Accounting, Organizations and Society 32 (2007) 463–485

www.elsevier.com/locate/aos

It’s all about audit quality: Perspectives on

strategic-systems auditing q
Mark E. Peecher, Rachel Schwartz, Ira Solomon *

Department of Accountancy, College of Business, University of Illinois at Urbana-Champaign,

1206 S. Sixth Street Champaign, IL 61820, United States

Abstract

We discuss the antecedents of and rationale for what has become known as Strategic-Systems Auditing (SSA). We
also describe the conceptual foundation and key elements of SSA. We observe that the auditor employing SSA con-
ceives the audit as a process of evidence-driven, belief-based, risk assessment. We also illustrate facets of this process,
including how the auditor, by acquiring a rich understanding of how and how well management is executing its busi-
ness-model, develops rich (e.g., distributional) expectations of future financial-statement amounts and disclosures.
These expectations form a benchmark against which the auditor later compares and investigates management’s asserted
financial-statement amounts and disclosures. Finally, we pose and respond to some of the more common questions
about elements of SSA and complete the paper by suggesting some educational innovations and high-value targets
for research.
One salient message is that SSA first emerged in the 1990s as an attempt to enhance audit quality in response to
changes in the audit environment. Another salient message is that SSA continues to equilibrate, adapting to more recent
environmental changes, especially society’s demand for greater protection from financial-statement fraud. Such adap-
tation requires ongoing, significant intellectual investments by audit practitioners and audit scholars/educators.
 2006 Elsevier Ltd. All rights reserved.

Introduction

q
Parts of this paper are based on a presentation made by Tim
Bell (KPMG LLP) and Ira Solomon at the Shanghai National
Accounting Institute Conference on Business Risk Auditing,
September 2005. In addition, we thank Tim Bell for his
comments on earlier versions of this paper.
*
Corresponding author. Tel.: +1 217 333 2451; fax: +1 217
244 0902.
E-mail address: isolomon@uiuc.edu (I. Solomon).
Our perspective as auditing scholars and educa-
tors is that Strategic-Systems Auditing (SSA) is
and always has been about audit quality. During
the mid-1990s SSA, a new approach to public
company audits, emerged in response to changes
in the nature of value creation activities at a rising
number of business organizations (see, for

