The Economics of Auditor Regulation
Financial statement auditing is useful as it provides assurance about the reliability of financial information that firms issue. To protect companies’ stakeholders and to safeguard audit quality, financial statement auditing is heavily regulated. We explain why and when auditor regulation is necessary and warranted, and discuss important recent changes in auditor regulation, such as mandatory audit firm rotation in the EU. We also identify a number of auditing-related issues that require further deliberation.Keywords:: Auditing, regulation, financial stability
External (financial statement) auditors provide assurance about the reliability of the financial information that companies issue. This information can be used by shareholders and other stakeholders for decision making—for example, to decide whether to buy or sell shares in the company, or whether a loan should be granted or extended to the firm. It is the management of the company that prepares the company’s financial statements. Many stakeholders do not have financial and accounting skills to judge whether the information that management provides is reliable. Moreover, even if they have so, they do not have access to the inside information that corroborates the financial statement information. Company management may have incentives and opportunities to “lie” about the true economic condition of the firm, and to provide financial information that is distorted. External auditors are technical experts that can mitigate this information risk by investigating the financial statements of a company and the underlying transactions, and attesting to whether the financial information that management provides is reliable or not. Financial statement auditors should be independent from the firm to avoid collusion with management, and their main role is to provide assurance to the users of the financial statements that the latter are reliable.
Financial statement auditing is a professional, economic and regulated activity executed by individuals with the help of audit technology (Hay, Knechel, and Willekens, 2014). All these aspects of auditing are interrelated and jointly affect what the eventual quality of an audit will be. An audit is conducted by professionals who have acquired the specific skills and knowledge necessary to perform the audit, and who possess the appropriate license to mark themselves out as a professional. In the course of an audit, specialized technology is used to augment the professional expertise of individuals. Further, audits are economic goods in the sense that a market exists to match those who will supply an audit with those who would demand an audit. In that market, auditors compete with each other to obtain new clients. However, audits and the audit market are also very heavily regulated. Who needs an audit, who can supply an audit, and the conditions under which the two parties can contract for audit services are all subject to various forms of regulation. There is also a risk of litigation against the auditor in the case of malpractice. Because auditing is a human activity conducted by individuals, the quality of a specific audit is conditional on individual auditor characteristics, the incentives that auditors face, as well as the audit (and audit- and accounting-related) regulation. Given all these aspects, auditing is a complex phenomenon to study and understand.
There exists a rich academic literature that investigates the various drivers that affect financial statement auditing and audit quality (for reviews, see DeFond and Zhang, 2014; Francis, 2004; Langli and Svanström, 2014; Lennox and Wu, 2017; and Vanstraelen and Schelleman, 2017). In this chapter, we will only zoom in on economic theories that relate to audit regulation and how regulation has developed. Auditing is heavily regulated, and both demand and supply/production of auditing is subject to various forms of regulation. In the past decade in particular, we have seen a large increase in auditor-related regulation globally as various accounting and auditing scandals triggered deeper audit regulation under the premise of improving audit quality. The best-known example is the Sarbanes-Oxley Act in the United States. The latest European audit legislation (European Union, 2014 a and b) is one of the more recent regulatory changes that fits under this umbrella. It is worth noting that the new regulation primarily concerns audits of public interest entities (PIEs) such as banks, insurance companies and listed companies, and the audit firms that serve these companies. For non-PIEs and audit firms that only audit non-PIEs, the regulation has hardly changed. And in countries with mandatory auditing for non-listed firms, which is the case in, e.g., the EU and Norway, regulation has been eased as small companies are now allowed to opt out of auditing.
This chapter proceeds as follows: Next, in section 10.2, we discuss the economic theory of audit regulation. Section 10.3 describes important new audit regulations that have been put in place in the aftermath of the financial crisis of 2007–2008. We limit our discussion to the developments in the EU and the United States. In section 10.4, we identify research opportunities related to audit regulation, and point to a severe challenge for auditing researchers, namely their lack of access to relevant data from audit firms and regulatory bodies.
10.2 Economic theory of audit regulation
There are various theories of regulation. In this section, we will only focus on economic theories that apply to the audit setting.
