholder groups and highlight persistent differences in what the various stakeholders think auditors do and what auditors actually do (i.e., the knowledge gap). These studies focus on fraud-related responsibilities, perhaps because the expectation gap is widest on that aspect of the auditor's work. For example, Baron, Johnson, Searfoss, and Smith (1977) find that non-auditors perceive higher auditor responsibility for detecting and disclosing corporate irregularities and illegal acts than auditors perceive. Similarly, Lowe (1994) and Frank, Lowe, and Smith (2001) find significant perceptual differences between auditors and judges/jurors, particularly in relation to the auditor's role in fraud detection. Epstein and Geiger (1994) noted 71 percent of investors wanted absolute assurance that financial statements are free of material misstatements due to fraud, which is also similar to findings of McEnroe and Martens (2001), who compare expectations of audit partners to investors.
As noted in Quick's (2020) recent review of the expectation gap literature, recent studies suggest that these differences in perceptions still persist between different stakeholder groups across many countries. For example, studies have been conducted in China (Lin and Chen 2004), Barbados (Alleyne and Howard 2005), Egypt (Dixon, Woodhead, and Soliman 2006), Australia (Schelluch and Gay 2006), Lebanon (Sidani 2007), Saudi Arabia (Haniffa and Hudaib 2007), The Netherlands (Hassink, Bollen, Meuwissen, and de Vries 2009; Litjens, van Buuren, and Vergoossen 2015), Bangladesh (Siddiqui, Nasreen, and Choudhury-Lema 2009), Iran (Noghondari and Foong 2013), the U.K./New Zealand (Porter, Ó hógartaigh, and Baskerville 2012), Germany (Ruhnke and Schmidt 2014), and the U.S. (DiGabriele 2016), with the majority of these studies noting specific differences in how various stakeholders view the auditor's role in detecting fraud.
While much of the research examines the auditor's role in detecting fraud, there are also differences in perceptions as to going concern. Campbell and Mutchler (1988) find that lending officers believe auditors issue a going concern opinion because it is their duty to provide a signal of financial distress to financial statement users, while auditors issue a going concern opinion because they believe there is risk that assets will not be recoverable. A similarly disparate understanding of financial statement audits was reported by Frank et al. (2001), who find that jurors perceive auditors' role as a public watchdog (in addition to expecting auditors to search for the smallest of frauds as noted above).
Other research compares perceptions of auditors and investors related to terminology in the audit report and on auditors' responsibilities involving various dimensions of the attest function including going concern and fraud. McEnroe and Martens (2001, 356) conclude that investors do “not want auditors to issue an unqualified opinion unless: every item of importance to investors and creditors has been reported or disclosed, auditors have been ‘public watchdogs,' the internal controls are effective, the financial statements are free of misstatements resulting from management fraud, the financial statements are free of misstatements intended to hide employee fraud, and the firm has not engaged in illegal operations.”
Gray, Turner, Coram, and Mock (2011, 661) conduct focus groups research with “financial statement preparers (CFOs), users (bankers, analysts, and non-professional investors), and external auditors.” They find that those in the “users” group frequently misinterpret common terms that are included in the audit report, such as reasonable assurance, materiality, and sampling. In addition, they report that non-professional investors indicated that they use secondary sources for financial data and do not search for the auditor's report, suggesting that attempts to address the knowledge gap via enhanced communications in the auditor's report may not be effective. However, a more recent study by Kachelmeier, Rimkus, Schmidt, and Valentine (2020) examines critical audit matter disclosures and finds that such disclosures prompted participants (M.B.A. students, financial analysts, and lawyers) to recognize measurement uncertainty and lower their assessments of auditor responsibility for subsequent misstatements related to the critical audit matter. These findings suggest that key audit matters in the updated auditor's report might be able to reduce the expectation gap by lowering users' perceptions of audit assurance and auditors' responsibilities.
It is interesting to note that findings reported in the above studies echo observations by the Commission on Auditors' Responsibilities from the 1970s (see the Cohen Commission 1978). That Commission found that “many users appeared to misunderstand the nature of the attest function, especially in the context of an unqualified opinion. For example, some users believed that an unqualified opinion means that the entity is financially sound. Others felt that the auditor should not only provide an audit opinion, but also interpret the financial statements in such a manner that the user could evaluate whether to invest in the entity” (McEnroe and Martens 2001, 347).
Some of the more notable conclusions reached by Quick (2020) were that the expectation gap differed between countries; stakeholders had widely varying expectations about what the audit should achieve; and that two of the most promising avenues for reducing the expectations gap are education of stakeholders and revised reporting standards like the expanded reporting via key audit matters (KAMs).
