Risk-Based Auditing, Strategic Prompts, and Auditor Sensitivity to the Strategic Risk of Fraud

ABSTRACT Under risk-based auditing, more (fewer) audit resources are allocated to accounts that are more (less) likely to be misstated. However, if auditors do not anticipate the strategic risk that arises when client managers anticipate auditors' risk-based resource allocations, undetected misstatements among ostensibly low-risk accounts could be more common than traditional risk assessment procedures suggest. Using a laboratory experiment, I find that participants assuming the auditor role in a stylized audit game do not naturally attune to strategic risks, but instead focus resources toward accounts with high non-strategic risk and away from ostensibly low-risk accounts. Manager-participants exploit these allocations by overriding the low-risk accounts more often than accounts with high non-strategic risk. However, auditor-participants who are asked to predict managers' expectations of, and responses to, audit resource allocations, devote additional resources to the low-risk accounts. These results are robust to the level of available audit resources.