Continuous Auditing: an increase of transparency?

(1)

Continuous Auditing: an increase of transparency?

Master Thesis Accountancy EBM869B20

June 2017

A. A. Louwerse

s2212064

University of Groningen

Faculty of Economics and Business

Moezeldreef 251

3561 GC Utrecht

06 46 78 31 49

a.a.louwerse@student.rug.nl

First assessor:

Prof. dr. D.A. (Dick) de Waard RA

Second assessor: drs. L.M. (Leo) Wielens RA

External supervisor:

J.W. (Jan Wiecher) Zwep MSc

(2)

ABSTRACT

This study aims to add new insights into the relationship between the different continuous auditing stages in which a company can occur, and the transparency of the audit report. In addition, an analysis was conducted to ascertain the relationship between the four stages and number of key audit matters. To measure the transparency, a transparency index was created. This was done by establishing the consensus between the key audit matters mentioned by the auditor and the risks reported in the annual report. A quantitative study, with tertiary data, was conducted and tested on 215 UK listed firms. There was no difference found between the different stages and the amount of transparency. The findings suggested that full continuous audit leads to a significant higher number of reported key audit matters. These findings, implications and future research are to be discussed.

Key words: Key Audit Matters, Continuous Auditing, Full continuous audit, Maturing Audit Model, the

extended audit report, ISA 700, United Kingdom

_________________________________________________________________________________________

Acknowledgement: I would like to use this opportunity to thank the people who helped me in the process of writing my

master thesis. I would like to start by thanking my supervisor Dick de Waard, for providing me with useful feedback and answering my questions. Next to that, I would like to thank my external supervisor Jan Wiecher Zwep for his advice, knowledge and for taking the time to provide me with feedback. Furthermore, I would like to thank PwC for the opportunity to write my thesis. In line with that, I would thank all of my colleagues for their help, support, input and for making this process way more fun. At last, I would like to thank my family and my friends for their support, feedback and opportunism. Above all people, I would like to give away a special thanks to my little brother, who has been checking and reading my thesis multiple times.

(3)

1. INTRODUCTION

On the 12th of December 2016, the Dutch report ‘Het jaar 2015 Verslagen’, stated that there is a limited relationship in the new audit report between the key audit matters reported by the auditor and the specific risks reported by the organisation (Vergoossen, 2016). Due to several scandals, such as Enron, Worldcom, Ahold and Parmalat, there has been a lot of criticism on the auditor (Knechel, 2007). As a response to these scandals the ‘Monitoring Commissie Accountancy’ has developed 53 actions to improve the quality of the work of the auditor, however some scepticism towards trustworthiness of the auditors is left (NRC, 2016). The role of the auditor became disputed due to these scandals. Critics are questioning the role of the accountant in society by stating that the auditor is afraid to give his opinion about the company through the sharpened legalisations (FD, 2016). As a reaction to the lack of trust in the work of the auditor, caused by several scandals, various developments have been developed within the profession of the auditor to increase the transparency in society. One of these developments is the new audit report. The goal of the new audit report is to provide more information to the society by reducing the expectation gap between the auditor and the society by adding key audit matters, materiality and the scope of the group audit (IAASB, 2015; ISA 701). Key audit matters are identified as the most significant matters in the financial statements in the current period by the professional judgement of the auditor (ISA 701). According to ISA 701, the key audit matters are introduced to the new audit report to inform users of the annual report of certain items relating the organisation, the audited financial statements, or the performed audit (FRC, 2016).

1.1. Statement of the Problem

The task of an auditor is to ascertain that the represented financial information in the financial statements is adequate, correct, sufficient and good quality (Saladrigues & Grañó, 2014). According to legislation, the goal of the auditor is to gain a sufficient amount of assurance about the financial statements of the organisation, without any material deviation (NBA, 2016). The stakeholders of an organisation find this information meaningful, since they base their decisions on this information. They expect this information to be correct, true and sufficient. The users of the audit report are diversified, as the group consist of the shareholders of the company, possible investors, creditors and suppliers, banks and financial entities, the State and employees of the company (Saladrigues & Grañó, 2014). As mentioned before, due to several scandals, there is a lack of transparency within the auditors work in the opinion of the stakeholders. The emerging lack of transparency decreases the confidence of society in the audit profession which leads to a lack of added value for the audit (Knechel, 2007; Maijoor & Vanstraelen, 2012). Nowadays, the stakeholders are expecting more information from the auditor (Brouwer, Eimers, & Langendijk, 2016). To redeem trust within society and to provide more information, the new audit report is developed. One part of the new audit report is the introduction of the key audit matters. The purpose of this section is to communicate the insights of the auditors about difficult audit issues to the users of the annual report (Christensen, Glover &, Wolfe, 2014). These key audit matters cannot be established without taking the risk from the significant estimates into consideration that management must make, when preparing the financial statements, and taking the process of identifying the risks of significance in perspective (Brouwer et al., 2016). The key audit matters provides relevant information for the users of the financial statements to decide if the disclosures provided by the management of the organisation are biased or not (Cordos & Fülöpa, 2015). It is essential to be aware of the unanimity of the risks mentioned by the organisation and the determined key audit matters of the auditor. This can provide the boards and users of the financial statements with information for understanding the relevance of reported estimates and risks for the financial statements (Brouwer et al., 2016). Furthermore, it is important to get more insight in the increase of transparency of the audit by adding the key audit matters, while this is one of the main drivers of the extended audit report (NBA, 2016).

(7)

Information technology (IT) is progressively used in today’s businesses, and organisations are operating more continuous than before (Sun, Alles, & Vasarhelyi, 2015). Research state that the implementation of continuous auditing (CA) will lead to an improved compliance, risk management and ability to achieve business goals, which will result in a more effective audit (Sun et al., 2015; Malaescu & Sutton, 2015). It provides 100 percent audit coverage of transactions on a near real-time basis (Gonzalez & Hoffman, 2016). Continuous auditing is becoming a key element in organisations for the monitoring of risk (Warren & Smith, 2006; Kuhn & Sutton, 2010). The use of continuous auditing leads to a faster, cheaper, more efficient and more effective audit. This is due to the fact that it expands the scope and frequency of the audit process, it enables auditors to immediately react to significant changes or events (Lins, Schneider, & Sunyaev, 2016). The implementation of continuous auditing will strengthen the communication within the organisation and will lead to a more effective independent assurance to the key stakeholders, while it can solve the lack of information (Warren & Smith, 2006; Kuhn & Sutton, 2010; Alles, Kogan & Vasarhelyi, 2004).