This paper sets out the auditor's current requirements in relation to fraud in an audit of financial statements, and some of the issues and challenges that have been raised with respect to this (see Sections II and IV). In your view:
Should the auditor have enhanced or more requirements with regard to fraud in an audit of financial statements? If yes, in what areas?
Research provides several insights relevant to the auditor's fraud-related requirements.
Fraud Case Profile
First, research findings paint a picture of the common fraud case profile. Beasley, Carcello, and Hermanson (1999) and Beasley, Carcello, Hermanson, and Neal (2010) find that the two most likely perpetrators of U.S. public company fraudulent financial reporting are the CEO and the CFO, with nearly 90 percent of cases from 1998 to 2007 involving one or both parties. In addition, these two studies highlight the financial statement element most commonly manipulated in fraudulent financial reporting cases—revenue (61 percent of cases from 1998 to 2007) and that the number one specialized industry for fraudulent reporting is computer hardware and software.1 Other studies (beginning with Beasley  and Dechow, Sloan, and Sweeney , and summarized by Carcello, Hermanson, and Ye ) demonstrate a link between weaker corporate governance and a greater risk of fraud. Further, Donelson, Ege, and McInnis (2017) find a link between weak entity-level controls and future fraud. Thus, research provides us with a picture of who is most likely to engage in fraudulent financial reporting, which element of the financial statements is most likely to be manipulated, and which specialized industry is most commonly cited for fraudulent financial reporting. Research also links fraud risk with weak corporate governance and weak entity-level internal controls.
Human Factors That Can Reduce Auditor Skepticism
Second, research highlights important human factors in the audit process that appear to warrant additional standard-setter attention with respect to fraud. Brazel, Jackson, Schaefer, and Stewart (2016) provide evidence that lower-level auditors can be penalized for being skeptical. Specifically, the authors find, in an experimental setting, that “evaluators penalize auditors who employ an appropriate level of skepticism, but do not identify a misstatement.” In other words, auditor skepticism becomes a negative factor in a performance review if there is no misstatement detected. Other studies (Bennett and Hatfield 2013; Olsen 2017; Eutsler, Norris, and Trompeter 2018) find that clients' personalities and behaviors can affect auditors' collection of evidence and skepticism. There appear to be several human factors that can serve to reduce auditor skepticism, along with long-established auditor concerns about time budgets and client relations, which can create incentives not to find red flags or other problems (e.g., Nelson 2009; Hurtt, Brown-Liburd, Earley, and Krishnamoorthy 2013; Brazel et al. 2016; Brazel, Gimbar, Maksymov, and Schaefer 2019). In addition, research on SEC sanctions against audit firms in fraudulent financial reporting cases highlights the prevalence of auditors documenting red flags that suggest possible misstatement or fraud but failing to appropriately change the nature and extent of audit testing in response to those red flags (Beasley, Carcello, and Hermanson 2000; Beasley, Carcello, Hermanson, and Neal 2013). Beasley et al. (2013, 4) note, “In some cases, the auditor failed to adjust audit procedures to gather sufficient competent evidence in light of risks identified and documented by the audit team.” Overall, human factors can reduce auditor skepticism, and SEC sanctions of auditors often focus on the auditor's failure to follow up on identified risks.
Human Elements in Fraudulent Financial Reporting
Third, research highlights important human elements in fraudulent financial reporting that appear to warrant additional standard-setter attention. Wolfe and Hermanson (2004) note that the classic fraud triangle focuses mainly on the setting, not the person who may commit fraud. The authors propose a fraud diamond that adds “capability” to commit fraud as a fourth factor. Capability reflects the skill set needed to commit fraud (intelligence, position, ego, lying skills, coercion skills, and ability to handle stress). Further, Boyle, DeZoort, and Hermanson (2015) find that auditors using a fraud diamond practice aid assess fraud risk 17 percent higher than auditors using a fraud triangle practice aid. Thus, requiring auditors to specifically assess the CEO's capability results in higher fraud risk assessments.
Models to Predict Fraud
Finally, researchers have developed useful fraud prediction models, including those by Beneish (1999) and Dechow, Ge, Larson, and Sloan (2011). These efforts use archival data to build models indicating lower or higher risk of fraudulent financial reporting. For example, Dechow et al. (2011, 21) develop an F-score measure of fraud risk, finding, “while only 20 percent of the public firms have an F-score greater than 1.4, over 50 percent of misstating firms have F-scores of 1.4 or higher.” Such efforts to develop fraud prediction models may be extremely useful to audit firms. With increased use of data analytics, the potential for even more robust fraud prediction models is great.
In summary, when it comes to fraudulent financial reporting and auditing, research suggests that:
The CEO and CFO are the most likely perpetrators of fraudulent financial reporting.
