Putting Audit Approaches in Context: The Case of Business Risk Audits in Jordanija_

Transcription

1 International Journal of Auditing doi: /j x Putting Audit Approaches in Context: The Case of Business Risk Audits in Jordanija_ Modar Abdullatif and Husam Aldeen Al-Khadash The Hashemite University Large international audit firms are increasingly expanding their activities around the world and increasingly promoting the concept of a similar quality audit to be performed by all their worldwide offices and member firms. This strategy includes developing and using a similar audit approach globally. This study surveys the views of Jordanian auditors, mainly from audit firms with international affiliations, about how such an international approach, with emphasis on the currently popular business risk approach, is applied in practice by Jordanian audit firms and how appropriate and practical the application of such an international approach to auditing is in different contexts. The results of the study show that the business risk approach has been generally adopted by the larger Jordanian audit firms to varying extents, especially those which are full members of an international audit firm network. However, audit clients in Jordan face too many business risks, especially because of poor control systems, poor corporate governance structures, and unclear or non-existent corporate strategies and objectives. These risks have to be addressed by the business risk approach under very low audit fees. Such factors have led to the business risk approach not being applied in the way that the large international audit firms intended, and not achieving the approach s main objectives, leaving the audit profession with the question of how appropriate it is to adopt an international audit approach in different contexts. Key words: Business risk approach, international audit firms, international audit approach, audit fees, Jordan SUMMARY Correspondence to: Modar Abdullatif, The Hashemite University, Faculty of Economics and Administrative Sciences, Department of Accounting, P.O. Box , Zarqa 13115, Jordan. mod70a@yahoo.com, modar@hu.edu.jo This study surveys views of Jordanian auditors about how the business risk audit approach is applied in practice by Jordanian audit firms and how appropriate and practical the application of such an international approach to auditing is in a ISSN , 9600 Garsington Rd, Oxford OX4 2DQ, UK and Main St., Malden, MA 01248, USA.

2 2 M. Abdullatif and H. A. Al-Khadash different context from that where it was established. The importance of this study stems from the fact that international audit firms promote the application of an international audit approach covering procedures for audit planning, risk assessment and substantive testing, in order to achieve a more efficient, effective and trustworthy international audit (Buisman & Gilmour, 2008). Whether, or to what extent, the international audit firm can actually apply that in all countries is a questionable issue. Therefore, this study has the potential to contribute to our understanding of this issue by studying the application of the business risk approach, a currently popular approach to auditing applied by international audit firms (Lemon et al., 2000), in the context of a developing country, Jordan, which is very different, economically and socially, from countries where the approach initially originated. The business risk approach began to be developed and used by many international audit firms in the 1990s (Robson et al., 2007). In summary, it aims at a wider analysis of a client s risk profile in order to better assess the risk of material misstatements in its financial statements. This includes analysing a wide range of risks internal and external to the client, as business risks may lead, directly or indirectly, to the existence of material misstatements in the financial statements (Knechel et al., 2007). Such a focus requires from the auditor additional risk assessment efforts that target testing high-level entity controls and other business risks. This assessment has the potential to significantly change the audit programme and procedures. It is debatable whether an emphasis on assessing high-level entity business risks, and adjusting substantive testing according to that, is applicable in the same manner worldwide, especially in developing countries, where in many cases economic and social factors may be different from those in more developed countries. In this study, data was collected from semistructured interviews covering issues related to the business risk approach and its application in Jordan. The survey covered a sample of audit partners and managers from the ten largest audit firms operating in Jordan, most of which have international affiliations. These firms were selected because of their size and influence in the Jordanian audit market as auditors of major audit clients in the country, and because they are most likely to adopt risk assessment approaches, and particularly the business risk approach. The main results are that the existence and nature of the affiliation with an international audit firm seem to have a significant influence on what audit approach the Jordanian audit firm adopts, with adoption of some features of the business risk approach generally increasing with the existence and strength of the international affiliation. While application of some features of the business risk approach was reported by most firms surveyed, the results of assessing business risks were rarely taken into account when making some crucial audit decisions. In addition, since the results of the business risk assessments, after putting many audit hours into performing them, were generally unfavourable in Jordan, the application of the business risk approach did not tend to reduce substantive testing levels, and might have led to the necessity of even more substantive testing. Given that audit fees in Jordan are generally low, the demands of the business risk approach may jeopardise the quality of the audit if the fees are to be allocated to even more audit efforts. Most auditors interviewed therefore showed concern about how appropriate the application of this approach in Jordan is, and tended not to favour