Auditor mindsets an fraud judgment

(1)

Amsterdam Business School

Auditor Mindsets and Fraud Judgment

Master thesis

Name: Thomas Laarman Student number: 10267166

Thesis supervisor: Prof. dr. V. Maas Date: August 15, 2016

Word count: 18.244

MSc Accountancy & Control, specialization [Accountancy] Faculty of Economics and Business, University of Amsterdam

(2)

Statement of Originality

This document is written by student Thomas Laarman who declares to take full responsibility for the contents of this document.

I declare that the text and the work presented in this document is original and that no sources other than those mentioned in the text and its references have been used in creating it.

The Faculty of Economics and Business is responsible solely for the supervision of completion of the work, not for the contents.

(3)

Abstract

The effectiveness of tools that auditors use for assessing fraud risk varies significantly, and this variation impacts their fraud judgments. This is an alarming observation since it is expected that in the future the importance of fraud in financial statements will increase relative to error. Therefore, this thesis investigates whether the effectiveness of tools used by auditors to assess fraud risk can be improved using mindset theory. Using an experiment, this thesis tests whether it is beneficial for auditors to change from the current mindset they use when assessing fraud risk (an implemental mindset) to a potential desirable mindset (a deliberative mindset). The advantage of the deliberative mindset is that it fosters a broader focus of attention than the implemental mindset. Furthermore, it promotes the impartial processing of information. Hence, this thesis expects that a deliberative mindset improves auditors’ fraud judgments. Since the results of this study provide no support for this expectation, it is suggested that mindset theory is not effective in improving auditors’ fraud judgments.

Key words: auditors’ mindsets, fraud judgment, fraud risk assessment, SAS No. 99, fraud checklists.

(4)

Acknowledgements

First of all, I would like to thank prof. dr. V. Maas for the support and feedback on my thesis. I would also like to thank dr. ir. S. van Triest for providing additional feedback. Lastly, I would like to thank my family for their mental support.

(5)

1 Introduction

From the past, the audit profession has learned how disastrous fraud can be with the collapse of Arthur Andersen, a firm which once constituted the then Big Five audit firms. In October 2001, fraud was discovered at a client of Arthur Andersen, namely Enron, a large American energy, natural resources, and services company. Two months later in December 2001, Enron succumbed to the effects of the scandal and went bankrupt. Immediately after discovery of the Enron scandal, Arthur Andersen was investigated for its performance regarding Enron’s financial statements as well as its suspected role in the scandal. As a result, the audit firm was convicted in June 2002 of obstruction of justice for destroying Enron related documents in shredders. This conviction led to the downfall of Arthur Andersen in mid-2002; this downfall was also brought about by the impact of the scandal and proof of felonious complicity of two managers of the audit firm, namely Nancy Temple and David Duncan who initiated the destruction of Enron related documents. In May 2005, the Supreme Court of the United States decided to reverse the conviction of Arthur Andersen of obstruction of justice, but this came too late for the audit firm.

The fraud at Enron is only one of the many scandals that have been uncovered in the early 21st century. All these scandals point to an observation that current accounting and audit laws and regulations are inadequate. In order to prevent future scandals from occurring, the aforementioned laws and regulations needed to be rigorously altered. In an attempt to achieve this objective, the Sarbanes-Oxley Act of 2002 was introduced; this act is an American law that renews or extends current laws and regulations for all American listed company boards, management and the audit firms auditing the financial statements of these companies. Also, the American Institute of Certified Public Accountants (AICPA) introduced the Statement on Auditing Standards number 99 (SAS No. 99) entitled Consideration of Fraud in a Financial Statement Audit, and it has been effective from October 2002. The SAS No. 99 and other standards relating to fraud should be taken very seriously by auditors because fraud detection and deterrence is a crucial part of an audit (Elliot, 2002; Griffith et al., 2015; Wilks & Zimbelman, 2004). Moreover, annual reports can now be prepared more reliably due to innovations in information technology; as a result, the importance of fraud detection in an audit will increase relative to error detection (Elliot, 2002). On the whole, it can be seen that fraud in financial statements is a highly important issue that may become even more important in the foreseeable future. However, the current literature provides mixed results about the effectiveness of mandatory tools auditors currently use to assess fraud risk.

(8)

In response to this alarming observation, this study aims to expand the current body of research literature by investigating whether the effectiveness of current tools used for fraud risk assessments—which are incorporated in SAS No. 99—can be enhanced using mindset theory. A recent study by Griffith et al. (2015) showed that mindset theory does indeed play an important role in audits. Their study discovered evidence that a change in mindset can improve auditors’ evaluation of complex estimates (Griffith et al., 2015). Therefore, this thesis uses mindset theory to determine whether this could also be beneficial in another part of the audit—assessing fraud risk.

A mindset can be defined as a set of mental processes that establish a general preparedness to react in a certain way (Freitas et al., 2004; Gollwitzer, 1990). There are two key characteristics of a mindset: (a) it fosters orientations that are not related to a specific task and (b) it stays active once it is activated, even after the completion of the original task (Hamilton et al., 2011). The consequence of the second characteristic is that a mindset affects subsequent and also separate tasks (Hamilton et al., 2011).

In this thesis, two mindsets—a deliberative mindset and an implemental mindset—are tested to examine whether a change in mindset leads to a significantly different fraud risk judgment. A deliberative mindset can be interpreted as mental procedures concerning how a person selects one goal over other goal alternatives that are available to that person (Gollwitzer et al., 1990). By contrast, an implemental mindset can be viewed as the steps a person has to take to achieve a selected goal (Gollwitzer et al., 1990). In other words, a deliberative mindset consists of procedures focused on analysing and weighing advantages and disadvantages, and an implemental mindset consists of procedures focused on the timing and sequence of steps that need to be taken (Gollwitzer et al., 1990). Currently, it is most likely that auditors will adopt a mindset close to the implemental mindset because assessing fraud risk involves performing the steps required by the Auditing Standards. However, a deliberative mindset might be more beneficial to auditors because assessing fraud risk is a unique process in which it is not only crucial to follow the steps required by the Auditing Standards but also to remain open to information beyond the steps. A deliberative mindset enlarges the openness of a person’s mind to incidentally provided information (Gollwitzer & Bayer, 1999; Fujita et al., 2007), and adopting this mindset could result in the value of the information being evaluated in a better way (Beckman & Gollwitzer, 1987). Hence, the hypothesis of this thesis is that auditors adopting a deliberative mindset will judge fraud to be more likely than auditors adopting an implemental mindset.