Fraudulent financial reporting is most likely to involve revenue misstatements, and computer hardware and software is the most common specialized industry setting for fraudulent financial reporting.
Fraudulent financial reporting is associated with weak corporate governance and weak entity-level controls.
Auditors often have incentives not to be skeptical.
Auditors sometimes document fraud red flags and fail to follow up adequately.
The fraud triangle places relatively little emphasis on the person committing fraud.
Auditors who use a fraud diamond practice aid (which includes a focus on the CEO's capability to commit fraud) assess fraud risk higher than those who use a fraud triangle practice aid.
There are promising fraud prediction models that can highlight higher-risk situations.
Based on the research findings, we believe that auditor requirements related to fraud should call attention to the role of the CEO and CFO, revenue misstatements, technology companies, governance and internal control strength, auditor disincentives to be skeptical, risks of auditors documenting but not pursuing fraud red flags, the impact of assessing management's capability to commit fraud, and the potential to statistically predict fraud risk. Such auditor focus can help to address the performance and evolution gap components of the expectation gap.
Is there a need for enhanced procedures only for certain entities or in specific circumstances? If yes:
For what types of entities or in what circumstances?
What enhancements are needed?
Should these changes be made within the ISAs or outside the scope of an audit (e.g., a different engagement)? Please explain your answer.
Based on the discussion above, we believe that auditors' fraud focus and level of skepticism should increase in the presence of:
Highly capable CEOs and CFOs (i.e., intelligence, position, ego, lying skills, coercion skills, and ability to handle stress).
Revenue accounts that provide opportunity for manipulation.
Computer hardware and software companies.
Weak corporate governance.
Weak internal controls.
Statistical models indicating a higher risk of fraud.
In addition, we believe that there are two additional areas of concern:
Large companies—While the median (i.e., middle) fraud company is relatively small, large companies present unique fraud risks because of the magnitude of the potential negative effects to the market. Beasley et al. (2010) note the tremendous increase in the size of fraudulent financial reporting cases from 1987–1997 (average misstatement of $25 million) to 1998–2007 (average misstatement of $400 million). Large fraud cases cause major investor losses, expose auditors to significant legal liability, generate bad publicity for the profession, and often lead to financial regulation reform (Clikeman 2019).
Whistleblower complaints or external criticism of financial reporting—Many of the prominent fraudulent financial reporting cases in history have been preceded by or discovered due to whistleblower complaints or external criticism of the company's financial reporting (media accounts, negative analyst reports, etc.) (Clikeman 2019).
Overall, we believe that ISAs should address the auditor's need to increase the focus on fraud and the level of skepticism in the presence of any of the conditions stated above, even more so in the presence of several of these conditions. For example, large companies, especially those facing whistleblower complaints or external criticism of their financial reporting, warrant enhanced auditor focus on fraud and greater skepticism.
More broadly, noted above are certain factors that research highlights as being relevant to the auditor's consideration of fraud. Their relevance is applicable to all entities, but they will manifest to varying degrees across different entities. While we believe that the auditor's procedures should be tailored to the unique circumstances of each entity, consideration of the factors that suggest an elevated fraud risk should be required for all entities.
Finally, we call the Board's attention to research by Dyck, Morse, and Zingales (2010) revealing that auditors detect relatively few corporate fraud cases (10 percent from 1996 to 2004), suggesting potential for improved auditor performance in the fraud domain. The authors also find that auditor detection of corporate fraud increased in the wake of the large accounting scandals, the Sarbanes-Oxley Act, and SAS No. 99 (AICPA 2002). This suggests that changes in fraud-related regulations and standards can help to shape auditor performance.
Would requiring a “suspicious mindset” contribute to enhanced fraud identification when planning and performing the audit? Why or why not?
Should the IAASB enhance the auditor's considerations around fraud to include a “suspicious mindset”? If yes, for all audits or only in some circumstances?
We believe that a “suspicious mindset” in the presence of factors listed in 2(b) above, as well as other relevant factors, would contribute to the identification of fraud. Beasley et al. (2013) find that in 60 percent of enforcement actions against auditors in fraud cases, the SEC alleges insufficient auditor skepticism. The authors state (Beasley et al. 2013, 3), “some of the cases examined highlight challenges in maintaining appropriate levels of professional skepticism that affect the auditor's mindset. Interestingly, the concept of professional skepticism has been embedded in auditing standards for decades; however, in some cases auditors may have struggled in maintaining an appropriate mindset throughout the various stages of the audit process.”