0361-3682/$ - see front matter  2006 Elsevier Ltd. All rights reserved.
doi:10.1016/j.aos.2006.09.001
464 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
example, Bell, Marrs, Solomon, & Thomas, 1997;
Bell, Peecher, & Solomon, 2002). These changes,
which altered organization’s business strategies
and processes, surfaced in response to an interac-
tion of several factors, most notably innovations
in information, transportation, and communica-
tion technologies, resulting in greater globalization
and organizational connectedness (Friedman,
2005). At the same time, more complex valuation
assertions began to prevail in financial statements
that reflected audited entities’ business risks (Bell
et al., 1997, pp. 43, 69). Today, these trends con-
tinue, and they are accompanied by a heightened
demand for greater protection from financial-
statement fraud. SSA was an appropriate and nec-
essary means of enhancing audit quality in the
1990s, and it is all the more so today.
Public company auditing does not exist in a
vacuum. Indeed, auditing approaches evolve
endogenously in response to changes in society’s
information needs, regulations, business organiza-
tion’s value-creation processes, and available
accounting and audit technologies. Moreover,
changes in audit approaches simultaneously influ-
ence and have been influenced by conceptions of
the audit. The US Securities and Exchange Com-
mission’s (SEC’s) ruling in the late 1930s in the
McKesson and Robbins case provides an example
(Brief, 1982). Prior to that ruling, US external
auditors apparently conceived the external audit
largely as an investigation of the consistency of
financial-statement amounts with various inter-
nal-to-the-client-organization accounting records
and documents. The McKesson and Robbins
inventory and accounts receivable fraud high-
lighted the limitations of such a conception of
the audit, and the SEC ruling in the case, essen-
tially mandating inventory observation and confir-
mation of accounts receivable, changed the way
external auditing in the US is conducted and
conceived.
Globally, there has been an unprecedented level
of alleged corporate lootings during the first dec-
ade of the 21st century, with public-company
financial statements often being used to perpetrate
and/or hide the wrongdoing. The names of the
companies involved have become synonymous
with corporate dishonesty and excess – e.g.,
Enron, Waste Management, WorldCom, Royal
Ahold, and Parmalat. Cases like these stimulated
considerable regulatory reform, including the
Sarbanes–Oxley Act of 20021 in the US, thereby
communicating in a loud and clear voice to pub-
lic-company auditors that society’s expectations
were not being met. Indeed, there now is more
clarity around and heightened expectations for
the level and nature of auditor responsibility for
financial-statement fraud, i.e., reasonable assur-
ance is high assurance for material misstatements
irrespective of whether they are unintentional
(error) or due to fraud.2 As more fully discussed
later, these clarifications reinforce our belief that
SSA is an important and valuable innovation in
public company auditing.
Because SSA is a response to features of the
audit environment, we begin the remainder of this
paper with a Section called ‘‘The contemporary
audit ecology.’’ Then, in the Section ‘‘What is
SSA?’’ we describe key elements of SSA and
explain that it embraces the view that audits most
fundamentally involve evidence-driven, belief-based
risk assessment. The Section ‘‘SSA illustrations’’
then describes how selected elements of SSA work,
including how, under SSA, the auditor can
develop rich (e.g., distributional) expectations of
financial-statement amounts and disclosures to
use for ongoing risk assessment purposes. In the
Section ‘‘What’s controversial?’’ we consider some
of the more contentious issues relating to SSA. We
complete the paper with the Section ‘‘Concluding
remarks’’ by observing some implications for edu-
cation and research. A couple of disclaimers are in
order before we proceed. First, while we are aware
that many persons would group several audit
approaches together under the title of Business
Risk Auditing, we only discuss below the anteced-
ents, elements, and implications of SSA. Other
audit approaches share some, but not all, of the
1
The Act’s formal title is Public Law No. 107-204: An Act to
protect investors by improving the accuracy and reliability of
corporate disclosures made pursuant to the securities laws, and
for other purposes.
2
See, e.g., International Standards on Auditing 240 The
Auditor’s Responsibility to Consider Fraud in an Audit of
Financial Statements, –21 in IAASB (2005).
 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
SSA elements, and thus, are beyond the scope of
this paper.3 Second, the discussion herein is
framed mainly from a US perspective. That said,
much, but perhaps not all, of what follows is likely
to be applicable across many audit geographic and
institutional domains.
The contemporary audit ecology
There are many ways in which one can charac-
terize an environment as complex as the audit
environment. We choose to emphasize four dimen-
sions of the audit environment of today:
(1) Audited entities are employing new business
models,4 business strategies, and processes;
there are reduced barriers to competition;
the pace of change is accelerating.
(2) There is heightened concern about and
responsibility for detecting management
fraud resulting in misstated financial
statements.
3
Some authors characterize business-risk auditing as any
form of auditing that incorporates client–firm strategy and/or
business risk into the assessment and planning of audit risk (see,
e.g., Curtis & Turley, 2006; Robson, Humphrey, Khalifa, &
Jones, 2005), while others characterize it as any form of
auditing that considers client business risk as part of the audit
evidence process (e.g., Knechel, 2005). SSA, under these
characterizations, would be a form of business-risk auditing.
We believe that SSA is distinctive, however, because of its
collective emphasis on complex systems, systems thinking,
evidentiary triangulation, non-sampling risk, and viewing the
entire audit as a recursive process of evidence-driven, belief-
based risk assessment. Further, although SSA is associated with
KPMG’s LLP audit methodology circa 1997–2006, the manners
in which SSA has been and will continue to be implemented
remain open empirical questions.
4
Chesbrough and Rosenbloom (2002) discuss antecedents to
the term business model and note that this term generally is
loosely defined. They cite one explicit definition for which they
credit the consulting firm KMLab, Inc.: ‘‘a description of how
your company intends to create value in the marketplace. It
includes that unique combination of products, service, image,
and distribution that your company carries forward. It also
includes the underlying organization of people and the oper-
ational infrastructure that they use to accomplish their work’’
(p. 532).
465
(3) There is consistent evidence that, although
infrequent, when audit failures occur, they
are typically due to inadequate control of
non-sampling risk/error.
(4) The Audit Risk Model (ARM) persists as a
prominent aid for planning the audit and
organizing audit quality control efforts on
individual engagements.
The context of business has a profound impact
on client organization’s business risk (i.e., threats
to the organization’s business model) and, in turn,
on audit risk.5 In today’s business world, advance-
ments in communication, information and
transportation technologies have created a hyper-
competitive environment. No longer, for example,
does geographic proximity generally provide a
major competitive advantage. Indeed, potential
competitors and innovations can and do come
from virtually anywhere around the globe. Simi-
larly, many businesses create value less via deploy-
ment of tangible assets and more by creating and
deploying intangibles such as intellectual property
and business processes. These new business models
have stressed the financial reporting system, ele-
vating the presence and import of estimates, espe-
cially valuation estimates, highlighting the role of
judgment in the accounting. And, in today’s busi-
ness world the pressures, opportunities, and
rewards for earnings management, and even for
outright financial-statement fraud, are as great as
anytime in the past.
Despite business model complexity and earnings
management threats, the external auditor must
opine on the veracity of financial statements.
Financial statements capture retrospective and for-
ward-looking consequences of business model
complexity via numerous estimates and intricate
disclosures. The auditor must develop expectations
that help gauge the reasonableness of estimates and
disclosures as well as strategies for acquiring addi-
tional, sufficient evidence to attest to their veracity.
5
We define audit risk more formally later; for now, audit risk
can be thought of as the possibility that the auditor will issue an
inappropriate opinion when the financial statements contain
one or more material misstatements (i.e., departures from
generally accepted accounting principles).
466 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
It is now generally recognized that the auditor’s
expectations and evidence acquisition strategies
need to be conditioned on a rich understanding
of the client’s business model. Indeed, the auditor’s
understanding of the client’s business model and of
changing industry conditions is generally recog-
nized as a critical part of the understanding on
which the auditor’s opinion ultimately rests (see,
e.g., ISA 315 in IAASB, 2005).
Related, in response to revelations/allegations
of financial-statement fraud during the first few
years of this decade, the auditing profession in
many countries has been transformed from a
self-regulated to a government-regulated industry.
A substantial focus of the regulation has been
financial-statement fraud, especially clarifying the
auditor’s responsibility with respect to fraud. That
is, reforms stimulated by the alleged financial
reporting shortcomings have now clarified that
reasonable assurance is high assurance even with
respect to misstatements in the financial statement
that are due to fraud (see, e.g., ISA 240 in IAASB,
2005). The motivation for such regulatory clarifi-
cation is clear when one reflects on the history of
the issue, especially as documented in the US
authoritative guidance.
Early audits focused on detection of book-
keeper fraud (see related discussion in the Section
‘‘What’s controversial?’’). Later, as corporations
began to emerge as popular business structures,
there was a concomitant shift in the external audi-
tor’s focus from detection of bookkeeper fraud to
fair presentation of income in accord with
accounting principles. Such fair presentation can
be compromised by intentional and unintentional
misstatements. While generally accepting responsi-
bility for the latter, auditors have tried in a variety
of ways to minimize their responsibility for inten-
tionally distorted financial statements. Intentional
distortions can arise when there is employee mis-
appropriation of assets, but more importantly,
they can arise when management misappropriates
assets and/or distorts the financial statements.
Various incarnations of authoritative guidance in