(9)

To test this hypothesis, a case-based experiment was carried out in this study. A total of 36 auditors participated in the experiment; they are from one of the Big Four audit firms that operate in the Netherlands. All participants completed a questionnaire where they are asked to read a case of a fictitious audit client and a related fraud risk factor checklist completed by a senior. Subsequently, the participants are asked to provide their judgment about the risk of material misstatement in the financial statements due to fraud. Before reading this information and providing a judgment, the participants were first asked to read a different case about a potential client, a listed construction company that is obliged under Dutch law to choose a new audit firm for their statutory audit for next year. The participants are asked to imagine that they work for a Big Four audit firm as an auditor, and that their firm is considering writing a proposal to win the construction company. After reading the case, one half of the participants are asked to list three advantages and disadvantages in winning the construction company, and the other half are asked to list six steps they would take in their attempt to win the construction company. This was the variable that was manipulated in the experiment; the pros and cons question is used for activating a deliberative mindset, while the required steps question is used for activating an implemental mindset.

The results of the experiment provide no support for the expectation of this thesis. Using a deliberative mindset instead of an implemental mindset does not result in higher fraud judgments. This implies that mindset theory is not effective in enhancing the effectiveness of fraud checklists. The findings of this thesis extend the literature in two ways and may be interesting to both researchers and standard setters. First, the findings suggest that the use of mindset theory is not effective in enhancing the effectiveness of mandatory tools to assess fraud risk incorporated in SAS No. 99. Second, the findings of this thesis are inconsistent with the findings of Griffith et al. (2015). Whereas they do find evidence in their study that suggests mindset theory is useful in audits, this study finds no evidence. This shows that the usefulness of mindset theory depends on the task performed in the audit. Therefore, standard setters who are considering to implement new mindset regulations in specific auditing standards should be careful when implementing such regulations.

This thesis is subject to several limitations, which could potentially affect the contributions of the findings. First, the auditors who participated in the experiment all work for the same Big Four audit firm at one location. These factors may have affected the answers provided by the participants. Consequently, the generalization of the results is limited. Second, the use of an already completed fraud checklist in the experiment may also have influenced the results. Third, the participant’s total time for completing the experiment was not measured.

(10)

Therefore, it remains unclear whether participants in one mindset sample spent significantly more time on the experiment than participants in the other mindset sample.

This thesis is structured as follows. Chapter 2 provides theoretical background by reviewing relevant literature about fraud and mindsets, followed by a development of the hypothesis. Chapter 3 elaborates on the research methodology used in this thesis, while Chapter 4 describes the results from the case-based experiment. Lastly, Chapter 5 includes a discussion of the conclusion and the limitations of the study; the chapter also provides directions for future research.

(11)

2 Theoretical background and hypothesis development

2.1 Fraud

This section explains the concept of fraud using SAS No. 99 and relevant literature. In particular, this section sheds light on the characteristics of fraud, the types of fraud and the occurrence of fraud using the fraud triangle.

2.1.1 Characteristics of fraud

Each year companies are required to issue an annual report, which is a report regarding the company’s activities and position. Usually, this report consists of four financial statements, including a balance sheet, an income statement, a statement of changes in equity and a cash flow statement. In addition to these financial statements, the annual report contains a management discussion and analysis. To minimize the risk of having deviation in the report, companies are obliged by law to hire an audit firm to audit their annual report. In the event that a company’s financial statements contain a deviation, this can be due to error or fraud. The basic principle for evaluating whether a deviation is the result of error or fraud depends on whether the action which causes a deviation is unintentional or intentional (AICPA, 2002, p. 1721). The AICPA (2002, p. 1721) states that “fraud is an intentional act that results in a material misstatement in financial statements that are subject of an audit”. Alternatively, the Dutch institute for auditors defines fraud as an intentional act or negligence to act involving deception in order to obtain an advantage, and of which the extent is of such a magnitude that the decisions made based on the financial statements can be influenced by this deception (NBA, 2010, p. 386). Fraud can be committed by one or multiple members of management, those charged with governance, employees or third parties (NBA, 2016).

Although the definition of fraud by the two institutes differs in terms of precision, the core of both definitions is quite similar. Based on both definitions, this study defines fraud to be an intentional act by one or multiple individuals involving deception and this act results in a material misstatement in financial statements that are subject to audit. In this definition, a material misstatement refers to a misstatement that can influence the decisions made based on the financial statements, and fraud risk refers to the risk that the financial statements are materially misstated due to fraud.

(12)

2.1.2 Types of fraud

Two types of misstatements due to fraud are of interest to an auditor when conducting an audit. Both misstatements result in financial statements that are not presented in all material respects, in accordance with generally accepted accounting principles (GAAP) (AICPA, 2002, p. 1722). The first type of misstatement is a material deviation arising from fraudulent financial reporting (NBA, 2010, p. 391). This type of fraud consists of intentional inaccuracies, deletion of amounts, or disclosures in the financial statements (AICPA, 2002, p. 1722). According to the AICPA, this can be achieved using one of the following three methods. The first method consists of exercising influence on accounting records or accompanying documents from which the financial statements are compiled (AICPA, 2002, p. 1722). The second method entails representing information incorrectly in the financial statements or keeping information out of the financial statements on purpose (AICPA, 2002, p. 1722). The last method involves the misapplication of GAAP, and this results in inaccuracy with amounts, classification, presentation or disclosure (AICPA, 2002, p. 1722). The methods for accomplishing fraudulent financial reporting make it likely that upper management is directly involved in the fraud or is complicit (Coram et al., 2008, p. 545). Also, public disclosure of a misstatement arising from fraudulent financial reporting means significant deficiencies in either internal controls, corporate governance structures, or both (Coram et al., 2008, p. 545).

The second type of misstatement to consider is a deviation arising from misappropriation of assets (NBA, 2010, p. 391). Examples of misappropriation of assets at the expense of the company include embezzlement of receipts or theft of assets that belong to the company or letting a company pay for undelivered goods or services (AICPA, 2002, p. 1722). Furthermore, misappropriation of assets may also be done in order to deliver benefits to the company, such as improperly obtaining subsidies (NBA, 2010, p. 391). To cover up misappropriation of assets, the method of producing incorrect or deceptive records or documents is often used (NBA, 2010, p. 392). Although both types of misstatements are of interest to auditors, auditors considering fraud during an audit of financial statements seem to pay more attention to the first type of misstatement (Chadwick, 2000).

2.1.3 Fraud triangle

Multiple studies about fraud risk have used the interaction of three elements to explain why a person may decide to commit fraud; these elements include attitude, incentive and opportunity (Cressey, 1973; Albrecht et al., 1984; Loebbecke et al., 1989). These three together are referred to as the fraud triangle. The first element attitude means that individuals need to have a certain

(13)

attitude that rationalizes their behaviour to commit fraud (Wilks & Zimbelman, 2004, p. 725). The next element—incentive—is sometimes referred to as the motivation element, and it entails that a person has an incentive or is motivated to commit fraud because of a perceived pressure (Wilks & Zimbelman, 2004, p. 724). Lastly, the opportunity element consists of conditions or situations that create an opportunity for a person to engage in fraudulent activities (Wilks & Zimbelman, 2004, p. 724).

