Citation
Audit firm involvement in systems development and its affect [i.e. effect] on auditor independence

Material Information

Title:
Audit firm involvement in systems development and its affect [i.e. effect] on auditor independence
Creator:
McCabe, Nancy J
Place of Publication:
Denver, Colo.
Publisher:
University of Colorado Denver
Publication Date:
Language:
English
Physical Description:
vi, 105 leaves : illustrations, forms ; 29 cm

Thesis/Dissertation Information

Degree:
Master's ( Master of Science)
Degree Grantor:
University of Colorado Denver
Degree Divisions:
Business School, CU Denver
Degree Disciplines:
Management science and Information Systems
Committee Chair:
Gerlach, James H.
Committee Members:
Kuo, Feng-Yang

Subjects

Subjects / Keywords:
Auditing -- Data processing ( lcsh )
Auditing -- Data processing ( fast )
Genre:
bibliography ( marcgt )
theses ( marcgt )
non-fiction ( marcgt )

Notes

Bibliography:
Includes bibliographical references (leaves 94-96).
General Note:
Submitted in partial fulfillment of the requirements for the degree, Master of Science, Management Science/Information Systems.
Statement of Responsibility:
by Nancy J. McCabe.

Record Information

Source Institution:
University of Colorado Denver
Holding Location:
Auraria Library
Rights Management:
All applicable rights reserved by the source institution and holding location.
Resource Identifier:
22788518 ( OCLC )
ocm22788518
Classification:
LD1190.B85 1989m .M32 ( lcc )

Full Text
AUDIT FIRM INVOLVEMENT IN SYSTEMS DEVELOPMENT
AND ITS AFFECT ON AUDITOR INDEPENDENCE
BY
B.A., University of Colorado, 1965
A thesis submitted to the
c
Faculty of the Graduate School of Business and
Administration, University of Colorado at Denver in
partial fulfillment of the requirements for the
degree of Masters of Science
Management Science/Information Systems
College of Business and Administration
1989
Nancy J. McCabe
&


This thesis for the Master of Science degree by
Nancy J. McCabe
has been approved for the
College of Business and Administration
by
Date / 3 /j? % f


McCabe, Nancy J. (M.S., Business)
Audit Firm Involvement in Systems Development and Its
Affect on Auditor Independence
Thesis directed by Assistant Professor James H. Gerlach
This thesis analyzes the affect of audit firm
involvement in computer development projects for audit
clients on auditor independence. The category of
interest here is computer advisory services (CAS)
defined as audit firm assistance with computer
development projects. To investigate this issue
questionnaires were sent to large publicly traded
companies who used Big Eight audit firms for their most
recent audit; 339 useable responses were received.
One finding of this research is that there is a
difference between firms who use their auditor for CAS
and firms that do not. Firms that use their auditor for
CAS receive more qualified opinions and are more often
cited in management letters for weak computer system
controls. Also, they include in their reasons for
choosing their auditor for CAS the desire to avoid audit
complications and to ensure adequate internal controls
in the new system. On the other hand they indicate they
do not believe that computer applications developed by
auditors have significantly better internal controls.


IV
In addition there is a perceived crossover
between audit services and CAS services received from
the same audit firm. Auditees tend to believe that
their auditors perform a different level of audit work
on systems which were developed by the auditor's firm as
compared to systems developed by other outside firms.
Another finding is that CAS from one's auditor
is not regarded as equivalent to CAS received from other
Big Eight firms in the following areas: familiarity with
the auditee, sole provider of special expertise,
avoidance of future audit complications, and insurance
of adequate internal controls.
These findings taken as a whole indicate that
the choice to use one's auditor for CAS is a complicated
one which depends partly on the belief that an auditor's
evaluation of internal controls is subjective and that
choosing one's auditor may eliminate some risk of
controls being assessed as inadequate. When auditors
evaluate systems developed by their own firm they are
seen to apply different analytical techniques and
therefore are perceived to lose independence where the
review of this system is concerned.


CONTENTS
CHAPTER
I. INTRODUCTION.................................. 1
History of Auditing......................... 2
Internal Control Systems................... 3
II. STATEMENT OF THE. PROBLEM................... 6
Independence and Management Advisory
Services................................. 6
Auditor Involvement in Development....... 2 3
III. ISSUES AND METHODOLOGY ....................... 35
Questionnaire Issues ...................... 35
Sampling Methodology ...................... 42
IV. ANALYSIS ................................... 47
Profile of Respondents .................... 47
Fee Data Analysis ....................... 52
Impact of Developers on Audit Results ... 60
Criteria for Selection of CAS Provider .. 71
Analysis of Hypotheses .................... 81
V. SUMMARY ...................................... 88
Summary of Results ........................ 88
Topics for Future Research ................ 90
BIBLIOGRAPHY
94


VI
APPENDIX
A. QUESTIONNAIRE AND COVER LETTER TO SUBJECTS
IN THE RESEARCH STUDY................... 97
B. REGRESSION ANALYSIS OTHER BIG EIGHT
FIRMS................................... 103
C. REGRESSION ANALYSIS NON-AUDIT FIRMS....... 104
D. REGRESSION ANALYSIS INTERNAL STAFF........ 105


TABLES
Table
1. Questionnaire Preparer Summary ......... 48
2. Sources of CAS by Year.................... 50
3. Comparison of Early and Late Questionnaire
Responses................................ 52
4. Regression Results for Auditor Provided CAS 55
5. Regression Results for Two Years of Fee
Data..................................... 57
6. Developer of Systems Resulting in Fee
Increases................................ 58
7. Question 9 ................................... 59
8. Developer of Systems Resulting in Qualified
Opinions................................. 61
9. Question 7 ................................... 62
10. Developer of Systems Resulting in Weakness.. 63
11. Question 8 ................................. 63
12. Source of Auditor Comfort on Computer
Controls................................. 65
13. Question 11a ................................. 66
14. Question lib ................................. 67
15. Question 11c ................................ 67
16. Question 12a ................................. 69
17. Question 12b ................................. 69
18. Question 12c ................................. 70
19. Reasons for Choice of CAS Provider ........... 73
20. Analysis of Reasons for Choice of CAS
Provider .................................... 75


CHAPTER I
INTRODUCTION
As computerized information systems proliferate
and increase in importance, auditors become increasingly
interested in participating in the development process.
A main reason for this is to ensure that adequate
controls are built into the new system. If not included
in the original design, the cost of retrofitting the
system with adequate controls is often prohibitive.
Early auditor participation also ensures that the
systems development methodology adopted by management is
in fact followed, and this helps ensure that the
finished system works properly. Too often requirements
definition and testing phases of systems development are
shortchanged in the interest of meeting implementation
deadlines, with the result that the systems either do
not work, or do not work the way the users expected them
to.
The major drawback to auditor involvement in
systems development is the potential loss of
independence in subsequent audits. Both internal and
external auditors are required by their professions to
maintain an independent mental attitude when performing


2
audit work. The question is: if they participate in
design and development, can they truly be independent
when later called on to perform an audit of the same
computer system? And, if their independence is
compromised, are there compensating mechanisms available
to mitigate any adverse effects? Do the benefits
outweigh the adverse effects?
In this thesis I cover the background on the
issue of independence, defining it and illustrating why
it is an issue to auditors. Then I summarize historical
events relating to auditor involvement in the
development process, identifying significant trends in
this area. Then I categorize different types of auditor
involvement in systems design and development, and
summarize available research relating some types of
involvement to bias and independence. The final section
of this paper presents the results of a questionnaire
which solicited opinions from corporate controllers on
the issues identified above. First, however, I briefly
describe the audit profession from a historical
perspective.
History of Auditing
By nature an audit is an "after-the-fact"
procedure. Webster's New Collegiate Dictionary defines


3
it as "a formal or official examination and verification
of an account book" or "a methodical examination and
review". Both of these definitions imply that someone
other than the auditor prepares materials and the
auditor then attests to their validity.
Internal Control Systems
Originally auditors of financial statements
reviewed all transactions and certified that the
resulting financial statements were accurate. As
companies became larger this became impractical due to
the sheer volume of transactions. To compensate for the
inability to verify all transactions, auditors and
auditees alike saw the need to install checks and
balances to ensure that transactions would be processed
consistently and in a way that would safeguard assets
and ensure that only authorized transactions are
processed. Auditors began reviewing these internal
control procedures and evaluating them. They reasoned
that, if the controls were adequate and if they were
followed, accurate financial records would result. The
principle was that examination of only a sample of
transactions could be used to evaluate whether the
procedures were in fact operating as prescribed. The
results could be generalized from that sample to all


4
similar transactions and to the financial statements
which summarize the transactions.
Internal control systems are typically in place
in high risk areas including data processing divisions.
The same principles are used to evaluate and test it in
a computer environment as are used in other areas where
controls are in place. To assist the auditor in
evaluating these controls the AICPA issued an audit
guide in 1977, The Auditor's Study and Evaluation of
Internal Control in EDP Systems. While compliance with
this guide is not mandatory for auditors performing
external audits, it is highly recommended. The
auditor's reasons for decisions not to follow the guide
must be documented in the audit workpapers. It lists
ten General Controls including the following systems
development and documentation controls:
- User participation in design
- User and management approval
- System testing
- Final approval
- Conversion control
- Control of system changes
- Documentation standards
It is clear from this publication that an independent
auditor needs to examine system development controls as


5
part of the study and evaluation of the overall control
system. "This study and evaluation will be used to
determine the nature, timing, and extent of audit
procedures to be applied in the examination of financial
statements." [AICPA 1977, p. 1]. But, an audit of the
general controls listed above can still be performed
after the fact and need not involve auditor
participation in the development process.


CHAPTER II
STATEMENT OF THE PROBLEM
Independence and Management Advisory Services
Background
As described above, independence is a necessary
attribute for auditors performing audits. It is also
clear that there is a trend toward audit firms offering
more and more consulting services. This chapter
addresses the apparent conflict between independence and
involvement with the client in the form of extensive
consulting or management advisory services (MAS). First
independence is defined using the professional
literature. Next, the evolution of MAS and its
acceptance by the auditing profession is described.
Finally the research to date which addresses possible
conflicts between the two is discussed.
Authoritative Sources
The principle service provided by both internal
and external auditors is their unbiased opinion on a
given set of financial statements or other reports. For
this opinion to be credible the source must be perceived
as being independent.