10.2.1 Why is there audit regulation?
According to economic theory of regulation, there is a prima facie case1Note that it is only a prima facie, and not a conclusive, case for such intervention. The reason is that the regulatory solution may be no more successful in correcting the inefficiencies than the market or private law, or that any efficiency gains to which it does give rise may be outweighed by increased transaction costs or misallocations created in other sectors of the economy. for regulatory intervention when there is market failure that is accompanied by private law failure (Ogus 1994). Market failures are usually caused by lack of adequate information, lack of competition or by externalities, and exist when the quantity or quality of a good supplied differs from the socially efficient outcome. In such cases, government regulation that moves the private output of a good closer to the socially efficient solution can improve social welfare (efficiency) in a Pareto sense. Applied to the market for audited financial information, market failure exists if the output of audited information in annual reports or distributed via other corporate communication channels is non-optimal in a Pareto sense in the absence of audit regulation (Eilifsen and Willekens 2008).
An early rationale for audit regulation was to protect the users of financial information (i.e. the investors), as they were presumed not to have perfect access to company information (see, for example, Watts and Zimmerman 1986). Disclosure choices of accounting information might create negative external effects (or externalities2 Although ‘market failure’ and ‘externality’ are related concepts, and sometimes used interchangeably, they are not synonymous. Market failure can be caused by externalities, but can also be caused by other factors, such as monopoly situations, public goods, and informational asymmetry (see, for example, Cooter and Ulen, 1988).) to users of this information, for instance by not providing adequate information about bonus plans for top management, or the terms of sale and leaseback transactions. In general, an externality exists where an action of one economic agent affects the utility of another in a way that is not reflected in the market place (Just et al., 1982: 269). Losses to financial statement users due to resource allocation decisions based on defects in audited financial statements that the auditor did not detect or report, could be seen as an ‘externality’. Directors and the external auditors can thus be considered as jointly responsible for ‘hazardous’ or misleading financial reporting. The externality is aggravated by informational asymmetry. Directors and external auditors have more information about the value of the firm than external parties. In addition, the delivered audit quality by auditors cannot be observed by clients and third party users of financial statements. The social objective of audit regulations and liability could be seen as means to correct for various externalities created by directors and external auditors such that total social utility is improved. Policies adopted to correct for hazardous financial reporting behavior—that is, the behavior of the directors—will necessarily have an impact on audit demand, since the directors are the ones who acquire audit services. Policies adopted to correct for externality-generating audit behavior will necessarily affect audit production—or the behavior of the auditor (Willekens, Steele and Miltz, 1996).
10.2.2 Different types of regulation in the audit context
Ex ante regulation and ex-post liability are two very different approaches to control for activities (such as the production of audit services) that create risks of harm to third parties or externalities. From its beginnings, the literature on optimal regulation has focused on alternative types of ex ante policies, such as safety standards, Pigouvian taxes, and transferable permits. Ex ante policy instruments modify behavior in an immediate way through requirements that are imposed before, or at least independent of the actual occurrence of harm, and are public in nature (Shavell 1984). Ex ante rules can be pronounced directly by the state through laws, or the state can delegate its authority to another body. In the context of audit regulation, an ex ante policy that applies to the auditee is the statutory audit requirement, or the obligation to appoint an external financial statement auditor to attest the reliability of the financial statements. For the auditor, the auditing standards—International Standards on Auditing (ISAs), or local professional auditing standards—could be seen as a form of “ex ante rules.” As opposed to disclosure standards—those, for instance, included in the International Financial Reporting Standards (IFRSs)—auditing standards are rather general in the sense of stressing objectives rather than precise auditor actions to reach those objectives. In addition, auditor independence regulations, such as the prohibition to perform certain non-audit services for audit clients, and the requirement for audit firms to rotate every so many years, are other examples of ex ante standards. Note that by setting very precise ex ante standards, audit standards become less vague at the risk of being mis-specified. For example, by forbidding auditors to perform certain non-auditing services to clients, audit quality need not necessarily be improved; the opposite may even occur. The reason is that audit quality may improve due to spillover effects obtained from providing non-audit services.