When all three elements exist in a certain setting, it is likely that fraud can be committed or has already been committed (Loebbecke et al., 1989, p. 4). Bell and Carcello (2000) found evidence that is consistent with this assertion. In their study, they developed and tested a logistic regression model that estimates the probability of fraud, and they have found that a number of fraud risk factors are associated with fraud. These factors associated with fraud cover all three elements of the fraud triangle. They include weak internal controls, rapid growth, management mainly focused on meeting analysts’ expectations, management lying to the auditor or management not being available often on purpose, ownership status, and a connection between weak internal controls and management’s aggressive attitude with regard to financial reporting (Bell & Carcello, 2000, pp. 177-178). A later study by Rezaee provided additional evidence for the earlier mentioned assertion (2005). He analysed five alleged fraud firms and found evidence that the fraud triangle elements are present in all these firms (Rezaee, 2005).

By contrast, if one of the elements does not exist, the probability that fraud has occurred is low, as well as the probability of it happening in the future (Loebbecke et al., 1989, p. 4). Keeping this in mind, the authors argue that auditors need to examine to what extent the attitude, incentive and opportunity elements are present. Subsequently, the results of the analysis are summarized in an overall conclusion (Loebbecke et al., 1989, p. 4). According to the authors, when one of the elements is absent, the overall conclusion would be that the risk of fraud is equal to zero. However, the authors also claim that this approach of assessing the likelihood of fraud has one issue, namely having incomplete information reduces the likelihood of fraud. It can be the case that incomplete information is available to the auditor, the auditor obtains incomplete information, or both (Loebbecke et al., 1989, p. 4). Loebbecke et al. (1989, p. 4) explained this through an example about a firm in which the fraud triangle elements are present but one of the elements is not recognized by the auditor as present. Normally, this would result in an overall conclusion that the risk of fraud is equal to zero. To prevent this from happening, additional work has to be done; this work consists of assessing the robustness and reliability of the auditor’s performed procedures (Loebbecke et al., 1989, p. 4).

(14)

Wilks and Zimbelman (2004) tested the approach of decomposing the fraud triangle elements in order to assess the likelihood of fraud, and they then compared it with a holistic approach. They carried out their study in response to concerns raised by the audit profession that auditors were too much focused on finding attitude cues that imply a low fraud risk; as a consequence, both incentive and opportunity cues that imply a high fraud risk were not sufficiently taken into consideration (Wilks & Zimbelman, 2004, pp. 739-740). They found that auditors assessing the likelihood of fraud using the approach that decomposes fraud assessments in situations of low fraud risk are significantly more attentive to incentive and opportunity cues than auditors using the holistic approach (Wilks & Zimbelman, 2004, p. 740). However, auditors using the approach that decomposes fraud assessments in situations of high fraud risk are equally attentive to incentive and opportunity cues as auditors using the holistic approach (Wilks & Zimbelman, 2004, p. 740).

2.1.3.1 Attitude

In these next three sub-sections, the elements of the fraud triangle are discussed in more detail. This sub-section concerns the attitude element, which Loebbecke et al. described as a characteristic found in individuals that allows them to knowingly commit a crime (1989, p. 4). According to the AICPA, multiple risk factors can lead to an attitude that rationalizes committing fraud, including

 low ethical values or standards;

 non-financial management interferes excessively with selecting accounting principles and determining estimates;

 history of violations, allegations and claims;

 excessive interest in stock price or earnings by management;

 management committing itself to third parties to meet aggressive or unrealistic expectations;

 management not being able to quickly resolve known bugs or weaknesses in internal controls;

 management’s interest in employing unlawful methods to reduce reported earnings for tax reasons;

 number of attempts by management to approve accounting due to immateriality; and  the highly tense relation between the current or predecessor auditor and management

(15)

Furthermore, the AICPA (2002, p. 1753) stated that attitude risk factors related to the misappropriation of assets are usually not observed by the auditors. However, in the case where auditors are informed or discover information regarding these attitude risk factors, they should consider this information when assessing fraud risk due to the misappropriation of assets (AICPA, 2002, p. 1753).

Multiple studies have looked into this element and investigated factors that may explain or may affect an attitude that rationalizes criminal behaviour. The first study on this topic examined the earnings management decisions of managers and auditors (Nelson et al., 2002). Nelson et al. (2002) investigated whether a difference in precision of accounting standards affects managers’ attitude to engage in earnings management, and their results indicated that this is indeed the case. First, they found evidence that managers are more likely to engage in earnings management with structured transactions when accounting standards are precise; when accounting standards are imprecise, unstructured transactions are used instead (Nelson et al., 2002, p. 192). Second, they discovered that auditors are less likely to demand adjustment of earnings management attempts that are structured when accounting standards are precise; when accounting standards are imprecise, auditors are less likely to demand adjustment of earnings management attempts that are not structured (Nelson et al., 2002, p. 192). In addition, managers were more likely to make earnings-decreasing attempts with unstructured transactions and imprecise accounting standards (Nelson et al., 2002, p. 193). Moreover, the majority of managers’ earnings management attempts are earnings-increasing (Nelson et al., 2002, p. 193). However, auditors are more likely to demand adjustment of those attempts, especially if material (Nelson et al., 2002, pp. 194-195).

Hernandez and Groot (2007) also studied the attitude that managements have towards committing fraud. However, they approached this topic from a different perspective than Nelson et al. (2002). Using a large sample of over 5,000 client acceptance and audit continuance assessments at a Big Four audit firm operating in the Netherlands, they investigated the nature and degree to which the attitude of management affects fraud risk judgment of audit partners (Hernandez & Groot, 2007). The findings of the study highlighted that attitude of management significantly affects auditors’ fraud risk judgment. The ethical conduct of senior management is considered to be the most important attitude factor for auditors assessing fraud risk of the attitude factors investigated; this conduct is most strongly associated with higher auditor fraud risk judgment (Hernandez & Groot, 2007, p. 21). Furthermore, Hernandez and Groot found that use of aggressive accounting methods, as measured by assessments of revenue recognition and accounting estimates, also lead to higher auditor fraud risk judgments (2007, p. 33). Lastly,

(16)

they investigated the effects of both auditor-management relationships and senior management experience and skill on auditor fraud risk judgment. The results showed these factors to be important in that they affect the overall fraud risk, but these results are only significant for situations of lower fraud risk levels (Hernandez & Groot, 2007, pp. 33-34).