Several studies have examined the impact of mindset on skepticism. For example, Hurtt, Eining, and Plumlee (2011) find that auditors who rate higher on trait skepticism (have a more questioning mind) tend to exhibit higher levels of skepticism. Similarly, Bowlin, Hobson, and Piercey (2015) find that having participants assess dishonesty versus honesty could improve audit quality. In addition, Quadackers, Groot, and Wright (2014) find that where auditors fall on a scale of presumptive doubt is predictive of their skepticism. While it appears, based on research that a suspicious mindset would likely enhance auditors' considerations around fraud, it is less clear whether it should apply for all audits or whether it might be more effective if it applied only in some circumstances (i.e., when there is elevated fraud risk). It is also unclear what the costs would be related to requiring auditors to have a suspicious mindset (e.g., additional audit fees, conservative bias in estimates).
Do you believe more transparency is needed about the auditor's work in relation to fraud in an audit of financial statements? If yes, what additional information is needed and how should the information be communicated (e.g., in communications with those charged with governance, in the auditor's report)?
Yes, more transparency is needed about the auditor's work related to fraud, as the above responses have illustrated, the extent of the expectation gap between financial statement users and auditors still persists. The IAASB Fraud and Going Concern Roundtables noted that transparency regarding the auditor's fraud-related work could (1) close the expectation gap, and (2) generate robust discussion between the auditor and those charged with governance to better challenge management (IAASB 2020).
Additional Fraud Information Needed
Auditing standards related to the auditor's responsibility related to fraud have evolved over time to provide guidance on how the auditor should perform fraud-related tasks such as the identification of fraud risks, the conduct of fraud brainstorming sessions, and the communication of identified fraud (AICPA 2002; PCAOB 2003; IAASB 2004). However, there has not been a specific requirement to include explicit statements on fraud-related tasks in communications to those charged with governance and/or in the audit report. Specifically, succinctly stating the fraud-related tasks performed and their related limitations may serve to significantly narrow the expectation gap. For example, adding a sub-category such as, “Auditor's Responsibility Related to Fraud,” will provide a clear description of the auditor's responsibility in this area (see the “Audit Report” section below for additional discussion). This additional modification will explicitly communicate the client-specific, fraud-related procedures to those responsible for management oversight (i.e., board of directors/audit committee) and those relying on the financial statements (i.e., investors and other stakeholders). This rationale is consistent with the transparency and accountability literature presented by regulators in support of the partner identity disclosure rule (PCAOB 2009) and the inclusion of CAMs/KAMs in the auditor's report (PCAOB 2011a).
Communication with Those Charged with Governance
Per the discussion above on the links between good governance and reduced fraud risk (see Carcello et al. 2011), including specific discussion regarding the auditor's responsibility for fraud as a required communication with those charged with governance, could assist with the entire board's understanding of fraud and the related tasks undertaken at their respective entity. Adding the required communication and increasing the frequency of the communication could contribute to the efficacy of those charged with governance in reducing the likelihood of fraud.2
Recent audit standard-setting has changed the substance and form of the audit report to include additional disclosures related to critical or key matters that relate to audit areas of significant attention (IAASB 2015b; PCAOB 2017, 2018). Overall, fraud has not been consistently identified as an area of significant attention, even with the additional procedures required by the current audit guidance.3 One concern noted in the deliberations regarding expanded audit disclosure was the increased likelihood of auditor liability (PCAOB 2011a, 2011b). Reffett (2010) provided evidence that supported this view by showing that evaluators held auditors more liable when they performed procedures to investigate fraud and did not identify the fraud. However, Brasel, Doxey, Grenier, and Reffett (2016) found opposite evidence when evaluating critical audit matter disclosures. In this setting, evaluators are less likely to hold auditors liable in the presence of “ex ante risk disclosures” that forewarn of potential misstatements. As such, a specific discussion regarding fraud risk in the audit report may reduce the expectation gap without increasing auditor liability. The IAASB could consider guidance to prompt auditors to evaluate whether a tailored fraud key audit matter is appropriate in their specific client circumstance. A specific prompt may assist with raising the stature of the specific fraud-related activities performed to the financial statement users.
This paper sets out the auditor's current requirements in relation to going concern in an audit of financial statements, and some of the issues and challenges that have been raised with respect to this (see Sections III and IV).
Research highlights the value placed on management's representations relating to going concern and the auditor's opinion on those representations. With a few exceptions, research generally shows that auditor reporting on going concern uncertainty provides useful information (see Carson et al.  and Geiger, Gold, and Wallage  for reviews of the literature and Czerney, Schmidt, and Thompson (2019), Bédard, Brousseau, and Vanstraelen , and Gutierrez, Krupa, Minutti-Meza, and Vulcheva ) for recent studies).4 It is, however, difficult to disentangle the unique contribution of an auditor's reporting on going concern uncertainties versus other information reported at the same time. In this regard, Myers, Shipman, Swanquist, and Whited (2018) find that the unique information content associated with auditor reporting on going concern uncertainty may not be as pronounced as previously thought. This does not discount the importance of the auditor reporting on going concern uncertainties, as independent assurance helps drive the quality of accounting information (see DeFond and Zhang  for a review). Rather, this highlights the importance of all stakeholders in the financial reporting ecosystem, as noted in the Discussion Paper.