The second policy instrument, namely liability in tort, works through the deterrent effect of damage actions that may be brought after harm has occurred, and hence is private in nature (Shavell 1984). The threat of suit causes the potential injurer to internalize the expected social harm and, hence, to take optimal precaution. In the audit case, this would imply that audit liability is an incentive for the auditor to produce an optimal level of audit quality. It is only since the 1980s that researchers have also analyzed the ability of exposure to ex post liability to correct for externalities.3 Cooter (1991), for example, points that the elaboration of price theory by mathematical economists took the legal framework for granted. Liability law is, however, an important mechanism for allocating resources. Nowadays, economic theories tend to understand liability law as a search for efficiency in incentives and risk bearing. The basic premise of law and economics is that legal rules create implicit prices on behavior, and that the responses of individuals and organizations to those prices can be analyzed in exactly the same way that responses to explicit prices can be analyzed (Ulen 1993). The threat of litigation to audit firms can, thus, be expected to affect audit production behavior because auditors are incentivized to provide audits of sufficiently high quality. The potential liability of corporate management (that is, the directors) to third parties might also affect the demand for auditing services and other monitoring mechanisms.4 The “deep pocket” hypothesis states that larger audit firms have greater incentives to provide high quality audits than smaller audit firms because they have more wealth at risk (Lennox 1999; Khurana and Raman 2004). Top management may therefore prefer large audit firms, such as EY, KPMG, Deloitte and PWC (often referred to as Big Four), because better audit quality reduces litigation risks. A large body of literature shows that Big Four audit firms provide audits of higher quality than other audit firms (DeFond and Zhang 2014). It is, however, important to realize that alternative liability regimes5 Such as strict liability versus a negligence standard, or joint and several liability versus proportionate liability (Naravanan 1993; Schwartz 1998). may affect behavior of auditors and auditees differently, and may result in alternative resource allocations, some of which might not be socially efficient. A similar remark holds for alternative legal environments, such as common-law systems versus civil law systems. An obvious question is which enforcement mechanisms work as a deterrent against unwanted auditor behavior in environments where ex post liability is less prevalent, as is the case in various European countries.
Note that Willekens et al. (1996) analyze the joint use of ex ante standards and ex post liability in the auditing setting. They also study the impact of uncertainty (or vagueness) about auditor due care (negligence) on audit quality, and the role of the professional auditing standards, Generally Accepted Auditing Standards (GAAS), in such a setting. They show that the vagueness of legal negligence standards can either have a positive or negative effect on audit quality, and that this depends on the level of vagueness (or precision). Relatively little (substantial) vagueness will have a positive (negative) impact on audit quality as compared to the situation where negligence standards are clear. It is shown that clear GAAS accompanying a vague legal negligence standard have a positive impact on audit quality or effort. As the precision of audit regulations and the importance of ex post liability is not constant across countries, the impact of audit regulation and ex post liability on audit behavior can be expected to be very different across the globe. One may then wonder why the new auditor independence rules (see below) are so similar in most countries.
10.3 Audit quality and contemporary hot issues in audit regulation
In this section, we will discuss some key aspects of contemporary audit regulation in Europe. Note that most of these regulations are also important outside Europe, and where relevant we will elaborate on this. In 2006, the European Commission issued its Statutory Audit Directive (European Union 2006) that aimed at a high level of, but not full, harmonization of the statutory audit function in the EU. A major aim was to enhance a uniform level of high audit quality across the EU member states. In the aftermath of the financial crisis of 2007–2008, the European Commission (EC) questioned the adequacy of its legislative auditing framework in the EU. The EC launched a Green Paper (European Commission, 2010) to open the debate on potential measures to further enhance the audit function in order to contribute to financial stability.6For discussions of the Green Paper, see Brasel et al. (2011), Humphrey et al. (2011) and Quick (2012). The EC stressed the key function of auditing in re-establishing trust and market confidence, and its contribution to financial stability, investor protection, and the reduction of costs of capital. Particular emphasis was given to auditor independence as a core value of statutory auditing, as well as the risks caused by the high supplier concentration in the audit market (Kohler, Quick and Willekens, 2016). After the publication of the Green Paper, the European Commission initiated a public consultation, which finally resulted in the amendment of the Directive on statutory audits of annual accounts (European Union, 2014a) and the EU Regulation on specific requirements regarding statutory audit of public-interest entities (European Union, 2014b). Other key aspects of this EU regulation include the independent oversight (auditor inspections) on the activities of statutory auditors and audit firms, and the launch of extended auditor reporting on the financial statements of public interest entities.