In contrast to the first two studies mentioned, Gillett and Uddin (2005) specifically investigate the attitude of one type of manager, the Chief Financial Officer (CFO). The authors obtained data from 139 CFOs via a survey, and they found that a firm’s size affects a CFO’s intention to commit financial reporting fraud (Gillett & Uddin, 2005, p. 73). According to the authors, CFOs of large companies tend to be more likely to commit financial statement fraud (Gillett & Uddin, 2005, p. 73).

2.1.3.2 Incentive

As mentioned earlier, the incentive element entails that a person has an incentive or is motivated to commit fraud because of a perceived pressure (Wilks & Zimbelman, 2004, p. 724). The AICPA listed four incentive risk factors for financial reporting fraud and two for the misappropriation of assets. The incentive risk factors for financial reporting fraud include the following conditions: (a) the financial stability or profitability of the company is threatened, (b) the management is under high pressure to meet expectations of third parties, (c) information is available that the personal financial position of management or persons charged with governance is threatened by the company’s performance, and (d) management is under high pressure to meet targets (AICPA, 2002, pp. 1749-1750). The incentive risk factors for misappropriation of assets are employees who have personal financial obligations or a negative relation with the company, and who are able to misappropriate company assets (AICPA, 2002, p. 1752). The current literature focused on incentive risk factors for financial reporting fraud, and it identified four perceived pressures which can provide an incentive for a person to commit financial reporting fraud by illegally managing earnings. These perceived pressures include the need for external financing, prevention of debt covenant restrictions, compensation scheme and poor business results.

Using a sample of companies subject to actions by the Securities and Exchange Commission (SEC) for violating GAAP, Dechow et al. (1996) examined motives for earnings management. Their results suggested two important motives for earnings management: the desire to raise external capital at a low cost and the prevention of debt covenant limitations (Dechow et al., 1996, p. 30).

(17)

Research literature have provided mixed results regarding compensation as a motivation for engaging in fraudulent financial reporting, but the majority of the studies find a relation between the two (Beneish, 1999a; Burns & Kedia, 2006; Efendi et al., 2007). The study by Erickson et al. is an example of a study that contradicts the majority of the research on compensation and financial reporting fraud (2006). Their study investigated the equity incentives of executives and financial reporting fraud, and they found no consistent empirical evidence to suggest that financial reporting fraud is more likely to occur as the total equity incentives of executives become more sensitive to fluctuations in stock prices (Erickson et al., 2006, p. 140). Furthermore, the study provided evidence that managements’ sales of stocks and exercises of stock options are not significantly higher for fraudulent firms compared to non-fraudulent firms (Erickson et al., 2006, p. 140).

Apart from this study, multiple studies have found a relation between compensation and fraudulent financial reporting, such as the study by Efendi et al. (2007). Using a sample of firms that corrected their annual report, they discovered that the probability of a misstated annual report increases when the Chief Executive Officer (CEO) has a significant amount of stock options in-the-money (Efendi et al., 2007, p. 703). The term in-the-money means that the current share price of the share connected to the stock option is below the strike price of the stock option. This provides the holder of the stock option a possibility to sell the share above its current share price. Furthermore, the results suggested that irregularities in financial statements are more likely to occur for companies limited by an interest coverage debt covenant or raising new external capital (Efendi et al., 2007, p. 703). This finding is consistent with the findings of the aforementioned study by Dechow et al. (1996). The study by Burns and Kedia showed similar results with regard to stock options and probability of financial statement fraud (2006). Specifically, they found that CEO compensation schemes have an impact on the use of aggressive accounting methods that lead to a restatement of the financial statements (Burns & Kedia, 2006, p. 63). In particularly, CEOs who have stock option packages which are more sensitive to share prices are more inclined to engage in financial statement fraud (Burns & Kedia, 2006, p. 63). An earlier study by Beneish examined incentives and sanctions related to earnings management, and the findings of this study further strengthens the claim that compensation is related to financial statement fraud (1999a). Their results showed that managers in companies that opportunistically increase their earnings are more likely to sell their shares and stock options before public disclosure of the irregularity than managers in control companies (Beneish, 1999a, p. 454). These findings have suggested that a motivation for managers to overstate earnings is selling shares and stock options at higher prices (Beneish, 1999a, p. 454). Additional evidence for

(18)

this view has been provided by Denis et al. (2006). They found a significant positive relation between the probability of fraud and executive stock option incentives (Denis et al., 2006). Their results have corroborated the view that executive stock option packages lead to an increased likelihood that executives commit fraud (Denis et al., 2006).

Lastly, Rosner (2003) focused on opportunistic earnings manipulation in poor performing companies. She examined whether poor performing firms before bankruptcy are more inclined to engage in earnings manipulation. Her results showed that poor performing companies have significantly lower cash flows, which is reflected by earnings-increasing manipulation in non-going-concern years and subsequent reversal in going-concern years (Rosner, 2003, p. 401).

2.1.3.3 Opportunity

According to Wilks and Zimbelman, the opportunity element consists of conditions or situations that create an opportunity for a person to engage in fraudulent activities (2004, p. 724). In section 85 of SAS no. 99, the AICPA listed multiple risk factors that can increase the opportunity to commit fraud (2002, pp. 1750-1751). The AICPA provided the following as risk factors that can create an opportunity to commit financial reporting fraud: (a) the nature of the industry or the company’s operations, (b) insufficient monitoring of management, (c) complex or unstable organizational structure, and (d) inadequate internal control components (2002, pp. 1750-1751). The literature provided a number of studies that have investigated whether these risk factors in practice create an opportunity to engage in financial reporting fraud. These studies have mainly focused on insufficient monitoring of management and inadequate internal control components as opportunity risk factors.

One of the first studies that focused on these risk factors is the study by Loebbecke et al. (1989). This study analysed auditors’ experience with material misstatements. In particular, the authors examined audit partners’ experience with material misstatements of a then Big Eight audit firm using a survey. The results of the survey indicated that two situations clearly expand the opportunity to commit fraud: dominated decisions by management and a weak internal control environment (Loebbecke et al., 1989, p. 20). Using data from 64 Australian firms obtained through a survey, Rae and Subramaniam have studied the second finding in more depth (2008). Their results indicated that the probability of fraud occurring is higher in situations characterized by low Internal Control Procedures (ICP) quality and poor employee perceptions of organizational justice (Rae & Subramaniam, 2008, p. 119). In other words, a strategy that sets

(19)

high ethical values within the company and leads to high ICP quality reduces opportunity to commit fraud (Rae & Subramaniam, 2008, p. 120).