the US reflect the reluctance of external auditors
to accept significant responsibility for detection
of financial-statement fraud, especially when fraud
was perpetrated by high-level management.
For example, per SAS No. 16, The Independent
Auditor’s Responsibility for the Detection of Errors
or Irregularities (AICPA, 1977), the auditor’s
responsibility was primarily to react to indicia to
fraud should they come to the auditor’s attention
during the normal course of events. Per SAS No.
53 The Auditor’s Responsibility to Detect and
Report Errors and Irregularities (AICPA, 1988),
the auditor had the responsibility to plan and per-
form the audit to obtain reasonable assurance that
any material misstatements (including those
caused by fraud) would be detected. This docu-
ment also offers illustrative client business risk fac-
tors that may indicate an elevated fraud risk. In
SAS No. 82 Consideration of Fraud in a Financial
Statement Audit, the AICPA (1997) attempted to
further clarify the auditor’s responsibility by stat-
ing that the auditor should specifically assess the
risk of material misstatements that are due to
fraud. This pronouncement also required the audi-
tor to document the fraud risk assessment. SAS
No. 99 Consideration of Fraud in a Financial State-
ment Audit (AICPA, 2002) is a more recent
attempt to spell out what society expects from
the auditor with respect to financial-statement
fraud. Two of its main innovations require the
auditor to brainstorm about the risk of material
misstatement due to fraud, regardless of any past
honest dealings with entity management. Its utility
for improving the auditor’s assessment of fraud
risk, however, remains an open question.
Importantly, there now is considerable evidence
that when financial-statement fraud has occurred
and the auditor has not detected it, it is quite likely
that the client organization senior management
has been involved. Specifically, the SOX Section
704 report on the Causes of Fraud and Audit Fail-
ures (SEC, 2003) reveals that in just over 80% of
the cases studied, at least one member of senior cli-
ent management has been implicated. The report
concludes that senior managers who commit such
fraud commonly are motivated by a desire to meet
earnings and other expectations-based targets.
And, importantly, such senior managers often
have aligned the accounting records and books
as well as supporting documents generated by
the accounting system with the fraudulent misrep-
resentations. As an example, in at least one case,
 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
the internal calendar of a company’s computers
was manipulated at the behest of senior manage-
ment to conceal fraud. Consequently, traditional
substantive tests of details as well as traditional
tests of controls were unlikely to be effective for
fraud detection in that situation.
Related, the report cites auditor judgment
errors like the following as the culprit in most, if
not all, of these situations:
• Failure to obtain sufficient understanding of the
client’s business.
• Failure to sufficiently corroborate manage-
ment’s representations and explanations.
• Failure to exercise professional skepticism on
unusual, last minute, or related party
transactions.
• Failure to conduct adequate risk assessments.
In our view, the last shortcoming above is very
much a consequence of the others, especially the
first shortcoming. That is, inadequate risk assess-
ments would be virtually inevitable if an auditor
were not to obtain a deep and robust understand-
ing of the client’s business and industry. And, the
other shortcomings are likely to follow as well, if
the auditor lacks such an understanding.
So, having elucidated the criticality of judgment
errors, one might next pose the question—what
guidance is there for auditors with respect to
how to minimize such errors in the contemporary
audit ecology? Unfortunately, while the guidance
in international auditing standards is superior to
that in extant US public company auditing author-
itative guidance, improvement is in order across
the board. Indeed, it may very well be that extant
authoritative guidance focuses the auditor in the
wrong direction. We consider the following formu-
lation of the Audit Risk Model (ARM) to drive
this concern home:6
6
The ARM first appeared in equation form in 1972 in
Appendix B of AICPA Statement on Auditing Procedure No. 54
Precision and Reliability for Statistical Sampling in Auditing.
The Auditing Standards Board later included a similar equation
in SAS No. 39 Audit Sampling (AICPA, 1981).
467
Audit Risk ðAURÞ ¼ Inherent Risk ðIRÞ
 Control Risk ðCRÞ
 Detection Risk ðDRÞ
where
AUR: The risk that the auditor expresses an
inappropriate audit opinion when the
financial statements are materially
misstated.7
IR: The susceptibility of an assertion to a
material misstatement assuming that there
were no internal controls.8
CR: The risk that a misstatement that could
occur in an assertion and that could be
material, individually or when aggregated
with other misstatements, will not be pre-
vented or detected and corrected on a
timely basis by the entity’s internal
controls.
DR: The risk that the auditor will not detect
misstatements that could be material indi-
vidually or when aggregated with other
misstatements.
Sometimes IR and CR are combined into a sin-
gle term, Risk of Material Misstatement (RMM),
defined as the risk that the financial statements
are materially misstated prior to the audit. Because
the ARM was designed to aid the auditor in the
selection of sample sizes that would achieve audit
objectives, DR often is decomposed in AP and
TD, the detection risk associated with analytical
procedures and tests of details, respectively. And,
TD often is decomposed into sampling and non-
sampling risk, with the latter then defined to be
7
ISA 320 Audit Materiality defines materiality as information
is material if its omission or misstatement could influence the
economic decisions of users on the basis of the financial
statements. Materiality depends on the size of the item or error
judged in the particular circumstances of its omission or
misstatement. Thus, materiality provides a threshold or cut-off
point rather than being a primary qualitative characteristic which
information must have if it is to be useful (–3).
8
Assertions include, existence or occurrence, completeness,
rights and obligations, valuations or allocation, presentation
and disclosure (ISA 500 Audit Evidence, –15–18).
468 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
outside the domain of the ARM.9 Consider further
the following:
• Audit Risk (AUR) is jointly determined by (a)
whether the financial statements are materially
misstated prior to the external audit (i.e.,
whether material misstatements exist in the first
place), and (b) the likelihood that the auditor
will not detect material misstatements during
the audit, should they exist.
• Because, for a variety of reasons, the auditor
cannot know (a) with certainty, the auditor
assesses the risk of the existence of material
misstatements by identifying and assessing a
variety of states outside of the audit whose pres-
ence can heighten RMM, or that reveal the exis-
tence of actual material misstatements.
• According to the current authoritative guidance
in the US, RMM exists independently of the
audit, and is assessed by the auditor through
the exercise of professional judgment.10
• DR is assessed and managed by the auditor.
• Judgment errors in assessing RMM or any of its
elements are likely to cause the auditor to mis-
assess and, in turn, mismanage DR. As a conse-
quence, AUR is likely to be higher than
targeted.
Importantly, current authoritative guidance
(e.g., SAS No. 39 AICPA, 1981) generally makes
9
Non-sampling risk [a]rises from factors that cause the
auditor to reach an erroneous conclusion for any reason not
related to the size of the sample, whereas sampling risk arises
from the possibility that the auditor’s conclusion, based on the
sample may be different from the conclusion reached if the entire
population were subjected to the same audit procedure (IAASB,
2005, Glossary of Terms, –129).
10
RMM is not truly independent of DR. The mere existence
of the audit, and the client’s awareness of the methodology that
will be applied by the auditor, can impact RMM. For example,
client awareness of the procedures the auditor will apply may
serve as a deterrent to material misstatement, and it also can
provide the client who wishes to strategically deceive the
auditor with insight about how and where to place intentional
material misstatements so that they may go undetected. Also,
technically speaking, it is a variety of business states that exist
independently of the audit, and to which the auditor directs
attention to make assessments of RMM.
rather cavalier statements such as the following
about how to minimize judgment errors: ‘‘Non-
sampling (judgment) risk can be reduced to a
negligible level through such factors as adequate
planning and supervision. . .’’ History tells us,
however, that doing so is no trivial matter, espe-
cially using traditional audit approaches.
Perhaps, in part, because the ARM does not
emphasize non-sampling risk, neither audit
approaches nor historic audit standards tradition-
ally focus the auditor’s attention on the identifica-
tion and mitigation of non-sampling risk factors
(e.g., factors that elevate the likelihood of auditor
risk-assessment error). Nor do they provide the
auditor with guidance about how different evi-
dence acquisition strategies likely affect the audi-
tor’s propensity to underestimate non-sampling
risk. In other words, even though audit risk assess-
ment is quite complex and inevitably subject to
assessment error, even by audit experts (Bell, Pee-
cher, & Solomon, 2005), the traditional auditor’s
attention may well be miss-directed away from
non-sampling risk, likely to a degree that is detri-
mental to audit quality. As we explain next, SSA’s
risk assessment orientation emphasizes non-sam-
pling risk and views mitigation of non-sampling
risk as a key to sufficiently driving down audit risk.
What is SSA?
In the preceding paragraphs we have summa-
rized several crucial trends in business models,
intangible value drivers, information technology,
and societal expectations of the auditor. These
trends jointly shape the 21st century financial-
statement auditing context. In light of this context
we next describe our view of the objective of finan-
cial statement auditing, and then highlight how
SSA is well suited to help the auditor attain this
objective. Thereafter, we discuss examples of SSA.
The financial statement auditor aspires to pro-
vide high assurance about the extent to which
management’s financial statement representations
fairly depict select entity business states (EBS in
Fig. 1). Entity business states are all of the entity’s
business strategies, conditions, processes, and eco-
nomic actions/events, as well as past, current, and
 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485 469

The Financial Reporting Process Culminates in Representations of Entity Business States

Suppliers Customers Controls Over

Financial Reporting General Purpose F/S

Automated
Processes

Audited
Entity

Alliance Ptrs. Competitors

Journals & Ledgers MD&A
Manual
Applicable Processes
Reporting
Framework
Regulators Capital Mkts.