1.2. Gap in existing knowledge

Since the introduction of the extended audit report, specific research has been done about the key audit matters. According to Christensen et al. (2014) the key audit matters have a significant influence on the decisions of investors. Additional results show that the key audit matters section only has a small effect on non-professional investors compared to professional investors (Christensen et al., 2014; Köhler, Ratzinger-Sakel & Theis, 2016). Alternative experimental studies focused on key audit matters in relation to the impact on the attention of users to other components of the financial statements (Sirois, Bédard, & Bera, 2016) and the decisions of users (Boolay & Quick, 2016). Results show that users of the financial statements accessed issues related to the key audit matter disclosures more rapidly and paid more attention to them when they were communicated in the audit report (Sirois, Bédard, & Bera, 2016). Boolay & Quick (2016) show that the communication of the key audit matters has no significant influence on the perception of bankers. Supplementary research focuses on the relationship between the key audit matters and the audit liability (Brasel, Doxey, Grenier, & Reffett, 2016; Gimbar, Hansen, & Ozlanski, 2016; Kachelmeier, Schmidt, & Valentine, 2016). These results state that by disclosing the key audit matters in the extended audit report, significant decreases assessments of auditor liability (Kachelmeier et al., 2016; Gimbar et al., 2016) and are unlikely to increase auditor liability (Brasel et al., 2016).

Evidence on the relationship between the key audit matters and the risks reported by the board of directors is scarce. According to Brouwer et al. (2016) in only ten percent of the companies in their sample, the risks set out in the risk profile of the risk paragraph were also identified as a key audit matter in the audit report. An investigation of PwC (2014), reported a higher number, as those results show that about two third of the reported key audit matters is related to the risks reported by the management.

Several studies argue that the use of continuous auditing can help detecting fraud and can be used in risk management (Vasarhelyi, 2005; Kuhn & Sutton, 2006; Jans, Alles, & Vasarhelyi, 2013). As far as is known, until today there has not been any research done about the effect of the use of continuous auditing on the transparency of the audit report. This research will contribute to the knowledge by investigating the impact of continuous auditing in the audit.

1.3. Purpose

The purpose of this study is to investigate the relationship between the different stages of continuous auditing and the transparency of the audit report. Transparency is the availability of firm-specific information that is available for those outside the publicly traded firms (Bushman, Piotroski & Smith, 2004). A strengthened degree of transparency will lead to an increase of confidence of the investor in the financial reporting of the organisation (Deumes, Schelleman, Vander Bauwhede, & Vanstraelen, 2012). In this research, the transparency

(8)

of the audit report will be measured according to the transparency index. This index is defined as the relation between the risks reported by the board of directors in the annual report and to the key audit risks mentioned by the auditor.

1.4. Significance of the study

Scientific contribution

This research will contribute to the existing literature in three ways. First of all, this study is the first one to examine the relationship between the different stages of continuous auditing and the transparency of the audit report. Secondly, it extends previous research of Brouwer et al. (2016) by looking at the influence of continuous auditing, by making a distinction between different continuous auditing stages, on the consensus between the key audit matters and the risks mentioned by the board of directors and by performing this study within the United Kingdom. Brouwer et al. (2016) conclude that the key audit matters often match with the significant accounting policies and estimates in the notes of the annual report. It is interesting to look at the effect of continuous auditing on the match of the key audit matters and the risks reported in the annual report. Lastly, it gives insight in the different stages of continuous auditing applied within UK listed firms.

Practical relevance

The practical relevance of this study is that it will provide managers and board of directors insight in why the key audit matters are important for the relevance of the reported estimates and risks for the financial statements. Furthermore, it will show the usefulness of adapting continuous auditing for companies and auditors during the audit. The audit report is used by stakeholders to make, for instance, investment decisions. For this reason it is important for the organisation to be aware of the role of key audit matters in increasing transparency. Besides, it is an answer to the urgent need of stakeholders for more transparency. In line with this, the audit report influences the decisions of the stakeholders. By understanding the importance it will add more value to society (Brouwer et al., 2016; Christensen et al., 2014; Köhler et al., 2016).

1.5. Research Questions

It is interesting to know whether the use of continuous auditing will lead to a more transparent audit report. This leads to the following research question: To what extent is there a difference between the four stages of

continuous auditing in relation to the transparency of the audit report?

To answer this question the following sub-questions have been established:

i) What are the differences between the old and the extended audit report?

ii) What is continuous auditing and what kind of different stages can be established?

iii) To what extent is there a relationship between the key audit matters and the risks mentioned by the company?

iv) What is the relationship between the different continuous auditing stages of auditing and the number of reported key audit matters?

1.6. Structure of the paper

The remainder of this paper is organized as follows. First, relevant background information will be discussed, along with the development of the hypothesis of this study in the next chapter. The methodology is presented in section three. Followed by the results in section four. The conclusion and discussion of this study is represented in section five.

(9)

2. THEORETICAL FRAMEWORK

This section will provide further in-depth information about the audit report and will illustrate the differences between the extended and the previous audit report. Furthermore, it will explain the hypotheses development by discussing the transparency of the audit report and explaining the developments of continuous auditing. It will start with a general theoretical framework. The agency theory has a central position within this study since the auditor can reduce the information asymmetry between the investors and the managers. Next to that, the stakeholder theory will be discussed as it is an extension of the agency theory, by focusing on all the stakeholders.

2.1. General theoretical framework

In the following part the agency theory and the stakeholder theory will be discussed.

Agency theory

The agency theory explains the contrary interests and problems arising from the principals and agents within an organisation (Jensen & Meckling, 1976). Whereas the managers are called the ‘agents’ and the investors the ‘principals’, resulting from the separation between ownership and control. The main idea of the agency theory is that the interests between the principals and agents are deviated, which can lead to the fact that the actions of the agent can be disadvantageous for the principal (Eisenhardt, 1989; Hill & Jones, 1992). This is created due to the fact that the relationship where the principal engages the agent to perform some service on their behalf (Jensen & Meckling, 1976). Consequently, there is information asymmetry between the agent (managers) and the principal (investors) because there is a disbalance between the amount of organisational information. The auditor can reduce this asymmetry by improving the quality of the financial reporting of the company (Liu & Lai, 2012; DeFond, 1992; Jensen & Meckling, 1976). The audit report is the way in which the auditor communicates the viability of the company to society. In this case, the users of the financial statements are interested in the information about the key audit findings and the evaluation of the financial statement of the auditor, and less about the audit process itself (Vanstraelen, Schelleman, Meuwissen, & Hofmann, 2012).