10.3.1 Auditor regulation and audit quality
All audit regulations share at least one common objective: they aim to improve and/or safeguard a high level of audit quality. However, regulators do typically not specify what constitutes audit quality. Before discussing various key auditor regulations, we zoom in on the concept of audit quality itself. In the auditing literature, audit quality is often defined as the ability of the auditor to detect material misstatements in the financial statements (which depends on the auditor’s competence) and his/her willingness to issue an appropriate audit report based on the audit findings (which depends on his/her independence). A standard reference is DeAngelo (1981: 186), who defines audit quality as the “market-assessed joint probability that a given auditor both discovers (a) breach in the client’s accounting system, and (b) reports the breach.” A feature that characterizes audit quality is that it is unobservable for parties not involved in the audit, including regulators, as the details of the audit (production) process, such as audit planning, risk assessments, performed audit procedures, and evaluation of audit evidence, are not publicly disclosed (Eilifsen and Willekens 2008). The only observable output of the statutory audit is typically the audit report, and in most cases, this is an unqualified (clean) opinion including boilerplate jargon.
Causholli and Knechel (2012) argue that the audit service exhibits credence features, and hence can be seen as a “credence good”, which implies that not only distant shareholders and stakeholders, but even the audited company (management) itself, cannot observe the audit quality supplied. Their arguments are as follows:
Two aspects of the audit production process suggest that the audit may have signiﬁcant credence attributes. First, the outcome of an audit is unobservable. The audit risk model is based on the assumption that the residual risk that the auditor will fail to detect one or more material misstatements always exists (AICPA1983) so the actual level of assurance achieved can never be known (O’Keefe et al., 1994; Knechel et al., 2009). Second, the idiosyncratic and uncertain nature of the audit process means that only the auditor can decide how much effort to exert and evidence to gather to satisfy professional auditing standards. The auditor diagnoses the extent of service required (planning) and provides the actual service (testing). Although, the auditee may have some insight into his/her own risk of material misstatements, the auditor establishes the audit scope based on professional judgment.
DeFond and Zhang (2014) also emphasize that audit quality is difficult to measure because the amount of assurance auditors provide is unobservable. On the contrary, various consequences and characteristics of the audit process are observable. DeFond and Zhang (2014) argue that audit quality improves financial reporting quality by increasing the credibility of the financial reports. As a result, audit quality is a component of financial reporting quality, and it is difficult to distinguish between the two. It is important in this context that financial reporting quality is not only determined by audit quality, but also—and even mainly—by the firm’s financial reporting system and the firm’s innate characteristics, such as the quality of its operations and governance. DeFond and Zhang (2014) make a taxonomy of audit quality proxies used in the audit literature and distinguish between two categories: 1) measures based on the output of the audit process, such as auditors’ reporting conservatism (e.g. going concern reporting for distressed firms), and financial reporting quality; and 2) input-based measures, such as auditor type or audit fees.
All in all, it is widely believed that audit quality is a multi-faceted concept that is largely unobservable. As a result, we argue that it is largely unobservable whether (stricter) auditor regulations actually enhance high audit quality (or some aspects of it), even though regulators claim they do.
10.3.2 Auditor Independence Regulations
To enhance high audit quality, regulators typically impose auditor independence requirements. Two important such requirements are: 1) prohibition of the joint supply of certain types of non-audit services to audit clients; 2) mandatory rotation of the lead audit partner, as well as the audit firm, at specified intervals.
