Auditing Sin Firms: Risk Identification and Specification

INTRODUCTION In recent years, independent auditors have moved to a risk-assessment based approach to planning their work (D'Aquila, Capriotti, Boylan, and O'Keefe, 2010). This approach makes critical the accurate assessment of each component of audit risk and the auditor's engagement risk (PCAOB, 2010). We have identified a category of firms that present auditors with a characteristically high degree of audit risk. These firms, often called sin firms in the literature, are engaged in businesses that, while entirely legal, have operations and reputation effects that give rise to an overall high level of risk. The paper outlines how the audit of these high risk clients is affected by the specific risks they pose. SIN FIRMS Sin firms are publicly traded clients that are engaged in morally reprehensible productive activities (Kim and Venkatachalam 2011). These activities include the production of alcohol and tobacco products and gaming industry operations, although some researchers include firms that manufacture weapons or operate in the adult industry in this category (Ahrens 2004; Hong and Kacperczyk 2009; Kim and Venkatachalam 2011, Waxler 2004). Beneish, Jansen, Lewis, and Stuart (2008), Hong and Kacperczyk (2009) and Kim and Venkatachalam (2011) note that sin firms face higher regulatory scrutiny, incidence of litigation, and separate risks of wealth expropriation by politicians and regulators. Despite these risks, the financial statements of all publicly traded sin firms must be audited (Securities Act of 1933), and many non-public sin firms find it necessary to have independent audits to satisfy the needs of their investors, lenders, or trading partners. Thus, independent audit firms must identify strategies for planning and conducting audits of sin firms that provide the necessary assurances yet protect the audit firm from undue risk of loss. AUDIT RISK Audit risk is the risk that the auditor will be wrong, that is, the risk that the financial statements are materially misstated after the auditor has issued an unqualified audit opinion (PCAOB, 2010). Audit risk can be decomposed into the risk of material misstatements and detection risk. Audit Risk = f(Risk of Material Misstatements, Detection Risk) The risk of material misstatements can be further decomposed into two multiplicative factors, inherent risk and control risk. Risk of Material Misstatements = f(Inherent Risk, Control Risk) Inherent risk is the risk that a material misstatement exists in the client's financial statements in the absence of any internal controls, and control risk is the risk that the client's system of internal controls will fail to prevent or detect material misstatements (PCAOB, 2010). These two risks, considered jointly, give rise to the risk of material misstatements. In sin firms, inherent risk is higher than most other firms due to the nature of the firm's business. One would expect sin firms to have a very strong system of internal controls in place to lower their overall risk of material misstatements. The auditor can only assess the risk of material misstatements (both the inherent risk and control risk components), and can, therefore, only influence the level of audit risk by increasing or decreasing detection risk. That is, by adjusting the amount of audit work performed to collect evidence regarding the potential existence of material misstatements. Detection risk is the risk that the auditor's work will fail to identify all material misstatements. In the case of sin firms, auditors may need to collect more evidence, in terms of both quantity (sufficiency) and quality (appropriateness), to provide an appropriate level of assurance. Figure 1 summarizes the determination of audit risk (PCAOB, 2010) and how a sin firm client could affect each element of audit risk. [FIGURE 1 OMITTED] AUDITORS' ENGAGEMENT RISK Although the assessment and management of audit risk is an important part of the auditor's responsibility, it is only one element in the pool of risk that must be managed to operate a successful audit firm. …