Stakeholder theory

Next to the agency theory, the stakeholder theory will be discussed. The reason for this is that the agency theory focus is unilateral on the relationship between the investors and the managers in an organisation (Hill & Jones, 1992). The stakeholder approach states that doing business is about creating a maximum amount of wealth as possible for all stakeholders, without resorting to trade-offs, and can be used to determine the external and internal relationships between the stakeholders and the organisation (Freeman & Reed, 1983; Hill & Jones, 1992). A stakeholder is defined as a group or individual, whose support provides the existence of the organisation, otherwise the organisation would not exist (Freeman & Reed, 1983). Stakeholders of an organisation are, besides the managers and investors; suppliers; customers; employees; creditors; communities and the general public (Hill & Jones, 1992). This mixed structure of stakeholders leads to different needs and assumptions regarding the audit report (Litjens, Buuren & Vergoossen, 2015). This theory will be used in this study because the investors are not the only users of the audit report.

2.2. The audit report

As mentioned before, the audit report can be used to communicate with the stakeholders. The specific task of an auditor is to give an independent judgement about the financial statements of an organisation and to verify that these reflect the true image of the financial situation according to the applied country-specific rules (Saladrigues & Grañó, 2014; NBA, 2016a). This is an important function in society since the audit report influences the (investment) decisions of the users of the annual report (Christensen et al., 2014; Duréndez Gómez-Guillamón, 2003). The auditor communicates his opinion, which can be modified or unmodified, through the audit report. If

(10)

the auditor concludes that the financial statements are prepared, in all material aspects, with the appropriate financial reporting framework, he will assert an unmodified opinion. In the case of a modified opinion the auditor states that the financial statements as a whole are not free from material misstatements, or he cannot gain sufficient adequate audit evidence (ISA 700). The users of the financial statements considered the audit report in the last years useless due to the fact that the auditor used a standard format to give his opinion without further information about his proceedings (Gray, Williamson, Karp, & Dalphin, 2007; Kiss, Fülöp & Cordoş, 2015). The added value of the audit report is low when the users of it do not trust the information or dispute the amount of information that can be presented (Vanstraelen & Maijoor, 2012; Mock, Bédard, Coram, Davis, Espahbodi, & Warne, 2012).

2.3. Changes in legislation

The International Auditing and Assurance Standards Board (IAASB) and the European Union (EU) have adopted new auditor reporting requirements. These requirements contain the most significant assessed risks of material misstatement, including those due to fraud, as well as a discussion of the risk responses key observations arising with respect to those risks need to be reported (Afterman, 2016). The newly introduced audit report is, up till now, only applied in the Netherlands and the United Kingdom. The Dutch Koninklijke

Nederlandse Beroepsorganisatie van Accountants (NBA) introduced the new audit report as a reaction to the 53

actions set by the Dutch report ‘In het publiek belang’ (NBA, 2016b). Since December 2014 the new audit report has been mandatory for Public Interest Companies. For non- Public Interest Companies organisations it has been mandatory since January 2017 (NBA, 2016b). The Financial Reporting Council (FRC), corporate governance and reporting regulator in the United Kingdom, is frontrunner by introducing requirements for the extended audit report since 2013 (FRC, 2016). Next to the fact that the extended audit report made his introduction one year earlier in the UK than in the Netherlands, the UK has opted for a focus on the ‘story of the audit’, by reporting about the primary audit risks and materiality considerations, among the related audit work. The IAASB and PCAOB have opted for a focus on reporting more significant matters that arose during the audit and attracted the attention of the auditor (PwC, 2014).

The changes carried out made the newly introduced audit report more informative and structured. The main differences in the new audit report are: a) the start of the judgement of the auditor; an introduction of b) the key audit matters; c) the scope of the group audit; d) the materiality that has been used; e) more focus on the continuity of the organisation and (f) more attention for the readability of the report (NBA, 2016a).

2.4. Transparency audit report

As stated earlier, for the last years the transparency of the audit report is a subject of discussion. Critics argued that the amount of information given by the auditor was limited, which created a low extend of transparency. Due to this, the stakeholders of the organisation were not provided with sufficient information about the organisation. Stirred up by the financial crisis, the amount of trust according to the auditor has been decreased. The demand from stakeholders was to gain more relevant information through the audit report (IAASB, 2016). As a reaction to this, the new audit report was established to increase the amount of transparency and trust for the stakeholders (NBA, 2016). A strengthened degree of transparency will lead to an increase of confidence of the investor in the financial reporting of the organisation (Deumes et al., 2012). Transparency is defined according to Bushman et al. (2004) as the availability of firm-specific information for stakeholders outside the publicity traded firms. Within this study, transparency will be measured as to what extent there is unanimity between the risks mentioned by the board of directors in the annual report and the key audit risks mentioned by the auditor. Followed from the agency theory, an increase in organisation specific information will reduce the information asymmetry between the agent and the principal.

(11)

Key audit matters

The most significant change of the new audit report is the introduction of the key audit matters. The purpose of the key audit matters is to enhance the communicative value of the audit report by providing greater transparency about the performed audit (ISA 701). The key audit matters are significant matters in the audit according to the professional judgement of the auditor (ISA701). By introducing the key audit matters, the auditor gives more insight into certain specific items relating to the organisation, the audited financial statements, and the performed audit, which provides the users of the annual report with an increased amount of firm-specific information (FRC, 2016). According to the standards of the IAASB the description of each key audit matter requires a) a description of why the matter was considered to be a key audit matter; b) a discussion of how the matter was labelled in the audit and c) reference to the related disclosures in the financial statements (PCAOB, 2016; Afterman, 2016; PwC, 2015).

According to Brouwer et al. (2016), the degree of key audit matters which are specific for each company, differs from audit to audit. The key audit matters cannot be treated separately from the significant estimates made by the management during the preparing the financial statements, and the identification of the most important risks (Brouwer et al., 2016). By selecting the key audit matters the auditor has to take several aspects into account a) significant risks and areas of higher risks of material misstatement; b) areas requiring significant auditor and management judgment and c) significant events or transactions occurred during that year (PwC, 2015).

Risk paragraph

Risk reporting is defined as the communication of information about managers’ estimates, judgements, and reliance on market-based accounting policies in the financial statements (Khlif & Hussainey, 2016). According to the Dutch legislation1, a legal entity is obligated to include a description of the most significant risks and uncertainties confronted by the organisation in the annual report. The risk paragraph in the annual report is divided in a) a risk profile of the organisation; b) a description of the risk management system and c) the In-Control-statement, which is a declaration of the board about the design and implementation of risk management (Van Daelen & De Groot, 2014; De Groot, 2010). The risk paragraph is included in the Dutch Code of the

Commissie Tabaksblat, which was applied since 1 January 2004, and redefined in December 2016 (Monitoring

Commissie, 2016). Based on the Dutch legislation2, an organisation is mandatory to, at least, cover the risks related to strategy, operational activities, financial position, financial reporting and laws and regulations. The Dutch RJ400 code has been inspired by the UK Combined Code, which was actualised in September 2014 by the FRC (Van Daelen & De Groot, 2014). There are some differences between the two countries. The UK has additionally developed the ‘Guidance on Risk Management, Internal Control and related Financial Business Reporting’ Code. Based on this code, an organisation is obligated to provide a more comprehensive risk appetite, which includes a more detailed risk profile including risks which may potentially threaten the solvability, liquidity or future firm performance. Next to that, the board needs to report about the risk management and the mitigation of the risks. Furthermore, the board has to report at least once a year an evaluation of the effectiveness of the risk management system and the internal control in the annual report (Van Daelen & De Groot, 2014; Brouwer et al., 2016). The reported strategic, operational, financial, compliance and reporting risks, include a description of the principal risks that the entity faces given its strategy and risk appetite. The developments of these codes and the sharpened legislation and regulations are a reaction to the demand from stakeholders to gain more information-disclosure about risks and risk management (Van Daelen & De Groot, 2014).

It is important for the users of the annual report that companies report transparent and complete information about their risks and risk appetite. The lack of sufficient risk information disclosure in financial reports threatens

1_{Art. 2: 391 BW.}

(12)

the relevance of financial reports (Cabedo & Tirado, 2004). Within the scientific literature a wide range of risk definitions is used. This study will use a broad definition of risk, as risk will be defined as a disclosure that informs the reader about any opportunity, prospect, threat or exposure, that in the future may impact the organisation or already has impacted the organisation or management (Linsley & Shrives, 2006). The assessment of risks forces leaders to set priorities and makes that leaders can directly focus on the most important areas of the business. This results in a greater audit efficiency and effectiveness, enhanced internal controls and improved performance, reduction of cost and greater transparency (KPMG, 2010).

Key audit matters & Risk reporting

The risk analysis is an essential basis for the audit to develop an adequately audit program and thus the key audit matters mentioned by the auditor cannot be treated isolated from the risk reported by the company. This is due to the fact that the risks that management identifies as significant for the financial statements are also requesting attention during the audit (Brouwer et al., 2016). To compare the risks reported by the auditor and the risks included in the risk paragraph of the company will provide the users of the financial statements of sufficient information, and thus an increase of transparency.

As stated before the stakeholders feel the need for a specific clarification of significant company-specific risks (De Ridder & Steggink, 2009). The introduction of the new audit report fulfils this need, by inserting the key audit matters into the audit report as this will lead to more information for the stakeholders. The audit report will increase in value if the information is more organisation-specific (Maijoor & Vanstraelen, 2012). When the key audit matters mentioned by the auditor are related with the risk reported by the company, it can be stated that the key audit matters have a high informational value, as these are entity specific risks (PwC, 2014). An increase of organisation specific information, is accompanied with more transparency, and will increase the value of the audit report according to the stakeholders. In line with the stakeholder theory, an increase of organisation specific information increase the usefulness of the audit, and the transparency of the audit report. To investigate the amount of transparency the following hypothesis is developed:

Hypothesis 1: The key audit matters reported in the audit report are related to the risk reported by the

company.

2.5. Continuous Auditing

Continuous auditing is defined as a methodology that supports independent auditors to provide written assurance on a subject matter, for which the management of an organisation is responsible, using a series of auditors’ reports issued virtually simultaneously with, or a short period of time after, the occurrence of events underlying the subject matter (CICA/AICPA, 1999). Vasarhelyi, Alles, Kuenkaikaew & Littley (2012) define continuous auditing as the use of a maximum possible degree of audit automation by taking an advantage of the technological basis of the firm to reduce audit costs and increase audit automation. Within this study the definition of Vasarhelyi et al. (2012) will be used.

Attributable to the technological changes in the digital economic world, there is an increased use of continuous auditing during the audit. The IAASB published a Technology in the Audit report as a reaction to the current developments in the audit work field (IAASB, 2016). The introduction and the developments of Information Systems have an increased impact on the audit. For example, the storage of information was in 2000 only 25 percent in digital format, in contrast with more than 98 percent in 2013 (Cukier & Mayer-Schoenberger, 2013). The use of continuous auditing started to take form in 2000s. The notion of continuous auditing already arose in the late 1980s and early 1990s, whereas different theoretical principles and theoretical framework started to develop (Chiu, Liu, & Vasarhelyi, 2014; Brown, Gardner, & Vasarhelyi, 2007). In 1991 Vasarhelyi & Halper (1991) developed the first tools for the implementation of continuous auditing, and demonstrated that that it is

(13)

important to bring auditing closer to the operational process for an effective implementation of continuous auditing.

Due to the developments which led to technological change, the demand for continuous auditing has been increased (Singh, Best, Bojilov, & Blunt, 2014; IAASB, 2016). Organisations are more complex and there is more need for an integrated business process (Singh et al., 2014; Vasarhely, Alles, & Williams, 2010). Digital information systems are capable of handling, analysing, communicating and responding to these data-related changes (IAASB, 2016). The use of continuous auditing provides relevant information on a real-time and constant basis, which leads to a high degree of assurance on information (Kuth & Sutton, 2010). The audit profession is constantly changing due to applying the latest technologies, to improve process and procedure efficiency and effectiveness. Prognostic, the use of continuous auditing will only increase more, and will be widely adopted and implemented both in the internal and external audit (Byrnes, Ames, Vasarhelyi, Pawlicki, & McQuilken, 2012; Chiu et al., 2014).

Continuous auditing exists of certain common characteristics. These include a) a layer of software on top of most critical corporate software; b) a process of continuous control and monitoring to gain business assurance by both internal and external assurors; c) a constant stream of measurements plotted in key processes; d) a refined dynamic set of standards to compare with the metrics; e) a set of dynamic exception metrics to determine when an alarm is to be issued, and its degree of importance; f) an analytic layer to perform additional analysis related to several corporate functions and g) a new level of statutory reporting that may include reports to governmental agencies (Alles et al., 2004). These characteristics are incorporated in the Audit Maturity Model, which will be clarified later in this study.

Littley (2012) states that the use of data analytic tools and techniques helps to fundamentally transform and improve audit techniques, which leads to better forecasts of estimates, including fraud. Next to that, it is a way to reduce the costs of audits by an increase of effectiveness, because continuous auditing is less labour and time intensive (Chan & Vasarhelyi, 2011). Another driver of the implementation of continuous auditing is followed from Section 404 of the Sarbanes-Oxley Act, which made it mandatory to include effective internal controls over the financial reporting process (Alles, Kogan, & Vasarhelyi, 2002; Alles, Kogan, & Vasarhelyi, 2008; Alles, 2015). The introduction of the Enterprise Resource Planning systems (ERP) followed by an increase of the adoption of IT in the audit. ERP systems provide the auditors with the competence to undertake continuous auditing (Alles et al. 2008). The implementation of an ERP system leads to a higher amount of information sharing. By not using an ERP system as a company, you create a competitive disadvantage (Davenport, 1998; Alles, 2015). In other words, competitive pressure is a driver for the use of continuous auditing. If a company uses Big Data, the auditor is more or less also forced to keep up with their clients innovations (Alles, 2015).

2.6. Continuous auditing stages and transparency of the audit

According to Vasarhelyi et al. (2012) the use of continuous auditing can be divided in four different stages. This has been called the Audit Maturity Model (Table I of Appendix A).

Stage 1: Traditional Audit

Stage 2: Emerging Continuous Audit Stage 3: Maturing Continuous Audit Stage 4: Full Continuous Audit

These stages are divided in seven different categories. A detailed description of these criteria are included in Table II of Appendix A.

(14)

The first stage of the Audit Maturity Model, is defined as the traditional audit. The traditional audit is a periodic (annual) audit with a reactive approach. In this stage the automatisation level is low, and only simple processes are automated. The level of automatisation increases in the second stage, whereas audit management software is used and there is some degree of coordination between the risks and auditing. In the third stage, maturing continuous audit, there is a high level of automatisation. The internal audit and IT audit are shared audit processes and key process indicators are used instead of financial ratios as analytical tools (Vasarhelyi et al., 2012). In the full continuous audit stage, there is a continuous or more frequent audit, and a proactive approach is used (Chan & Vasarhelyi, 2011). Risk management is centralised within the company and there is complete data access (Vasarhelyi, et al., 2012). Internal control testing is performed more often under continuous auditing than under traditional auditing. This is beneficial for companies operating in an environment with a high amount of risk, due to the fact that real time auditing the risks can be constantly analysed. If unexpected events occur management can react faster than under the traditional audit, because of the use of early warning systems (Chan & Vasarhelyi, 2011).

In the current economy, organisations are becoming more complex and business processes are interweaving with each other. By applying proactive auditing, it will help to identify errors and omissions within the different processes more frequently, and will reduce fraud (Chan & Vasarhelyi, 2011). The external auditor, by applying continuous auditing, can perform high level analytics to make, for instance, an audit trail to detect inconsistencies (Chan & Vasarhelyi, 2011).

The goal of continuous auditing is to create an overall visibility of the risk and performance of the organisation by using technology. Though it is important to understand the risk profile of the company for the implementation of continuous auditing, as it can be used to pre-emptively detect control failures and enhance risk control. The implementation of continuous auditing leads to a reduction of cost, a more effective audit and increase of transparency (KPMG, 2010). Based on the evidence above, there will be expected that the use of continuous auditing, stage 4, is associated with an increase of transparency of the audit report, and thus differences between the four stages are expected. Furthermore, it will be interesting to investigate if there is any difference between the amount of key audit matters reported within each stage of the model. Due to the shortage of predictive prior research, there is no directional prediction for all four stages, thus the following hypotheses are developed:

Hypothesis 2A: There are differences between the continuous auditing stages and the transparency of the audit

report.

Hypothesis 2B: There are differences between the continuous auditing stages and the number of reported key

(15)

3. METHODOLOGY

This section will explain the examination and testing of the hypotheses described in the previous section. At first there will be a description of the data collection and sample distribution. Subsequently the measurement methods of this study will be explained. Followed by a description of the control variables included in this research. To conclude this section, an explanation of the tested hypotheses will be discussed.

3.1. Data collection and sample distribution

In order to examine and test the formulated hypotheses in section 2, an explorative archival study has been conducted with tertiary data. Data were obtained from 250 annual reports from the London Stock Exchange Main Market companies. The value of the companies was measured according to the market value at the beginning of 2015. The sample of this study consists of annual reports of the year 2015 to make the results more generalizable for the present. Next to that, it gives a good representation of the current situation and the developments, as the extended audit report is now obligated for three years in the UK. Companies without a stock listing in the year 2015 were eliminated from the sample, as well as companies without a Big-4 firm as auditor. The same for companies for whom it was not possible to perform the content analysis.

3.2. Measures

The measures used in this study are based on literature. In the following section the measurements of each variable including the control variables will be discussed.

Dependent variable

As explained in the previous chapter this study uses two different dependent variables, the number of reported key audit matters and the transparency index. The first one, the number of reported key audit matters, will be measured by a sum of the total number of reported key audit matters by the auditor, represented in the audit report. The second one, the transparency index, consists of a comparison between the key audit matters mentioned by the auditor and the risk reported in the annual report by the board of directors. For each company the collection started by writing down the key audit matters reported by the auditor. After the collection of the reported risks by the board of directors, a comparison is made, inspired by the format used in the paper of Brouwer et al. (2016). This study extended the format by numbering each key audit matter, with 0, 1 or 2 points, to express the consensus between the key audit matters and the risks reported in the risk paragraph in the annual report. The 0 was allocated if the key audit matter was not reported as a risk in the risk paragraph by the management. The number 1 was assigned if the subject of the key audit matter is mentioned as a risk, but was not complete or had a different perspective. The last number, 2, has been assigned if the key audit matter was reported, with the same perspective and thus completely corresponds with the risks mentioned in the risk paragraph. The total sum of scores was divided by two times the number of key audit matters reported. This was done to make a correction for the amount of key audit matters, as the amount of key audit matters differ for each company. To minimalize the effect that a company with a higher amount of reported key audit matters will lead to a lower score, a correction was made to minimalize the effect between the amount of reported key audit matters. This new score, TRANS, was developed to measure the transparency of the audit report.

Independent variable

This variable consist of four different auditing stages in which a company can operate. The measurement of this variable is based on the study of Vasarhelyi et al. (2012). This study developed four different stages for the implementation of continuous auditing based on the Technology Adaption Lifecycle model of Bohlen et al. (1957) and Rogers (1962). These models are used to distinguish different stages for the adaption used within auditing. By combining the Audit Maturity Model (Vasarhelyi et al. 2012) and the study of Chan and Vasarhelyi (2011) a content analysis was created, see Table III of Appendix B. This research method that can be used to

(16)

provide descriptive results of the nature of publications (Chiu, 2013). Within this content analysis a differentiation was made between words for the auditor report and the financial statements. The content analysis was conducted by the use of the Linguistic Inquiry and Word Count program (LIWC). The LIWC program automatically makes analyses that are free of judgement, and excludes impression management, which increases the objectivity. For this study a new word-list was developed based on the articles of Vasarhelyi et al. (2012) and Chan and Vasarhelyi (2011). An overview of the words used in the content analysis is included in Table III of Appendix B. After the program analysed the annual reports, the words founded were manual analysed within the text around them. By performing a manually search for all the specific established words in the annual report, information was gathered about the different topics within the financial statements and the audit report. By analysing the collected information in the annual report, the company was determined to a specific stage of the Audit Maturity Model.

As shortly mentioned before, there are four different stages determined in this model. The first one, traditional audit, is used to determine companies with no or few usage of continuous auditing implementation within their organisation, and thus less use of it during the audit. The second one is the emerging audit. These kind of companies have already made a few adjustments concerning continuous auditing, for example, the use of key performance indicators. Within the maturing audit, stage 3, there is a greatly use of automated processes, and benchmarking is used to analyse the performance of the company. The last stage, continuous auditing, is a full implementation of continuous auditing. The processes are fully automated and the different systems of different departments are connected with each other. The auditor can use for instance data analysis to make better forecasts. This due to the fact that there is a constant evaluation of the different processes, data and developments within the company. For each company within the sample the stage of continuous auditing was determined.

3.3. Control variables

In order to exclude the possibility of influences of other variables, with the exception of the different stages of continuous auditing on the transparency of the audit report, this study included four control variables. The four control variables enclosed in this study are industry of the organisation (IND), Big-4 audit organisations (BIG_4), the size of the organisations (SIZE) and Performance (LOSS). Table 1 gives an overview of the measurements of the different variables used within this study.

Big-4 accounting firms

Prior literature investigated the differences in quality between big and small accounting firms. Numerous studies showed a positive relationship between the big accounting firms and the quality of the audit (Francis & Yu, 2009; DeAngelo, 1981; Francis, 2004). Risk assessment is an important process within the audit. By assessing the risks of the client the auditor uses his professional judgement (Holt & Morrow, 1992). And thus, professional judgement is also needed to determine which and how many key audit matters to include in the audit report (ISA 701). Research state that decision-making process, including the risk assessment, is influenced by the culture of the organisation, which differs for each organisation (Windsor & Ashkanasy, 1996). This study included the variable big-4 accounting firms. To include this variable in the regression analysis, a dummy variable was created for each group. As the dummy in this study consists of four groups, three dummy variables were needed (g – 1) (Keith, 2014). In line with prior research, Deloitte was marked as a reference, the control group, as this company performed around a quarter of the audit of the total sample (FRC, 2016; Keith, 2014). The number one was assigned to the company if the audit was not performed by the dummy.

Industry

Companies within the same industry face the same risks, and tend to adopt the same reporting strategy (Lopes & Rodrigues, 2007). This will lead to less variation between the reported risks of the firms within the same

(17)

industry. According to Minutti-Meza (2013) industry knowledge has a significant influence on the quality of the audit report, and will lead to a more firm-specific audit, and thus an increase of the quality of the audit. The financial statements include industry-specific estimates reflecting the company’s business environment and industry. Results show that the audit needs to be based on the industry-specific risks (Cohen, Hoitash, Krishnamoorthy, & Wright, 2013). Furthermore, there are legislation differences between the industries which influences the risk reporting of management. For example, the financial industry is considered as a highly regulated sector, thus a lower variation of risk disclosure across firms (Lopes & Rodrigues, 2007). This study made a deviation between financial and non-financial companies by creating a dummy variable, using the SIC-code of the company. Companies operating in the non-financial industry, the control group, were assigned with the number zero, and firms in the non-financial industry with the number one.

Profitability

Well performing firms will report less about risks while they have less inherent risks. On the other hand, they have more resources to invest in effective internal controls and may have greater incentives to successfully report their risks (Deumes & Knechel, 2008; Khlif & Hussainey, 2016). Profitability is measured in this study as a dummy, looking at the profit of the year 2015 and 2014 (1 = both years loss; 0 = no).

Size organisation

Large organisations are more complex, and have more stakeholders compared to smaller organisations, which will increase incentives for management to report about organisation risks (Amran, Bin & Hassan, 2009; Khlif & Hussainey, 2016; Deumes & Knechel, 2008). Larger organisations have more stakeholders, and have more incentives for greater transparency, by improving confidence. Next to that, larger companies have effective information systems, which makes it less costly to disclose risks (Lopes & Rodrigues, 2007). Research states that there is a positive relationship between the size of the company and the number of risk disclosures (Firth, 1979; Beattie, McInnes, & Fearnley, 2004; Linsley & Shrives, 2006). Furthermore, other research states that larger organisations have longer audit reports, containing more information (Li, 2008) Concluding, the size of the organisation is associated with the transparency of the audit report. This variable will be measured by taking the logarithm of the total assets.

3.4. Testing

To test the first hypothesis of this research, a content analysis was performed to analyse the subject of the key audit matters compared with the risks reported by management. As explained above, a new index was created by adding numbers to each key audit matter, to determine the extent of conformity between them, by a manual analysation of each risk. The higher the number of TRANS, the more transparency there is.

For analysing the second hypothesis (2A/2B), the influence of the stage of continuous auditing on the amount of reported key audit matters and the transparency of the audit, an One-way ANOVA test was performed. The relationship between the independent variable, continuous auditing on the dependent variable, the transparency of the audit (TRANS), was tested. The same goes for the relationship between the auditing stage and the number of reported key audit matters (KAM). The formulas are presented in figure 1 and 2. For each company was determined, by labelling a 1,2,3 or 4, in which stage of continuous auditing the audit is performed. By doing this, four independent groups were created. For each group the significant relationship with the transparency-index was tested. If the One-way ANOVA showed a significant difference between the different stages for the transparency index or the number of reported key audit matters, a Post-hoc test was performed for a more in-depth analysis of these differences.

(18)

To test the influence of the control variables and the independent variable, continuous auditing stages, with the dependent variables, a regression analysis was performed. First, a correlation test has been conducted, followed by a multicollinearity test. For each dependent variable, three models have been developed.

Figure 1: Linear regression model Transparency Index

Figure 2: Linear regression model number of Key Audit Matters

TABLE 1 Measurements of variables Measurement

KAM The number and matters reported key audit matters in the audit report.

RISK The number and matters of risks reported by management in the risk paragraph in the annual report.

A index created by the comparison between the reported key audit matters (KAM) and the risk

reported in the risk paragraph (RISK). 0 – no similarity

1 – partly similar 2 – complete similar

The stage of continuous auditing used within the audit, measured by a content analysis.

1 – traditional audit

2 – emerging continuous audit 3 – maturing continuous audit 4 – full continuous audit

A dummy variable to measure the deviation between financial and non-financial companies.

0 – non- financial company 1 – financial company

Measured by creating a dummy variable, to control for the different big 4 accounting firms.

(Expressed in g-1) 0 – Deloitte 1 – PwC 2 – EY 3 – KPMG

Measurement of the size of the organisation by calculating the logarithm of the total assets of

the year 2015.

To measure the performance of the company by looking at the net profit for the years 2015

and 2014, with a dummy variable.

0 – no loss reported in both years, or only in one of the two years. 1 – loss reported in both years

(19)

4. RESULTS

In the previous section the measurement methods to test the hypotheses were discussed. This chapter will discuss the results of the performed statistical analysis. At first, an overview of the sample used in this study will be given. Furthermore, the results of the statistical tests performed will be discussed.

4.1. Descriptive statistics

The total sample used in this research consists of 215 companies. Companies for whom it was not possible to calculate the transparency index were excluded (12 companies). The same was done for the companies without the mandatory available data to perform the analysis (6 companies) and for whom the content analysis could not be completed (11 companies). After excluding these companies, and the companies without a big-4 auditor (6 companies) the remaining number of companies consisted of 215 companies. Before using this sample the data were checked for outliers. The presence of outliers are the cause for a weaker relationship between the dependent and independent variable. It is important that there is a minimum influence of the outliers on the relationship. By using the winsorizing technique the sample was checked for the existence of outliers. The result of this showed that there are no outliers in the sample.

Table 2 shows the descriptive statics of all the variables used in this study. To answer the first hypothesis, as can be seen, the average transparency index is 0.287 (SD = 0.231, N = 215) with a minimum point of zero compared to a maximum number of points of one. This gives an answer on the first hypothesis, showing a transparency index of 0.287, which is not high. On average, the mean of the reported number of key audit matters, in this sample, is 3.7 (SD = 1.572, N = 215). The maximum amount of reported key audit matters is nine, compared to one as the lowest. This is in line with previous research about the amount of reported key audit matters in the UK (FRC, 2016).

To have a clear view of the distribution of auditing stages within the sample, Table 3 was created. As displayed, the maturing audit stage is, with 42.5 percent, the biggest group within the sample, closely followed by emerging audit with 37.2 percent. The smallest group consist of the traditional audit (3.3 %). The stage continuous audit is represented by 17.2 percent. This confirms that continuous auditing is upcoming, and is not adopted by every company and auditor. Reasons for this could be that the company does not have a fully automated system.

TABLE 2

Main descriptive statistics of all the variables

N Mean SD Min Max

Transparency Index 215 0.287 0.231 0 1.0 Reported KAM 215 3.700 1.572 1.0 9.0 Auditing stages 215 2.735 0.779 1.0 4.0 Big 4 215 1.577 1.120 0 3.0 Industry 215 0.205 0.404 0 1.0 Size 215 9.596 0.785 6.262 12.382 Loss 215 0.898 0.304 0 1.0 TABLE 3

Distribution of Auditing stages

Frequency Percentage Traditional audit 7 3.3 % Emerging audit 80 37.2 % Maturing audit 91 42.5 % Continuous audit 37 17.2 % N 215 100 %

(20)

The distribution of the Big-4 audit firms within the sample is presented in Table 4. PwC represents the largest amount of companies, with 31.2 percent, followed by 29.8 percent of KPMG. EY has the smallest share in the sample, 18.6 percent, and Deloitte has 20.5 percent.

TABLE 4

Distribution of Big-4 audit firms Frequency Percentage Deloitte 44 20.5 % PwC 67 31.2 % EY 40 18.6 % KPMG 64 29.8 % N 215 100 %

After conducting the descriptive statistics, a Pearson correlation analysis was performed to measure the correlation between the dependent variable Transparency index and the control variables industry, size and reported loss. Performing this analysis will give insight in whether and to which degree the variables are related. As shown in Table 5, there is a significant positive correlation between the variable firm size and reported loss. Furthermore, the results show no significance correlation between the variables and the transparency index. To exclude multicollinearity the VIF-factor was calculated. The test results presented a highest VIF score of 1.120, which indicates that there is no danger for multicollinearity.

TABLE 5

Correlation analysis between the control variables & transparency index

N 1 2 3 4

1. Transparency Index 215 1

2. Industry 215 .092 1

3. Size 215 .112 .241** 1

4. Loss reported 215 -.074 .019 -.195** 1

This was also done for the same control variables and the different dependent variable, number of reported key audit matters. As can been seen in Table 6, the variables industry and firm size correlates positively with the number of reported key audit matters. The correlation between the control variables exists between size and industry and between loss reported and size. Testing showed a highest VIF of 2,034, which states that there is no danger for multicollinearity.