Prohibition of the supply of non-audit services. The joint supply of audit and non-audit services by the (incumbent) auditor has been a topic of debate for many years. The 2014 European Regulation tightened the prohibition of the provision of non-audit services by auditors for PIEs. A blacklist of prohibited non-audit services7Examples of services on the blacklist: Tax services; designing/ implementing internal control systems related to financial information; valuation; and services linked to financing and capital structure (for further details, see e.g. Ratzinger-Sakel and Schönberger 2015). was introduced, as well as the pre-approval requirement by the audit committee for the provision of other non-audit services. Furthermore, a cap is placed on the fees auditors are allowed to earn related to non-audit services: these can maximally amount to 70% of the average audit fees earned on the audit engagement during the previous three years. Note that the Sarbanes-Oxley Act in the United States also bars auditors from providing non-audit services, but that no cap on fees from non-audit services has been introduced.
Mandatory audit partner and audit firm rotation. The 2006 EU Statutory Audit Directive prescribed that lead partners on audit engagements in public interest entities be rotated at least every seven years. Note that in the United States, a partner rotation rule of five years has been in place since the Sarbanes-Oxley Act. According to critics, partner rotation may not be a sufficient means to enhance auditor independence. Accordingly, the 2014 EU Regulation further tightened rotation rules for PIEs in the EU as it prescribes that audit firms should be rotated at least every 10 years. By way of derogation, Member States may extend audit firm tenure to 20 years where a public tendering process for the statutory audit is conducted, or to 24 years in the case of joint audits. While mandatory audit firm rotation was mainly installed to enhance auditor independence, it could actually also reduce auditor concentration if it provides opportunities to mid-tier and smaller firms to compete with the Big Four. Note that there is no audit firm rotation requirement in the United States. Even though the average audit firm tenure in publicly listed firms is not higher than the 10- to 20-year limits imposed by the EU, some firms stay with the same audit firm for a very long period of time.8The average audit firm tenure is 7.3 years (5.4 years) in countries classified as high (low) litigation risk countries in Brooks, Cheng, Johnston, and Reichelt (2017). One notable example is Barclays, which had PwC as its auditor for a period of 120 years. In 2015, PwC was replaced by KPMG in order to comply with the new EU regulation (Wallace 2015). For banks and other large or complex companies, long audit tenure is a rational decision as there are significant switching costs involved when clients hire a new auditor.
10.3.3 Regulators’ concerns about the audit market structure and lack of competition among audit suppliers
Regulators around the world have repeatedly expressed concerns about the high level of supplier concentration in the audit market, and question whether the degree of competition is sufficient. Article 27 of the 2014 EU Regulation (European Union, 2014b) addresses the monitoring of market quality and competition, and prescribes the European Competition Network (ECN) to regularly monitor the developments in the market, and in particular to monitor market concentration levels (amongst other things). Article 17 of the Regulation also included the requirement of mandatory audit firm rotation. In the USA, on the contrary, the GAO report (2008) was much milder as there were no recommendations formulated to address auditor market concentration: “The level of market concentration also does not appear to be affecting audit quality as many of our survey respondents and those we interviewed said that audit quality had improved, which some attributed to the Sarbanes-Oxley Act” (GAO report, 2008, p. 5).
The ongoing concerns about supplier concentration in the audit market are a result of the consolidation in the audit industry, which mainly took place during the last two decades of the last century. The last big incident in this context was the collapse of Andersen in 2002. While supplier concentration in the audit market is definitely high, it should not be confused with a lack of competition in that market. From the industrial organization literature we indeed know that Cournot competition models show that market concentration could proxy for competition. Cournot models, however, assume that products are homogeneous (Cabral, 2000) and that suppliers compete on quantity (that is, suppliers are price takers). When suppliers compete on prices, Bertrand models of oligopoly are more appropriate. Consistent with this view, Dedman and Lennox (2009) and Numan and Willekens (2012) argue that there are both theoretical and empirical problems with using concentration as a measure of competition. Note that there is some evidence of (imperfect) oligopolistic competition in the audit market. For example, Numan and Willekens (2012) provide empirical evidence that Big Four audit firms compete by product differentiation as they are able to charge higher fees when they are industry experts in the client’s industry, but in addition to that, they are also able to charge an additional fee premium the larger the market power they have vis-à-vis their closest competitor.