its application. INTRODUCTION The issue of audit approaches and their development has been prominent in audit research during the last decade (see, for example, Jeppesen, 1998; Lemon et al., 2000, Eilifsen et al., 2001; Ballou & Knechel, 2002; Kosmala MacLullich, 2003). This has especially featured in the debate over the new approaches to auditing adopted by many large audit firms, generally termed the business risk audit, and whether they are, or should be, the future practice of auditing (Jeppesen, 2005; Khalifa et al., 2005, 2007). A prominent issue in the discussion of audit approaches is the risk assessment practices of audit firms, including which types of risks, and at what levels, are emphasised in each approach, and what effect that selection might have on the type and quantity of evidence collection and substantive testing. In addition, international audit firms generally follow the policy of establishing an international approach to auditing (see Barrett et al., 2005). This includes a uniform audit approach with details on issues such as audit planning, risk evaluation and substantive testing. This is meant to serve the objective of a more effective and efficient audit,

3 Putting Audit Approaches in Context: The Case of Business Risk Audits in Jordan 3 coupled with more assurance to clients, especially multinational firms and their stakeholders, that the audit is undertaken in all the countries involved using the same set of work standards. In addition, the international audit firms generally apply a set of international quality control criteria to be applied in every individual country in which they operate, in order to improve the quality of their audits in different countries (Buisman & Gilmour, 2008). However, as with the transferability of accounting developments, the transferability of auditing developments in western countries to developing countries has been questioned in terms of the effects of economic and cultural factors on their suitability and actual application (Davidson & Chang, 2001). This paper investigates the issue of the application of international audit approaches in a developing country, Jordan. In particular, it investigates whether, how, and to what extent, such innovative audit approaches are applied in a different context than that where they were developed, and the role of internationalisation of the financial statements audit in this application. In addition, it investigates possible obstacles that face the implementation of these approaches in Jordan, and the role of some contextual factors, especially low audit fees, in that implementation. This is achieved by an interview survey covering a sample of audit partners and managers from the ten largest audit firms operating in Jordan. Most of these local firms have different sorts of affiliations (such as membership or correspondence) with international audit firms, including the Big Four and some other large international audit firms, while the rest are local or regional but without an affiliation with an international firm. The main issues covered in the survey are the nature of the audit approaches and risk assessment and substantive testing practices applied by each firm, with a specific emphasis on the business risk approach, the effects of the local Jordanian environment on the adoption and application of the business risk approach in practice, and the appropriateness of applying such an approach in the Jordanian context. The remainder of this paper begins with a literature review on audit approaches, factors affecting their application, and the internationalisation of audit approaches. This is followed by an introduction to the audit market environment in Jordan. Subsequent sections cover the research design, the main findings of the study, and conclusions. AUDIT APPROACHES The development of audit approaches The literature on audit approaches generally classifies four generations of audit approaches (Swift et al., 2000; Higson, 2003). The movement from one generation to another reflects the views of the audit profession on the objective of an audit and how it can be accomplished. The first generation of auditing featured detailed inspection of items in the books. This gradually moved to an approach based on sampling. During the 1960s and 1970s, the second generation of auditing was dominant and was known as the systems approach or the analytical auditing approach (Swift et al., 2000). This generation featured documenting the accounting information system and the internal control system and evaluating their usefulness. In areas where control systems were considered strong, this approach led to a reduction of detailed substantive testing. The third generation of audit approaches, known as the audit risk approach, began to gain popularity in the early 1980s (Higson, 2003). It suggests that decisions on the nature, timing, extent and staffing of audit tests should be risk adjusted (Fukukawa et al., 2006). It is therefore based on assessing and reducing to an acceptable level the risk that financial statements are materially misstated, in order to provide credibility to the auditee s financial statements, detect fraud and report going concern doubts, and provide advisory services to the auditee s management on matters associated with the financial statements (Porter et al., 2008, p. 43, figure 2.2). The model defines acceptable audit risk (AR) as the willingness of the auditor to accept that the financial statements may be materially misstated after the audit is completed and an unqualified opinion has been issued (Arens et al., 2008, p. 260). This risk is set by the auditor and is composed of three components. These are inherent risk (IR) (the probability that an account balance or a class of transactions contains a material misstatement before considering internal control), control risk (CR) (the probability that internal control will not detect or prevent a material misstatement on a timely basis) and detection risk (DR) (the risk that the auditor will not detect material misstatements by using auditing procedures). Both inherent risk and control risk are to be assessed by the auditor, while detection risk can be computed using the formula DR = AR/(IR CR) (Houston et al., 1999).