Beasley (1996) specifically investigated whether board composition affects the likelihood of financial statement fraud and how this occurs. He found that there are fewer outside directors on boards of fraudulent firms than non-fraudulent firms (Beasley, 1996, p. 463). In fact, adding outside members to the board leads to more adequate monitoring of management which in turn reduces the opportunity to commit financial statement fraud (Beasley, 1996, p. 463). This finding has proven to be consistent with the results of the study by Farber, which has used a control sample to compare 87 companies classified by the SEC as fraudulent firms—fraudulent because they were illegally manipulating their financial statements (2005, p. 560). His results also showed that fraudulent firms have fewer outside members on the board of directors (Farber, 2005, p. 560). Furthermore, he found significant evidence that suggests fraudulent firms have fewer financial experts on the audit committee and fewer audit committee meetings (Farber, 2005, p. 560). Also, they are less often audited by Big Four audit firms, and they more often have a CEO who is also the chairman of the board of directors (Farber, 2005, p. 560).

Finally, a couple of studies have paid specific attention to audit committees and financial statement fraud. Abbott et al. (2004) analysed whether multiple audit committee characteristics affect the probability of financial statement fraud and how this occurs. Using two samples consisting of 44 companies alleged of fraud and 44 control companies, the authors found that audit committee expertise and independence are negatively associated with the likelihood of fraud (Abbott et al., 2004, pp. 80-83). Further studies that have investigated audit committee characteristics and the likelihood of financial statement fraud showed that the presence of financial experts on the audit committee is negatively associated with the likelihood of financial statement fraud (McDaniel et al., 2002; Bédard et al., 2004).

The AICPA also formulated opportunity risk factors that can increase the likelihood of misappropriation of assets. This can be a particular characteristic or condition, such as (a) a process involving a lot of cash; (b) an inventory consisting of small, valuable or highly demanded items; (c) assets that can easily be converted or the possession of small, marketable fixed assets; or (d) fixed assets of which identification of ownership is difficult (AICPA, 2002, pp. 1752-1753). Furthermore, the AICPA mentioned insufficient internal control over a company’s assets as an opportunity risk factor (AICPA, 2002, pp. 1753). The literature included multiple studies which examine the relation between internal control over a company’s assets and the likelihood of misappropriation of assets.

(20)

The first important study to mention in this respect is the one by Coram et al. (2008). They focused on the second opportunity risk factor provided by the AICPA—which is insufficient monitoring of assets—and they measured this factor using the presence of an internal auditor department (Coram et al., 2008). Many companies have an internal auditor department to ensure that prior to the audit of the financial statements, there is a low probability of the second type of misstatement, which is the misappropriation of assets. The authors examined whether such a department indeed leads to a lower probability of the second type of misstatement. The results of their study highlighted that companies with an internal auditor department are better able to detect and self-publish the second type of misstatement than companies that do not have such a department (Coram et al., 2008, p. 557). In other words, an internal auditor department is effective in reducing the probability of the second type of misstatement in the financial statements. This point suggested that the presence of an internal auditor department can give an auditor an useful indication of a company’s internal control over assets.

Second, the study by Mustafa and Youssef extended the aforementioned research on audit committees and financial reporting fraud by looking at whether the financial expertise and the independence of members in an audit committee affect the probability of misappropriation of assets (2010, p. 221). They found that an increase in financial expert members and independent members in an audit committee leads to a decrease in the probability of misappropriation of assets (Mustafa & Youssef, 2010, p. 221). An important point to note is that the additional tests showed how independent financial expert members are significantly negatively associated with the likelihood of misappropriation of assets, but independent members without financial expertise are not significantly negatively associated with misappropriation of assets (Mustafa & Youssef, 2010, p. 221). This finding indicated that an independent member of an audit committee can only reduce the likelihood of misappropriation of assets if this member has financial expertise (Mustafa & Youssef, 2010, p. 221).

2.1.4 Summary

In summary, fraud can defined as an intentional act by one or multiple individuals involving deception that results in a material misstatement in financial statements which are subject to audit. As mentioned, a material misstatement is referred to as a misstatement that can influence the decisions made based on the financial statements, and fraud risk can be explained as the risk that the financial statements are materially misstated due to fraud. Two types of material misstatements due to fraud are of interest to an auditor considering fraud in an audit—the first

(21)

type is a material deviation arising from financial reporting fraud, and the second is a material deviation arising from misappropriation of assets. In the literature, the occurrence of these two material misstatements due to fraud are explained by the interaction of the three elements in the fraud triangle. These elements are attitude (rationalizes fraudulent activity), incentive (provides motivation to commit fraud) and opportunity (creates possibility to carry out fraudulent activity). When all three elements are present in a situation, it is likely that fraud is committed or will be committed in the future. Many studies have investigated the elements of the fraud triangle; for each element, these studies have provided a lot of risk factors that are associated with the likelihood of a material misstatement due to fraud. Many of these risk factors are included in SAS No. 99. As a result, the risk factors formulated in SAS No. 99 should provide adequate support to an auditor in assessing the degree to which the elements of the fraud triangle are present in the company under audit.

2.2 SAS No. 99: Consideration of fraud in a financial statement audit

In elaborating on the concept of fraud, this section explains the role of the auditor with regard to the consideration of fraud in an audit. Subsequently, the section explores literature that has investigated the effectiveness of tools which are incorporated into the fraud related standard of SAS No. 99. This standard has provided guidance on how auditors should assess fraud risk, and it introduced several tools to support auditors in carrying out a fraud risk assessment.

2.2.1 The role of the auditor

According to International Standard on Auditing (ISA) 200, the role of an auditor consists of two parts (2009, p. 74). The auditor’s two-part role is “to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to report on the financial statements, and communicate as required by the ISAs, in accordance with the auditor’s findings” (ISA, 2009, p. 74). This definition has also been incorporated into national legislation (NBA, 2010, p. 208; AICPA, 2012, p. 79). Furthermore, ISA 200 also described that the term reasonable assurance must be interpreted as a high but not absolute level of assurance since performing an audit has limitations; these limitations lead to the majority of the audit evidence of the auditor as being compelling but not conclusive (2009, p. 73). This point was confirmed by Ruhnke and Lubitzsch, who found that there is a boundary to the maximum level of assurance that can be provided based on the audit evidence of the audited subject matter (2010). The precise meaning of this term has been ambiguous over a long period

(22)

of time until a definition was finally introduced by the AICPA in 2004 (Roberts & Dwyer, 1998, p. 572; Christensen et al., 2012, p. 137).

To fulfil the auditors’ role with regard to fraud in a financial statement, an auditor starts with a fraud risk assessment of the company under audit. The auditor then responds to the results of the assessment by exercising professional scepticism in collecting and evaluating audit evidence (AICPA, 2002, p. 1732). Professional scepticism entails that an auditor (a) has a questioning mind and (b) critically assesses the competency and sufficiency of audit evidence (AICPA, 2002, p. 1724). The auditor can respond in a number of ways (AICPA, 2002, p. 1732). For example, the auditor can decide to design additional or other audit procedures for collecting additional reliable audit evidence substantiating the financial statements or to collect further confirmation on managements’ explanations and statements on material matters (AICPA, 2002, p. 1732). Finally, auditors evaluate the audit evidence and report on the financial statements in accordance with the auditor’s findings. In the case where auditors finds misstatements that are or may be the result of fraud, they are required to investigate the implications (AICPA, 2002, p. 1745). SAS No. 99 states the follow-up steps that auditors need to take in response to the outcomes of the investigation (AICPA, 2002, pp. 1745-1748).