10.3.4 Independent oversight on the activities of statutory auditors and audit firms
In this section, we zoom in on the question of what mechanisms are in place to ensure that audit firms fulfill their duties and perform independent audits in accordance with applicable regulations, as the new regulations have also significantly altered the system of auditor surveillance. Prior to the Enron scandal in the U.S., the auditing profession used their own system of peer review to ensure that members of the profession adhered to the professional standards. In many countries in the world, similar national systems of peer review existed. This era of self-regulation ended in the U.S. after the accounting scandals of Enron, WorldCom and Tyco, and the subsequent introduction of Sarbanes-Oxley Act in 2002. Paramount in this context was the establishment of the Public Company Accounting Oversight Board (PCAOB), which is one the first independent audit regulators in the world set up to “oversee the audits of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports”.9 https://pcaobus.org/About/History/Pages/default.aspx The PCAOB inspects audit firms that have more than 100 listed clients annually, while audit firms with less than 100 listed clients are inspected triennially. In the U.S., there is no independent oversight of audit firms that only audit non-listed firms.
Other countries followed the example of the U.S. with regard to independent oversight over the audit profession, and changed their view about the appropriateness of self-regulation of the audit profession. As a result, oversight bodies that are independent from the national audit profession have been established worldwide since 2000. In particular, 52 independent audit regulators are today members of the International Forum of Independent Audit Regulators (IFIAR), which was established in 2006. The mission of IFIAR “... is to serve the public interest and to enhance investor protection by improving audit quality globally. The overall objective is to: 1) Share knowledge of the evolving audit environment and the practical experience of independent audit regulatory activity. 2) Promote collaboration and consistency in regulatory activity. 3) Provide a platform for dialogue with other international organizations interested in audit quality.”10 https://www.ifiar.org/about/#who-we-are
It is interesting to note that the responsibility of auditor oversight and surveillance remained a national matter within the EU. This is somehow inconsistent with several other regulations that moved up to the European level, such as the mandatory application of “International Financial Reporting Standards (IFRS) as approved by EU” for PIEs as a common reporting language in the financial statements, without any possibility for EU Member States to insert individual adjustments. As for auditor oversight, however, the new 2014 regulation only mandates that each country has a “competent body” with responsibility for oversight of auditors. The EU has also established the Committee of European Auditor Oversight Board (CEOAB). The role of CEOAB “is to strengthen EU-wide audit oversight, which is a key objective of the new EU legislation on statutory audit that took effect on 17 June 2016.”11 https://ec.europa.eu/info/business-economy-euro/banking-and-finance/financial-reforms-and-their-progress/regulatory-process-financial-services/expert-groups-comitology-and-other-committees/committee-european-auditing-oversight-bodies_en
10.3.5 Extended auditor reporting requirements for public interest entities
Historically, auditor reports have used standard language merely attesting to whether the audited financial statements are consistent with the relevant GAAP (Generally Accepted Accounting Principles) or not, and no information is provided about the potential risks an audited entity may face (except for the going concern risk). Over the past decade, various regulators and standard setters, such as the European Commission, the International Auditing and Assurance Standards Board (IAASB) and the PCAOB, have started initiatives to improve the auditor’s reporting model and to enhance transparency. In the EU, new regulation on extended auditor reporting has applied since 17 June 2016, i.e. for audits of financial statements for periods beginning on or after that date. Concretely, the enhancement of the auditor’s report draws on developments at the international audit standard setting level and the new Auditor Reporting Model (particularly ISA 700 Revised and ISA 701) issued by the International Auditing and Assurance Standards Board (IAASB) and which, in the meantime, has also been introduced by the PCAOB in the US. The main feature of the new Auditor Reporting Model is the introduction of so-called Key Audit Matters (KAM). The identification and communication of KAM according to ISA 701 is mandatory for the audits of listed entities only. A description of the Key Audit Matters includes the most significant assessed risks of material misstatement, including assessed risks of material misstatement due to fraud, a summary of the auditor’s response to those risks, and, where relevant, key observations arising with respect to those risks and reference to the relevant disclosures in the financial statements (European Union, 2014b). Further enhancements (beyond the Key Audit Matters) to the auditor report include a statement on auditor independence and an explanation of the extent to which the statutory audit was considered capable of detecting irregularities, including fraud. Even if the EU regulation does not explicitly use the notion of KAM, it is widely recognized that the EC requirements and the approach taken by the IAASB are generally consistent.