4 4 M. Abdullatif and H. A. Al-Khadash This approach is still used at present in some audits, even after the emergence of the fourth generation of audit approaches, known as the business risk approach, which is discussed in the following subsection. Current international auditing standards require elements from both the audit risk and the business risk approaches (Curtis & Turley, 2005). The business risk approach The business risk approach began to be developed and used by large audit firms during the 1990s (Robson et al., 2007). According to this approach, business risk can be defined as the risk that the client will fail to achieve its objectives (Arens et al., 2008, p. 218). The rationale behind this approach is that failure of the company in meeting its objectives enough times may ultimately lead to its own failure. It is also argued that although most business risks will eventually have an effect on the client s financial results, some may even have a direct impact on the financial statements, such as in the case of the business risk of a shrinking customer base and its effect on the valuation of inventories and receivables (Knechel et al., 2007). Therefore, the auditor concentrates on the factors, events and conditions that may prevent the company from achieving its business objectives, emphasising whether there are enough alarms to discover such risks before it is too late. The auditor has to learn more about the client s strategies and processes and business environment to understand whether the financial statements are fairly presented. It is argued that this will lead to doing a more rigorous audit that can better diagnose relevant risks and their possible effects on the financial statements (Bell et al., 2005). Therefore, it is clear that the major difference between the business risk approach and the audit risk approach (especially regarding inherent risk in the latter) is that while the audit risk approach considers the impact that inherent risks may have on the financial statements, the business risk approach considers the risks that inhibit the company from achieving its objectives without directly relating that to the financial statements (Gray & Manson, 2008). Thus, the business risk approach starts from the business and its processes and works down to the financial statements (Higson, 2003). This approach can be summarised as follows: The change in approach envisaged by the BRA [business risk audit] was to be achieved in two ways: first by changing the focus of the audit from financial statement risk to business risk: and second by changing the nature of audit testing from large volume tests of details to the testing of high level monitoring or supervisory controls supported by high precision analytical work (Curtis & Turley, 2007, p. 444). Several arguments were given by proponents of the business risk approach for its adoption. Peecher et al. (2007) argue that a shift to an audit approach based on strategic systems risk assessment better meets society s needs and demands for higher quality audits, especially if coupled with better knowledge by auditors in areas of strategic management, business policy and systems dynamics. Other reasons suggested for adopting the business risk approach include increasing audit efficiency and adding value to the audit from the client s perspective (Lemon et al., 2000; Cullinan & Sutton, 2002; Knechel, 2007) and enhancing decision making by allowing the auditor to focus on the most important risks (Choy & King, 2005). However, the business risk approach has been criticised for cutting back on substantive audit testing (Khalifa et al., 2005) and being limited in effectiveness in detecting fraud (Cullinan & Sutton, 2002). Empirical literature The business risk model has been empirically researched as to several issues. The relations between client risks and audit programmes have been documented by many studies, and such a relation was found to exist by most studies (see, for example, Quadackers et al., 1996; Johnstone, 2000). 1 Findings generally support the argument that business risk was taken into account in evidential planning, even before it became a popular audit approach in itself (Pratt & Stice, 1994; Walo, 1995). An important line of research on audit risk and its relation to evidential planning and audit programme design is the effect of the inclusion of business risk factors in the audit risk factors, especially after the widespread adoption of a business risk approach by large audit firms. Bedard & Johnstone (2004) found that high corporate governance risk was associated with more audit effort. Bell et al. (2001) found similar results

5 Putting Audit Approaches in Context: The Case of Business Risk Audits in Jordan 5 generally associating higher business risk with additional audit effort. In Japan, Fukukawa et al. (2006) found similar results concerning business risk, especially fraud risk. Studies directly comparing the audit risk and business risk approaches to auditing generally found that the adoption of the business risk approach has led to changes in planning and executing audit programmes. Houston et al. (1999) report that the business risk model dominated the audit risk model in practice when the risk of intentional irregularities was high. O Donnell & Schultz, Jr. (2003) found that using business risk software, compared to using traditional transactioncycle software, during the audit planning phase of analytical procedures led to identifying more risk conditions and assessing misstatement risk at higher levels. This result is similar to that of Kopp & O Donnell (2005), who found that training novices on evaluating internal control using a business process focus led to better results compared to training novices using a control objectives focus, thus suggesting that the business process focus helps novice auditors make better decisions. The existence of higher client business risks has also been found to lead to more concern by external auditors about the client s aggressive accounting practices (Chang & Hwang, 2003). Bierstaker & Wright (2004) found that the introduction of a business risk approach made auditors rely to a significantly higher degree on narratives in documenting and testing internal control compared to other formats commonly used, because it was considered more efficient and suitable to the new approach. In addition, Wu et al. (2002) found that when auditors adjust audit strategy for business risks, they increase analytical