Read More (5.0 MB)
Internal control systems consist of two evidence domains, automated control evidence and manual process evidence. Auditors can possess knowledge and expertise in both internal control evidence domains. But, auditors tend to possess more knowledge and expertise in one internal control evidence domain than the other internal control evidence domain. Thus, auditors have superior domain knowledge in one of the internal control evidence domains.
Auditors at large accounting firms tend to specialize in the evidence domain of automated controls (information technology auditors or IT auditors) or manual processes (financial auditors). Audit Standard 5 requires IT auditors and financial auditors to gain an understanding of clients’ automated controls and manual processes in order to integrate key client activities with the dollar amounts reported on the financial statements. While investigating controls and processes, IT auditors and financial auditors are exposed to relevant and irrelevant evidence from both domains. IT and financial auditors become exposed to irrelevant evidence when they conduct walkthroughs, read corporate policies and procedures, interview various employees, and trace transactions through client systems.
The exposure of IT auditors and financial auditors to irrelevant internal control evidence may contribute to audit failure. For example, audit failure could occur if irrelevant internal control evidence influences IT auditors and financial auditors to reduce their judgments of relevant control weaknesses and underestimate the amount of effort required to evaluate internal controls. The influence of irrelevant internal control evidence may vary when IT auditors and financial auditors specialize, or do not specialize, in the internal control evidence domain.
Previous studies have found that irrelevant evidence influenced financial auditors to reduce their fraud risk assessments and going concern assessments of relevant evidence. The current study extends this literature by focusing on the effects of superior domain knowledge on the use of irrelevant internal control evidence. The researcher compared the internal control judgments (effectiveness of internal controls and risk of material misstatement) and audit planning judgments (the hours necessary to effectively audit internal controls) of IT auditors and financial auditors when both auditor-types were exposed to relevant evidence with, and without, the presence of irrelevant evidence. Both types of auditors evaluated evidence from the automated control domain and the manual process domain separately.
Consistent with the existing literature on the influence of irrelevant evidence, the results in this study suggest that both auditor-types are influenced by irrelevant internal control evidence from both evidence domains. Anecdotal evidence suggests that IT auditors and financial auditors should be less influenced by irrelevant internal control evidence when they have superior domain knowledge. The results of this study suggest otherwise. The influence of irrelevant internal control evidence on IT auditors and financial auditors was stronger when IT auditors and financial auditors had superior domain knowledge.
Florida State University
domain knowledge, irrelevant evidence, internal controls, integrated audit, risk of material misstatement, audit hour budget, over-auditing, audit failure
Robins School of Business
Accounting | Corporate Finance | Management Information Systems
Selby, Daniel D. Effects of Auditor Type and Evidence Domain Type on the Influence of Irrelevant Internal Control Evidence and the Potential for Audit Failure. Tallahassee, FL: Florida State University, 2009.