10.4 Future research opportunities: ideas and challenges
The audit profession defines the purpose of an audit to “enhance the degree of confidence of intended users in the financial statements” and to express an opinion “on whether the financial statements ... give a true and fair view in accordance with the [accounting] framework” being used to prepare the financial statements.12 http://www.ifac.org/system/files/downloads/a008-2010-iaasb-handbook-isa-200.pdf To help ensure that this purpose is met, the accounting profession, as well as policy makers and regulators, have implemented many standards and rules that govern the audit process. However, it is not at all clear whether the regulations work as intended, and whether the recent more burdensome and costly regulations have indeed improved audit quality. In this section, we very briefly point to some critical issues for research, as well as challenges that hinder such research.
Empirical cause and effect analyses of audit regulations. The recent changes in the EU regulation enable researchers to observe and study how and whether auditor behavior changed in the aftermath of these new regulations. Regulatory changes make it possible for researchers to capture the relationship between causes (for example, lack of auditor independence) and consequences (audit quality) in a cleaner way. Relevant research questions are the following: Does mandatory audit firm rotation indeed increase audit quality? Does a cap on fees earned from non-audit services by the incumbent auditor increase audit quality? Does audit quality improve after a country has strengthened its system for surveillance of auditors, and is the improvement related to the strength of a particular legal system and/or other characteristics specific to the country, company, or audit firm? Does the new extended format of the audit opinion increase investors’ confidence in companies’ financial statements? As time goes by, and as more observations from the post-implementation period accumulate, researchers will be able to assess whether the aims of the new regulations are being met.
Looking beyond first order effects of regulatory changes via analytical research. Policy makers and regulatory bodies seem to have a tendency to prioritize first order effects—that is, the immediate effects we observe after new regulations are installed. However, immediate effects may cause other things to change as well, or, in other words, second order effects are likely too. Analytical research has the potential to analyze both types of effects the regulatory changes may bring about. An example of such analytical research is a study by Bleibtreu and Stefani (2017) on mandatory audit firm rotation. In the U.S., the United Kingdom, and many EU countries, more than 90 percent of large listed firms are audited by the Big Four audit firms (Francis et al., 2010), and regulators are concerned about the high level of supplier concentration in this market. One concern is that the high market concentration of Big Four audit firms represents a systemic risk in the audit market and hence a threat to financial stability. At the same time, regulators are concerned that auditors are becoming too familiar with their clients and thus not able to perform independent audits. As a means to both decrease audit market concentration and increase auditor independence, the EU introduced mandatory audit firm rotation. Bleibrue and Stefani (2017), however, show that the regulators’ goals of simultaneously decreasing client importance and audit market concentration are in direct conflict. Thus, the sum of first and second order effects may be different from what was expected by the proponents. Analytical modeling may clarify under which conditions regulations can be expected to have the desired outcome, and when there are reasons to believe that adverse effects may dominate.
Secrecy, a major hindrance to auditing research’s full potential. A key challenge in auditing research is the lack of access to relevant data from regulatory bodies and audit firms. For example, without access to working papers from audit firms, it is not possible—or at least, it is very difficult—to assess the effect of the audits on, for instance, earnings quality and earnings management (Lennox et. al 2015), or to understand why engagement partners within the same audit firms deliver audits of different quality (Gul et. al. 2013).
Regulators in different countries inspect audit firms and a selection of their clients on a regular basis. Through the inspections, the regulatory bodies gather knowledge about audit firm behavior and discover areas with deficiencies. Their work and findings are surrounded by secrecy and confidentiality.13This causes problems not only for researchers, but also for regulators themselves, because audit quality inspections may involve audit firms located outside the jurisdiction of the regulatory body. “Many American companies have major operations in China, and what goes on in those audits is quite opaque to US regulators and investors” according to Lewis H. Ferguson (Chair of the Global Public Policy Committee Working Group of the International Forum of Independent Audit Regulators (IFIAR) (Tapestry Networks, 2015, p. 6). Researchers and regulators (national bodies as well as IFIAR and CEOAB) could work together to analyze the effectiveness of inspections. Are some inspections more efficient than others, and why? To whom should findings be communicated, and in what form? Would public disclosure of audit deficiencies strengthen audit firms’ incentives to provide audits of sufficiently high quality? There are substantial variations among countries in how inspections are conducted and how findings are communicated, and lessons will be learned only if researchers are able to tap into the rich knowledge base that resides with the regulators and the audit firms.
The shock created by the Enron scandal spurred increased auditor regulation and surveillance of listed firms and their auditors. The financial crises in 2007 and 2008 once again renewed regulators attention on auditors, as the latter “... gave no warning of the banking crises” (UK House of Lords, 2011: 5). In an inquiry held by the House of Lords in the United Kingdom, a representative of the Big Four audit firms stated that they had carried out their duties properly. The House of Lords commented (p 40): “In the light of what we now know, that defence appears disconcertingly complacent. It may be that the Big Four carried out their duties properly in the strictly legal sense, but we have to conclude that, in the wider sense, they did not do so.”
The dissatisfaction of policy makers with how the market for auditing services operates has led to new and tighter auditing regulation. In this chapter, we have described the most important initiatives. Researchers have the opportunity to analyze to what extent the new regulation increases audit quality, but in order to do so they have to overcome a serious hurdle: Access to relevant auditing data. As we argued above, audit quality is for the most part unobservable, except for those that actually do the audit and those that inspect the auditors. Thus, in order to gain a better understanding of how audit quality is impacted by regulation, we call on audit firms, regulators, and researchers to join forces, collaborate and share experiences, insight, knowledge and data.
|1||Note that it is only a prima facie, and not a conclusive, case for such intervention. The reason is that the regulatory solution may be no more successful in correcting the inefficiencies than the market or private law, or that any efficiency gains to which it does give rise may be outweighed by increased transaction costs or misallocations created in other sectors of the economy.|
|2||Although ‘market failure’ and ‘externality’ are related concepts, and sometimes used interchangeably, they are not synonymous. Market failure can be caused by externalities, but can also be caused by other factors, such as monopoly situations, public goods, and informational asymmetry (see, for example, Cooter and Ulen, 1988).|
|3||Cooter (1991), for example, points that the elaboration of price theory by mathematical economists took the legal framework for granted. Liability law is, however, an important mechanism for allocating resources. Nowadays, economic theories tend to understand liability law as a search for efficiency in incentives and risk bearing.|
|4||The “deep pocket” hypothesis states that larger audit firms have greater incentives to provide high quality audits than smaller audit firms because they have more wealth at risk (Lennox 1999; Khurana and Raman 2004). Top management may therefore prefer large audit firms, such as EY, KPMG, Deloitte and PWC (often referred to as Big Four), because better audit quality reduces litigation risks. A large body of literature shows that Big Four audit firms provide audits of higher quality than other audit firms (DeFond and Zhang 2014).|
|5||Such as strict liability versus a negligence standard, or joint and several liability versus proportionate liability (Naravanan 1993; Schwartz 1998).|
|6||For discussions of the Green Paper, see Brasel et al. (2011), Humphrey et al. (2011) and Quick (2012).|
|7||Examples of services on the blacklist: Tax services; designing/ implementing internal control systems related to financial information; valuation; and services linked to financing and capital structure (for further details, see e.g. Ratzinger-Sakel and Schönberger 2015).|
|8||The average audit firm tenure is 7.3 years (5.4 years) in countries classified as high (low) litigation risk countries in Brooks, Cheng, Johnston, and Reichelt (2017).|
|13||This causes problems not only for researchers, but also for regulators themselves, because audit quality inspections may involve audit firms located outside the jurisdiction of the regulatory body. “Many American companies have major operations in China, and what goes on in those audits is quite opaque to US regulators and investors” according to Lewis H. Ferguson (Chair of the Global Public Policy Committee Working Group of the International Forum of Independent Audit Regulators (IFIAR) (Tapestry Networks, 2015, p. 6).|