Criticism is often levelled at auditors when entities fail (often spectacularly), in that there is a perception that auditors should have forewarned market participants of the impending collapse. Unease around the issue of going concern focuses on circumstances where there is uncertainty as to the entity's continued viability. While the interest in instances when auditors report on going concern uncertainty and the client remains viable (referred to in the literature as a Type I error) and when auditors do not report on going concern uncertainty and the client subsequently fails (referred to in the literature as a Type II error) is understandable, this should not be the benchmark against which auditor performance is evaluated, nor a reason in itself to modify auditor requirements.5 Although the auditor's reporting on going concern uncertainty may be perceived as a salient and simple shortcut when predicting failure, current requirements in International Standards on Auditing do not conceive of auditor reporting on going concern uncertainty as serving this purpose. Rather, as explained in ISA 570 (IAASB 2015a, ¶ 6), the auditor's responsibilities extend to concluding on the appropriateness of management's use of the going concern basis of accounting and whether a material uncertainty exists about the entity's ability to continue as a going concern. ISA 570 paragraph 18 (IAASB 2015a) explains a material uncertainty in terms of the impact and likelihood of events or conditions that may cast doubt on the ability of the entity to continue as a going concern. Even if the events or conditions identified eventuate, the standard does not envisage that failure necessarily follows. Improved auditor performance in reporting on going concern uncertainty, therefore, centers on the auditor's ability to identify the events or conditions that may be associated with the entity's ability to continue as a going concern, and to evaluate the likelihood and impact for the entity's future viability. Below we note, with reference to the extant literature, opportunities for the IAASB to help auditors in this regard.
A considerable amount of the research we draw on in our submission was undertaken at a time when explanatory language relating to going concern uncertainties was reported in “Emphasis of Matter” paragraphs, rather than, as is presently the case, in a dedicated “Material Uncertainty Related to Going Concern” section or a Key Audit Matter. Also, much of the extant literature is often situated in a U.S. setting in which there are nuanced differences from the requirements of the International Standards on Auditing (e.g., significant doubt versus substantial doubt). We believe that the views we express are not dependent on the time the research was undertaken nor the jurisdiction within which the research was situated.
In advance of addressing the specific questions, we note that going concern disclosures are the domain of accounting standard setters, and that International Standards on Auditing should be framework neutral and should not extend requirements beyond those which are expected of management in the accounting standards. We encourage the IAASB to work closely with the IASB on this project. We note above the role of auditing in improving the quality of accounting information (see DeFond and Zhang 2014), but is assurance improving the quality of the right/best information? This is a question for the IASB, and we do not comment further on matters that are within the remit of the IASB, except when they are also within the purview of the IAASB.
Should the auditor have enhanced or more requirements with regard to going concern in an audit of financial statements? If yes, in what areas?
Based on our review of the research, we believe that there are opportunities to both enhance the effectiveness of the extant requirement for auditors to “evaluate management's assessment of the entity's ability to continue as a going concern” (ISA 570, ¶ 12, IAASB 2015a) and to expand requirements related to opining and/or communicating on management's controls/procedures over assessing and responding to going concern risk.
An extensive body of research reports a range of client, auditor, and environmental factors that impact an auditor's decision to report on going concern uncertainties (see Carson et al. 2013; Geiger et al. 2019). Research finds that auditors' inclination to report on material uncertainty is associated with, for example, indicators of financial distress (e.g., Lennox and Kausar 2017), management plans and expectations (e.g., Bruynseels, Knechel, and Willekens 2013; Feng and Li 2014; Chen, Eshleman, and Soileau 2017), and quality of internal controls (e.g., Hammersley, Myers, and Zhou 2012).
While it is comforting that auditors appear to be sensitive to indicators of distress when making going concern judgments, the effectiveness with which these factors are used and whether there are other useful predictors of distress have also been the focus of research attention. Research has developed and tested models to assist auditors when assessing an entity's viability (e.g., Koh 1991; Hsu and Lee 2020), and other studies find associations between new variables and future viability, for example, social media sentiment (Condie and Moon 2020).