Entity Management Management

Business Information Business
States Intermediaries Representations

Fig. 1. The audit addresses whether management’s financial statement representations fairly depict select entity business states. (From
Bell et al. (2005). Used with permission.)

likely future business relationships with other enti-
ties (Bell et al., 2005, p. 4). The auditor’s concern
extends to the subset of EBS of potential relevance
to any assertion(s) associated with the entity’s
financial statements.
As Fig. 1 illustrates, management builds and
maintains a bridge between EBS and its finan-
cial-statement representations; we call this bridge
management information intermediaries (MII).
These intermediaries include financial reporting,
internal control, and risk management frame-
works, computer networks and information sys-
tems, as well as documentation and human
information processing. Such intermediaries
gather intelligence about, capture, measure and,
typically, transform various EBS into a variety of
management business representations (MBR).
These representations appear in electronic and
hardcopy form and affect a variety of judgments
and decisions in contexts within the entity’s eco-
nomic web.
Consistently, the auditor employing SSA takes
the position that accumulation of high assurance
about whether management’s financial-statement
representations attain the fairly depict objective
generally is not possible unless the auditor main-
tains a rich understanding of the entity’s business
states. One cannot judge the fairness of a represen-
tation of a business state without an understanding
of the business state.11
In the 21st century audit context, the auditor
must be wary that MII could accidentally or inten-
tionally neglect or distort select EBS, resulting in
unfair depictions of EBS in management’s finan-
cial statements. To combat this concern, the SSA
auditor views the audited entity through a strate-
gic-systems lens. This lens complements the view-
point provided by a transactions-oriented lens
(see, e.g., Bell et al., 1997, 2002, 2005), and it
broadens the subset of EBS of potential relevance
11
Judgment and decision-making theorists would note that
auditor’s understanding of a business state is itself a fallible,
mental representation (e.g., Brunswik, 1943; Hammond, 1955).
We discuss some of the risk-assessment implications of human
judgment fallibility later in this paper.
470 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
to the auditor.12 While non-SSA approaches rec-
ognized the helpfulness of understanding an
audited entity’s business for some purposes, such
as audit planning (see, e.g., SAS No. 22, Planning
and Supervision), such an understanding does far
more than facilitate audit planning within SSA.
Within SSA, the EBS understanding is paramount
for ensuring the quality of the entire audit process
for without it, the auditor loses the ability to iden-
tify the scope and nature of EBS that MII should
be capturing and transforming for fair representa-
tion within financial statements. Maintaining the
understanding of EBS dynamics arguably is as
important to the SSA auditor as is maintaining
proficiency with developments in auditing stan-
dards and applicable financial reporting
frameworks.
In addition to broadening the scope of EBS
examined, the SSA lens emphasizes the terms stra-
tegic and systems. Treating management as strate-
gic is, of course, very familiar to audit scholars
(see, e.g., Antle, 1982; Ashton, Kleinmuntz, Sulli-
van, & Tomassini, 1989; Dopuch & King, 1991;
Shibano, 1990; Wilks & Zimbelman, 2004; Zimbel-
man & Waller, 1999). Still, this treatment runs
counter to the aforementioned audit profession’s
unwillingness to clarify its duty to provide high
12
As Kinney (1997, p. v) notes, prior to SSA, the auditor did
not normally analyze the entity’s business strategy, nor did the
auditor attempt to judge its achievability or viability. Prior to
SSA’s emergence, authoritative auditing guidance generally
relegated understanding the auditee’s business to a pre-audit or
planning activity, described it from a narrow perspective, and
omitted a convincing rationale as to why auditors should
acquire such an understanding (Bell et al., 1997, p. 7).
Interestingly, since SSA’s emergence, some audit standards
and reporting frameworks have evolved to more richly charac-
terize audited entity’s business states and the value of under-
standing these states (see, e.g., International Standard on
Auditing (ISA) 315: Understanding the Entity and Its Environ-
ment and Assessing the Risks of Material Misstatement, 2003
and Great Britain’s Accounting Standards Board Reporting
Standard 1: Operating and Financial Review, 2005). ISA 315 is
especially interesting in that it construes the auditor’s under-
standing of EBS to constitute audit evidence and an interpre-
tative context for other audit evidence. Finally, it is notable that
earlier calls for the auditor to more expansively consider EBS-
based evidence existed as early as the late 1970s, but such call
apparently were not embraced by the profession until the mid-
1990s (see, e.g., Sorensen & Sorensen, 1980).
assurance about whether or not management’s
financial-statement representations are unfair as
a result of intentional distortion. This treatment
also runs counter to the traditional audit risk
model (ARM) that prevails in US authoritative
audit guidance (cf., Shibano, 1990). Since its ori-
gin, the ARM has remained largely silent about
the implications of facing strategic management.13
As used with SSA, however, the term strategic
extends well beyond auditee management to
encompass the audited entity’s economic web. This
web is comprised of numerous strategic players.
Whether specific players share incentives with
management of the audited entity depends on the
nature of past, current, and likely future relation-
ships with the audited entity. Some players likely
have symbiotic relationships with management of
the audited entity (e.g., alliance partners, employ-
ees, and customers), while others likely have con-
flicting relationships (e.g., competitors and
regulators). And, these relationships change over
time. The SSA auditor questions and evaluates
the audited entity’s value generation capabilities
by thinking about the various players’ relative
power as well as the trajectories that they would
prefer the audited entity’s value generation capa-
bilities to exhibit over time. Different trajectories
have different risk implications for the audited
entity.
To help clarify the auditor’s thinking about
these potential trajectories associated with select
EBS, the SSA auditor also adopts a systems per-
spective. Compared to SSA’s strategic perspective,
its systems perspective is relatively new to audit
practitioners and scholars. For example, prior to
SSA few audit scholars or auditors customarily
thought of the audited entity as a complex system.
Complex systems are systems that adaptively
learn, says Nobel laureate Murray Gell-Mann
(1994), and thought leader Peter Senge (1990),
among others, explains how business entities are
13
Elsewhere, prevailing US and International authoritative
audit guidance more fully embrace the implications of facing
strategic management (e.g., SAS No. 99, Consideration of Fraud
in a Financial Statement Audit; ISA 240, The Auditor’s
Responsibility to Consider Fraud in an Audit of Financial
Statements).
 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
learning organizations. The components that com-
prise complex systems are better appreciated in
terms of how they relate to other components
and together interactively form a whole that equil-
ibrates over time than in terms that emphasize
each component’s separable identities. Complex
systems often feature nonlinear, sometimes abrupt
shifts in behaviors over time instead of linear,
steady state behaviors over time (see, e.g., Berta-
lanffy, 1968).
The audited entity/complex system examined in
SSA is a dynamic web of relationships that has
emerged and continues to exist because of its
value-generating capabilities within a broader eco-
nomic web (Bell et al., 1997, p. 17).14 One of the
biggest challenges that the 21st century auditor
faces is to anticipate how time delays, regulatory
shocks, and other nonlinear risk developments
that affect an audited entity or its economic web
will influence the entity’s strategic viability and
profitability over time (Bell et al., 1997, p. 23).
SSA adherents believe that auditors who possess
reasonably well-developed systems-thinking skills
are more likely to meet this challenge than audi-
tors who lack such skills.
Hecht (2004), who is among the first auditing
scholars to examine potential benefits of systems-
thinking skills, characterizes systems-thinking as
the language, cognitive tool set, and perspectives
that enable decision makers to form reasonably
accurate and complete mental representations of
complex environments. The auditor who pursues
a systems-thinking perspective, among other
things, recognizes the significant degree to which
an entity’s dynamic business states hinge on past,
present, and likely future business states of the
audited entity and other entities in it economic
web (Bell et al., 2002, p. 4). Because systems think-
ing is new to auditing and unlikely to come natu-
rally to many auditors, a threat to successful
implementation of SSA is that auditors historically
14
While some of these relationships have accompanying
explicit or implicit contracts, many do not. In this sense,
viewing the audited entity as a complex system is more inclusive
than viewing it as a nexus of contracts as in, e.g., Brickley,
Smith, and Zimmerman (1996).
471
have not been extensively educated or trained in
complex systems or systems thinking.15
Yet, an encouraging finding from Hecht (2004),
is that it appears that one can successfully educate
and train people to be become better systems
thinkers. He observes that training enables his
experimental participants to better understand sys-
tem causal structure and system dynamics within a
financial-statement auditing context, such that
they become more likely than untrained partici-
pants to identify negative, unintended conse-
quences that could emerge after management
implements a well-intentioned, redundant control
activity. Consequently, while trained systems-
thinkers consider whether negative, unintended
consequences may offset any positive, intended
consequences, non-systems thinkers largely fixate
on the latter (cf., Sterman’s, 2000 p. 609 examples
of policy resistance).
Summarizing work by Jacobson (2001) and Bell
et al. (2002) observe that research suggests that
systems thinkers develop different mental models
about complex systems than do non-systems
thinkers. Systems thinkers discount reductionistic
thinking in favor of holistic thinking, recognize
that small actions can have large effects, anticipate
delayed and/or nonlinear effects, look for interac-
tive causality, and try to foresee how a system
likely will equilibrate over time.
Risk assessment
SSA proponents’ call for the auditor to adap-
tively evolve from tradition by using a strategic-
systems lens has roots in the adherents’ perception
of increased societal demand for the auditor to sig-
nificantly improve in the areas of assessing, identi-
fying, and, as appropriate, managing down
sources of audit risk. And, this societal demand
15
A growing body of evidence suggests that non-systems
thinkers have difficulty anticipating dynamics within complex
systems (see, e.g., Sterman, 1989; for reviews see, e.g., Brehmer,
1992; Sterman, 2000). For example, as first observed by Booth
Sweeney and Sterman (2000) graduate students in business
often poorly perform at relatively basic dynamics tasks such as
plotting the stock of water in a bathtub over time given different
faucet inflows and drain outflows (also see, e.g., Kapmeier,
2004).
472 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
applies regardless of whether or not these sources
of audit risk stem from management deception.
Yet, contemporary authoritative guidance pre-
sumes that auditors already do these things well
(see, e.g., AU Section 312 Audit Risk and Material-
ity in Conducting an Audit in AICPA, 2004 and
ISA 200 Objective and General Principles Govern-
ing An Audit of Financial Statements in IAASB,
2005). Specifically, the auditor presumptively can
decompose overall audit risk into RMM and
DR. And, the auditor presumptively accurately
assesses RMM and both accurately assesses and
manages down DR to an appropriately low level
so that, overall, audit risk remains acceptably
low. In other words, all sources of non-sampling
risk – or audit risk sources that pertain to any
thing other than the size of a sample – are tradi-
tionally presumed to ordinarily be negligible (see,
e.g., Messier, Glover, & Prawitt, 2006, p. 81). Wal-
lace (1995, p. 454) summarizes conventional
wisdom:
Nonsampling risk, such as the auditor’s
failure to recognize errors or to select the
appropriate audit test, is assumed to be neg-
ligible, being effectively controlled through
planning, supervision, review and careful
selection of audit procedures whenever
weaknesses are a concern [SAS 22, Section
311].
The SSA perspective holds that it is perilous to
rely on the presumption of negligible non-sam-
pling risk, especially when auditors who largely
are untrained in systems thinking confront audit
risks that arise from audited entities that are com-
plex systems. This is not an attack on the profes-
sional qualifications of the auditor, but it is a
more sober assessment of how difficult it is to
assess and manage risks. As University of Chicago
economist Steven D. Levitt and his co-author Ste-
phen J. Dubner observe ‘‘most of us are . . . terri-
ble risk assessors’’ (2005, p. 150). Decision
theorists have long noted that even experts have
trouble assessing risk, ‘‘Although a distinction is
often made between perceived and objective risks,
for most new and intricate hazards even so-called
objective risks have a large judgmental compo-
nent. At best, they represent the perceptions of
the most knowledgeable technical experts. Even
such experts, however, may have an incomplete
understanding. Indeed, their professional training
may even have limited them to certain ways of look-
ing at problems . . .’’ (italics added, Fischhoff, Lich-
tenstein, Slovic, Derby, & Keeney, 1981, p. xii). If
audit risk assessment is difficult (and it is in our
view), the wise auditor will recognize that non-
sampling risk ordinarily is non-negligible. Under
SSA, therefore, the auditor strives to be ‘‘skeptical
not only of management and of evidence but also
of their own judgment processes’’ (Campbell &
Hughes in Bell et al., 2005, p. ii).16
To manage the non-negligible threat of non-
sampling risk, the SSA auditor views the entire
audit as a recursive process of evidence-driven,
belief-based risk assessment.17 As Bell et al.
(2005) argue, the SSA auditor employs an evidence
acquisition strategy called evidentiary triangulation
to develop well-justified beliefs and risk assess-
ments. Evidentiary triangulation entails the audi-
tor acquiring complementary audit evidence from
the three fundamental sources depicted in Fig. 1.
As the beliefs on which the auditor bases risk
assessments become well justified via triangula-
tion, non-sampling risk due to poorly assessed
RMM or DR decreases.
While the SSA auditor gathers evidence of and
from all three complementary and fundamental
sources of evidence using a variety of tools,18 the
16
Many interesting research questions pertain to how auditors
productively could direct skepticism towards their own judg-
ment processes, as we further discuss in the final section of this
paper.
17
Interestingly, SSA’s characterization of the audit entailing
recursive risk assessment underscores yet another limitation of
the prevailing, traditional ARM in US authoritative guidance
and today’s auditing textbooks. Citing Kinney (1983); Wallace
(1995, p. 454) argues that the ARM is particularly ill-suited for
use as an iterative evaluation tool because such use would result