procedures rather than detailed substantive testing. Finally, O Donnell & Schultz, Jr. (2005) found that auditors who perform business risk assessments and develop favourable risk assessments are less likely to adjust accountlevel risk assessments for inconsistent fluctuations. They concluded that what they called the halo effect of business risk influences judgment by altering auditor tolerance for inconsistent accountlevel fluctuations. Another relatively negative result about the effectiveness of the business risk approach was reported by Bruynseels et al. (2006), who, counter to their own expectations, found that audit firms using a business risk methodology are less likely to issue a going-concern opinion for a firm that subsequently goes bankrupt and that they may be fooled by short term operating efforts to reduce financial distress (Bruynseels et al., 2006, p. 1). The relation of audit risk assessment to the level of audit fees was also documented in several empirical studies. In general, clients with high risks, and particularly higher business risks, were found to have to pay higher audit fees as a result. Houston et al. (1999) report the existence of a fee premium for clients with a higher likelihood of intentional irregularities, while Bedard & Johnstone (2004) report that clients with higher earnings manipulation risk and corporate governance risk paid higher audit fees. Niemi (2002) also found that audit fees included risk premiums as a result of the client being listed or having higher than average business risk. Similar results were found by Lyon & Maher (2005), who reported that higher audit fees were charged to clients as a result of misconduct, particularly in the case of disclosing their bribery of top government officials in developing countries, even if this act was not considered illegal or did not directly relate to the clients financial statements. However, in a Finnish study, Niemi (2005) found that audit fees and audit work hours were lower in the case of companies majorityowned by their management, and were higher for subsidiaries of foreign companies. In addition, Morgan & Stocken (1998) found that business risk is incompletely priced as a consequence of price competition by audit firms. The internationalisation of audit approaches As companies expanded, they started to operate in more than one country. These multinational companies found this strategy potentially useful for several reasons, including willingness to expand sales opportunities and to gain access to raw materials or other production factors, such as cheap labour (Radebaugh et al., 2006). According to Busco et al. (2007), governance of multinational companies, especially the relation between the headquarters and the foreign subsidiaries, can be applied according to three approaches: 1. The multinational approach: where there is little integration of activities across geographical areas, high decentralisation and a high level of product differentiation and local responsiveness.

6 6 M. Abdullatif and H. A. Al-Khadash 2. The global approach: where there is high centralisation of activities, decision making and control, and high product standardisation, with centrally-set global strategies. 3. The transnational approach: where there is a mix between centralisation and decentralisation, a worldwide integration of innovation and knowledge, and a shared flow of information among constituents of the multinational. This approach includes national responsiveness, but recognises a need for intense coordination and knowledge sharing (Busco et al., 2007). As a result of globalisation and the enlargement of the size of, and the geographical dispersion of, multinationals, international audit firms had to increase their own size and foreign access. This was done by establishing offices in countries where their major clients are located or by merging with foreign audit firms to maintain the service to their clients worldwide (Post et al., 1998) and to provide services to foreign clients. An important issue involved in this process was that, in order to better serve the general preference of multinational businesses, an audit firm should use the same audit approach worldwide (Wallage, 1993). Buisman & Gilmour (2008) argue that the modes of operations among international audit firms have varied in the degree of centralisation. International audit firms apply different forms of internal governance and decision making that may be similar to those mentioned by Busco et al. (2007). However, there is increasingly an application of a unified approach for international work, with at least certain technical functions and marketing strategy decisions being centralised (Buisman & Gilmour, 2008). The international process to auditing serves the large audit firms by assuring multinational clients of the quality of their worldwide audit, and by gaining efficiency and effectiveness of the audit by uniformity in the principal audit process components. In addition, the international approach to the audit can assist top management in identifying, measuring and controlling risks worldwide (Needles, Jr. et al., 2002). An international audit approach includes a single audit methodology with narrow definitions of different steps of an audit, such as planning, risk evaluating and evidence testing. This is coupled with applying an international quality control system, along with international product developments and international marketing and communication strategies (Buisman & Gilmour, 2008). Theoretically, an international approach to auditing would lead to increasing the level of quality of worldwide audits performed by the international firm, and lead to efficiency and cost savings by the audit firm through the use of similar procedures worldwide and the ease of exchanging personnel, etc. However, achieving both goals has in practice been limited by many factors. For example, certain regulations in some countries may lead to limited cost savings through the need to perform additional tailor-made audit procedures in each audit to ensure compliance with these rules (Buisman & Gilmour, 2008). Other factors include different local business practices, different levels of competence of local auditors (although there are common international training programmes applied by the firms) and language barriers that may make the auditor unable to get the full story, even when relying on translators (Radebaugh et al., 2006). In particular, cultural factors may have an important