전략적 감사위험 모형에 관한 연구

Using a game-theoretic model, this paper incorporates strategic factors into the audit risk model which is widely used in the auditing practice. According to the audit risk model, control risk means the risk that the firm’s unaudited financial statements may include material misstatements due to fraud or error before auditing is conducted. In general, the control risk can be determined by both design and operation of the internal control system of the firm. The design of the internal control system cannot be changed by the manager in a short-term period, but its operation can be affected by the manager’s willingness to operate it as designed. According to the traditional audit risk model, it is assumed that the control risk of the firm audited is correctly assessed by an auditor. However, given that the manager can influence the auditor’s evaluation of the control risk through his control system operation, the auditor’s assessment of the control risk may go wrong and then her audit plan of conducting the substantive tests may be distorted. That is, there may be a strategic interaction between the manager and the auditor. This study presents and analyzes an economic model in which a firm’s manager and an auditor strategically interact. In the economic model used in the paper, the manager reports the firm’s financial income, based on his observation of the firm’s economic income which is not observable by the auditor. When the manager decides to include material misstatements in the financial reports, he chooses either to make a higher effort or low effort to hide his misstated report. In contrast with prior strategic literature which models the manager’s decision on whether to include material misstatements in his report, this paper focuses on how the manager’s hiding effort affects the auditor’s evaluation of the control risk and thus determination of the audit extent. It is modeled in such a way that the manager’s higher effort level of hiding a fraud can distort the auditor’s evaluation of the control risk with a constant probability and make the auditor’s detection of a fraudulent report more difficult. The auditor observes the manager’s financial reporting income, and plans to determine the extent of the substantive tests of details. To derive an effective audit plan, the auditor evaluates the control risk of the firm. Based on her evaluation of the control risk of the firm, the auditor decides to what extent to audit. The auditor wants to develop an effective and efficient audit plan by minimizing total costs which include both costs of conducting an audit and expected costs due to her audit failure. Based on the strategic audit risk model considering an interaction between the manager and the auditor, this paper finds several interesting results. First, the auditor’s audit strategy conditional on his assessment of the control risk is more efficient, compared with that unconditional on his assessment of the control risk. That is, the control-reliance strategy is more effective than no-control-reliance strategy. Of course, this paper does not consider the costs of assessing the control risk, but this paper can show that even if the internal control can be strategically used by the manager in order to distort the auditor’s audit plans, it is useful for the auditor to evaluate the control risk and conduct a substantive tests of details conditional on her assessment level of the control risk. Secondly, according to the decision-theoretic audit risk model, the auditor intensifies the extent of audit when assessing the control risk as high while he reduces the extent of audit when assessing the control risk as low. However, this paper finds that it does not always hold. If the manager’s hiding effort level is relatively high, the auditor would rather reduce the extent of audit when the control risk is assessed as high. That is, the auditor cannot mechanically determine the extent of the audit, depending on the control risk assessment level. In the strategic audit risk model, the auditor should be careful of assessing the contr ol risk because of the manager’s strategic effort to distort the auditor’s audit planning. When the control risk is assessed as low, the auditor should be aware that her assessment of the control risk might be incorrect and that her audit planning cannot achieve its intended audit risk. Thirdly, this paper analyzes the effect of the exogenous variables on the manager’s and auditor’s equilibrium strategies. This paper finds that manager’s hiding effort is an increasing function of the penalty imposed on the manager if detected and is independent of the effectiveness of the manager’s high level of hiding effort. Also this paper finds that the auditor’s marginal costs and audit failure costs have differential effects on the extent of her substantive tests, depending on the assessment level of control risk.