in a significant understatement of overall audit risk.
18
Auditors employ an array of tools within SSA including, as
examples, strategic analysis and business-process analysis.
These tools, while helpful, carry with them their own risks
(see, e.g., Ballou, Earley, & Rich, 2004; O’Donnell & Schultz,
2005). One concern is that auditors who lack systems-thinking
skills may treat the tools as an onerous documentation exercise
rather than as a mechanism for improving their understanding
of the audited entity’s EBS.
 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
triangulation perspective holds that EBS-based
evidence, along with MII-based evidence that
management does not normally use for financial-
reporting purposes, are especially powerful sources
of evidence. Specifically, management is less likely
to strategically distort these two sources of evi-
dence relative to MII-based evidence directly used
to support financial-statement representations or
the representations themselves. The more difficult
or less likely it is for management to distort evi-
dence, the greater the auditor can rely upon the
evidence when revising beliefs and making risk
assessments. In addition, EBS-based evidence has
the added benefit of providing the auditor with a
relatively direct portal to the phenomena that
management is supposed to fairly represent in
the financial statements.
Drawing on triangulated evidence, the auditor
recursively develops and revises beliefs, or expecta-
Fig. 2. The audit is a recursive process of risk (re)-assessment. (From Bell et al. (2005). Used with permission.)
473
tions, for management’s financial-statement repre-
sentations (see Fig. 2). The degree of concordance
versus discordance between these expectations and
management’s representations fuels the auditor’s
recursive risk assessment process. Specifically,
when there is discordance between auditor’s expec-
tations of management’s business representations
and the auditor’s observations of management’s
actual business representations, the auditor
acquires additional audit evidence to discriminate
whether or not the discordance is caused by mis-
statement or non-misstatement.
While discordance between an auditor’s expec-
tations and observations with respect to an
account balance does not necessarily mean there
is a misstatement (e.g., an event previously and
reasonably assessed as having a low probability
could occur and cause earnings to increase), it
does at least temporarily elevate the auditor’s
474 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
assessment of RMM. To address the heightened
RMM, the auditor lowers DR by developing mis-
statement and non-misstatement explanations for
the discordance and by subsequently testing the
descriptive validity of these explanations with
additional audit evidence. An unlikely but possible
outcome is that the root cause of the discordance
remains unresolved after further testing, in which
case the auditor may have to withhold an unqual-
ified audit opinion.
Bell et al. (2002, p. 8) argue that ‘‘[p]erhaps the
most important principle giving rise to the need for
SSA is the strong relation between RMM and the
auditee’s business risks.’’ Over time, the structure
or dynamics of the audited entity or other entities
within its economic web can change, increasing or
decreasing the threats to the audited entity’s value-
generating capabilities. When such threats or busi-
ness risks increase or spike, it generally becomes
more difficult for entity management to estimate
how to fairly depict select entity business states
within financial-statement representations. And,
at the same time, management generally faces
greater temptation to optimistically distort their
business-state representations. Thus, shifts in busi-
ness risks have audit risk implications.
In auditing parlance, RMM is dynamic as a
result of shifting business risks over time. In sys-
tems-thinking parlance, the stock of RMM
changes over time and the auditor must combat
changes in RMM by lowering DR when war-
ranted. How RMM changes over time depends
on inflows and outflows of leading indicators of
RMM within the audited entity’s complex eco-
nomic web. SSA auditors iteratively assess and
react to stocks and flows of RMM by adjusting
the nature, timing and extent of their risk assess-
ment procedures.
For example, the auditor employing SSA recog-
nizes that the degree to which management has an
incentive to distort selected business states depends
largely on the real current profitability of the
entity, its prospect for future profitability, and
management’s belief about how their own wealth
depends on investors’ and others’ perceptions of
the entity’s profitability and prospects (Bell et al.,
2002). At the same time, the auditor employing
SSA recognizes that the degree to which strategic
members of management have and likely believe
they have opportunities to distort their representa-
tions of select business states significantly drops
when they have good reason to assume that the
auditor is armed with a deep, up-to-date under-
standing of underlying entity business states. As
Levitt and Dubner (2005, p. 67) succinctly observe,
‘‘Information is a beacon, a cudgel, an olive
branch, a deterrent, depending on who wields it
and how. Information is so powerful that the
assumption of information, even if the information
does not actually exist, can have a sobering effect.’’
To summarize, we believe that auditors who
presume non-sampling risk is non-negligible and,
accordingly, empower themselves with a strate-
gic-systems perspective, which itself likely
improves what auditors learn from evidentiary tri-
angulation, are more likely than other auditors to
make reasonably accurate recursive assessments of
RMM and DR and reasonably manage DR.
Moreover, we believe that, relative to other audi-
tors, the SSA auditor will gain credibility in the
21st century, a century in which financial state-
ment assertions likely will increasingly and criti-
cally hinge on the complex dynamics within EBS,
and in which society is likely to continue to expect
high assurance about whether or not management
has engaged in financial-statement fraud.
SSA illustrations
We next provide some anecdotes and examples
that one can use to clarify SSA concepts for vari-
ous audiences, including auditing professionals,
and we thereafter summarize recent empirical evi-
dence that is germane to some of these concepts.19
Simple contexts, we have found, can powerfully
illustrate the utility of SSA’s position that the
19
Elsewhere more comprehensive illustrations of SSA may be
found (see, e.g., Bell & Solomon, 2002). The KPMG LLP/UIUC
Business Measurement Case Development and Research Program
funded numerous audit and several strategic management
scholars who have provided very instructive, rich, real-world
SSA cases and teaching notes. To access these prospectuses and
cases go to http://www.business.uiuc.edu/kpmg-uiuccases/
cases/index.html.
 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
auditor should broaden the subset of EBS tradi-
tionally considered when conducting a financial-
statement audit and, specifically, understand key
controls an audited entity has over its core busi-
ness processes (i.e., not just so-called internal con-
trols over financial reporting as discussed in, e.g.,
PCAOB AS No. 2).
Consider a hypothetical company that harvests,
treats, and bottles natural spring drinking water.
The company recently has purchased rights to sev-
eral new properties that contain natural springs
and has experienced a rapid growth in sales, inven-
tories of bottled water, and accounts receivable
from bottled water sales. In the midst of this rapid
growth, the company has hired new employees
who unfortunately have been insufficiently trained
in business processes used to test and ensure that
bottled water is sufficiently free of impurities such
as perchlorate. Perchlorate is a key ingredient of
solid rocket fuel and a real risk factor for drinking
water.20
In this context, we focus on accounts receivable
and inventory assertions and discuss several tradi-
tional risk assessment procedures such as review-
ing management’s aging schedule to discern
whether the allowance for doubtful accounts is in
line with prior years’ reserves, inquiring whether
management has sufficient credit checks in place
before granting credit, and physically examining
inventory of bottled water for existence. However,
other risk assessment procedures emerge through
discussion that are less traditional and rooted in
the operational, business-process controls at the
company. Audience members quickly connect the
absence of safety testing and the possibility of
unsafe perchlorate levels in inventoried water or
water previously sold on credit to customers.
Some members suggest that the auditor can rely
very little on accounts receivable confirmations to
test the bona fide existence of receivables because
the customers would vigorously dispute the exis-
tence of the receivable if they were to learn of
20
See, for example, ‘‘Ground Water & Drinking Water’’ US
Environmental Protection Agency. http://www.epa.gov/
OGWDW/ccl/perchlorate/perchlorate.html (accessed 3/25/
2006).
475
unhealthy perchlorate levels in the water. Extend-
ing this line of reasoning, some comment that the
auditor’s focus should include potential ramifica-
tions of severe outflows of customers or contingent
liabilities in the event that unhealthy perchlorate
levels are found. We usually prompt the audience
to think about how the auditor’s assessments of
RMM as well as how the auditor would assess
and manage down DR would evolve throughout
the financial statement audit as perchlorate find-
ings emerged. And, we ask whether the business-
process controls over water quality fall under the
US PCAOB’s definition of internal controls over
financial reporting.21 ‘‘If not, why should the audi-
tor care?’’ we rhetorically ask.
We also use real-world companies to illustrate
the evidence-driven, belief-based risk assessment
process, especially how EBS-based informs the
auditor’s expectations of earnings and other
MBR within financial statements. One popular
company to use for such purposes is Google.
Although it is one of the strongest search engines
on the Internet (along with competitors such as
Yahoo! and MSN.com), Google is much more
than a search engine. Google is a world-class infor-
mation generator, organizer, and conveyer that
makes about 98% of its money selling online
real-estate on either a per-view or per-click basis
to a host of advertisers. Since its IPO in 2003,
Google’s market capitalization has ballooned to
over $100 billion as of March 2006. Its growth
has been staggering with a three-year revenue
sequence of 2003 $1.5 billion, 2004 $3.2 billion
and 2005 $6.1 billion and net income sequence of
2003 $105 million, 2004 $399 million, and 2005
$1,465 million.
Google is apropos for another reason. Some
observers have argued that since auditors lack
the competency to engage in strategic-systems
analyses but equity analysts sometimes undertake
21
Warren (2002, p. 13) reports that strategic management
researchers estimate that between 50% and 60% of the variation
in business performance stems from industry-wide factors (15%
to 19%) and business-specific factors (32% to 45%), so the
auditor who lacks an understanding of such factors would
appear to face a steep handicap in risk assessment.
476 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
such analyses for firms they follow, auditors
should rely extensively on equity analysts’ reports
for developing their EBS understanding. We
believe this recommendation is without basis
because it overlooks the auditor’s ability to learn
as well as the auditor’s information advantage
over analysts. It also overlooks the potential stale-
ness of analysts’ reports as well as analysts’ incen-
tives for ensuring management has a positive
earnings surprise. Finally, it also overlooks the
emerging practice of some public companies to
provide little or no guidance to equity analysts
(e.g., Coca-cola, Ford, Intel, Motorola, etc.). In
fact, Google is one such company.
We have found it instructive to ask audience
members to think about how auditors could study
and lever an understanding of Google’s EBS to
develop reasonable expectations about Google’s
revenue. Audience members have access to Google
executives’ remarks from its first-ever analyst day
on March 2, 2006, read Google’s public filings,
and study equity analysts’ reports on Google –
all with the overarching objective to discover
how auditors could form reasonable expectations
about Google’s current- and future-year financial
statement assertions.
The conclusion that emerges is that, despite
Google’s muted guidance policy, analysts have
developed expectations that draw heavily on evi-
dence of and from EBS to provide earnings fore-
casts, buy/sell recommendations, and stock price
predictions.22 These expectations do have a rather
wide range, but Google’s auditors, who would
have a substantial information advantage over
such analysts, should be able to develop more pre-
cise expectations.
Oppenheimer’s January 12, 2006 equity
research report on Google is particularly helpful
22
While auditors are not in the business of generating earnings
forecasts, much less stock price forecasts, we believe it may well
be in auditors’ best interests to generate such forecasts and
predictions for in-house use to enable better assessment of
audit-related risks, including auditee management’s business
risk and their own business risk. Whether and the conditions
under which auditors earnings or stock-price forecasts would be
more accurate than similar forecasts made by equity analysts is
a very interesting research question.
in illustrating how auditors could develop rich
expectations. This equity research firm developed
a model of Google’s EBS intended to include
95% of the possible outcomes for Google’s key
business measures. To formulate its model,
Oppenheimer essentially views Google as operat-
ing within a complex system and accordingly uses
systems dynamics to analyze implications of
underlying industry factors that drive Google’s
online advertising business. Examined factors
include trends in search usage, search monetiza-
tion, cost-per-click, click-through-rates, evolving
relative advertising market share, and so forth.
As the report notes: ‘‘We examine the correla-
tions and interdependencies of industry drivers to
determine a range of likely outcomes (e.g., online
advertising is more likely to grow faster in a faster
growing advertising market than in a slower grow-
ing advertising market).’’ To get more reliable esti-
mates, Oppenheimer professionals form estimates
of each of these levers after conducting multiple
interviews with industry contacts, both primary
(companies themselves) as well as secondary (mar-
ket research firms). Overall, Oppenheimer exam-
ines 80 such levers that are deemed to be
predictive of Google’s future performance (e.g.,
search query growth, keyword pricing, monetiza-
tion rates, traffic acquisition cost rates, etc.).
Finally, Oppenheimer evaluates multiple possi-
ble scenarios based on its predictive model, and
weights each scenario according to its assessed
probability – in all it envisions how over 100,000
separate EBS scenarios could unfold, with differ-
ent assumptions about various levers. In turn,
for each EBS scenario, Oppenheimer generates
revenue and other estimates germane to Google’s
income statements, balance sheets, and cash flow
statements.
Oppenheimer provides a sample depiction of its
95% subjective probability distribution for one
lever in its report: the number of Internet users
outside of the United States as of 2010. (They pre-
sumably have similar distributions for 2006–2009).
We provide a similar distribution (in millions)
above. Note that the estimate is a single peaked
function, but it is not a common normal-bell-
curve. The distribution ranges from 397.0 m to
695.8 m users, and it has a mean of 537.9 m. The
 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485 477