effect on the success of the international audit approach. These include, for example, the different perceptions of what auditor independence means or is considered appropriate, the different levels of willingness for confrontation with clients (or avoiding it), and the different perceptions of what is doubtful or risky (Doupnik & Perera, 2007). In addition, in developing countries the western capital market systems, consisting of large numbers of shareholders and creditors external to the companies, do not exist in the same way. This may lead to a lower need and demand for auditing in the developing country economy, a factor that may result in lower audit quality, especially if the legal liability regime is weak (Doupnik & Perera, 2007). In such an environment where the objectives of the auditing of financial statements and the demand for it vary across different countries, in addition to differences in culture, legal systems, capital market systems, corporate governance systems and other factors, an international audit approach would be a very demanding objective. International audit firms have to ensure the quality of their audits worldwide, but have to face different factors in different countries and deal with them when designing and applying the audit approach. The case of Jordan, as discussed in the following section, has the potential to contribute to our knowledge on how an international audit approach

7 Putting Audit Approaches in Context: The Case of Business Risk Audits in Jordan 7 can be applied in a different context to that where it has been established. Contribution of this study to the extant literature To the best of the authors knowledge, the issue of business risk auditing has not been investigated in detail by any research or professional study in Jordan. In addition, due to the relative modernity of the business risk approach to auditing, it is likely not to have been investigated in detail in many other developing countries. Even in the very few such cases the authors are aware of, it is worth noting that sometimes the results may be different because of the characteristics of the country studied (see the example of the Alnodel & Turley (2006) study in Saudi Arabia below). Therefore, this study has the potential to contribute to the literature on the internationalisation of auditing and development of international approaches by large audit firms. This is achieved by showing how the big firm audit is executed in a developing country, how that can be different from audits in more developed countries, and how appropriate the adoption of an international audit approach by a large audit firm might be. Although not all developing countries are similar in their economic and cultural characteristics, Jordan can arguably be considered as an example of a group of many developing countries where many international audit firms and many multinational companies operate, there is a relatively small emerging capital market, there are recent reforms on financial regulations aimed at increasing transparency and accountability, and there is formal adoption of International Financial Reporting Standards and International Standards on Auditing, although actual compliance with the full requirements of these standards is questioned (in the case of Jordan see, for example, the World Bank, 2004; Sweid, 2006; Thnaibat & Shunnaq, 2006; Al-Momany & Bdour, 2008). However, Jordan s economy is not prosperous and companies (including listed ones) tend to be closely-held with family member dominance, limited managerial accountability and low appreciation of the role of the external audit function in society, a factor that leads (among other factors) to low audit fees. It is clear that the business risk approach was established in developed countries, particularly Anglo-American countries, where economic and social factors are very different from those in developing countries such as Jordan. For example, in Anglo-American countries capital markets are much larger and more developed, listed companies have large numbers of shareholders (most of whom are outsiders to the company management), listed companies tend to separate ownership from management, there generally are well-established internal control and corporate governance systems in many listed companies, and public disclosure and transparency of accounting information is higher. As a consequence, the audit function is considered of much higher importance in the business community, and audit fees are significantly higher. However, international audit firms promote a unified international approach to auditing for reasons including efficient cost management and increased confidence in the results of auditing multinational companies (Buisman & Gilmour, 2008). It is therefore useful to see how such an international approach functions in different countries and whether the audit firms meet their objectives from that. THE AUDIT ENVIRONMENT IN JORDAN An introduction to the Jordanian environment The Hashemite Kingdom of Jordan is a constitutional monarchy located in the Middle East. It became independent in 1946, after being under British mandate. The main sectors of Jordan s economy are services, trade and tourism. Natural resources are relatively limited, and the country is not oil-rich. The country s service sector includes numerous financial institutions, hospitals, universities and other utilities. The state and the private sector have established many economic organisations, and a relatively good infrastructure has been built. Despite the effects of political instability in the region, the government has launched successive economic plans, and has established efforts to enhance the country s economic growth and reduce its economic problems. Jordan began an economic reform and adjustment programme in 1989, in cooperation with the World Bank and the International Monetary Fund. Jordan pursued economic restructuring with an aim of achieving a free market, along with a privatisation programme that saw the government transfer many utilities

