Working Paper: Putting the IT in AudIT Risk: IT Complexity and IT Auditor Mitigation
Paper Authors: Jake Sigler, Preeti Choudhary, and Vikram Ramadas
Abstract: We use an instrumental variable approach and proprietary data from the PCAOB to estimate information technology (IT) complexity of client’s financial reporting environment. We find that IT complexity is associated with significantly higher control risk via greater internal control deficiencies identified by the auditor and control failures. We also find that, on average, IT complexity is not fully addressed by auditors as it is associated with increased audit risk (e.g. IT audit deficiencies identified by regulatory inspectors and increased restatement propensity). We also find that auditors only partially offset the increased audit risk from IT complexity by using more experienced IT auditors at the middle manager level. Overall, our analysis quantifies the costs of IT complexity on the audit and highlights the importance of staffing continuity to address it.
Disclaimer
The economic research fellows and staff economists generate high-quality working papers that inform the oversight activities of the PCAOB and are disseminated to stimulate discussion and critical comment to the benefit of the public. Working papers are preliminary materials that have not been approved by the Board and reflect only the views of the author(s).
The research topics of economic research fellows, including a description of any nonpublic data sets required for research, are presented to the Board for approval and research papers are reviewed to confirm that the topic of the paper is consistent with the researcher's proposal. That review does not, however, encompass an evaluation of the conclusions reached by researchers.