Research also highlights several factors that may impact the quality of auditor judgments relating to going concern. For example, Kim and Harding (2017) show that the interpretation of evidence relevant to going concern judgments is influenced by the views and perceived expertise of auditors' superiors, and Lambert and Peytcheva (2020) show that auditors may suboptimally integrate different going concern evidence items. Like other judgments, those relating to going concern are influenced by numerous heuristics and biases (see Bonner 2008), and research in other areas of the audit function (in particular areas with a future orientation such as opining on management's estimates) is likely to influence the veracity with which auditors employ indicators of distress.
With this literature in mind, we believe that there is an opportunity for the IAASB to improve practice in this area, and reduce the expectation gap, by drawing on the findings of this research to help auditors meet the extant requirement to “evaluate management's assessment of the entity's ability to continue as a going concern” (ISA 570, ¶ 12, IAASB 2015a) and fulfill additional requirements where events or conditions casting significant doubt on the entity's ability to continue as a going concern exist (ISA 570, ¶ 16, IAASB 2015a).
While paragraphs A3 and A16 guide auditors in terms of events or conditions that may indicate a threat to the entity's continued viability (¶ A3) and audit procedures they may consider employing in response to the identification of such events or conditions (¶ A16), we believe that there is an opportunity for the IAASB to update this guidance in light of research highlighting factors having a positive and negative impact on assessments of future viability. This could be done by way of changes to the “Application and Other Explanatory Material” or, ideally (in order to facilitate responsiveness to new information and preserve the principles based and framework neutral nature of international standards), “Guidance Statements” issued outside of the standard. We caution, however, that care needs to be exercised to restrict/frame such guidance in terms of evaluating management's assessment rather than extending the assessment beyond that which is required in accounting standards.
We also note research highlighting that an auditor opining on internal control over financial reporting is associated with improvements in the quality of both controls and financial reporting (Ashbaugh-Skaife, Collins, Kinney, and LaFond 2008; Bedard and Graham 2011; Ge, Koester, and McVay 2017; Kravet, McVay, and Weber 2018; Carnes, Christensen, and Lamoreaux 2019). Based on this research, it is possible that requiring auditors to opine on the procedures management used to assess going concern risk factors, or to otherwise communicate this information to those charged with governance, will lead to improvements in going concern judgments and disclosures. We draw attention to the fact that we are making inferences from a different, albeit related, area. However, to the extent that there is an appetite among all stakeholders in the financial reporting ecosystem to significantly improve reporting on going concern uncertainty, this may be one way to meaningfully “move the dial.”
In addition, we encourage the IAASB's ongoing collaboration with the IESBA and jurisdictional regulators regarding auditor independence. Although research reports mixed evidence on whether threats to independence (e.g., the provision of non-audit services, fee dependence, tenure) are associated with the propensity to report on going concern uncertainties (e.g., Blay and Geiger 2013; Hossain, Monroe, Wilson, and Jubb 2016; Wu, Hsu, and Haslam 2016; Hallman, Imdieke, Kim, and Pereira 2020), the consequences of reporting on going concern uncertainty for the client, shareholders, and the auditors themselves (see Geiger et al. 2019) make auditor independence critical to audit quality in this area.
Related to auditor requirements about going concern, paragraph 16 in the extant ISA 570 is unclear, and the potential for different interpretations of ambiguous terms such as “substantial doubt” (or by implication “significant doubt”), has the potential to contribute to the expectation gap (e.g., Dreike Almer and Brody 2002). In this regard, we note the IAASB's interest in “perspectives on what more is needed to narrow the knowledge gap with regard to the meaning of material uncertainty related to going concern.”
Without commenting on the source of any difference in the understanding of what material uncertainty refers to (i.e., it may not only be a knowledge gap), we believe that there are opportunities for the IAASB to clarify the meaning of this term and facilitate a more consistent interpretation. In applying paragraphs 16 and 18 of ISA 570, the auditor must interpret the meaning of several likelihood/probability terms. The auditor, consciously or subconsciously, must apply a probability threshold around what they consider “doubt” to mean, how probable is “may,” and what is the degree of indeterminacy for there to be sufficient “uncertainty.” Moreover, these likelihood/probability terms are further clouded with the inclusion of modifiers, that is, significant doubt and material uncertainty. Research suggests that there are differences in the way these likelihood/probability terms are interpreted across auditors, and between auditors and other stakeholders.