peak of the distribution has an assessed probabil- Revenue ¼ Users  Queries per User  Ads per Query
ity of just under 14%.  Clicks per Ads  Revenue per Click 23

.140
It is apparent that auditors could access ger-
mane information from Google’s information sys-
.105 tems and from many third parties with whom the
auditors could correspond. For example:
.070

Mean=537.9
.035
397.0 471.7 546.4 621.1 695.8
Oppenheimer predicts how these levers likely
will translate into eventual MBR at Google,
including gross revenues, net revenues, EBITDA,
EPS, and free cash flow. As an example, for
2006, Oppenheimer’s estimated distribution for
Google’s gross revenues (in billions) look some-
thing like the following:
.138
.103
.069
.034
Mean=10.2
.000
4.1 7.2 10.4 13.6 16.8
The question that emerges after audience mem-
bers consider such information is Why would it be
unreasonable for auditors to come up with their own
estimated distribution of Google’s revenues for risk
assessment purposes? The idea that becomes clear
is that if Google’s asserted MBR later were to fall
in the tail of the auditor’s expected distribution,
RMM at least temporarily would elevate until
the auditor could investigate the reason for the
unexpected asserted performance.
The feasibility of the auditor to develop such
expectations for Google’s revenues becomes
clearer once audience members observe the follow-
ing formula that Google’s management used dur-
ing its analyst day presentation:
• Market research firms like comScore Media
Metrix, Nielsen/NetRatings, and Gartner
Research. comScore Media Metrix provides
local statistics regarding the number of unique
visitors to specific websites in a locale (e.g., Bos-
ton).24 Gartner Research also provides market
research and consulting regarding the effective-
ness of online advertising.
• The United States Central Intelligence Agency
and commercial entities such as ATKearney
provide EBS evidence on the number and
growth trends of Internet users with broadband
capabilities.
• Alexa could be tapped to provide EBS-based
evidence of the traffic to Google sites with spe-
cific URL’s via Alexa Toolbar users. It gathers
statistics about different Web sites from diverse
sources. Alexa Toolbar users provide informa-
tion about the sites being accessed and the
speed of access.
• DoubleClick’s Performics tracks trends in online
advertising. For example, they reported that
monthly cost per keyword spiked in December
2005 to $55 from its $26 August 2005 level
and then fell back to pre-December 2005 levels
in January 2006.25
23
Google Analyst Day slide deck, ‘‘Continual Focus: Ads
Examples and Insights.’’ Also, Oppenheimer’s January 12, 2006
initiating coverage analyst report on Google similarly notes that
‘‘Search revenue is the product of three inputs: number of
search queries, conversion rate per search, and price advertisers
are willing to pay for a conversion.’’
24
See http://www.comscore.com/metrix/ls.asp (accessed
March 25, 2006).
25
See DoubleClick’s Performics report, ‘‘Search Trend Report
DoubleClick Q4 2005’’ (2006, p. 2). http://www.double-
click.com/us/knowledge_central/documents/TREND_RE-
PORTS/dc_search_q405.pdf (accessed March 25, 2006).
478 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
Some audience members ask whether auditors
have been trained in the kind of analytical
model-building skills applied by Oppenheimer’s
equity analysts to develop their forecasts. Our
answer is no, at least not in the past, but that such
training could well be provided and applied on
future audits. Again, auditors need not be content
with exclusively relying on equity analysts for fore-
casts of future financial-statement assertions. They
can acquire and apply some of the same skills but
with much richer and confidential information to
which they have access by virtue of being an inde-
pendent auditor.26
These two examples may seem promising
enough, but neither example provides empirical
evidence that evidentiary triangulation or any evi-
dence acquisition strategy that places special value
on EBS-based evidence helps deter or detect fraud.
There is some recent archival-auditing research
suggesting auditors can use EBS-based evidence
to detect fraud. Consistent with SSA, Brazel,
Jones, and Zimbelman (2006) conjecture that
when the auditor observes that non-financial-state-
ment performance measures (e.g., facilities growth
or employee count) move in directions that are
inconsistent with financial-statement performance
measures (e.g., revenue), RMM due to potential
fraudulent reporting likely increases. They also
provide empirical evidence that supports their con-
jecture by using the difference between changes in
industry-specific non-financial-statement perfor-
mance measures and changes in financial-state-
ment performance measures as a predictor of
26
Undoubtedly, auditors who possess IT expertise would be
invaluable in obtaining evidence of and from MII (especially
MII not construed to be part of internal controls over financial
reporting) to learn the extent to which operational information
in Google’s datawarehouses as to numbers of clicks for various
advertisers match up well with asserted revenue levels from
major customers. According to Malacinski, Dominick, and
Hartrick (2001, p. 4) there are three main locations where Web
data reside: backend servers, Internet Service Providers (ISPs)
that serve as conduits between servers and users’ browsers, and
users’ browsers that display Web pages. Advances in Web
monitoring allows for real-time analysis that cause little
slowdown for Web page loading.
fraud. This predictor significantly discriminates
between a matched sample of 77 fraud firms and
77 control firms. Future archival, field study, and
experimental auditing research should pursue fur-
ther tests of this conjecture and related research
questions.27
We also are enthusiastic about recent develop-
ments in the economics of corruption literature
that demonstrate the capability of audits that draw
on EBS-based evidence to deter and detect man-
agement-level (analogous to C-Suite level) corrupt
activities.
In particular, we highlight recent findings from
a series of ingenuous studies conducted by Har-
vard economist Benjamin A. Olken (2005). The
studies examine missing expenditures earmarked
for road-building in hundreds of Indonesian vil-
lages by having teams of engineers and surveyors
independently estimate the prices and quantities
of all the inputs actually (versus assertedly) used
for road building.
Village officials received governmental
resources for road building but could corruptly
use such resources for personal profit by colluding
with suppliers (who could inflate quantities or
prices on official receipts to generate kickbacks
to village officials) or by manipulating wage pay-
27
Notably, a growing stream of accounting research provides
archival-empirical evidence about the value-relevance and/or
future earnings-relevance of non-financial-statement perfor-
mance measures. As examples, archival evidence suggests that
environmental pollutants affect utilities’ market value (Hughes,
2000), environmental performance affects the market returns of
firms in a variety of industries that generate toxic waste (Al-
Tuwaijri, Christensen, & Hughes, 2004), population coverage
and market penetration improve the market value and market
returns of cellular communications companies even though they
can decrease near-term future accounting earnings (Amir &
Lev, 1996), customer satisfaction is positively and sometimes
nonlinearly associated with improved future earnings (Ander-
son, Fornell, & Lehmann, 1994; Ittner & Larcker, 1998), and
that deposit interest rates and customer satisfaction jointly, but
not in isolation, predict future earnings (Nagar & Rajan, 2005).
Such research provides empirical support for the SSA perspec-
tive that if EBS based indicators, including non-financial-
statement performance measures, seem to suggest that
financial-statement performance measures are too good to be
true, the auditor generally should elevate RMM and identify
the best path of managing down PDR to the appropriate extent.
 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
ments to village workers (e.g., billing the govern-
ment for a higher rate than paid to villagers).
Olken randomly assigned villages into an audit
or no audit conditions and subsequently sent in
teams of engineers and surveyors to villages in
each condition. These teams built their own test
road and examined the composition of the villages’
roads (by literally digging up 40 cm · 40 cm core
samples at randomly selected locations), prices
paid for raw materials (by interviewing multiple
suppliers and by interviewing actual customers of
suppliers), and prices paid for hourly wages and
hour worked (via worker interviews and surveys).
The empirical results compellingly suggest that
EBS-based evidence can detect fraud and that
audits using EBS-based data can deter fraud.
Among the villages who were not advised of the
audit, 29.1% of the materials or labor that assert-
edly went into roadwork were ‘‘missing’’ compared
to only 19.9% among the villages who were advised
of the audit. This 9.2 percentage point differences is
both statistically significant (p < 0.05) and likely
economically significant. As for the latter, Olken’s
cost-benefit analyses shows that the benefits were
about 150% of the cost of obtaining the EBS-based
evidence required to thoroughly audit the expendi-
tures. He further conjectures that the cost-benefit
analyses might have been even more supportive of
the net benefits of the audit regime if less than a
100% audit rate were applied, but he provides no
empirical evidence on this particular issue.
Together, our SSA examples and recent empir-
ical evidence provide reason to believe that finan-
cial-statement auditors can lever EBS-based
evidence, via evidentiary triangulation, to improve
the justifiability of their evidence-driven, belief-
based risk assessments about fraud. The first two
of the examples are thought experiments, one per-
taining to a hypothetical bottling company and the
other pertaining to Google. However, the empiri-
cal evidence we report, is real and, in the Olken
study, draws on engineering evidence that would
be familiar to managerial accounting academics
and practitioners. In combination, we believe there
are sufficient parallels to the financial-statement
auditing context exist to make a strong case for
the emphasis placed on EBS, triangulation, and
risk assessment within SSA.
479
What’s controversial?
Is the Development of SSA an attempt to
enhance auditor’s reputations by ‘‘borrowing’’ pres-
tige from consultants? Having observed that some
of the activities that SSA auditors perform were
developed and often employed by non-auditors
(e.g., strategists, consultants), some observers have
criticized SSA as an attempt to create confusion
about the true nature of the service being provided
by auditors and to grab prestige from other fields,
most notably consulting (see, for example, Jeppe-
sen, 1998; Robson et al., 2005).
We find this prestige borrowing criticism to be
rather curious. Surely such critics are aware that
history is full of situations in which a product or
service or technique was developed for use in one
field and subsequently was adopted in another
field. For example, were dentists trying to steal
prestige from medical doctors when dentists bor-
rowed anesthesia from doctors so they could pro-
vide painless dentistry? Alternatively, were dentists
merely trying to enhance patients’ comfort while
performing otherwise painful dental procedures?
Similarly, when the SSA auditor employs business
modeling or strategic analysis tools, he/she is try-
ing to develop a richer base on which his/her risk
assessments ultimately will rest. Throughout this
paper, we have explained that the motivation for
developing SSA is audit quality enhancement.
We also have discussed and illustrated the sources
of such audit quality gains when SSA is employed.
Lastly, we contend that greater prestige and finan-
cial rewards will follow from performing higher
quality audits. Indeed, we believe that enhancing
audit quality is the only sustainable way to achieve
the other two goals.
Is SSA an attempt to expand the sale of non-audit
advisory services rather than to improve audit qual-
ity? This question is not voiced today as much as
it was during the 1990s as the Sarbanes–Oxley law
in the US and various regulatory initiatives in other