2.2.2 Fraud risk assessment tools

According to SAS No. 99, three steps are essential for carrying out an effective fraud risk assessment (AICPA, 2002, pp. 1725-1732). The first step entails collecting the information needed for identifying the risks of material misstatement due to fraud (AICPA, 2002, p. 1725). This essential information about the risk of fraud is collected through inquiry of management and others persons within the company about the risk of fraud (AICPA, 2002, p. 1726). Furthermore, several items need to be considered in this step, including (a) the outcomes of the analytical procedures performed in the planning phase, (b) the fraud risk factors, and (c) other possible useful information such as the outcomes of brainstorming sessions (AICPA, 2002, pp. 1728-1729). The second step involves processing the collected information and identifying fraud risks that may lead to a material misstatement (AICPA, 2002, p. 1729). The third and final step consists of assessing the identified fraud risks; an evaluation of the company’s programs and controls that tackle the fraud risks also need to be kept in mind (AICPA, 2002, p. 1731).

A number of studies have examined fraud risk assessments. In particular, these studies have investigated the aforementioned tools in SAS No. 99 that are used for collecting the required information. The most important studies in this respect are discussed in the next subsections.

(23)

2.2.2.1 Inquiries

According to Hirst and Koonce, inquiry of client personnel is a frequently used tool by auditors for developing explanations for unexpected differences in the planning stage of the audit (1996, p. 463). However, multiple studies have suggested that audit quality could be impaired when this audit evidence is collected and used by the auditor (Bedard & Biggs, 1991, p. 88; Glover et al., 2000, p. 42). In response to these findings, Krishnamoorthy and Wright specifically investigated the value of management inquiry (1999). They provided a framework for auditors that enables them to assess the value of the evidence collected from management inquiry (Krishnamoorthy & Wright, 1999, p. 5). The study used three factors which seem to be important in assessing the value of management inquiry (Krishnamoorthy & Wright, 1999, p. 16). These factors are management objectivity, management competence and risk of misstatement (Krishnamoorthy & Wright, 1999, p. 16). First, Krishnamoorthy and Wright found that audit evidence collected from management inquiry is of high explanatory value only when the audit client is both objective and competent (1999, p. 16). Second, the possible value of explanations from management is greatest when the risk of misstatement is high (Krishnamoorthy & Wright, 1999, p. 16). Third, in the case where financial reporting fraud is suspected and the objectivity of management is questioned as a result, the value of explanations from management inquiry is low (Krishnamoorthy & Wright, 1999, p. 16). Finally, when misappropriation of assets is suspected, the value of explanations from management inquiry can be high, but only if management is competent to assess the risk of fraud (Krishnamoorthy & Wright, 1999, p. 16). However, it seems that auditors do not often evaluate managements’ competence in assessing the risk of fraud (Krishnamoorthy & Wright, 1999, p. 16). Overall, this study suggests that management inquiry can be a useful tool for collecting audit evidence, but auditors need to exercise much care in using this audit evidence because the value varies significantly depending on the situation.

2.2.2.2 Analytical procedures

According to the AICPA, analytical procedures consists of comparisons of reported amounts— or ratios calculated using those reported amounts—to auditors’ expectations (1989, p. 1889). The difference in complexity of the various analytical procedures is rather great (Green & Choi, 1997, p. 14). Beneish developed and tested a model in order to predict and detect financial statement fraud (1999b). The variables of the model consists of reported amounts as well as financial ratios (Beneish, 1999b, p.25). His results showed that some of the incorporated variables in the model

(24)

are useful in detecting companies that commit financial statement fraud (Beneish, 1999b, p. 33). Furthermore, he found that some of the variables have predictive or discriminatory power (Beneish, 1999b, pp. 33-34). Nevertheless, it should also be noted that the model has a large rate of classification errors (Beneish, 1999b, p. 34). This is due to the fact that the model captures both distortions that result from manipulation and distortions that are the result of another cause, such as material acquisition, a change in the company’s strategy, or a change in the company’s external environment (Beneish, 1999b, p. 34).

Kaminksi et al. focused specifically on the efficacy of analytical procedures that use financial ratios to identify fraud risk (2004, p. 26). They compared 21 financial ratios of 79 matched fraudulent and non-fraudulent companies over multiple years (Kaminski et al., 2004, p. 17). They discovered that some of the financial ratios differed significantly between fraudulent and non-fraudulent companies (Kaminski et al., 2004, p. 26). However, these financial ratios were not significant across the investigated period of time (Kaminski et al., 2004, p. 26). Therefore, Kaminski et al. concluded that the efficacy of analytical procedures that use financial ratios to identify fraud risk is limited (2004, p. 26). Overall, it seems that analytical procedures are not ineffective, but their contribution is modest.

2.2.2.3 Fraud checklists

In general, auditors make use of standard fraud checklists that are situated around the three elements of the fraud triangle in order to collect information on the fraud risks factors in the company under audit (Shelton et al., 2001, p. 25; Mock & Turner, 2005, p. 62). Although such a checklist is intended to support the fraud risk assessment, the studies are not convinced that such a checklist is actually beneficial. Early research was conducted by Pincus, who used a field experiment to investigate the effectiveness of a red flags checklist for assessing fraud risk (1989). The results of the study showed that the use of a fraud checklist does not significantly affect the fraud risk assessment in a no-fraud setting (Pincus, 1989, p. 161). Even more importantly, the use of such a checklist in a fraud setting significantly affects the fraud risk assessment negatively (Pincus, 1989, p. 161). In the fraud setting, the fraud risk assessments of the participants who did not use a fraud checklist were about one-third higher than the participants who used a fraud checklist (Pincus, 1989, p. 161). According to Asare and Wright, it is difficult to generalize these findings for two reasons (2004, p. 330). First, the study was carried out in a period of time when auditors were not obliged to take responsibility for assessing fraud risk and detecting fraud (Asare & Wright, 2004, p. 330). Second, the fraud checklist used in the study was merely one long list of fraud risk factors; it contained no categorizations of fraud risk factors (Asare &

(25)

Wright, 2004, p. 330). A related study by Mock and Turner focused specifically on fraud checklists and fraud risk factors (2005). They found that auditors using a fraud checklist do not often identify fraud risk factors in addition to the fraud risk factors listed in the fraud checklist; auditors also tend to tick off more fraud risk factors when the length of the checklist increases (Mock & Turner, 2005, p. 74). Furthermore, the authors showed that auditors who did not use a checklist identified more fraud risk factors than auditors who did use a checklist (Mock & Turner, 2005, p. 74). However, the impact of the last finding on the fraud risk assessment remains unknown since the authors did not investigate this area in their study.