Amer, Hackenbrack, and Nelson (1994) report substantial variation in the way different auditors interpret probability phrases. With specific reference to going concern uncertainty, and putting aside the lack of clarity around the events or circumstances for which probability/likelihood thresholds are being established, Ponemon and Raghunandan (1994) report auditors applied an average threshold of 56 percent when determining if there is substantial doubt (i.e., substantial doubt arises when the auditor believes there is a greater than 56 percent chance of bankruptcy). By comparison, Davis and Ashton (2002) report that auditors in their study applied an average threshold of 39 percent. Moreover, and of concern for the expectation gap, Ponemon and Raghunandan (1994) find that the interpretation of substantial doubt varies across different users and between users and auditors. Interestingly, Ittonen, Tronnes, and Wong's (2017) analysis of the data reported in Carson et al. (2013) shows that the probability of an entity going bankrupt following the issuance of a going concern modification is considerably less than the thresholds indicated by auditors and users to interpret significant doubt. Furthermore, cultural and translation issues may mean that cross-nation differences in the interpretation of likelihood/probability expressions are to be expected (e.g., Doupnik and Richter 2003), a consideration clearly of concern to the IAASB.
We highlight that much of the research on this issue was undertaken some time ago, and the meanings attached to probability/likelihood phrases may have changed over time. In addition, the research on going concern uncertainty has focused on the term “significant doubt” as employed in the U.S. standard rather than “substantial doubt” as employed in the IAASB standard).6 We see no reason, however, to believe that differences in interpretation across participants in the financial reporting ecosystem do not persist in a contemporary environment.
While reporting on going concern uncertainty must, necessarily, involve probability thresholds, we believe that there is an opportunity for the IAASB (in collaboration with the IASB in that IAS 1 contains similar probability/likelihood phrases and the auditor's requirements must be aligned with the accounting standards) to reduce the number of likelihood/probability phrases by, in the first instance, specifying what is to be achieved in reporting on going concern uncertainty and, then, identifying an appropriate probability phrase that minimizes variation and achieves the predetermined objective. Research in psychology shows that the interpretation of likelihood/probability phrases is context dependent, influenced by factors such as perceived base rates and the severity/consequence of the event to which the probability phrase relates (e.g., Weber and Hilton 1990). Given the severity and consequence of an entity's failure, it may be necessary to employ a unique likelihood phrase, but research will be needed to inform such a decision.
Also relevant to auditor requirements in relation to going concern (both current and potential future requirements) is the need for the IAASB to be mindful of whether such requirements extend beyond the bounds of circumstances where reasonable assurance is possible. Assessing an entity's ability to continue as a going concern is highly subjective, dependent on the realization of anticipated future circumstances that may or may not occur, may occur with different magnitudes, and may be only partly (if at all) within the control of the entity. Providing reasonable (positive) assurance over these management representations is difficult.7 In this regard, as outlined in ISAE 3400, we highlight the difficulties in providing positive assurance over prospective information. The concern is not only whether auditors can provide reasonable assurance when reporting on going concern uncertainty, but also how other stakeholders in the financial reporting ecosystem perceive the level of assurance provided. Of interest is research suggesting that users may discount the level of assurance associated with future-oriented information (Roebuck, Simnett, and Ho 2000; Schelluch and Gay 2006).
Is there a need for enhanced procedures only for certain entities or in specific circumstances?
While there is clearly a need for auditors' procedures to be responsive to the characteristics of the entity and the prevailing circumstances, we caution against mandating different requirements for different entities or in specific circumstances. Research suggests that stakeholders may not fully understand the level of assurance provided by an audit (e.g., Epstein and Geiger 1994; Gray et al. 2011) and to mandate different requirements, depending on the type of entity or circumstance, has the potential to exacerbate this misunderstanding.
We also note research consistent with the understanding that entities might effectively “opinion shop” (i.e., seek out auditors more amenable to the client's approach and preference) (Lennox 2000; Newton, Persellin, Wang, and Wilkins 2016; Chung, Sonu, Zang, and Choi 2019), and the introduction of enhanced requirements that apply in some circumstances might be met with client disputes over the applicability of the requirements.
While we suggest in our response to Question 3(a) that there is an opportunity to enhance the standard (or provide additional guidance) to support auditors' application of the extant requirements, and to potentially extend those requirements to opining or otherwise communicating on management controls around going concern assessment, we are of the view that any changes should apply equally to all audited entities.
Do you believe that more transparency is needed about the auditor's work in relation to going concern in an audit of financial statements? If yes, what additional information is needed and how should this be communicated (e.g., in communications with those charged with governance, in the audit report)?
Research highlights that an important contributor to the audit expectation gap is the belief among many stakeholders that an auditor's opinion speaks to the future viability of the entity (e.g., Monroe and Woodliff 1994; Porter et al. 2012). Carson et al. (2013, 366) note that “the issue of interest for regulators, creditors, lawyers and other financial statement users is why auditors have failed to provide warning of impending bankruptcy for companies going bankrupt.” While auditor reporting on going concern uncertainties (or the absence of such reporting) is often employed as a predictor of future viability or failure, as we note above, extant International Standards on Auditing do not envisage the current requirements to serve this role. We note that PCAOB Auditing Standard (AS) 2415.04 explicitly notes that misclassification “does not, in itself, indicate inadequate performance by the auditor.” We suggest that consideration be given to the inclusion of a similar explicit statement in any revision to the international standard.