countries have greatly limited the extent to which
non-audit services can be provided by audit firms
to companies that whose financial statements they
audit. Further, when raised, it has not been articu-
lated in a detailed enough fashion for us to discern
exactly what is meant (see, for example, Jeppesen,
480 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
1998; Robson et al., 2005). We see two lines along
which this question may be developed. One possibil-
ity is that SSA auditors somehow sell more non-
audit services to audit clients by virtue of their
employment of SSA. Another possibility is that
SSA auditors embed non-audit services within the
audit, thereby effectively charging for non-audit ser-
vices as part of the audit fee itself.
Both versions of this question may be addressed
via a single unified response. As observed earlier
and discussed in the response to the first question,
SSA is primarily directed toward improving the
auditor’s assessment and management of DR
and thus, audit risk. Thus, to the extent that the
external auditor performs some procedures as part
of SSA that generally are offered to clients and
other organizations as non-audit services, it only
is because what can be learned from those proce-
dures is germane to the external audit. Indeed, it
simply is not productive to classify learning activ-
ities on the basis of the original use to which they
have been put. Rather, learning activities are bet-
ter thought of in terms of what one can learn from
them. Thus, when an auditor employs techniques
like strategic analysis and risk assessment, he/she
is performing an audit procedure rather than a
non-audit procedure. Related, we do not under-
stand why an auditor would embed non-audit pro-
cedures within the audit engagement as a means of
selling the former. Indeed, it is our understanding
that fee constraints, especially during the 1990s,
were much greater with respect to audit services
than non-audit services.
Are too few substantive tests of details performed
under SSA? Some observers have contended that
auditors employing SSA effectively over-rely on
other procedures (e.g., analytical procedures)
thereby reducing the extent of detailed substantive
testing to problematic levels (e.g., Knechel, 2005).
Our view is that the sufficiency and competency of
the requisite audit evidence in specific circum-
stances is a matter of professional audit judgment.
That said, we have argued that it generally is pref-
erable for audit evidence to be obtained from the
three fundamental sources – EBS, MII and MBR
(see Bell et al., 2005).
The role of substantive tests of details in today’s
audit landscape is a more complex issue than it
might first appear. It is useful to reflect on the gen-
esis of substantive tests of details when considering
their role in the contemporary audit. We begin in
the 1800s, a time when the audit generally was a
service provided to the owner-manager of a small
business intended to prevent and detect book-
keeper and employee defalcation and error. Of
course, at that time bookkeeping was manual
and error prone. The auditor’s work, therefore,
consisted principally of an examination of all of
the details contained in the company’s accounting
books—the so-called detailed audit. The focus of
this detailed audit was consistency within the
books e.g., tests of footings, postings within jour-
nals, subsidiary journals, and general ledger, trial
balance and financial statements (Mettenheimer,
1869). Sprague (1907) described the typical
approach to the detailed audit as follows:
‘‘It is quite usual to work in a team of two, in
the process called ‘calling back,’ ‘calling off,’
or ‘calling over.’ One person reads off the
name or number of an account and the
other, turning to the proper page, responds
with the figures. I am aware that this method
is used by many public accountants in
auditing.’’
And, reflecting on his experiences, Montgomery
(1939) noted that, ‘‘In some audits, and not only
small ones, we verified every footing and every
posting.’’ Such exhaustive verification, however,
consisted of assuring mathematical accuracy and,
as noted earlier, consistency within the company’s
books.
Even before the dawn of the twentieth century,
however, the feasibility of a selective rather than a
detailed audit was being discussed. One sees, for
example, a pre-1900s New York CPA exam ques-
tion asking – In an audit where an exhaustive
detailed examination . . . is not stipulated or practi-
cable, what examination is necessary to assure . . .
general correctness? As business organizations
grew larger and more complex, it became generally
recognized that the audit had to evolve to selected
tests of the account details rather than examining
all of the details in the companies books (Staub,
1942). These tests came to be called substantive
tests of details. Importantly, for many years such
 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
tests would be focused on the internal consistency
among the details contained in the company’s
books. Indeed, in the US it was not until the afore-
mentioned McKesson and Robbins case in the
1930s that substantive tests of details took the
auditor out of the MBR into the MII and to a lim-
ited extent, into the EBS (e.g., observe the com-
pany’s inventory counts).
Another change of great import during the late
1800s is the rise of absentee ownership. The impli-
cations for the auditor were manyfold, but most
notably, detection of management fraud that
causes the financial statements to be misstated
appeared on the auditor’s radar screen, while
detection of bookkeeper fraud became a less
important audit objective. While the extent to
which auditors are responsible for detecting such
management fraud has been contentious, society
now seems to have spoken. Specifically, there
now seems to be little doubt that the auditor is
responsible for providing reasonable assurance
(which is high assurance) that financial statements
are free of material misstatements due to manage-
ment fraud.
In today’s world, while concerns continue to
exist about unintentional financial statement mis-
statements (i.e., errors), there are equal or even
greater concerns about intentional misstatements
(i.e., due to management fraud). Indeed, the spate
of alleged audit failures that appear to have trig-
gered massive new regulation in Australia, US
and several other countries generally claim that
the auditor failed to detect alleged financial-state-
ment fraud in a timely manner. The ability of tradi-
tional audit procedures to detect fraud is suspect,
however, especially if the auditor performs them
without making their nature, timing, and extent
conditional on a deep understanding of the audited
entity’s EBS. We believe that SSA’s evidentiary tri-
angulation framework provides considerable
promise for the major challenge of improving the
auditor’s fraud detection capabilities.
Are all audit procedures really risk assessment
procedures? We have contended that the essence
of auditing is evidence driven, belief based, risk
assessment. Implicit in this contention is the notion
that justifiable certitude (required for one to have
knowledge) is rarely, if ever attainable for impor-
481
tant audit issues (Bell et al., 2005, pp. 20–21; Mautz
& Sharaf, 1961). As a consequence, the auditor per-
forms tasks (e.g., confirms receivables) that pro-
duce evidence that, in turn, forms the basis for
belief formulation and revision (see Fig. 2). Then,
based on such beliefs, the auditor assesses risks
and in turn, is able to make choices, initially about
the additional procedures to perform but ulti-
mately about the audit report that is most appro-
priate in the circumstances. The key point here is
that even the most powerful audit procedures gen-
erally do not provide a basis for justifiable certi-
tude. That is the case even for classical
substantive tests of details. Indeed, one need look
no further than infamous cases of alleged audit fail-
ures such as the ZZZZ Best case in the US or the
more recent Royal Ahold case. In the former case,
the auditors visited ostensible insurance restoration
sites but, unknown to the auditor, management
had staged these sites in their entirety (Domanick,
1989). In the latter case, unknown to the auditor,
confirmations send by the auditor to third party
vendors were allegedly intentionally falsified (see
SEC, 2005). Inasmuch as the auditor today must
provide high assurance with respect to these types
of fraud, it is no longer acceptable, if it ever were,
to think that these or any other audit acts can pro-
duce evidence that supports justifiable certitude.
What do we know about economic (cost) consid-
erations under SSA? Some observers have argued
that perhaps the primary motivation for the devel-
opment of SSA was a desire to control the costs of
producing audits (see Knechel, 2005; Robson
et al., 2005). It is true that the period in which
SSA was developed was characterized by signifi-
cant audit pricing pressures. SSA, however, was
not, to our knowledge, conceived as a way of driv-
ing down audit costs. Rather, SSA was conceived
to bring greater value to the audit by enhancing
audit quality. And, indeed implementation and
ongoing refinement of SSA has significant, if not
enormous, intellectual and other resource
implications.
For example, as noted earlier, the SSA
approach holds that audit quality is enhanced
when auditors apply strong systems-thinking
skills. Yet, it is unclear how many auditors practic-
ing today actually possess such skills. While some
482 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
auditing educators now integrate systems thinking
in their audit courses, greater coverage of systems
thinking in both university audit courses and audit
firm training likely is warranted. Meanwhile, audit
firms may well benefit from hiring or retaining the
services of a significant number of strategic man-
agement or engineering professionals who are sys-
tems thinkers, especially those with considerable
industry-specific expertise.
As another example, the SSA approach holds
that audit quality is enhanced by greater deploy-
ment of more senior professionals (managers and
partners) relative to a traditional audit. More
senior professionals are more likely to possess
the greater understanding of the client organiza-
tion1s business and industry than are more junior
professionals. Thus, a richer audit-team mix (i.e.,
relatively more partner and manager time) likely
is spent on the audit for SSA audits, relative to tra-
ditional audits. Related, for SSA audits, relative to
traditional audits, there should be more variability
in the audit team composition and in the audit
procedures performed across audits by team mem-
bers. These notions are not consistent with cost
control being the primary motivation.
Of course, questions about the extent to which
the SSA audit methodology increased or decreased
the costs of audits and whether such costs were
passed on to audit clients are empirical in nature.
To date, very little empirical evidence directly
addresses these questions (but see, e.g., Blokdijk,
Drieenhuizen, Simunic, & Stein, 2003). Archival
evidence from 1989, which predates SSA, indicates
a positive association between business risk and
audit hours (Bell, Landsman, & Shackelford,
2001). This association is consistent with auditors
responding to increases in business risk by increas-
ing audit work instead of by simply charging a
higher underwriting-like fee premium. More recent
archival evidence from the period 1996–2001,
which falls within the window in which SSA
emerged, also indicates a positive correlation
between business risk (e.g., due to corruption con-
cerns) and audit costs (Lyon & Maher, 2005). Fur-
ther, it appears that the auditor passes these
incremental costs to the audit client via higher fees.
Additional archival-empirical research certainly is
warranted, however, to more directly measure
the association between SSA implementation,
audit costs, audit hours, and audit-team mixture.
How can SSA be effective when auditors have
such difficulty implementing it? When authors
(e.g, Curtis & Turley, 2006) or others pose this
question, our typical response is to ask another
question — Is it better to perfectly implement an
inferior strategy or imperfectly implement a supe-
rior strategy? Moreover, as learning is itself non-
linear, we contend that too little time has passed
to truly judge how well auditors will be able to
implement SSA; better education and training,