The study by Asare and Wright extended the scope of research literature by investigating whether the use of fraud checklists affects the fraud risk assessment while taking into account the limitations of earlier research (2004). As mentioned in section 2.2.1, auditors currently do have the responsibility to report that the financial statements are not materially misstated due to fraud. Furthermore, an updated fraud checklist which categorizes the fraud risk factors is used (Asare & Wright, 2004, p. 335). The results of the study showed that auditors who do not use a fraud checklist provide a more accurate fraud risk assessment than auditors who do use a fraud checklist (Asare & Wright, 2004, p. 341). This point is consistent with the findings of Pincus (1989). Overall, the research literature has criticized the effectiveness of fraud checklists in assessing fraud risk rather than confirmed the effectiveness.

2.2.2.4 Brainstorming

SAS No. 99 introduced a new tool for improving auditors’ fraud judgments, brainstorming, which is mandatory for every financial statement audit (AICPA, 2002, p. 1724). According to the AICPA, a brainstorming session should consist of an exchange of ideas among the audit team regarding (a) the susceptibility of the company’s financial statements to material misstatement due to fraud, (b) managements’ ability to commit and conceal financial reporting fraud, and (c) the ways in which assets belonging to the company could be misappropriated (AICPA, 2002, p. 1724). Furthermore, a brainstorming session should emphasize the importance in maintaining a questioning mind and exercising professional scepticism during the audit (AICPA, 2002, pp. 1724-1725).

Carpenter investigated the effectiveness of fraud brainstorming audit teams using an experiment in which forty audit teams performed brainstorming sessions; each team consisted of a staff auditor, a senior and a manager (2007, pp. 1125-1126). First, the results suggested that fraud brainstorming audit teams come up with more quality fraud ideas than individual auditors even though the teams may have a fewer number of fraud ideas (Carpenter, 2007, p. 1136).

(26)

Second, fraud brainstorming audit teams come up with new quality fraud ideas that were not previously considered by the members of the audit team (Carpenter, 2007, p. 1136). Third, prior to a fraud brainstorming session, the fraud risk assessments made by audit team members are significantly lower than their assessments after a brainstorming session, particularly when fraud is present (Carpenter, 2007, p. 1136). In summary, these findings have suggested that the effectiveness of financial statement audits can improve when a fraud brainstorming session is mandatory for performing a financial statement audit.

Brazel et al. found similar results with regard to the effectiveness of audit teams that performed a fraud brainstorming session (2010). Using data obtained from 179 real audit engagements, they developed and tested a measure of brainstorming quality (Brazel et al., 2010, p. 1297). The results of their study showed that fraud risk factors are positively associated with fraud risk assessments, and the results provided some support that brainstorming quality moderates these associations (Brazel et al., 2010, p. 1297). Furthermore, in the case where brainstorming quality is perceived to be higher, fraud risk assessments are more positively associated with measures of audit procedures; these measures include the nature, timing, and extent of audit procedures and staff who performs them (Brazel et al., 2010, p. 1297). Overall, the findings of Brazel et al. suggested that high brainstorming quality seems to improve the audit team’s consideration of fraud in a financial statement audit by creating a wider set of responses for the identified fraud risks (2010, pp. 1297-1298). By contrast, a low brainstorming quality could harm the effectiveness of the financial statement audit because this can result in insufficient auditing (Brazel et al., 2010, p. 1298). Overall, the studies suggested that a brainstorming session is an effective tool for auditors assessing fraud risk.

2.2.3 Summary

In summary, the auditors’ role with regard to fraud is to obtain reasonable assurance on whether the financial statements under audit are free from material misstatement due to fraud. Auditors cannot obtain absolute assurance because performing an audit has limitations which lead to the majority of the audit evidence being compelling but not conclusive. To fulfil the auditors’ role, auditors start with a fraud risk assessment of the company under audit. Typically, a fraud risk assessment consists of three steps. In the first step, the necessary information is collected to identify the risks of material misstatement due to fraud. The next step consists of processing the information and identifying fraud risks that may lead to a material misstatement due to fraud. The final step involves assessing the identified fraud risks. SAS No. 99 introduced multiple mandatory tools for carrying out the first step of the fraud risk assessment, including inquiries,

(27)

analytical procedures, fraud checklists and brainstorming. The studies have provided mixed results about the effectiveness of these tools. Management inquiry is only effective under certain conditions, such as when the audit client is both objective and competent (Krishnamoorthy & Wright, 1999). The effectiveness of analytical procedures is limited but not ineffective (Beneish, 1999b; Kaminski et al., 2004). The studies have criticized the effectiveness of fraud checklists in assessing fraud risk (Pincus, 1989; Asare & Wright, 2004). Lastly, the literature has shown how the most recently introduced tool of fraud brainstorming sessions is considered to be promising (Carpenter, 2007; Brazel et al., 2010).

2.3 Mindsets

The previous section highlights mixed results for the effectiveness of the tools provided in SAS No. 99. In response, this section discusses the potential of mindset theory in increasing the effectiveness of these tools. First, the characteristics of mindsets are discussed. Second, two mindsets are introduced, namely a mindset which reflects the current auditors’ mindset and a potential desirable mindset. Finally, the hypothesis of this thesis is defined.

2.3.1 Characteristics

A mindset can be defined as a set of mental processes which establish a general preparedness to react in a certain way (Freitas et al., 2004; Gollwitzer, 1990). Mindsets have been first studied in the beginning of the 20th century in early experimental studies in psychology (Gollwitzer, 1990, p. 63). These studies show that carrying out particular tasks activates a set of cognitive operations (Hamilton et al., 2011, p. 14). Key characteristics of a mindset are that (a) it fosters orientations that are not related to a specific task, and (b) it remains active when activated, even after completion of the original task (Hamilton et al., 2011, p. 14). The implication of the first characteristic is that mindsets impact all phases of decision-making (Griffith et al., 2015, p. 55). These include the analysis of the problem cues in the task (Gollwitzer, 1993, p. 141), the information sought (Heckhausen & Gollwitzer, 1987, p. 101; Henderson et al., 2008, p. 408) and the way in which information is processed and evaluated (Gollwitzer et al., 1990, p. 1119; Taylor & Gollwitzer, 1995, p. 213). The consequence of the second characteristic is that a mindset also affects subsequent and separate tasks (Hamilton et al., 2011, p. 14; Freitas et al., 2004, p. 740; Wyer & Xu, 2010, p. 121).