Increased transparency around the work auditors perform in coming to conclusions relating to going concern uncertainty has the potential to calibrate expectations more effectively as to the extent to which the auditor's opinion speaks to future viability (Gray et al. 2011; Bédard, Coram, Espahbodi, and Mock 2016). Recent changes to auditor reporting standards were implemented, in part, to improve transparency and reduce the audit information gap (i.e., desired information about the audit performed). Regarding auditor reporting on going concern uncertainty, however, we note the boilerplate nature of the “Material Uncertainty Relating to Going Concern” paragraph. One source of the expectation gap as it relates to going concern uncertainty is the differences in perceptions about the procedures auditors perform (Gray et al. 2011). A discussion, similar to that required for Key Audit Matters, irrespective of whether the auditor concludes there is a material uncertainty, may better serve the interests of transparency than a boilerplate paragraph included only when a material uncertainty exists.
Specifically, if the auditor judges that a material uncertainty does not exist, then there is the opportunity to speak to those issues in a more tailored way (specific to the work done) in a Key Audit Matter. Supporting the merit of more engagement-specific disclosure of work done around going concern uncertainty, A. Wright and S. Wright (2014) find that an explanation in the auditor's report of the auditor's judgment processes in resolving close calls as to going concern uncertainty reduces the extent to which investors attribute blame to auditors should the entity subsequently fail. Tempering our enthusiasm for such disclosure, however, is research reporting little effect on the expectation gap following recent expansions to the auditor's report (Gold, Gronewold, and Pott 2012; Minutti-Meza 2020; Coram and Wang 2021).
As a final comment, while we believe that there are opportunities for the IAASB to improve ISA 570, we highlight the need for the IAASB to be mindful that any changes to ISA 570 might inadvertently affect the likelihood of client bankruptcy. Research suggests that auditors' reporting on going concern uncertainty only negligibly increases bankruptcy likelihood (Gerakos et al. 2016). It is, however, important for the IAASB, when reflecting on any enhanced requirement, to balance having the auditor provide information relevant to bankruptcy risk with the risk of increasing client bankruptcy likelihood.
We encourage the IAASB to consult a very recent report by the Anti-Fraud Collaboration (2021) that examines SEC fraudulent financial reporting enforcement cases from 2014 to 2019.
It also is notable that audit committee members exhibit little consensus about the audit committee's role in assessing and mitigating the risk of fraudulent financial reporting (Beasley, Carcello, Hermanson, and Neal 2009).
In the United Kingdom, one firm specifically designated fraud as a standard risk in its initial adoption of ISA 700 (U.K. and Ireland). However, this standardization of the key audit matters was not the intent of the Financial Reporting Council (FRC 2016), but rather for auditors to generate client-specific risk disclosures.
The academic literature most often refers to the auditor's reporting on going concern uncertainty (i.e., drawing attention to a Material Uncertainty Related to Going Concern) as a going concern modification, or terms to that effect. To avoid confusion with circumstances in which the auditor may modify the opinion on whether the financial statements are fairly presented (or give a true and fair view), we refer to auditor reporting on going concern uncertainty.
Daugherty, Dee, Dickins, and Higgs (2016) find that auditors perceive a higher threshold for probability of failure when interpreting substantial doubt (67 percent) rather than significant doubt (60 percent).
See Christensen, Glover, and Wood (2012) for a similar discussion relating to the difficulties in providing reasonable assurance over certain fair value estimates.
Tammie J. Schaefer, University of Missouri–Kansas City, Henry W. Bloch School of Management, Department of Accountancy, Kansas City, MO, USA; Veena L. Brown, University of Wisconsin–Milwaukee, Lubar School of Business, Milwaukee, WI, USA; Matthew S. Ege, Texas A&M University, Mays Business School, Department of Accounting, College Station, TX, USA; Noel Harding, UNSW Sydney, Business School, School of Accounting, Auditing & Taxation, Sydney, Australia; Dana R. Hermanson, Kennesaw State University, Coles College of Business, School of Accountancy, Marietta, GA, USA; Julia L. Higgs, Florida Atlantic University, College of Business, School of Accounting, Boca Raton, FL, USA; J. Gregory Jenkins, Auburn University, Harbert College of Business, School of Accountancy, Auburn, AL, USA; Kecia Williams Smith, North Carolina A&T State University, College of Business and Economics, Department of Accounting and Finance, Greensboro, NC, USA.
Editor's note: Accepted by Denise Dickins.