coupled with a greater appreciation for the value
of high audit quality by persons involved with cor-
porate governance and society in general bode well
for the future implementation of SSA.
We also respond to these and similar questions
with a reminder that it is plainly hasty to assert
that SSA per se contributed in any fashion to
any recent alleged audit failure. Even the coinci-
dence of alleged audit failures and audit methodol-
ogies that share some properties with SSA
provides a very weak cue to causality. One gener-
ally should avoid inferring causality simply from
temporal contiguity (Einhorn & Hogarth, 1986).
We do not have the ability to know how many
of the recent alleged corporate frauds and lootings
or how many more of these instances would have
emerged in the absence of SSA, nor do we yet
know much about just how closely the audit pro-
cesses associated with alleged audit failures faith-
fully implemented important facets of SSA.
Concluding remarks
Society has loudly and clearly communicated its
demands with respect to the veracity of external
auditing. Explicit or implicit conceptions of audit-
ing as what auditors have been doing are unlikely
to lead to significant progress in addressing those
demands. We have suggested in this paper that
Strategic-Systems Auditing (SSA) is one way to
re-conceive the audit with substantial promise for
meeting society’s needs and demands for high-
quality audits. We recognize, however, that we do
not have a monopoly on good ideas—we encour-
age others to develop and report other conceptions
 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
of auditing and attendant audit approaches that
may hold similar or greater promise.
We also recognize that the promise of SSA is
more likely to be realized if there are accompany-
ing enhancements to accounting education. We
find it useful to think about the kinds of knowl-
edge and skills it would be helpful for auditing stu-
dents and auditors to acquire via education and
training. For SSA to be effective, auditors require
knowledge of disciplines such as strategic manage-
ment, business policy, and systems dynamics. Fur-
ther, they need to be equipped with skills to apply
and lever such knowledge. Examples of applicable
skills include systems-thinking skills, risk- assess-
ment skills, and model-building skills. We believe
that, at least historically, accountancy curricula
insufficiently incorporated these kinds of knowl-
edge and skills.
And, finally, we recognize that there is a huge
need for research on many of the elements of
SSA. Throughout this article we explicitly have
noted several opportunities for research, and the
astute reader will have inferred numerous other
opportunities. Before closing, though, we would
like to emphasize three areas that we believe to
hold much potential for bearing fruit. One,
researchers should consider productive ways to
reconfigure if not overhaul the traditional audit
risk model. For years now, audit researchers have
identified multiple shortcomings of this risk model
(e.g., Cushing & Loebbecke, 1983; Kinney, 1989).
Our view is that the cumulative weight of these
individual papers, when coupled with our observa-
tion of the model’s bold suppression of non-sam-
pling risk, strongly suggests that a new model of
audit risk is warranted.
Two, although we believe that evidentiary trian-
gulation is meritorious, there is a need for analyt-
ical and/or empirical research to demonstrate
more precisely the conditions under which EBS-
based evidence can help the auditor better detect
material misstatements, especially such misstate-
ments that stem from management fraud. As Bell
et al. (2005) note, while EBS-based evidence typi-
cally is less likely than other sources of evidence
to contain purposeful management distortion (evi-
dence from related parties would be an exception),
483
EBS-based evidence may contain more noise than
does other evidence.
Three, many research questions pertain to ways
for auditors to direct skepticism towards their own
judgment processes. One way for scholars to pro-
ceed would be to consider how individual auditors,
multiple auditors, or entire audit firms could
implement this variant of skepticism. For example,
individual auditors could build in a cushion for
error, defer rapid cognitive closure (Kruglanski &
Webster, 1996) or explicitly counter explain why
arguments underlying a risk assessment or other
audit judgments could be problematic (cf., Koo-
nce, 1992). As another example, audit teams could
appoint aggressive devil’s advocates into key con-
sultations or discussions (cf., Kennedy, Kle-
inmuntz, & Peecher, 1997), or they could require
multiple auditors to assess risks and work from
the composite assessment (Surowiecki, 2004).
Finally, for select audit engagements, an audit firm
or the profession overall could exercise such skep-
ticism by, for example, employing predominantly
contemporaneous (instead of predominantly retro-
spective) second-partner reviews or peer/regulator
reviews. Similarly, for select engagements, an audit
firm or the profession could require dual audit
teams, perhaps from different firms (cf., Francis,
Richard, & Vanstraelen, 2006).
If audit scholars and educators faithfully and
fervently pursue these instructional and research
opportunities, we believe that there would be a sig-
nificantly improved chance of SSA evolving to sat-
isfy society’s unwavering demand for audits
providing high assurance against material misstate-
ment, whether due to management error or fraud.
References
AICPA (1977). Statement on auditing standard No. 16: The
independent auditor’s responsibility for the detection of
errors or irregularities. New York.
AICPA (1981). Statement on auditing standard No. 39: Audit
sampling. New York.
AICPA (1988). Statement on auditing standard No. 53: The
auditor’s responsibility to detect and report errors and
irregularities. New York.
AICPA (1997). Statement on auditing standard No. 82:
Consideration of fraud in a financial statement audit. New
York.
484 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
AICPA (2002). Statement on auditing standard No. 99:
Consideration of fraud in a financial statement audit. New
York.
AICPA (2004). Codification of Auditing Standards (Including
AICPA and PCAOB auditing and attestation standards).
New York.
Al-Tuwaijri, S. A., Christensen, T. E., & Hughes, K. E. II,
(2004). The relations among environmental disclosure,
environmental performance, and economic performance: a
simultaneous equations approach. Accounting, Organiza-
tions, and Society, 29, 447–471.
Amir, E., & Lev, B. (1996). Valve-relevance of non financial
information: the wireless communications industry. Journal
of Accounting and Economics, 22, 3–30.
Anderson, E., Fornell, C., & Lehmann, R. (1994). Customer
satisfaction, market share, and profitability: evidence from
Sweden. Journal of Marketing, 56, 53–66.
Antle, R. (1982). An agency model of auditing. Journal of
Accounting Research, 20(Autumn), 503–527.
Ashton, R. H., Kleinmuntz, D. N., Sullivan, J. B., & Tomassini,
L. A. (1989). Audit decision making. In A. R. Abdel-khalik,
& I. Solomon (Eds.), Research opportunities in auditing: The
second decade. American Accounting Association, Auditing
Section.
Ballou, B., Earley, C. E., & Rich, J. (2004). The impact of
strategic positioning evaluation on auditor judgments about
business process performance. Auditing: A Journal of
Practice & Theory, 23(September), 71–88.
Bell, T., Marrs, F., Solomon, I., & Thomas, H. (1997). Auditing
organizations through a strategic-systems lens: The KPMG
business measurement process. KPMG LLP.
Bell, T. B., Peecher, M. E., & Solomon, I. (2002). The strategic-
systems approach to auditing. In T. Bell, & I. Solomon
(Eds.), Cases in strategic-systems auditing: KPMG and
University of Illinois at Urbana-Champaign Business Mea-
surement Case Development and Research Program (pp. 1–
34). KPMG LLP.
Bell, T. B., Peecher, M. E., & Solomon, I. (2005). The 21st
century public company audit: Conceptual elements of
KPMG’s global audit methodology. KPMG, LLP.
Bell, T. B., Landsman, W. R., & Shackelford, D. A. (2001).
Auditors’ perceived business risk and audit fees: Analysis
and evidence. Journal of Accounting Research, 39(1), 35–
43.
Bell, T., & Solomon, I. (Eds.) (2002). Cases in strategic-systems
auditing: KPMG and University of Illinois at Urbana-
Champaign Business Measurement Case Development and
Research Program. KPMG LLP.
Bertalanffy, L. V. (1968). General system theory. Foundations,
development, applications. New York: George Braziller.
Blokdijk, H., Drieenhuizen, F., Simunic, D.A., & Stein, M. T.
(2003). Determinants of the mix of audit procedures: Key
factors that cause auditors to change what they do. Working
paper, The University of British Columbia.
Booth Sweeney, L., & Sterman, J. D. (2000). Bathtub dynamics:
initial results of a systems thinking inventory. Systems
Dynamics Review, 16(4), 249–294.
Brazel, J. F., Jones, K., & Zimbelman, M. F. (2006). What can
nonfinancial measures tell us about the likelihood of fraud?
Unpublished working paper.
Brehmer, B. (1992). Dynamic decision making: human control
of complex systems. Acta Psychologica, 81, 211–241.
Brickley, J. A., Smith, C. W., & Zimmerman, J. L. (1996).
Organizational architecture: A managerial economics
approach. New York: Richard D. Irwin.
Brief, R. P. (1982). SEC in the matter of McKesson & Robbins:
Report on investigation. New York: Garland Publishing Inc.
Brunswik, E. (1943). Organismic achievement and environmen-
tal probability. Psychological Review, 50, 255–272.
Campbell, S. & Hughes, M. (2005). Forward. In T. Bell, M.
Peecher, & I. Solomon (Eds.), The 21st century public
company audit: Conceptual elements of KPMG’s global audit
methodology. KPMG LLP.
Chesbrough, H., & Rosenbloom, R. S. (2002). The role of the
business model in capturing value from innovation: evi-
dence from Xerox Corporation’s technology spin-off com-
panies. Industrial and Corporate Change, 11(3), 529–555.
Curtis, E., & Turley, S. (2006). The business risk audit – a
longitudinal case study of an audit engagement. Working
paper.
Cushing, B. E., & Loebbecke, J. K. (1983). Analytical
approaches to audit risk: a survey and analysis. Auditing:
A Journal of Practice & Theory, (Fall), 23–41.
Domanick, J. (1989). Faking it in America: Barry Minkow and
the Great ZZZZ Best Scam. Chicago: Contemporary Book.
Dopuch, N., & King, R. R. (1991). Research monograph
number 19: Experimental tests of auditing as a credibility
generating mechanism. The Canadian Certified General
Accountants’ Research Foundation.
Einhorn, H., & Hogarth, R. (1986). Judging probable cause.
Psychological Bulletin, 99, 3–19.
Fischhoff, B., Lichtenstein, S., Slovic, P., Derby, S. L., &
Keeney, R. L. (1981). Acceptable risk. Cambridge: Cam-
bridge University Press.
Francis, J., Richard, C., & Vanstraelen, A. (2006). Assessing
France’s joint audit requirement: are two heads better than
one? Unpublished working paper, University of Missouri-
Columbia.
Friedman, T. L. (2005). The world is flat. New York: Farrar,
Straus and Giroux.
Gell-Mann, M. (1994). The quark and the jaguar: Adventures in
the simple and the complex. New York: W.H. Freeman and
Company.
Hammond, K. R. (1955). Probabilistic functioning and the
clinical method. Psychological Review, 62, 255–262.
Hecht, G. W. (2004). Systems thinking, mental representations,
and unintended consequence identification. Doctoral Thesis.
University of Illinois at Urbana-Champaign.
Hughes, K. E. II, (2000). The value relevance of nonfinancial
measures of air pollution in the electric utility industry. The
Accounting Review, 75(2), 209–228.
International Auditing and Assurance Standards Board
(IAASB). (2005). Handbook of international auditing, assur-
ance, and ethics pronouncements 2005 Edition (February).
 M.E. Peecher et al. / Accounting, Organizations and Society 32 (2007) 463–485
Ittner, C., & Larcker, D. (1998). Are nonfinancial measures
leading indicators of financial performance? An analysis of
customer satisfaction. Journal of Accounting Research,
36(Supplement), 1–35.
Jacobson, M. J. (2001). Problem solving, cognition, and
complex systems: differences between experts and novices.
Complexity, (January/February), 41–49.
Jeppesen, K. K. (1998). Reinventing auditing, redefining
consulting and independence. The European Accounting
Review, 7(3), 517–539.
Kapmeier, F. (2004). Findings from four years of bathtub
dynamics at higher management education institutions. In
M. Kennedy, G. W. