An analysis of client's strategy content and strategy process: Impact on risk assessment and audit planning

Since the late 1990s, auditing firms have been developing and implementing new, “strategic systems” audit (SSA) approaches that emphasize the link between business risks arising from client operations in the context of a given industry, and accounting choices associated with measuring, recording, and reporting the results of these operations. To date, no published studies, and only a few working papers, investigate how auditors using such approaches assess client business risk, and how they link risk assessments with financial statement assertions (Choy and King 2002; Ballou et al. 2002; O'Donnell and Schultz 2002). This study investigates two research questions. First, it examines whether the analysis of client strategy within an SSA improves the effectiveness of risk assessments and audit planning. Second, this research examines whether the analysis of client strategy content or strategy process is associated with more accurate risk assessments. To achieve the study's objectives, a 2 (SRA-content) x 2 (SRA-process) between-subjects experiment was conducted. The separate analyses of client strategy content and strategy process as between-subjects conditions allowed for examining which of these two aspects of strategy is more helpful to the auditor in risk assessment and audit planning. Findings in this study provide preliminary evidence in support of “systems thinking” driven analyses of client strategy during the orientation phase of an audit. Auditors who perform analyses of a client's strategy improve their assessments of inherent and auditee risk, when managers' assessments are used as within-cell matched benchmarks. In addition, analysis of strategy content appears to facilitate assessments of the client's control environment at the entity level and assessments of the control risk at the level of a business process. Senior auditors' risk assessments do not appear to decrease in variability, possibly due to the greater number of information cues processed in the conduct of strategic analyses.