7
Society, the public at large, expects
independent auditors to lend credibility to
financial communications. Only if the auditors are
truly perceived as independent can the public
continue to grant social recognition of professional
status, otherwise auditors would be perceived as
handmaidens of management incapable of contributing
credibility (Robertson [1976, p. 33]).
The American Institute of Certified Public
Accountants (AICPA) is the regulating body of the
auditing profession for external auditors. The
Institute of Internal Auditors (IIA) provides a similar
function for internal auditors. The principle
difference between internal and external auditors is the
latter are employed by the organization which they are
auditing while external auditors are external to the
organization, providing contractual services. External
auditors review the control environment for the entire
organization and give an opinion on the fairness of the
financial statements. In doing so, they may rely on the
work of internal auditors who perform various reviews
year-round. The internal audits focus on one area at a
time and produce management reports detailing
deficiencies and recommending corrective action on these
individual areas. External auditors typically produce
only one audit report and one management letter per year
for a given firm. In addition they may provide
management advisory services (MAS).


8
Both the AICPA and the IIA have issued
authoritative statements requiring independence on the
part of their members. In its Statements on Auditing
Standards the AICPA states, "In all matters relating to
the assignment, an independence in mental attitude is to
be maintained by the auditor or auditors." [1983, Sec.
220.01]. It elaborates as follows "...he must be
without bias with respect to the client under audit,
since otherwise he would lack that impartiality
necessary for the dependability of his findings..."
[1983, Sec. 220.02]. Also, the AICPA emphasizes the
need to maintain an appearance of independence as well
as actually being independent.
To be independent, the auditor must be
intellectually honest; to be recognized as
independent, he must be free from any obligation to
or interest in the client, its management or its
owners" (AICPA [1983, Sec. 220.03]).
The IIA also stresses independence. The
Standards for the Professional Practice of Internal
Auditing states, "Internal Auditing is an independent
appraisal function established within an organization to
examine and evaluate its activities as a service to the
organization" [1978, p. 1]. The Statement goes on to
say, "Internal auditors should be independent of the
activities they audit. Internal auditors are
independent when they can carry out their work freely


9
and objectively" [1978, p. 2]. Further, "Designing,
installing, and operating systems, are not audit
functions.... Performing such activities is presumed to
impair audit objectivity" [1978, p. 11].
Internal vs External Roles
The discussion to this point differentiates
between internal and external auditors on the basis of
their final product. A case can be made for the theory
that they are performing the same function when they
participate in systems development. Both probably serve
as internal auditors when they provide this service to
the organization, assisting members of the organization
in the effective discharge of their responsibilities.
Evolution of Management Advisory Services
External audit firms may offer management
advisory services (MAS) to clients in addition to audit
services. MAS are consultant type services ranging from
tax advise to computer systems development.
Historically financial advise was offered to audit
clients as part of the audit engagement and not billed
separately. Increasingly MAS is recognized by CPA firms
as a separate department and some sole practitioners now
declare that a large portion of their services is MAS
(Elliott [1982]). Services are now generally provided


10
under a separate contract and billed separately.
The AICPA did not issue any binding standards
relating to MAS until 1982. In that year it issued the
Statement on Standards for Management Advisory Services
(SSMAS) No. 1. A review of this statement by Elliott
and Kuttner summarizes it as follows:
For the first time, the CPA's function as a
business adviser and management consultant is
addressed and defined in the professional literature
in a way that makes it clear that every CPA in
public practice can provide these services, that
they are professional services and that they are
identified by the Institute as MAS (Elliott [1982,
p. 66]).
The fact that participation in systems development was
considered part of MAS had been established earlier by a
publication of the AICPA, The CPA and Management
Consulting first published by the AICPA in 1981. It
lists as an example of advisory services:
Developing Information Systems. These services
often involve reviewing, developing, and assisting
with the implementation of computer or manual
systems and procedures that might pertain to such
matters as accounting and management information,
manufacturing controls, material requirements
planning, product costing, and cash and asset
management. (AICPA [1981, p. 9])
Hull [1986] points out that auditors have been
involved with systems development from the start. He
reports that Arthur Andersen & Co., one of the


11
Big Eight1, says it helped to implement the "first
commercial computer application," a payroll system, in
1952. He states that the MAS portion of Big Eight
accounting firm business is growing faster than the
audit portion of the business. As a whole, over a
recent two-year period, Arthur Anderson's audit business
grew by only 14 percent while MAS grew 33 percent.
In the late 1970's there was public concern
regarding the possible loss of independence of auditors
involved in providing non-audit services to audit
clients. Accounting Series Release (ASR) No. 250 issued
by the Securities and Exchange Commission (SEC) in June
1978 required companies to disclose non-audit services
provided by their auditors in proxy statements. In June
1979 in ASR 264 the SEC set forth factors which both
auditors and companies should consider before completing
an agreement on non-audit services. While both ASR 250
and 264 were repealed (ASR No. 250 applied to proxy
statements filed between October 1978 and January 1982)
the fact that they were issued indicates the SEC's
concern over the relationship of the two types of fees.
The Institute of Internal Auditors (IIA) has
1 The eight largest CPA audit firms are known
collectively as the "Big Eight". Recently there have
been mergers and additional mergers seem probable which
will reduce the total number of very large firms.


12
also addressed the question of involvement in
development. In 1971 it issued Statement of
Responsibilities of Internal Auditors which defined an
appropriate level of involvement as "determining and
recommending standards of control to be applied in
development of the systems and procedures being
reviewed" (IIA [1971 Sec.120.03]).
In 1982 the AICPA issued its first binding MAS
standard, Statement on Standards for Management Advisory
Services (SSMAS) No. 1, "Definitions and Standards for
MAS". This makes it clear that all CPA's can engage in
MAS as part of their professional practice. Another
AICPA publication, The CPA and Management Consulting
[1981] lists "Developing Information Systems" as one of
the advisory services a CPA might provide. It describes
these services as reviewing, developing, and assisting
with the implementation of computer or manual systems
and procedures that might pertain to such matters as
accounting and management information, manufacturing
controls etc. Thus it is clear that the audit
profession is specifically sanctioning the involvement
of auditors in development.
Statistics on Involvement
Kull [1986] described the extent of involvement


13
of the various Big Eight firms from interviews with
their management:
Peat Marwick. MAS represents 16% of their business, and
about a third of that comes from EDP services. However,
only 35% of that EDP work is done for audit clients.
Coopers & Lvbrand. MAS represents an average of less
than 20% of their business. Also, since audit business
is recurrent they believe it is more advantageous to
have a firm basis in audit as opposed to MAS. They
employ about 1200 information consultants whose billable
i
hours increased by 43% in 1985 over 1984.
Price Waterhouse. This firm employs 1000 information
systems consultants, 600 of whom do systems development
consulting. MAS business is increasing by about 20% per
year.
Deloitte Haskins & Sells. This firm has 850 information
systems consultants, and that number is growing by about
25% per year.
Touche Ross. This firm has about 900 consultants.
A recent study (Palmrose [1988]) of 1980-81 data
gives an indication of the amount of MAS provided by
audit firms. The study involved questionnaire responses


14
from 361 companies, (269 publicly traded companies and
92 closely-held). It broke MAS into three categories:
1) MAS-Accounting, 2) MAS Non-accounting and 3) Tax.
Forty-six companies (12%) received non-tax MAS from a
Big Eight accounting firm, 39 (11%) from the same firm
as performed their audit.
At the same time, a 1988 study in the Public
Accounting Report reports that its survey of 136 firms
reveals that in general audit fees have not risen since
1980. That report summarized the results of the
Machinery and Allied Products Institute's survey of
audit fees which has been performed every three to four
years since 1973. The study quotes several respondents
who indicate that inflation increases should be offset
by audit productivity gains. This indicates that the
audit area may be stagnant in its ability to generate
increased revenues for audit firms. Instead, audit
firms may be pursuing MAS to achieve desired growth.
The precedent for auditor involvement in systems
development is clearly established. What is less clear
is whether this involvement poses a threat to the
required independence, and if so, under what
circumstances.
Research on Independence
Because independence in the audit environment is


15
not susceptible to precise definition, Antle [1984]
attempted to formulate plausible definitions of auditor
independence within a model based on game theory. Since
auditor independence concerns the relationship between
the auditor and the manager a model of the two roles was
seen as helpful to address the concept of auditor
independence. In his model Antle describes the auditor
and manager relationship as contracting for verification
of the manager firm's financial reports. Since both
manager and auditor have self interests, the
relationship between them ranges from collusion to
non-cooperation, with cooperation being the middle
ground. The conclusion is that the manager benefits
from auditor independence in that it makes the audit
opinion more valuable to third party users. However,
the manager places pressure on the auditor to issue a
favorable report, threatening the withholding of future
contracts. Auditors resist such threats because short
term losses from failure to recontract are offset by
long term gains reaped from a positive reputation from
independence. There is a longer term incentive to
independence because overall demand for auditor services
will be reduced if auditors tend to be seen as
non-independent.
Antle points out that side-payments are one


16
possible type of contract in game theory. In this
situation the manager pays the auditor for abandoning
his independence and issuing an improper opinion. Antle
points out that concern over management advisory service
(MAS) contracts may have arisen from the fear that MAS
could be used as a vehicle for such side-payments.
Firth [1980] studied the importance of
independence as viewed by various users and auditors in
the United Kingdom. While the auditors viewed
themselves as independent in compliance with their rules
of ethics, various users were more skeptical. In a
questionnaire, Firth postulated 29 auditor-client
relationships and asked 750 auditors and users of
financial statements to give their views regarding
independence. They were also asked to rank the
importance they attached to an independent audit report
and whether each of the 29 auditor-client relationships
were likely to impair or improve investment and lending
decisions. In general, non-independence was perceived
to impair investment and lending decisions. However,
some respondents thought that non-independence would
improve the prospects of an investment or loan decision.
This indicates there may be "benefits" to certain types
of dependent relationships.
The results also showed a significant difference


17
between how auditors viewed themselves and how they were
viewed by users of financial statements. Auditors
thought that they could maintain independence in many
situations where others thought independence would be
impaired, and auditors thought breaches of independence
to be of lesser importance.
In a similar study Imhoff [1979] surveyed 220
bankers and financial analysts and received 86 usable
responses. The objective was to measure the perceived
reliability and independence of public accountants
compared to internal auditors and as compared to other
external audit groups such as FDIC auditors. The
results indicate that only internal auditors were
considered to lack independence. However, the external
auditors were considered less independent than FDIC
auditors. An interesting second aspect to the research
was the issue of reliability of audit reports. All
three auditor groups were considered to have fairly
reliable audit reports. However, since internal
auditors were not considered independent, the
implication is that independence is not a necessary
condition for report reliability. The author concludes
that, if independence is the most important contribution
made by auditors, than there is room for improvement.
In another study Bolten and Crockett [1979]


18
examined two indicators of independence; 1) the
willingness of auditors to qualify audit opinions, and
2) the tendency of clients to switch auditors after
receiving a qualified opinion. They found that, of 1800
audits in their study 14% had received a qualified
opinion. The authors considered this to be a high
percentage. They expected to find a much lower
incidence of qualified opinions. They concluded that
the high incidence could indicate that auditors are in
fact independent.
In a related review, 600 qualified opinions were
examined to determine if there was a subsequent change
in auditors. Only 23 of the 600 subsequently switched,
and most of those switched from smaller firms to Big
Eight firms which could better serve their growing
needs. This research suggests that firms do not in fact
switch audit firms to achieve more favorable audit
reports.
More recently, a study by Williams [1988]
supports these findings. That research attempts to
develop a rationale for auditor change and to identify
some of the factors contributing to auditor switches.
Williams concludes that auditor changes are not
triggered by firms "shopping around" for lenient
auditors. Firms that change auditors appear to be


19
either dissatisfied with the quality of the predecessor
firm or perceive that the successor firm can exhibit
audit efficiencies resulting in decreased costs to the
client. Also, he found that firms that seek to improve
their monitoring system have a higher tendency to change
auditors. That is, firms that have received negative
media attention and have a tarnished reputation appear
to seek new auditors in an attempt to renew management's
faith in the monitoring system.
Williams used publicly available data for 186
firms which were listed on the New York Stock Exchange
or AMEX, and who had switched auditors from one Big
Eight firm to another. A matched-pairs design was used
to compare clients who changed auditors to similar
clients who did not change during a five year period.
Then the sample was reduced to 51 firms who changed
auditors in 1983 and 1984. Of these, 41% cited audit
fees as one of two or three reasons for the change.
Williams concludes that audit fees are a factor, but not
the sole or most important factor in the decision to
make the change. The other reasons are:
1) to obtain auditor's expertise in a particular
industry, and
2) to respond to negative media publicity.
The impact of audit fees was excluded from the


20
Williams analysis as fee data was difficult to obtain.
Also, he made the assumption that, if a client switched
between Big Eight firms the old firm would at least be
allowed the opportunity to match the new firm's bid. A
study by Farmer et. al. [1987], sought to measure the
affect of competitive pressure on audit judgements by
evaluating the differences in judgements between lower
level staff auditors and management level. He
administered a questionnaire to 75 practicing auditors
from seven Big Eight public accounting firms. They were
asked: 1) to rank attributes thought to affect auditor
independence, and 2) to evaluate hypothetical case
situations. The study indicates that two conflicting
forces influence auditor judgement. On one hand, the
threat of litigation from users of financial reports
bolstered the auditor's willingness to take stands
opposing a client's stand. The management group agreed
less often with the client's position than did the audit
staff, probably because they considered avoidance of
such law suits as a major part of their job. On the
other hand, auditors were also influenced by the threat
of loss of a client. The author concludes that, if
society expects auditors to be more accountable to third
party users (as opposed to advocates of client
positions) then economic dependence on clients should


21
continue to be monitored. Strong liability statutes are
a major component of this monitoring function.
Affect of MAS on Audit Fees
Simunic [1984] addressed the question of whether
auditors who provide both MAS and audit services to the
same client may have a conflict of interest. His
objective was to analyze a client's decision to purchase
both MAS and audit services and test for the existence
of pricing affects made possible by knowledge spillover.
He hypothesizes that it is more efficient for the
auditor to perform MAS for two reasons:
1) the auditee saves the cost of the search for a
reliable consulting firm, and
2) the audit firm's learning curve is reduced because
the auditor already has obtained basic background
understanding of the auditee.
Simunic's study was based on 263 questionnaire responses
which reported the dollar amount of MAS fees paid to
auditors in Fiscal Year 1977. All sample firms had been
audited by Big Eight firms and had assets of less than
$3 billion. The cost of the external audit and the cost
of internal audit work was also obtained. To make
different size firms comparable, fees were deflated by
the square root of the company's assets. A previous


22
study by Simunic [1980] reveals a resulting linear
relationship between audit fees and assets and between
internal audit costs and assets.
One would expect the research to reveal that the
fees for firms purchasing MAS would be lower because it
received part of the benefit of the efficiencies (i.e.f
the improved learning curve). However, the research
found that the audit fees were in fact 18% to 19% higher
for companies purchasing audit and MAS services from the
same Big Eight firm.
In Simunic's paper, all non-tax MAS are treated
as homogeneous. The different types of services are
considered interchangeable because all are thought to
have the same affect on,knowledge spillover, the
"learning curve" phenomena of understanding the client
environment obtained during one task, such as audit,
reducing the time it takes for the other task, such as
MAS. However, no research was done to verify the
assumption of homogeneity between the various types of
MAS as it affects efficiencies.
Simunic notes that it is also possible that
firms which purchase MAS from their auditor differ
systematically from those that did not. For instance,


23
they may be more complex and therefore need more
extensive audit work.
In summary, Simunic's results indicate that
firms which use the same Big Eight firm for both audit
and MAS pay higher, not lower audit fees than those
which purchase only audit services.
Auditor Involvement in Development
Background
The previous section of this chapter identified
independence as an important issue and analyzed research
which attempted to define the point at which auditors
may start to become biased. In this chapter I describe
the trend toward increased involvement in one form of
management advisory services (MAS), computer advisory
services (CAS), and describe its relationship to the
independence issue.
Consulting Services
To some extent auditors have always been
involved in non-audit activities. They are consulted
along with others regarding major decisions such as
acquisitions, moves, financing opportunities, etc. This
consultation is natural given their familiarity with the
internal workings of the client and the client
environment.


24
Pros and Cons of Involvement
Philip L. Little [1986] summarized the available
literature and identified the following potential
benefits from internal auditor participation in computer
systems design and development process:
i
1) To ensure that new EDP systems do not exclude
necessary and adequate controls,
2) To establish controls early in the process, so that
costs and operational delays associated with systems
modifications are minimized,
3) To facilitate development of important audit tools
and techniques,
4) To improve technical proficiency of auditors in
EDP auditing,
5) To encourage greater cooperation among auditors,
EDP staff, and user groups,
6) To enhance professional stature of internal
auditors,
7) To help assure that proper audit trails are
included in the EDP system,
8) To allow internal auditors to determine if system
development projects are properly authorized and
feasible before implementation,
9) To augment the satisfaction of user needs, and


25
10) To permit ongoing and timely evaluation of
system documentation.
Little's summary of the literature also includes
the following list of disadvantages associated with
internal auditor involvement:
1) Auditors may be perceived as having lost their
independence.
2) Auditors who become too actively involved may
actually become part of the system which they are
responsible for reviewing.
3) Auditors may lose their leverage in subsequent
reviews of the system if they have approved the system
in the design phase.
4) Auditors may be reluctant to criticize the system
later if they become too involved in the design phase.
5) Management may improperly de-emphasize operational
audits if a large part of its resources are devoted to
designing systems.
6) Management may be lulled into a false sense of
security that systems are operating as intended if
internal auditors approve the system in the design
phase.
In addition, a Canadian publication added the
following benefits to auditor involvement (Dorricott
[1983]):


26
1) When the project is first proposed the auditor may
recognize that the solution to the client problem does
not lie in the proposed project.
2) During the feasibility study the auditor may
identify alternative resources, risks and exposures.
3) At the general design phase the reviewer can make
recommendations of other features than can be obtained
as spinoffs.
4) The auditor can review specifications to ensure
that essential matters such as ownership, insurance and
maintenance clauses have been included in contracts.
Timing of Auditor Involvement
There are some indications that auditor
involvement is changing from involvement primarily in
the later stages, such as data conversion, to
involvement in design and user requirements definition.
Little cites three early studies all of which were
published in 1981 or before indicating relatively little
auditor involvement in the early stages of development
and relatively more in later stages such as monitoring
data integrity during implementation.
However, recently there is a move toward
increased auditor involvement at the beginning stages of
system development. Little cites proceedings of the


27
1983 IIA Research Foundation sponsored Electronic Data
Processing (EDP) forum where internal auditor
involvement in systems design and development was
identified as one of thirteen major issues of the
1990's. The group speculated that internal auditors
will become an integral part of
...the design and development of systems
software, application software, hardware selection
and standard communications systems in addition to
the normal roles as control consultant. [1986, p.
52] .
Little concludes that the advantages of auditor
involvement appear to outweigh the disadvantages. He
summarized the problem as "not so much a question of
should internal auditors become involved, but to what
extent and at what stage" [1986, p. 53]. Further he
states that research is needed to establish if in fact
auditors who are heavily involved in systems design and
development are reluctant to criticize the system.
Tashji [1981] agrees that auditors should
get involved heavily in all aspects of system
development. He advocates gradually increasing
involvement from conception through the feasibility
study and system specifications. At the start of the
detailed system design there is a marked increase in
auditor involvement, and this heavy involvement
continues until the system is completed. He reiterates


28
that the auditor involvement should be as overseer so as
not to impair independence.
In another article, Helms [1983] agrees that
information systems auditor involvement in the systems
development life cycle will result in better planned,
better controlled, and less costly systems. In addition
to the benefits listed above he lists:
1) Assuring the production of adequate documentation.
2) Detecting problems in meeting schedules.
3) Identifying inadequate or disregarded system
specifications.
He emphasizes that the involvement of auditors during
development should result in a system that is
maintainable at a reduced cost. Presently, most EDP
resources are devoted to systems maintenance while there
is a tremendous need for these resources in the new
development area. They quote Hannye ("Auditors and
DP'ers Benefit From Association in the System
Development Process", The Internal Auditor. [December
1977, pp. 67-70]) in regard to cost savings as follows:
...a control will cost four times as much to
include in a program if it is added after the system
is specified, eight times as much after the system
has been programed, twelve times as much after the
system has been tested and sixteen times as much
after the system has been implemented [1983, p. 43].
The authors go on to conclude that auditors should
monitor systems during their entire life cycle.


29
Helms and Weiss [1983] go on to contrast EDP
auditors with quality control groups. The latter have
four functions:
1) assist the organization in developing standards
2) ensure compliance with standards during development
of new systems
3) develop and review operating procedures and
controls
4) provide technical advise.
These quality control personnel must be highly technical
and they should report to EDP management. However,
there is still a need for independent review of
development and this is best done by auditors.
Research on Involvement
Scheiner and Kiger [1982] attempted to assess
the potential magnitude of the problem by identifying
the extent to which large public accounting firms
provide various types of non-audit services to their
audit clients. The universe used in the testing was all
firms which disclosed non-audit services exceeding 3%.of
the audit fee in compliance with ASR No. 250. The
research covered one year (fiscal years ended 10/78
-3/79) and included 408 companies. It was found that
most companies have their auditor provide some non-audit


30
services, but most of that involves tax work. Non-tax
non-audit fees did not appear to constitute a
substantial portion of auditor income.
Reckers and Stagliano [1981] also studied
corporate proxy statements which made disclosures in
compliance with ASR No. 250. The study summarized non-
audit services provided to a random sample of 100
corporations. They found that 32% of the sample had
received non-audit services amounting to more than 3% of
the audit fee. Twenty-nine percent of the firms in the
sample received systems design services, and the average
fee was 33% of the audit fee.
To ascertain user perceptions relating to non-
audit services 100 users were presented with 32 cases in
questionnaire form. Fifty of the 100 users were
sophisticated financial analysts and fifty were less
knowledgeable. This latter group tended to express
lower average confidence in the auditor's independence
than did the sophisticated users. Reckers and
Stagliano [1981] conclude that the primary users of
financial statements are sophisticated and that these
users are not loosing confidence in auditor independence
in spite of a trend toward increased use of management
advisory services.
A later study by Pany and Reckers [1984], failed


31
to support the hypothesis that less sophisticated users
were less confident in auditor independence. In that
study, 67 financial analysts and 46 stockholders
responded to questionnaires. They were asked to
evaluate auditor independence for seven types of service
including "Redesign of an accounting system". Another
topic of study was the perceived value in segregating
non-audit from audit services. The study concludes that
independence concerns decrease when non-audit services
are conducted by a separate division within the audit
firm.
The 1984 Pany study asked the 113 users to rank
auditors on a seven point scale, where one indicated
extremely inadequate and seven extremely adequate. The
average response for the "redesign accounting systems"
type of service was 5.27, barely above the midpoint of
four on the scale. This indicates that there is a
perception that there is less than an ideal amount of
independence when auditors are involved in systems
development.
In another study (Plumlee [1985]), a test was
performed to determine the type and degree of auditor
bias in systems development situations. In this study
Plumlee identifies two types of influences which may be
involved. One is the mental representation formed


32
during development which may result in "fixation" on the
system as it was originally designed. This could result
in an auditor failing to test modifications during
subsequent audits. The second is biases resulting from
an auditor being involved in the subsequent review of
his own work.
The Plumlee experiment involved 39 practicing
internal auditors as subjects. Each was asked to design
a theoretical system then was asked to evaluate the
strengths and weaknesses of a system. One-third of the
subjects evaluated the same system they had designed,
one-third evaluated a system similar to the one they had
designed and the remaining one-third evaluated an
entirely different system. Regarding the impact of
memory the author came to three general conclusions:
1) The auditors who reviewed their own work were
better able to identify strengths of the system.
2) Auditors who reviewed a system similar to their
own were better able to identify weaknesses of the
system.
3) Auditors who reviewed a system with which they
were not familiar were least able to identify both
strengths and weaknesses compared to the other two
groups.
These findings cannot be generalized because of


33
the limited size of the sample and the non-random nature
of the sample selection. However, the study does lead
to an interesting conclusion: that it is more
advantageous to have an auditor who was involved in the
design of the system participate in the audit than to
have a auditor who is unfamiliar with that type of
system. There may be no difference between the
weaknesses cited by these two groups, those involved in
the design and those with no experience in the field.
In a later article by Plumlee [1987], it is
suggested that, to retain the advantage of the unique
knowledge attained through design participation, the
auditors use careful reviews by supervisors and/or
reliance on reviews by external auditors of work by the
internal auditor who helped design the system. Both of
these techniques could serve as compensating controls to
ensure that the auditor made the same type of review of
the new system as he would if he were auditing a system
he had not helped design.
Consistency Between Auditors
One problem not addressed by the Plumlee study
is consistency between auditors in identification of
strengths and weaknesses of EDP controls. It is
possible that two different auditors, both with the same
degree of familiarity with a given application, could


34
look at the same control system and identify different
strengths and weaknesses. Furthermore there is some
indication that the public believes such differences to
be the rule rather than the exception. Some client
agencies contract with the same accounting firm to
assist in systems development as is engaged to give an
opinion on the financial statements. Per Kull [1986],
critics of Big Eight auditors believe the auditors have
difficulty faulting the financial systems the consulting
side of the house helped install. When looking at the
work of another firm, however, the auditor might
identify control weaknesses. One result of discovery of
severe weaknesses in the control system is additional
testing and therefore additional audit work.


CHAPTER III
ISSUES AND METHODOLOGY
Questionnaire Issues
Hypothesis 1: Audit fees decrease when computer
advisory services (CAS) are received from one's audit
firm because the audit firm can reduce the time and
effort required to become acquainted with the computer
system.
This assumes a competitive market place because,
without competition, the audit firm can retain all
efficiency savings as profit.
Some research has been done on the effect of
receiving both types of services from the same firm.
Simunic's 1984 publication indicates the opposite, that
fees are actually higher when both services are
received. However, he did not control for differences
between types of management advisory services (MAS).
This research studies firms which use the same
Big Eight accounting firm for both audit services and
MAS. However, the MAS provided in this study is limited
to assistance with developing a computerized financial
information system. In this way the effect of a


36
particular type of MAS, CAS is evaluated. These firms
are compared to firms who do not use their auditor for
CAS. It is expected that audit fees will decrease for
firms who use their auditor for CAS because the learning
curve is reduced.
Hypothesis 2a; Firms who receive both audit services
and EDP development services from the same audit firm
receive fewer audit opinion qualifications based on
computer system weaknesses and fewer incidences of
management letters which cite computer control
weaknesses.
Hypothesis 2b: Companies tend to hire their audit firm
for EDP development services to ensure that the external
auditors will conclude that adequate controls exist in
the new system.
The central issue for Hypothesis 2a is the
relationship between the computer controls and the
audit. One of the most difficult and critical audit
steps is "Determining the appropriate reliance on the
internal control system" (Chow [1987, p. 121]). In this
recent study sixty audit steps are ranked by 378 audit
practitioners as to both difficulty and criticalness to
the audit. The step described above ranks fourth in
difficulty and fifteenth in criticalness. Two related


37
audit steps are "Determine whether additional audit
tests should be performed" which ranks sixth in
criticalness and "If additional audit procedures are
required, determine what procedures should be applied"
which ranks ninth in criticalness" [1987, p. 122].
The evaluation of controls to determine if they
are strong enough to rely upon when planning the
remainder of the audit, or, conversely if they are so
weak as to require additional work, is a critical part
of the audit. If controls are determined to be weak,
additional audit fees are normally charged to pay for
the additional audit work required to determine if the
financial statements are fairly stated. If the system
is so weak as to allow improper transactions to be
processed or incorrect calculations the audit opinion
might need to be qualified. For instance, the auditors
might state that the financial statements were fairly
stated except for certain balances which could not be
tested because the computer system does not operate
properly.
Hypothesis 2b states that, if hypothesis 2a is
correct, it might be expected that audit clients would
attempt to protect themselves from the penalties
associated with the discovery of inadequate controls by
employing the same firm to design the controls into the


38
system as is used to perform the audit. This would
ensure adequate controls and avoid the penalties
associated with inadequate controls. While this theory
has been described in editorials in the literature no
known research exists to support or refute it.
To test hypothesis 2a, controllers are asked
if they received a qualified opinion in the past five
years, or if their company's management letter from the
auditor cited weaknesses in computer controls. To test
hypothesis 2b, controllers are asked if they chose
the same firm for CAS as for audit work to "avoid future
audit complications".
Hypothesis 3: Audit firms which perform both CAS and
audit work are perceived by auditees to lose
independence.
This is assumed to be true in spite of the fact
that there may be no overlap in staff assigned to the
two engagements. Within an audit firm which performs
both CAS and audit services the same lower level staff
are generally not involved in both activities. However,
it is hypothesized that managers and partners in both
divisions are perceived as consulting with each other
and that this consultation might be perceived as
substituting for audit work that would have been
performed had the developer not been related to the


39
auditor. EDP consultants might review prior year audit
work to obtain an understanding of the client
environment and an unbiased description of management
problems. On the other hand, financial auditors might
discuss system integrity with consultant staff to gain
comfort in the reliability of the system.
There has been little research in this area.
Quotes from various Big Eight firms indicate they
believe that there is no independence problem because
they use different divisions to perform audit work and
MAS. However, little is known about the amount and
timing of any crossover of knowledge, and how it may be
used.
While it is very difficult to ascertain if this
crossover occurs within the audit firm, the
questionnaire asks company controllers if they believe
any crossover exists. Further, it attempts to determine
the opinion of the controller as to whether the audit
firm performed the same level of review as it would if
it had not been involved in CAS, or if it relied on the
expertise of the consulting arm of its firm. If the
later is a significant factor then, at least in the
perception of the auditee, the audit firm's independence
could be questionable.
Hypothesis 4: Auditors and other Big Eight audit firms


40
are not perceived as substitutes by auditees seeking
computer advisory services (CAS).
If no crossover exists between auditing and
consulting then another audit firm with the same level
of skill and reputation is considered to be a suitable
substitute for one's audit firm when it comes to
choosing a firm for CAS. However, it is hypothesized
that crossover does occur and that the public does not
see other Big Eight firms as substitutes. There are
several possible reasons for this. Auditees could
perceive that there would be a financial savings due to
the decreased learning curve required for the audit firm
to understand the client environment. Another possible
reason is that the auditee perceives the audit division
to be more inclined to consider controls in the system
to be adequate if they are designed by their audit firm.
If the latter is the case this would indicate that the
public considers the evaluation of controls to be a
subjective activity, with different auditors possibly
coming to different conclusions about the same set of
controls.
Research Plan
The universe consists of all firms who filed
with the SEC, trade in U.S. Currency, and used a Big


41
Eight audit firm for their latest audit. Questionnaires
were sent to a random sample of firm controllers. (See
the questionnaire in Appendix A.) The questionnaire
asks if the firm received both CAS and audit services
from the same Big Eight audit firm during the past five
years. The controllers are also asked if the firm
received these types of services from other Big Eight
firms, from non-audit firms and from internal staff.
Non-audit firms refer to businesses which provide
software development services and/or develop packaged
software, and which do not provide auditing.services.
If a firm did receive CAS in the past five years
the controller is asked to check off reasons for the
choice of each source of services from a list of nine
possible choices. In addition, if they indicated they
used their auditor for CAS they are asked for their
belief as to how the auditor gained comfort in the EDP
controls.
Two additional series of questions are asked.
The first asks if they received a qualified opinion, a
mention of a weakness in internal controls or an
increase in audit fee due to a weakness in computer
environment internal controls. If the answer is yes to
any of these they are further asked to identify the
type of developer(s) of that system (Auditor, other Big


42
Eight, non-audit firm or internal staff).
The last set of two questions address the
respondent's opinion as to whether the auditor builds
stronger internal controls into systems and develops
systems which provide better information than those
developed by internal staff, other Big Eight or non-
audit firms.
Sampling Methodology
Introduction
This section describes procedures used to select
the sample for the questionnaire mailing, including use
of a test mailing, modification of the questionnaire and
final mailings. Also included are the parameters used
to define the sample such as limiting the sample to
firms which are audited by Big Eight accounting firms,
and the reason for the use of these particular
parameters.
Test Mailing
A preliminary form of the questionnaire was
mailed to forty-seven firms to determine the feasibility
of using it for a larger sample. It requested audit fee
data and computer development costs for seven years,
1982 through 1988. These questions were asked in an
attempt to associate changes in fees in a given firm


43
with prior development efforts by the same firm. It was
hoped that studying individual firms over an extended
time period would yield a better understanding of the
relationship of fees to CAS. The response rate for the
test questionnaire was 38% (18 responses). However,
only 8 respondents (17%) included complete fee data. It
appears that the respondents either could not obtain all
the requested data or were unwilling to provide it.
Therefore, to increase the response rate these questions
were modified in the final questionnaire. The request
for fee data was reduced to two years of data and the
request for cost of computer development services was
eliminated in the final questionnaire.
Selection Methodology
A random sample was taken from the universe of
publicly traded companies listed in the CD Disclosure
database. This database includes all companies traded
on the public markets in the U. S., including foreign
based firms. The markets include the New York Stock
Exchange, the American Stock Exchange, and Over The
Counter stocks. The introduction states:
The Disclosure Database contains financial and
management information on over 12,000 public
companies. Company data is extracted from annual
and periodic reports filed with the U.S. Securities
and Exchange Commission (SEC). To be included in
the database, a company must have:
1. at least 500 shareholders of one class of stock;


44
2. at lease $5 million in assets (as of 8-15-86);
3. filed either a 10K, 20F, or appropriate
Registration Statement, with the SEC in the
last 18 months;
Company records for management investment companies,
mutual funds, real estate limited partnerships and
oil and gas-drilling funds are not included (Compact
Disclosure [1989]).
Firms previously used in the test mailing were
eliminated from the sample. Also, those whose financial
statements were not presented in U. S. currency were
eliminated because, being foreign, they can be presumed
to be non-comparable to U. S. firms. This elimination
is also necessary to make this study comparable to other
studies, especially Simunic's 1984 research.
Another criteria for selection is the use of a
Big Eight auditor for the most recent financial
statement audit. This also helps make the data more
internally consistent and more comparable with Simunic's
1984 work.
A final criteria for selection is assets of at
least $150 million. This criteria roughly divides the
universe in half, separating large companies from small
ones. This level of minimum assets is the same as that
used by Simunic [1984]. It was also done because there
are a number of research studies which indicates that
large firms are sufficiently different from small ones
as to warrant analyzing them separately.
A random sample of 742.companies was chosen from


45
the Compact Disclosure 1989 database containing 12,456
companies. When the universe was restricted to those
firms trading in U. S. currency, audited by a Big Eight
accounting firm and with assets greater than $150
million, the universe was reduced to 3,629.
The questionnaires were addressed to the
controller of the company both on the envelope and on a
cover letter (See Appendix A).
Response to Questionnaire
A total of 340 responses were received. From
the total, one outlier is excluded because the fee asset
ratio is very different from the rest of the population.
The remaining sample returns total 339, a response rate
of 46%.
In addition, a total of 19 questionnaires were
returned by the post office as undeliverable as
addressed. Most had a postal stamp indicating a
forwarding order which had expired.
A second mailing was done for non-respondents to
the first questionnaire. In two cases a company
returned both the original and the follow up copy filled
out by different individuals and containing slightly
different information. In these cases the one seeming
to be most informed is used. For instance, when one
contained audit fee data and the other left it blank,


46
the one with the fee data was considered more informed
and is used in this analysis.


CHAPTER IV
ANALYSIS
Profile of Respondents
The following analysis of firms responding to
the guestionnaire is based on 339 useable returns
discussed in the previous chapter.
Industry Type
Respondents were asked to choose one of seven
industry types that best represent their firm. The
following is the distribution:
Manufacturing 91
Transportation 9
Communications 12
Electric and Gas 41
Retail Trade 16
Financial Services 111
Other 56
Unknown 3
TOTAL 339
Questionnaire Preparer
The guestionnaire solicited the job title of the
person completing the guestionnaire. The results are
divided into four groups: 1) Financial 2) Internal
Auditors 3) Computer staff and 4) other. The financial
category includes controllers, vice presidents of


48
finance, and chief financial officers. The "auditor"
group primarily give their title as internal auditor,
but six identify themselves as "EDP auditor". These
are grouped with auditors because their function is one
of an auditor with a specialized focus.
In two cases computer staff completed the
questionnaire. Because there are so few of these they
have been left in the sample. The main area where the
position of the person completing the questionnaire
can make a difference is in the questions asking for
an opinion on the auditor's performance in building
systems that have adequate internal controls. However,
two out of 339 can not have a material impact on the
results as they comprise less than 1%. A summary of the
positions of the persons completing the questionnaire is
presented in Table 1 below.
Table 1
Questionnaire Preparer Summary
Number Percent
Financial staff 267 79%
Internal Auditors 46 13%
EDP staff 2 1%
Unknown 24 7%
Total
339
100


49
Size of Company
Of the 339 responses, 53 have assets in excess
of $4 billion. These 53 are excluded from the
regression analysis of fee data to make it more
comparable with Simunic's work. Simunic [1984]
theorized that assets of greater than $3 billion should
be considered "obvious outliers" in analyzing his 1977
data. The increase to $4 billion to analyze 1989 data
makes an approximate allowance for inflation.
Source of CAS by Year
Table 2 describes the distribution of developers
of computer systems over each of the five years
surveyed. Totals are given for each year by source of
computer advisory services (CAS). A percent of total
responses for that source and year is also given. Firms
that left the question blank for a particular year are
not included in that years computation.


50
Table 2
Sources of CAS by Year
(total respondents = 339)
Developer 1988 1987 1986 1985 1984
Audit Firm 29 20 15 13 18
% of respondents 9% 6% 4% 4% 4%
Other Big-8 33 25 13 10 8
% of respondents 10% 7% 4% 3% 2%
2 Non-audit firm 80 72 53 41 41
% of respondents 24% 21% 16% 12% 12%
Internal staff 275 260 248 248 246
% of respondents 81% 77% 73% 73% 73%
The percentages indicate that, for this sampl
the most frequent source of computer development
services (CAS) is internal staff, and that auditors are
the least frequent. Also, there is a trend in the
sample to use more computer development services from
all sources as the years progress from 1984 through
1988. However, it is possible that some of this trend
is caused by the respondent's lack of information about
earlier years. That is, they may have believed they
received no CAS for a given year but, because of staff
turnover or inavailability of records, they could have
actually been a recipient.
Non-audit firms refer to businesses which
provide software development services but do not provide
audit services.


51
Timeliness of Returns
The responses are grouped into two groups
according to timeliness of returns. Those considered to
be late totaled 126. These responded to the second
request for a response. When compared to on time
responses they are not significantly different.
An additional analysis is performed to determine if late
respondents to the questionnaire vary significantly from
the population returning the questionnaire earlier.
Responses received after the second set of
questionnaires was mailed are compared to the first
group of respondents by comparing the percent of each
group falling into each of the seven industry
categories. The results are presented in Table 3 below.
Of the seven categories of industry type plus
those with a missing value in this field, five have a
difference of one percent or less. The largest
difference is 7%. Therefore the two groups are
considered to be part of the same population for the
purpose of this thesis, and they are treated as one
population in all analyses.


52
Table 3
Comparison of Early , and Late Questionnaire Respon:
On time Late
(n: =213) (n= 126)
Industry TvDe Count Percnt Count Percnt D
Manufacturing 52 24% 39 31%
Transportation 7 3% 2 2%
Communications 7 3% 5 4%
Electric and Gas 29 14% 12 10%
Retail Trade 9 4% 7 6%
Financial Services 70 33% 41 33%
Other 36 17% 20 16%
Missing 3 1% 0 0%
Total 213 126
Chi-square = 5.40
Level of Significance = .61
Outliers
As noted above, 53 companies with assets in
excess of $4 billion are considered outliers for
purposes of the regression analysis of audit fee data.
In addition, one outlier has been removed from all
analysis. It has the highest fee/asset ratio of all
sample items (.55%). The second highest ratio is .43%,
three are between .22% and .29%, 25 between .10% and
.18% and the rest are below .10%.
Fee Data Analysis
Introduction
Fee data is gathered in the questionnaire by
o\ o\ o\ o\ o\o o\ o\ o\o


53
soliciting audit fee data for fiscal years 1987 and
1988. This is used as the basis for two regression
analyses. The first regression model is based on the
model used by Simunic [1984]. It relates audit fee to
the following company attributes: accounts
receivable/total assets, inventory/total assets, square
root of number of consolidated subsidiaries, SIC major
industry groups -1, audit opinion and bank. Simunic
includes an additional.attribute, foreign assets/total
assets also. However, this data was not available for
this thesis and a variable is not included in the
regression model for it. Fee data is deflated by the
square root of assets. Another regression analysis of
two years of fee data is performed to determine if use
of one's auditor could explain part of the variance
between years.
In addition, respondents are asked their opinion
of whether audit fees increased in the past five years
due to weaknesses in computer system controls. This is
analyzed by comparing two groups of respondents; those
who, in earlier questions, indicated that they had in'
fact used their auditor to help develop computer
applications and those who indicated that they had not.


54
Analysis of 1988 Audit Fee and Other Variables
The various factors that could have an affect on
audit fees were analyzed in a manner similar to
Simunic's. Another regression is then performed to
determine if the existence of auditor supplied CAS has a
significant effect. Table 3 presents the regression
results for 1) the control variables only and 2) for
auditor provided CAS as an additional independent
variable.


55
Table 4
Regression Results for Auditor Provided CAS
(n=248, auditor provided CAS = 30)
Control Variables Only Test Variable Included
Coef t-stat Coef. t-stat
Control Variables:
Audit Opinion -2.25 -1.48 -1.56 -1.51
Deflated Subsidiaries (Sqrt of Subsidiaries) .91 2.88* . 88 3.75*
Deflated Accts Rec- eivable (Accts Rec/Assets) 2.43 1.00 2.16 1.00
Deflated Inventory (Inv/Assets) 21.40 3.12* 21.15 3.47*
Deflated SIC Code (Major SIC 1) .73 1.00 .72 1.22
Bank -6.07 -2.53** -6.21 -3.04*
Constant 9.33 4.49* 7.90 4.74*
Test Variable:
MAS purchased from Auditor? 6.43 3.08
2 R . 195 236
F statistic 9.741 12. 437
Degrees of freedom (6,241) (7,240)
* Significant at the .01 level ** Significant at the .05 level *** Significant at the .10 level


56
The independent variable is 1988 audit fee deflated by
the square root of assets. The dependant variables are
also deflated as described above. The variables and
deflation technique is the same as used by Simunic
[1984], except that no variable is included for foreign
assets as this data is not available.
Note that the original population of 339
respondents is reduced as follows:
1) Only firms with assets less than $4 Billion were
included. This is consistent with Simunic's approach,
though he uses $3 Billion. Since the current surveyed
was conducted thirteen year later, this difference
accounts roughly for inflation.
2) Only firms that report 1988 fee data are included;
15.6 percent of total respondents do not report fee data
in their responses. They leave it blank, indicate it
was confidential etc. This is in contrast to 14.5
percent of firms who receive CAS from their auditor and
decline to report fee data. The difference of about one
percent is small and indicates that the two populations
can be compared.
Similar regression analyses are performed with
the alternative sources of CAS as dependent variables.
Other Big Eight firms used for CAS proved to be
significant also, but the other two types of provider


57
(external non-audit firms and internal staff) were not
significant. See analyses in Appendices B, C and D.
1987 and 1988 Fee Regression Analysis
A second regression analysis is performed using
1987 audit fee as the independent variable and 1988 fee
data as the dependant variable. The test variable is
again the receipt of CAS from the auditor in the five
years studied.
Table 5
Regression Results for Two Years of Fee Data
(n=242, auditor provided CAS = 30 )
Control Variables:
1987 Audit fee
(not deflated)
Constant
Test Variable:
MAS purchased from
Auditor?
2
R
F statistic
Control
Variables
Only
Coef
t-stat
1.10
-9936.32
137.89*
-2.017
Test
Variable
Included
Coef.
. 988
19013.62
1.10
-8913.18
-13361.01
t-stat
134.25*
-1.773***
-1.017
.994
9537.54
Degrees of freedom (1,240)
* Significant at the .01 level
** Significant at the .05 level
*** Significant at the .10 level
(2,239)


58
Fee Increases
A total of 23 respondents indicate their audit
fees increased in the past five years due to weaknesses
in computer systems controls. They identify the
following developers as responsible for developing the
systems in question:
Table 6
Developer of Systems Resulting in Fee Increases
Developer of System
Other Non-
Auditor Bia-8 Audit Internal
1 0 2 18
4% 0% 9% 78%
Note that while 23 respondents indicate
that they believe audit fees increased due to
weaknesses in computer controls, not all identify the
developer of the system.


59
Table 7
Question 9: Do you believe your auditors increased fees
due to weaknesses in your computerized financial
information system in the past five years?
Received CAS Didn't receive
from Auditor CAS from Auditor
Total
Question 9:
7 16
Yes 16% 6%
38 272
No 84% 94%
23
310
45
288 333
Chi-square 6.05
Level of Significance .014
This analysis indicates there is a significant
difference in the two groups. Those who use their
auditor for CAS experience increased fees more often
than those who do not use their auditor for CAS.
However, a causal relationship cannot be established
from the data. Part of the problem is that we do not
know the number of systems a particular firm has built.
It may be that companies with past control problems tend
to use their auditor to solve these problems, and thus
also increase their audit fees. On the other hand,
using one's auditor for CAS may increase fees in the
future. However, it is more difficult to construct a
logical explanation for this scenario.


60
Impact of Developers on Audit Results
Qualified Opinions
Questionnaire respondents are asked if they
received a qualified opinion or a management letter from
their auditor in the past five years due to weaknesses
in controls in a computerized financial system. If so,
they are asked to indicate the developer(s) of the
system: 1) auditor 2) other Big Eight 3) non-audit firms
or 4) internal staff. The occurrences of qualified
opinions and weaknesses in controls are analyzed in
relation to the use of auditors for CAS to determine if
there is a difference between the firms who use their
auditor versus those who do not.
A total of ten respondents indicate they had a
qualified opinion in the past five years. Table 8 below
identifies developers responsible for developing the
systems in question. The percent of the ten qualified
opinions' is also shown.


61
Table 8
Developer of Systems Resulting in Qualified Opinions
Developer of System
Other Non-
Auditor Bia-8 Audit Internal
Qualified
Opinion?
YES 4 1 0 5
40% 10% 0% 50%
Chi-square analysis of respondents with
qualified' opinions compared to those who used their
auditor for CAS in the last five years does not indicate
a significant relationship. See Table 9 below. The
Chi-square test is significant to the .123 level only.
The relatively low Chi-square may be the result
of the fact that there are only ten qualified opinions.


62
Table 9
Question 7: Did your company receive a qualified opinion
related to your computerized financial information
system in the past five years?
Received CAS Didn't receive
from Auditor CAS from Auditor
Question 7: -
3 7
Yes 7% 2%
No 42 280
93% 98%
total 45 287 332
Chi-square 2.380
Level of Significance .123
Weaknesses Noted in Management Letters from Auditors
A total of 86 respondents indicate they had a
weakness in controls reported in a management letter in
the past five years. Table 10 below identifies
developers responsible for developing the systems in
question. The percent of the 86 weaknesses is also
shown.


63
Table 10
Developer of Systems Resulting in Weakness
Developer of System*
Other Non-
Auditor Big-8 Audit Internal
15 1
Percent of 86 17% 1%
12 66
14% 77%
*Note that respondents were free to identify more than
one developer. This causes the total number of
developers identified to exceed the total number of
respondents who were cited for a weakness in the
management letter.
Chi-square analysis of respondents with
weaknesses compared to those who used their auditor for
CAS in the last five years indicates a significant
relationship. See Table 11 below. The Chi-square test
is significant to the .0004 level.
Table 11
Question 8: Have control weaknesses in your
computerized financial information system been
identified in the management letter from your auditors
in the past five years?
Received CAS Didn't receive
from Auditor CAS from Auditor
Question 7:
21 65
Yes 48% 22%
23 23
No 52% 77%
44 288
86
246
332
Chi-square 12.586
Level of Significance .0004


64
Analysis
The significant Chi-square for the respondents
who indicate a weakness in internal control attributable
to controls in a computerized financial system indicates
that this weakness is not independent of the choice of
the auditor to develop CAS. No causal relationship is
implied by the Chi-square. However, the fact that 48%
of respondents who used their auditor for CAS received a
management letter verses only 22% of those who did not
receive CAS from their auditor may imply something about
the relationship. One can speculate that the occurrence
of a.weakness in controls is followed by the use of the
auditor to develop future systems in order to avoid
these weaknesses in the future. Another speculation is
that the auditor developed systems that later resulted
in weaknesses in controls. However, the vast majority
of firms with weaknesses (77%) indicate that they
believe the weakness resulted from systems developed by
internal staff. See Table 10 above. Therefore the
first explanation seems more reasonable.
Source of Comfort
Another way to determine if there is a
difference between those who used auditors to develop
computer systems .is to ask auditees for their opinion on
the way the audit was conducted. The questionnaire asks


65
if the respondent believes the audit staff gained
comfort regarding the integrity of the computer system
from 1) discussing it with their systems development
staff, 2) relying on their firm's reputation, 3)
performing at least the same level of review as if the
system were developed by another firm, or 4) other. If
CAS were believed to be completely independent from
auditing, group 3, performing at least the same level of
review, would have the vast majority of "yes" answers.
respondents who used their auditor to develop financial
systems. Respondents who answer this guestion but do
hot list their auditor as a source of CAS in question 3
are eliminated from this table.
Table 12
Source of Auditor Comfort on computer Controls
(Total No. of Respondents using Auditor for CAS = 46)
Table 12 below summarizes answers from
Yes Answers
Percent
Discussions with their
sys development staff
17
37%
Relying on their firm's
6
13%
reputation
Performing at least the
same level of review as
if the system were devel-
oped by another firm
21
46%
Other
3
7%


66
Belief regarding strength of Internal Controls
Tables 13, 14 and 15 below describe respondents'
answers to an opinion question on CAS performed by their
auditor compared with other sources of CAS in the area
of strength of internal controls in the resulting
system. Percents are given of the proportion of those
receiving CAS from their auditor to the total in each
category.
Table 13
Question 11a: Do you believe a system developed by your
audit firm will have a stronger internal control
system as compared to internally developed systems?
Used Auditor for CAS in past 5 yrs
Yes No Total
Question 11a: 16 65
Yes 41% 27%
No 23 175
61% 73%
Total 39 240
Chi-square 3.165
Level of significance .075


67
Table 14
Question lib: Do you believe a system developed by your
audit firm will have a stronger internal control
system as compared to Big-8 audit firms, other than
yours?
Question lib:
Yes
No
Used Auditor for CAS in past 5 yrs
Yes No Total
11
238
37 212 249
2 5% 9 4%
35 95% 203 96%
Chi-square .100
Level of significance .751
Table 15
Question 11c: Do you believe a system developed by your
audit firm will have a stronger internal control
system as compared to other external firms?
Used Auditor for CAS in past 5 yrs
Total
Yes No
Question 11 c: 10 26
Yes 29% 13%
No 24 168
71% 87%
Total 34 194
Chi-square 6.577
Level of significance . 018
36
192
228


68
In the three tables above, only one of the three
relationships is significant, the comparison of the
audit firm with non-audit firms. Because a higher
percent of those who receive CAS from their auditor
believe controls are stronger, one can speculate that
they choose their auditor for this reason. The lack of
significance in the comparison with other Big Eight
firms indicates that the two are viewed as
interchangeable by respondents to this guestion.
Opinion regarding Satisfaction with Information
Requirements
Tables 16, 17 and 18 below describe respondents'
answers to an opinion question on CAS performed by their
auditor compared with other sources of CAS. They are
asked to evaluate the developer's ability to satisfy
organizational information requirements by comparing it
to their auditor's ability to satisfy the same
requirements.


69
Table 16
Question 12a: Do you believe a system developed by an
audit firm will better satisfy organizational
information requirements as compared to internally
developed systems?
Used Auditor for CAS in past 5 yrs
Yes No Total
Question 12a:
Yes
No
Total
Chi-square
Level of significance
5 13% 18 7%
34 87% 245 93%
39 263 302
1.724
. 189
Table 17
Question 12b: Do you believe a system developed by an
audit firm will better satisfy organizational
information requirements as compared to Big-8 audit
firms, other than yours?
Question 12b:
Yes
No
Total
Used Auditor for CAS in past 5 yrs
Total
Yes No
6 9
17% 4%
29 210
83% 96%
35 219
15
239
254
Chi-square
Level of significance
9.225
. 008


70
Table 18
Question 12c: Do you believe a system developed by an
audit firm will better satisfy organizational
information requirements as compared to other external
firms?
Question 12c:
Yes
No
Total
Chi-square
Level of significance
Used Auditor for CAS in
Yes No
5 15% 10 5%
28 85% 202 95%
33 212
5.409
. 020
past 5 yrs
Total
15
230
245
Analysis of Tables 16, 17 and 18 reveals that
the respondents who use their auditor for CAS are
significantly different from those that do not when
comparing their audit firm to other Big Eight firms (.01
level) and to non-audit external firms (.02 level).
When comparing their audit firm to internal staff the
difference is not significant. One can speculate from
these results that firms who use their auditor tend to
believe that the auditor will build systems better able
to meet their needs as compared to systems developed by
other Big Eight firms or to non-audit firms.


71
Criteria for Selection of CAS Provider
Introduction
Given nine criteria for chosing a particular
source of CAS, respondents are asked to check all the
items that apply. Their choices are summarized in this
section and are further analyzed to determine if their
choices are significantly different if they choose
their auditor for CAS.
Profile of Criteria for CAS Provider
Table 19 lists the results of questions 3
through 6 of the questionnaire. The columns report the
count of responses to each question and the rows
indicate the reason for the choice of consultant. Note
that the responses reported here do not distinguish
between respondents who received CAS in various years.
If a particular type of firm was used to develop a
system in any one of the five years 1984-1988, the
response is included under the heading for that type.
This table also includes duplicates. Firms that used
more than one type of firm to provide CAS are included
under all relevant headings.
Also, respondents could select more than one
reason for their choice of a particular type of


72
developer. However, firms are eliminated which checked
reasons for a choice but indicate that they did not use
that choice during the five years under study. These
respondents clearly did not understand the questionnaire
instructions. For instance, they checked "no" to the
question asking if they used their auditor to help
develop CAS in fiscal year 1984 through fiscal year
1988, but checked various reasons such as "sole
provider" in the next section of the questionnaire.
Percentages of total respondents are also
reported. The count of respondents indicating they used
their auditor for CAS is the denominator and the count
of those who chose a particular reason is the numerator.


73
Table 19
Reasons for Choice of CAS Provider
Provider
OTHER NON-
AUDITOR BIG 8 AUDIT INTERNAL
# OF RESPONDENTS: 46 53 105 285
REASON
SOLE PROVIDER 5 14 33 53
% of respondents 11% 26% 31% 19%
POS PREVIOUS 21 23 37 112
EXPERIENCE 46% 43% 35% 39%
% of respondents
FAMILIARITY 34 6 23 247
% of respondents 74% 11% 22% 87%
LOW COST 4 10 2 8 195
% of respondents 9% 19% 27% 68%
AVOID AUDIT 9 3 2 14
COMPLICATIONS
% of respondents 20% 6% 2% 5%
PREEXISTING 5 9 65 61
PRODUCT
% of respondents 11% 17% 62% 22%
RELIABILITY AND 18 16 26 119
STABILITY
% of respondents 39% 30% 25% 42%
ENSURE ADEQUATE 17 8 10 81
CONTROLS
% of respondents 37% 15% 10% 28%
OTHER 5 9 13 27
% of respondents 11% 17% 12% 9%


Analysis of Reasons for Choice of CAS Provider
Table 20 is similar to Table 19, but in Table 20
the duplicates are removed. If both auditor and other
Big Eight firms were used to develop systems during the
five year period under study, than the record is deleted
from the "other Big Eight" category and left in the
"Auditor" category. The counts in each category reflect
the reduction made to achieve mutually exclusive
categories.
Table 20 also includes Chi-square values. These
are computed using mutually exclusive pairs of sources
of CAS (auditor/other Big Eight, auditor/external
non-audit, and auditor/internal) for each of the nine
reasons for making the choice. The level of
significance for each Chi-square value is also included.


75
Table 20
Provider-Duplicates Removed
AUDITOR OTHER BIG 8 NON- AUDIT INTERNAL
# OF RESPONDENTS: 46 39 85 242
REASON
SOLE PROVIDER 5 12 26 45
% of respondents 11% 31% 34% 19%
Chi-square 5.22 6.42 1.61
Level of Sign . 02 . 01 .20
POS PREVIOUS
EXPERIENCE 21 15 28 91
% of respondents: 46% 38% 33% 38%
Chi-square .46 2.06 1.05
Level of Sign. . 50 . 15 .30
FAMILIARITY 34 5 18 211
% of respondents: 74% 13% 21% 87%
Chi-square 31.72 34.68 5.36
Level of Sign. . 00 . 00 . 02
LOW COST 4 6 18 161
% of respondents: 9% 15% 21% 67%
Chi-square .91 3.33 52.84
Level of Sign. .34 . 07 . 00
AVOID AUDIT
COMPLICATIONS 9 2 2 11
% of respondents: 20% 5% 2% 5%
Chi-square 3.90 1.50 13.49
. 05 . 00 . 00
PRE-EXISTING
PRODUCT 5 6 57 54
% of respondents: 11% 15% 69% 22%
Chi-square .38 37.80 3.03
Level of sign. .54 . 00 . 07
RELIABILITY AND
STABILITY 18 10 19 98
% of respondents: 39% 26% 22% 40%
Chi-square 1.74 4.15 . 03
Level of Sign. . 18 .04 .86


76
Table 20 (continued)
Provider-Duplicates Removed
OTHER NON-
AUDITOR BIG 8 AUDIT INTERNAL
ENSURE ADEQUATE CONTROLS 17 5 9 67
% of respondents: 37% 13% 11% 28%
Chi-square 6.41 13.05 1.61
Level of Sign. . 01 . 00 . 20
OTHER 5 8 12 22
% of respondents: 11% 21% 14% 9%
Chi-square 1.52 . 28 . 14
Level of Sign. .22 . 60 .70
Reasons for Choice of Other Biq Eiaht Firms
The Chi-square results indicate that the group
of respondents who use their auditor for CAS is
significantly different in some cases from the group who
do not use their auditor. The following is a list of
criteria for each combination of auditor and other Big
Eight sources of CAS in which a significant (to the .05
level) difference is observed and some speculative
reasons for that difference.
Sole Provider of Special Expertise
Sole provider of special expertise is given as
a reason for the choice by 31% of respondents who used
another Big Eight (other than their auditor), but only
by 11% of those who used their auditor for CAS. The


77
Chi-square indicates that the two groups are
significantly different. Since a firm's Big Eight
auditor should theoretically be interchangeable with
another Big Eight Firm in the area of CAS, one reason
for choosing another Big Eight is that it was the sole
source of a particular kind of service.
Familiarity with the Company
Familiarity is another area where the auditor
group is significantly different from other Big Eight
firms. Here, 74% of those who used their auditor for
CAS indicated this was one of the reasons while only 13%
of those who used other Big Eight firms chose it. These
percentages may lead the reader to speculate that one
reason for choosing one's auditor is that an advantage
is seen in the auditor's familiarity with the firm.
This is reasonable since the other firms have not had
the exposure to the company in question. In addition it
lends credibility to the theory that there is some
crossover of knowledge between the audit division of a
Big Eight and the computer consulting division. In the
eyes of the recipient, familiarity gained from the
auditors has a positive affect on the ability of
computer consultants to help develop new systems.
The AICPA's position [1985] is that the


78
knowledge spillover going both ways is a positive reason
for auditors to provide MAS to audit clients. "In MAS
engagements, CPAs gain an in-depth knowledge and
understanding of important aspects of a business
enterprise (AICPA [1985, p. 23]). Looking at the issue
from the consulting side they add "... knowledge of a
client's business, organization, and personnel gained
through audits make them an ideal source of advice to
management in the most cost-effective manner" (AICPA
[1985, p. 24]).
Avoid Future Audit Complications
Another reason that proves significantly
different between the two groups is "Avoid future audit
complications". If auditors were seen as substitutes
for other Big Eight firms there would not be a
significant difference here. However, the fact that 20%
of respondents who use their auditor do so to avoid
audit complications compared to 5% of those who choose
another Big Eight firm for the same reason, indicates
that the respondents believe they are more likely to
avoid audit complications if they choose their auditor.
Ensure Adequate Internal Controls
The final reason which is significantly
different between the two groups is "Ensure adequate


79
internal controls". The respondents who choose their
auditor for CAS gave this as a reason in 37% of the
cases while those chosing another Big Eight gave it as a
reason only 13% of the time. Again, there should be no
difference between one's Big Eight auditor and another
Big Eight firm in that both are staffed with competent
professionals. Yet there is a belief among respondents
that one's auditor provides better assurance that
adequate controls will be developed.
Reasons for Choice of Non-Audit Firms
Two reasons for choice of non-audit firms are
significantly different from the choice of one's
auditor. Those two are described below.
Availability of Pre-Existing Software Product
Availability of a pre-existing product is
significantly different between the two groups. Sixty-
seven percent of the respondents who used an external,
non-audit firm give this as a reason while only 11% of
those who used their auditor cite this reason.
Long Term Reliability and Stability
The other area of significant difference is to
ensure the client that the firm would be available to
help resolve problems with the product after it is


80
implemented. Thirty-nine percent of those who chose
their auditor give this as a reason while only 22% of
those who chose an external, non-audit firm identified
it.
Reasons for Choice of Internal Staff
The profile of the respondents who selected
their internal staff for systems development is not
similar to the profile other Big Eight firms and
non-audit firms. There are only three areas where there
is a significant difference between the group who use
their audit firm for CAS and the one which uses internal
staff.
Familiarity with the Company
The first area is familiarity. When internal
staff are used for CAS by respondents, the reasons
include familiarity 87% of the time. However, when
their audit firms are used for CAS, the reasons include
familiarity 74% of the time. The difference is
significant to the .01 level.
Low Cost
Another area of difference is cost. Sixty-seven
percent of the respondents who use internal staff for
CAS indicate low cost as a reason. This is in contrast
to use of auditor firms where low cost is given as a


81
reason only 9% of the time. This result is expected
because hourly rates of internal staff are typically
less than those of external firms.
Avoid future audit Complications
The final area of difference is in avoidance of
audit complications. As with other Big Eight and other
external, non-audit firms, avoidance of future audit
complications is selected by a relatively small
percentage of respondents who use internal staff for
systems development (5%). This result is not surprising
in that the trade-off of low cost would be the risk of
audit complications arising from staff who are not
familiar with control requirements evaluated by
auditors.
Analysis of Hypotheses
Introduction
In Chapter III, hypotheses were developed which
the questionnaire was designed to test. These are
reexamined here to determine if the actual results
confirm the hypotheses.
Hypothesis 1: Audit fees decrease when computer advisory
services (CAS) are received from one's audit firm
because the audit firm can reduce the time and effort


82
required to become acquainted with the computer system.
The findings of this research indicate that
there is a difference in fees for firms which use their
auditor for CAS, though the fees may be higher rather
than lower when compared to firms who do not use their
auditor for CAS. The regression analysis shows a
significant positive relationship when use of the
auditor was added as a variable in the analysis. See
Table 4. This indicates that firms using their auditor
for CAS tend to pay significantly higher audit fees.
This is the opposite of what was hypothesized, but tends
to confirm Simunic's findings. It should be noted that
the R squared statistic was only .24, indicating that,
with all available variables, only 24% of the variance
in fiscal year 1988 fees is accounted for.
When fiscal year 1988 audit fees are analyzed in
relation to fiscal year 1987 fees, the opposite impact
of auditor provided CAS on fees is noted. However, the
level of significance is only .31 which is not
significant. The R squared statistic is close to 1.00
for this relationship indicating that most of the change
in fiscal year 1988 fees can be explained by fiscal year
1987 fees. See Table 5. It may be that the impact of
1987 fee already has embedded within it the impact of
the receipt of CAS from the auditor, leaving little to


83
be explained by adding it as a separate variable. The
CAS could have been received in any one of many prior
years. In some subsequent year audit fees may have
changed as a result and the changed fee could have been
in effect for several years. The chances of CAS
impacting fiscal year 1988 fees which were not already
reflected in fiscal year 1987 fees is relatively small.
In addition, the insignificant results may also be the
result of relatively few sample cases in which the
auditor is used for CAS.
Another indication that fees are different for
firms which use their auditor for CAS is found in Table
7. Here firms are asked if they believe their fees
increased due to weaknesses in controls in their
computerized financial information systems. There is a
significant difference between the way the audit group
answered this question from the way the group who did
not receive CAS from their auditor. The results taken
as a whole are inconclusive, but it appears that audit
fees tend to be impacted by use of auditors for CAS.
Hypothesis 2a: Firms who receive both audit services and
EDP development services from the same audit firm
receive fewer audit opinion qualifications based on
computer system weaknesses and fewer incidences of


management letters which cite computer control
weaknesses.
84
Analysis of the data indicates that the opposite
may be true. Tables 9 and 11 indicate that firms who
use their auditor for CAS are more inclined to receive
qualified opinions or to have weaknesses noted in
management letters than those who do not use their
auditors. Because we do not have dates when the systems
were built we do not know if use of the auditor was a
cause of the weak system or a response to it. However,
relatively high numbers of respondents indicate that the
auditor built the system that caused the qualification
or weakness. Forty-four percent of the qualified
opinions are attributed at least partially to present
auditors as compared to 10% and 0% attributed to other
Big Eight firms and external, non-audit firms
respectively. With weaknesses, 17% indicate their
auditor is at least partially responsible as compared to
1% for other Big Eight and 14% for external, non-audit
firms. See tables 8 and 10.
It seems clear that there is a definite trend-
for firms that use their auditor for CAS to also be
subject to weaknesses in these systems. The firms in
question also believe that the auditor is also at least
partially responsible for building the weak system.


85
Hypothesis 2b: Companies tend to hire their audit firm
for EDP development services to ensure that the external
auditors will conclude that adequate controls exist in
the new system.
The research shows little variance between
respondents who use their auditor and those that do not
in opinions regarding the relative strength of controls
in systems developed by one's auditor. For the most
part both groups agree that, in their opinion, controls
developed by auditors are no stronger than those
developed by other sources. However, Table 19 indicates
that when a source is actually sought for CAS part of
the reason for choosing one's auditor is to ensure
adequate controls. The hypothesis is confirmed by the
former finding. Further, the fact that firms do not
believe the auditor builds stronger controls indicates
that there is an underlying belief in the subjectivity
of evaluations of controls systems.
Hypothesis 3: Audit firms which perform both CAS and
audit work are perceived by auditees to lose
independence.
Table 12 indicates that auditees believe that
auditors gain comfort in the new computer system from
discussions with their own systems development staff 38%


86
of the time and by relying on their firm's reputation
13% of the time. Less than half of the firms which use
their auditor for CAS believe the auditor performs at
least the same level of review as if the system were
developed by another firm. From the auditee's
perspective this can be construed as a loss of
independence by the auditor.
Table 19 indicates that the most frequent reason
for choosing one's auditor for CAS is familiarity. Thus
they believe that there is a crossover of knowledge from
the audit division to the consulting division which is
beneficial to the development effort. However, this
crossover may have a negative side effect on the
auditor's independence in regard to the opinion on
computer controls.
Hypothesis 4: Auditors and other Big Eight audit firms
are not perceived as substitutes by auditees seeking
computer advisory services (CAS).
There are clear differences observed between the
firms who use their auditor for CAS and those that use
other Big Eight firms. The choice of reasons for the
selection of providers is significantly different for
the following choices: sole provider of special
expertise, familiarity with the auditee, avoidance of
future audit complications, and insurance of adequate


87
internal controls. If other Big Eight firms were
perceived to be substitutes for one's audit firm when it
comes to CAS, there would not be these significant
differences. Therefore the hypothesis is supported by
this research.


CHAPTER V
SUMMARY
Summary of Results
This chapter analyzes the research findings in
an effort to arrive at meaningful conclusions. Because
the findings are not always conclusive and consistent
this chapter is for the most part speculative and
interpretive.
One finding of this research is that there is a
difference between firms who use their auditor for CAS
and firms that do not use their auditor. The ones that
do use their auditor receive more qualified opinions, and
are more often cited in management letters for weak
computer systems. It seems likely that the auditor is
being chosen after the fact to prevent further erosion
in controls. However, there are some indications that
the auditors helped develop these weak systems.
Audit fees for firms who use audit firms, their
own or other Big Eight firms, for CAS are also
significantly higher than for those that use non-audit
firms. This may indicate that these firms are
fundamentally different in that they are more complex


89
etc. and that these unknown factors are causing the
higher fees. These findings remain speculative because
the variables used to explain fees accounted for only
about 24% of the variation in fees between companies.
The literature includes analyses of the pros and
cons of auditor involvement in the systems development
life cycle and is generally supportive of increased
involvement. The theory is that the auditor's
background will help prevent problems such as internal
control weaknesses which are expensive or impossible to
correct after a new system is implemented. The
questionnaire asks auditees why they used their
auditors for CAS and their responses support the
direction espoused by the literature. Respondents
indicated that they choose their auditor for CAS to
ensure adequate internal control. But they also
indicate that they choose their auditor out of a desire
to avoid audit complications. On the other hand they
indicate they do not believe that computer systems
developed by auditors have significantly better internal
controls.
In addition there is a perceived crossover
between audit services and CAS services received from
the same audit firm. Auditees tend to believe that
their auditors perform a different level of audit work


90
on systems which were developed by their own firm as
compared to systems developed by other firms.
Another finding is that computer services from
one's auditor are not regarded as equivalent to those
received from other Big Eight firms. There is a
preference for use of one's own auditor for the reasons
cited above.
These findings taken as a whole indicate that
the choice to use one's auditor for CAS is a complicated
one which depends partly on the belief that an auditor's
evaluation of internal controls is subjective and that
choosing one's auditor may eliminate some risk of
controls being assessed as inadequate. When auditors
evaluate the systems developed by their own firm they
are seen to apply different analytical techniques and
therefore are perceived to lose independence where the
review of this system is concerned.
Topics for Future Research
This thesis will conclude with a discussion of
possible research directions for study of auditor
involvement in development of computer systems and its
affect on independence. An in depth study of a limited
number of firms which use their auditor for CAS would
yield a better understanding of how and why audit fees


91
change. Both this thesis and Simunic's [1984] research
indicate that this is a complex question involving many
variables. An in depth study over time may uncover
additional variables and lead to new insights as to the
influence of various types of management advisory
services (MAS) on audit fees.
One problem with the current research results is
that the regression analysis of fees for one year
explains less than 25% of the variance in fees. This is
in contrast to over 70% for Simunic's [1984] research
based on 1977 data. Future research needs to be done to
identify additional variables. Also, it may no longer
be reasonable to deflate fees using assets. The trend
toward service industries in the U. S. could be changing
the profile of companies making revenues a better
indicator of company size than assets. This is because
relatively few assets are needed to deliver most
services as compared to the manufacturing industry.
Various financial ratios might be used either in the
regression equation or used to deflate fees.
Another area that would lend itself to case
studies is the question of crossover of knowledge
between auditing and CAS. Is audit time actually
reduced as a result of prior CAS from the audit firm?
If so how many years of audit fees are impacted and what


92
is the extent of the impact? Further research is also
needed to determine how auditors actually evaluate
computer controls both for controls developed by their
audit firm and those developed by other firms. We know
from this research that the autitees believe there is a
difference but this may be a misperception.
The roles of internal auditors as compared to
external auditors need to be studied further as they
relate to development of computer applications. Much of
the work referenced in this thesis is research and
evaluations of and by internal auditors. Little
research has been done explicitly on external auditor
involvement in systems development. Further analysis is
needed of the role of the external auditor to determine
if the same role is being filled by both when they
participate in development, or if there are or should be
distinct functions for each.
This thesis focuses on the perception of the
users of audit services. Other research is needed to
determine the exact role of auditors in systems
development. Much of the discussion on the question of
independence is focused on the area of decision making.
Auditors typically state that independence is not
impaired if the involvement does not involve managerial
decisions on behalf of the client. However, the


93
particular services rendered vary widely within the
realm of non-involvement in decision making. No
research has been done to quantify the level of
participation in the various categories of involvement
in systems development by auditors, or to establish
which if any of these impair independence.