TABLE 6

Correlation analysis between the control variables and number of reported KAM

N 1 2 3 4 1. # KAM 215 1 2. Industry 215 -.172* 1 3. Size 215 .292** .241** 1 4. Loss reported 215 -.120 .019 -.195** 1 * p < 0.05 (2 tailed) ** p < 0.01 (2 tailed)

(21)

4.2. Testing Hypotheses

Hypotheses 2A/2B

To test the hypotheses 2A and 2B, a One-way ANOVA analysis has been conducted.

Table 7 shows the results for hypothesis 2A, the differences between the four auditing stages and the transparency index. The results state that there is no significant difference, F (3, 221) = 0.217, p = 0.884, between the four auditing stages and the level of transparency.

The performed One-way ANOVA analysis, to test hypothesis 2B, was significant, F (3, 211) = 3.185, p = 0.025, which indicates that differences in auditing stages have an influence on the reported amount of key audit matters. A post-hoc test showed that the average of reported key audit matters is higher for companies in the continuous auditing stage (M = 4.19, SD = 1.777). Furthermore, it showed that a company assigned to the continuous auditing stage has a significant higher number of reported KAMs compared to companies in the emerging audit stage (p = 0.006). The differences between continuous auditing and traditional is surprisingly not significant (p = .103), the same goes for the maturing audit stage (p = .202). In addition, there are no significant differences within and between the other stages.

Next to that, it is interesting is to know if there is some difference between the Big-4 accounting firms and the level of transparency. The results in Table 9 show that there are no significant, F (3, 221) = 0. 408, p = 0.747, differences between the four different Big-4 accounting firms and the level of transparency.

TABLE 7

Transparency Index by Auditing Stage

Mean SD Traditional audit 0.339 0.316 Emerging audit 0.296 0.229 Maturing audit 0.278 0.212 Continuous audit 0.278 0.265 N = 215 TABLE 8

Number of reported Key Audit Matters by Auditing Stage

Mean SD Traditional audit 3.14 1.345 Emerging audit 3.33 1.474 Maturing audit 3.80 1.536 Continuous audit 4.19 1.777 N = 215 TABLE 9

Transparency Index & number of reported KAM by Big-4 accounting firm

Mean SD

Transparency #KAM Transparency #KAM

Deloitte 0.272 3.75 0.230 1.383

PwC 0.295 3.70 0.222 1.596

EY 0.260 4.35 0.210 1.889

KPMG 0.305 3.16 0.255 1.300

(22)

Control variables

Last but not least, a multiple linear regression analysis has been conducted to measure the relationship between the dependent and independent variables, including the control variables. Table 10 shows the results of the performed analysis. To make sure that there is consistency, three different models were developed. The first model only includes the control variables and the dependent variable, transparency index or number of reported key audit matters. The second model is extended with the dummy variable Big-4 accounting firms. All the variables together constitute the third, and last model. At first, the results will be discussed for the transparency index variable as dependent variable.

The first model, which is not significant (F = 1.831, p = .143 > .1) shows that the variance of the relationship between the control variables and the dependent variable, for 2,6 percent (R-square = 0.026), can be clarified by the control variables. The model shows no significant relation between the transparency index and the control variables, industry (B = .059, t = 1.426, p = .155 > .1), size (B = .022, t = 1.026, p = .306 > .1) and reported loss (B = -.049, t = -.939, p = .349 > .1). Looking at model two, also not significant (F = 1.443, p = .200 > .1), shows that the big-4 accounting firms together with the control variables, the variance in the transparency index for 4.1 percent influences. This is an increase compared to the first model, but both the models are not significant. The last, not significant, (F = 1.005, p = .438 > .1) model, which includes the independent variable auditing stages as well, shows that combining these variables leads to only a small increase of influencing the variance of the transparency index to 4.4 percent (R-square = .044). The auditing stages shows no significance difference between the transparency index (B = -.024, t = -.390, p = .697; B = -.030, t = -.58, p = .562; B = -.039, t = -.660,

p = .510 > .1).

In order to test the control variables for the dependent variable, the number of reported key audit matters, three new models were developed. The significant results (F = 10.458, p = .000) in model 1, show that the variance in the number of key audit matter is influenced by 13.4 percent (R-square = .134) by the control variables. Specific, industry leads to a significant lower number of reported key audit matters (B = -.893, t = -3.338, p = .001) and firm-size has a significance positive influence (B = .671, t = 4.891, p = .000). By adding the Big-4 accounting firms, model 2, shows that it leads to a significance influence on the number of reported key audit matters (F = 7.328, p = .000), which explain 18 percent of the variance. Looking closer, the results shows that the Big-4 accounting firm EY reports significantly more key audit matters compared to Deloitte (B = .551, t = 1.695, p = .092 < 0.1). In order to test the influence of the different stages of auditing to the number of reported key audit matters, a regression has been conducted. The regression (model 3) tested significant (F = 5.479, p = .000) and explained 20 percent of the variance in the reported key audit matters (R-square = .200). Furthermore, the regression shows no difference between the different auditing stages (B = -.180, t = -.465, p = ,642; B = .236, t = -.714, p = ,476; B = .489, t = 1,313, p = ,191 > .1).

(23)

TABLE 10 Regression analysis

Model 1 Model 2 Model 3

Transparency #KAM Transparency #KAM Transparency #KAM

Intercept .110 -2.355 .066 -2.074 .067 -.1355

Auditing stages

- Emerging audit -.024 -.180

- Maturing audit -.030 .236

- Continuous audit -.039 .489

Big-4 accounting firm

- PwC .054 -.125 .054 -.095 - EY .007 .551* .005 .553* - KPMG .068 -.440 .058 -.495 Industry .059 -.893*** .063 -.908*** .060 -.892*** Size .022 .671*** .023 .639*** .026 .558*** Loss reported -.049 -.240 -.060 -.129 -.057 -.220 N 215 215 215 215 215 215 R-Square .026 .134*** .041 .180*** .044 .200*** * p < 0.1 ** p < 0.05 *** p < 0.01

Continuous Auditing: an increase of transparency?