8 8 M. Abdullatif and H. A. Al-Khadash and industries it previously managed to the private sector. The economic reform programme has achieved reasonable financial stability and control of inflation, but is yet to solve many economic problems, notably poverty and unemployment (Abdullatif, 2003). Currently, Jordan is a member of the World Trade Organization and has trade agreements with the European Union and the United States. The population of Jordan is about 6 million people, which makes it a relatively small market. Arabic is the main language used, but English is widely spoken, especially in business. Jordanian culture is generally affected by the Islamic religion, which most of the population embrace, and the general Arab heritage, known for robust hospitality and a close-knit extended family system (Beard & Al-Rai, 1999). Beard & Al-Rai (1999) classify Jordan as a high-context culture where subtlety and personal loyalties are used in business. They add: High-context cultures communicate a great deal of information non-verbally through personal status, family ties and known associates. In high context cultures, greater emphasis is placed on personal trust between business associates than on the technical details of a written contract. Subtlety and inference are highly valued as are the creation and nurturing of personal relationships. High context cultures express a strong preference for face-to-face communication (Beard & Al-Rai, 1999, p. 140). Using the popular Hofstede s cultural classifications (see Hofstede, 1984), the authors argue that Jordanian culture can be classified as relatively collectivist, with the effects of family relations and interdependence, although individual achievements are also considered important. Businesses are generally governed under a high power distance system, given the family and major shareholder dominance, and the very weak labour groups (if they even exist) in organisations. Businesses can also be described as having relatively strong uncertainty avoidance, with a degree of caution and secrecy in doing business, along with some intolerance towards deviant business ideas. Auditing in Jordan The development of auditing in Jordan has gone along with the development of the country itself. According to Abdullah (1986), the first audit firm to open in Jordan was George Khader s firm in Amman in Before that, auditors from Palestine used to undertake auditing in what was then known as TransJordan. After 1948, many auditors moved from Palestine to Jordan, and the profession in Jordan began to increase in size (Abdullah, 1986). At present, there are about 220 audit firms in Jordan, differing significantly in terms of size. Most firms are small, some with only one or two practising auditors. However, some audit firms are significantly larger in size, deal with much larger clients (including multinational clients operating in Jordan) and offer a range of financial services. The Jordanian Association of Certified Public Accountants (JACPA) has over 500 registered licensed members, of which about 350 are in public practice. Some practising auditors hold international auditing certificates, especially the American CPA. The Big Four international audit firms, along with several other large international firms, operate in Jordan through some sort of affiliation with a Jordanian audit firm. Some firms have a strong relation, generally termed by the audit firms as a full membership relation, while some have a weaker relation, generally termed by the audit firms as a correspondence relation. According to information gained through the interviews included in this study, in the former group, the Jordanian audit firm is a full member of the international audit firm. This generally includes local Jordanian partners regularly attending meetings at the firm s headquarters, the Jordanian firm having to strictly follow the international firm s audit approach and quality control criteria and be peer-reviewed on that by non-jordanian staff from the international firm, the Jordanian staff regularly taking training courses designed by the international audit firm and benefiting from any rewards associated with attending these courses, the Jordanian audit firm using the official name and logo of the international audit firm, either accompanied by or replacing the local name of the audit firm, etc. On the other hand, Jordanian audit firms which have a correspondence relation are not full members in the related international audit firm. This may mean that the related international audit firm does not want to give them full membership or that they are under a period of probation with the possibility of full membership to come after several years. This group of firms is under significantly less scrutiny by the international firms and has more freedom of selecting and

9 Putting Audit Approaches in Context: The Case of Business Risk Audits in Jordan 9 applying their own audit approaches and practices. However, they may benefit from the affiliation in terms of name reputation and reference by the international firm of its multinational clients operating in Jordan. Most of the Jordanian audit firms affiliated with an international audit firm have a relation that can be formally classified as a full membership. Jordan is committed to aligning its national corporate financial reporting requirements with the International Financial Reporting Standards and the International Standards on Auditing, and it has achieved significant steps towards achieving this objective, including issuance of a new Accounting Profession Law in The law sets guidelines on education and experience necessary for certification for public practice, and it also sets penalties to be given to auditors who violate audit laws and regulations. Based on the new law a high commission for the accounting profession was established. It is headed by the Minister of Industry and Trade, and has responsibility for regulating issues related to the accounting profession in Jordan. Its members include the Controller of the Companies in the Ministry of Industry and Trade and representatives from the Central Bank of Jordan, the Jordan Securities Commission, the Insurance Commission, and the Auditing Bureau, in addition to three elected auditors and one academic specialising in accounting. The High Commission of the Accounting Profession requires auditors to apply International Standards on Auditing. Monitoring auditors performance is generally not rigorous in Jordan. However, international audit firms which have affiliated audit firms in Jordan do practise their own monitoring and peer review in order to enhance the quality of their international audits. The system governing the audit profession in Jordan has a number of shortcomings. For example, the World Bank (2004) states that although JACPA has responsibility to draft its own bylaws and has disciplinary authority over its members, it lacks resources to function properly as an effective professional accountancy body. The World Bank (2004) also reports that JACPA lacks effective monitoring and enforcement mechanisms to ensure that auditors follow auditing standards and the code of ethics issued by the International Federation of Accountants (IFAC). This view is, to some extent, confirmed, for example, by JACPA s self-assessment questionnaire (IFAC, 2006), where it reports that although it has a quality control system in place to monitor member audit firms, such quality control checks have never been made. The questionnaire does not show details of any other actual cases of enforcement of any laws or monitoring their application. The World Bank (2004) also reports several problems facing the audit profession in Jordan. These include poor auditor independence (due to heavy reliance on few clients and strong personal relations with clients), poor following of audit procedures concerning related parties (especially important given the dominance of the family business system), poor use of external confirmation, poor use of the audit report (such as not qualifying it for departure from accounting standards), heavy reliance on management representations without obtaining corroborative evidence, and poor compliance with quality control requirements (including continuous education of auditors). The number of Jordanian public shareholding companies listed in Jordan is currently about 200. The audit firms of Allied Accountants (affiliated with Ernst and Young) and Saba and Co. (affiliated with Deloitte) dominate a large market share of the largest listed Jordanian clients, especially in the financial sector. However, there are many local private shareholding companies and partnerships operating in Jordan which are in many cases larger than some local publicly listed companies. This is in addition to a relatively large number of branches and other institutions related to multinational companies (usually registered in Jordan as private shareholding companies) operating in Jordan which are audited by Jordanian audit firms. All Jordanian publicly listed companies and privately listed companies and multinationals registered in Jordan are required to have their financial statements audited, in addition to Jordanian partnerships with a capital of Jordanian Dinars (JD) or above (1 JD = about 0.8 GBP or 1.41 USD). In total, the number of entities in Jordan required to have their financial statements audited by an external audit firm is about 20,000 auditees, of which about 1% are public shareholding companies listed on the Amman stock market, about 75% are private shareholding companies (Al-Muqbel, 2008), and the rest include large Jordanian partnerships. The current Companies Law and the current Securities Law do not specify in detail the financial reporting requirements for public shareholding companies or the

10 10 M. Abdullatif and H. A. Al-Khadash responsibilities of their auditors. As an alternative, the two laws include articles that require public shareholding companies to apply International Financial Reporting Standards and to be externally audited under International Standards on Auditing. This requirement has been in force since Most of the Jordanian external audit clients are closely held, with the senior management positions traditionally given to the largest shareholders and their direct relatives and relations. This corporate governance system clearly causes problems in applying an audit according to audit standards. All Jordanian public shareholding companies are required to establish audit committees, of which members are non-executive directors. However, under such a corporate governance system, the effectiveness of such audit committees may be limited (Abdullatif, 2006). Francis (2004) reports that audit quality is higher when boards of directors and audit committee members are more independent (more outside directors). This is rarely the case in Jordan for boards of directors, and while audit committee members are formally non-executive directors, they may have strong personal relations with managers, a fact that has a potential to affect their effectiveness and the quality of their company s external audit. This corporate governance system is likely to lead to a high power distance management system, where senior managers (who are themselves major shareholders) are not accountable to minority shareholders. This leads to a system where agency relations leading to an external audit do not apply in a manner similar to that which exists in western countries companies, the fact that may lead to lower audit quality and audit fees. In fact, the World Bank (2004) reports about Jordan that due to the attitudes of management in auditees and their misconception about the value-added by an external audit, in addition to severe competition among audit firms, audit fees are low and the quality of audits (measured by compliance with International Standards on Auditing) are generally sub-standard, even for large audit firms. In order to better analyse the previous argument by the World Bank (2004) and the situation of audit fees in Jordan in general, it is important to discuss in more detail some theories of demand on auditing and how they might be used to understand the demand on auditing in the Jordanian context. Three hypotheses have been generally suggested for explaining the demand on external auditing. These are (1) the stewardship (monitoring) hypothesis, (2) the information hypothesis, and (3) the insurance hypothesis (Wallace, 1991, 2004; Soltani, 2007). In summary, the stewardship (monitoring) hypothesis uses the agency theory framework where, for example, a manager of a company is not one of its owners and therefore may have personal interests that conflict with those of the owners who may mistrust the manager and consequently reduce his/her salaries and other benefits. The manager therefore has an incentive to hire an external auditor to monitor his/ her activities and report on them to the owners in order to improve his position in the company. Therefore, demand is created for an audit as a means of reducing costs arising from conflicts of interest between managers and owners (Soltani, 2007), since the monitoring capability of an audit is valued by shareholders, creditors and top managers (Wallace, 1991). The information hypothesis suggests that auditing financial statements is demanded by investors since it provides useful information leading to improved investment decisions (Wallace, 1991). External auditing is demanded since it is expected to lead to better financial reporting disclosure and lower chances for error and bias (Soltani, 2007), therefore reducing the risk of investments and improving the portfolio investment position of individuals (Wallace, 1991). The insurance hypothesis suggests that demand for auditing arises as a result of auditors deep pockets role in potential loss recovery for the investors (Wallace, 2004). For managers, external auditing is valued as a means of lowering litigation and related settlement costs by sharing responsibility for financial reporting with the auditor (Wallace, 1991). Similarly, shareholders and creditors may demand auditing as a means of protecting themselves in case of auditee insolvency and poor auditor performance, since the damaged parties can seek relief from the auditor, who may still have funds to compensate them in case of the auditee s bankruptcy. Auditors will have to perform a thorough audit to protect themselves from personal loss (Soltani, 2007). The arguments included in these hypotheses may be arguably relatively sound in capital market systems of developed countries, but in the Jordanian context where the capital market is weak and the separation of ownership and management of companies is limited, these arguments may be used for concluding that a low demand for an external audit function will exist. Given the limited

11 Putting Audit Approaches in Context: The Case of Business Risk Audits in Jordan 11 separation of ownership and management, the role of the external audit as a monitor of the manager s performance is limited, as is its role in reducing the costs of conflicts of interests between managers and owners, given that managers are in many cases major shareholders. As for the role of minority shareholders who are small and do not participate in executive management or in boards of directors, the financial markets of the Middle East and North Africa region, including Jordan, are generally not responsive to the minority shareholders needs and rights (Naciri, 2008). As for the information hypothesis, owner/manager investors do not have to wait for formal audited financial statements to aid their investment decisions, as they are insiders to the companies and can therefore gain access to desired information. In addition, owner/manager investors would not think of an auditor as an insurer against potential loss to the same extent that might apply to external shareholders or creditors, since, as insiders, they cannot simply place the blame for the company s failure on the auditor alone and sue for compensation. This can be added to the fact that litigation against auditors in Jordan is very limited. Therefore, in an environment like Jordan, demand for an external audit is arguably low. Given the low level of demand for an external audit in Jordan, a main problem facing auditors in Jordan is the relatively low level of audit fees, compared to levels of audit fees in more developed countries and several other countries in the Middle East region. Although this has somewhat eased a little recently due to the influx of foreign audit clients and the introduction of more demanding laws on issues related to auditing, accounting and corporate governance, it still remains a main issue and has the potential to jeopardise the quality of audits conducted in the country. As part of this study, the authors documented annual audit fees in Jordanian public shareholding companies, based on a sample of 60 companies. The range of audit fees in Jordan for public shareholding companies, based on year 2005 reports, was from about JD 2,000 to about JD 30,000 per company per annum. This is exclusive of banks, where the figure may rise to about JD 150,000 for the largest bank. Although published data is generally unavailable on audit fees of private shareholding companies, partnerships and sole proprietorships, 2 the figures are generally expected to be sometimes much lower than those of public shareholding companies. Many interrelated reasons may be suggested for such a low level of audit fees. The main reason, as discussed above, is the low level of demand for audit quality, given that the main arguments for a high demand for an audit do not exist in the Jordanian environment. Agency conflicts are arguably low for most local audit clients, regardless of their size, because they tend to be family-owned and not publicly listed. Even when such clients are publicly listed, they are likely to have dominant shareholders/managers, a factor that usually leads to lower audit fees (Hay et al., 2006). A related reason for low audit fees is that due to the relatively large number of audit firms in the Jordanian market (about 220), coupled with the possibility that many managers of audit clients view auditing to a large extent as a legal requirement and view price as a significant factor in selecting an audit firm, strong competition will exist among audit firms based on lowering audit fees. Additional explanations of this issue may include the facts that there are not expected to be any serious negative outcomes for audit clients switching audit firms, and that the level of litigation risk against audit firms is relatively low and without severe penalties in case of deficient auditor performance. Finally, another possible reason for low audit fees, suggested by some interviewees in this study, may be that due to the relatively collectivist nature of Jordanian society, an audit may be seen as part of a plan to gain much more revenue from auditing and other financial services by making a client refer the audit firm to other clients from his relatives or clan (see below). THE RESEARCH DESIGN The research was undertaken in three stages. First, the existing literature was reviewed to investigate similar studies and gain an overview of the main arguments included in the literature. Second, data was collected in a programme of semistructured interviews to draw on the views of key practitioners concerning issues related to approaches to dealing with audit risk, especially the business risk approach, and their application in Jordan. This technique was used because of the novelty of the issues covered as regards the Jordanian environment, and to allow the interviewees to explain their ideas and highlight areas they consider of particular interest, and enable discussion of certain responses in greater depth (Horton et al., 2004). Finally, data analysis