Mindset theory assumes that situational conditions (e.g. requirements of a certain task) can switch a person from using one mindset to using a different mindset (Hamilton et al., 2011,

(28)

p. 14). One point to note is that different mindsets which consist of different sets of cognitive processes would approach tasks in different ways; in considering this fact, it is difficult for a person to use more than one mindset at any given time (Hamilton et al., 2011, p. 14). Hamilton et al. compared this with individuals trying to focus their eyes on a close object and a faraway object at the same time (2011, p. 14). As a consequence, activating a different mindset than the current active mindset entails switching away from the current active mindset rather than using a second mindset (Hamilton et al., 2011, p. 14).

2.3.2 Implemental mindset, deliberative mindset, and hypothesis

In this thesis, the Rubicon model of action phases is used for putting mindsets into perspective. This model assumes that an action consists of four sequential phases (Heckhausen, 1986). The pre-decisional phase is the first phase; in this phase, a person’s task is to deliberate and choose between potential action goals (Gollwitzer, 1990, p. 62). In the second phase, the post-decisional phase, a person is concerned with the initiation of actions that imply moving towards the accomplishment of the chosen goal (Gollwitzer, 1990, p. 62). The third is the actional phase where a person should execute the actions in an efficient way (Gollwitzer, 1990, p. 62). In the last phase, the post-actional phase, a person evaluates the outcomes of the actions, specifically whether the chosen goal is accomplished (Gollwitzer, 1990, p. 62). According to Gollwitzer, carrying out these tasks activates a phase-typical mindset; a set of procedures that support task accomplishment (1990, p. 62). To analyse mindset effects on auditors fraud risk assessment, this thesis uses the mindset of the pre-decisional phase (deliberative mindset) and the post-decisional phase (implemental mindset) because these are most likely to impact auditors’ inferences (Gollwitzer & Kinney, 1989; Griffith et al., 2015). Furthermore, these mindsets are tested in an experiment using fraud checklists, which is the most problematic tool of SAS No. 99, as presented in section 2.2.2.3.

A deliberative mindset consists of procedures focused on analysing and weighing advantages and disadvantages of goal alternatives, while an implemental mindset consists of procedures focused on the timing and sequence of steps that need to be taken for accomplishing the chosen goal (Gollwitzer, et al., 1990, p. 1120). A feature of the deliberative mindset is that it fosters a broad focus of attention which expands beyond task relevant information (Gollwitzer & Bayer, 1999; Heckhausen & Gollwitzer, 1987). Fujita et al. investigated this feature, and they found that using a deliberative mindset results in the mind being more open to processing incidental information compared to the implemental mindset (2007). Furthermore, Taylor and Gollwitzer discovered that individuals using a deliberative mindset show fewer positive illusions

(29)

(i.e. they are more impartial) when processing information than individuals adopting an implemental mindset (1995). Individuals using an implemental mindset are more biased when processing information because this mindset stimulates a narrow focus of attention, namely a focus on directly-related information and selective information processing in support of the chosen goal (Gollwitzer & Bayer, 1999, p. 406; Heckhausen & Gollwitzer, 1987, p. 116).

Auditors using fraud checklists obtain separate audit evidence for each listed fraud risk factor. Based on this evidence, they then verify whether the fraud risk factor is present or not. In the end, they provide an overall fraud judgment based on their findings. This task resembles a verification task because there needs to be a verification made on whether or not fraud risk factors exist. Therefore, it is expected that auditors would use a mindset closely linked to an implemental mindset for this task. As mentioned, this mindset supports individuals in efficiently completing a task. This implicates that the usage of this mindset when completing fraud risk checklists leads to auditors focusing on information that is relevant for the risk factors in the fraud checklist. However, it is likely that this narrow focus limits auditors in considering information that is not directly relevant to the fraud checklist but might constitute another fraud risk factor. Mock and Turner found evidence consistent with this assertion (2005). They discovered that auditors using a fraud checklist do not often identify other potential fraud risk factors in addition to the fraud risk factors listed in the fraud checklist (2005). This may provide an explanation for the finding of auditors using a fraud checklist provide significantly fewer accurate fraud judgments than auditors who do not use a fraud checklist (Pincus, 1989; Asare & Wright, 2004).

In response, this thesis hypothesizes that switching from an implemental mindset to a deliberative mindset improves the effectiveness of fraud checklists in assessing fraud risk. Based on the abovementioned procedures in the deliberative mindset, this thesis expects that auditors using a deliberative mindset would look beyond the information that is relevant for the fraud checklist and would process information in a more impartial manner. In this way, auditors should be able to develop an improved overview of the existing fraud risk factors in the company under audit. In other words, auditors should be able to provide more accurate fraud judgments. This point leads to the following hypothesis:

H1: auditors adopting a deliberative mindset will judge fraud to be more likely than auditors adopting an implemental mindset.

(30)

3 Research Methodology

3.1 Experimental design

In order to the test the hypothesis, a case-based experiment is conducted. The experiment has a two by one factorial design; in the experiment, the dependent variable is the participants’ assessment of the fraud risk in a company that is presented in a case scenario. The case provides information on a fictitious client of the Big Four audit firm which the participant works for. The information provided consists of (a) the background of the company, its industry, competition, and its management and (b) a fraud risk factor checklist completed by an audit senior. Based on the provided information, the participants were asked to give their judgment of the risk material misstatement due to fraud. Before the participants read the information and gave their judgment, they were all asked to read a different case about a potential client, a listed construction company that is obliged by Dutch law to choose a new audit firm for carrying out their statutory audit for next year. The participants were asked to imagine that they work for a Big Four audit firm as an auditor and that their firm is considering writing a proposal to win the construction company. The task given right after presenting this case was used for manipulating the mindset of the participant in the experiment. One half of the participants were asked to list three advantages and disadvantages of winning the construction company, while the other half of the participants were asked to list six steps they would take in their attempt to win the construction company.

3.2 Sample and procedures

In total, 36 auditors from a Big Four audit firm operating in the Netherlands participated in the experiment. The deliberative mindset condition of the experiment was completed by 18 auditors and the implemental mindset condition by 18 auditors. At the end of the experiment, the participants were asked to answer a couple of questions regarding their demographics, namely their age, gender, function, and years of experience as an auditor. The demographics of the participants in the experiment are summarized in Table 1. Regarding the profiles of the participants, a vast majority of them were males. The function of the participants ranged from Junior Staff to Director, and most of them had multiple years of experience as an auditor.

The experiment was carried out using a questionnaire that was given to the participants. This questionnaire was available in hard-copy and in an electronic version; most of the participants completed the electronic version, and only three participants completed the paper version. Prior to completing the questionnaire, the participants were told that the questionnaire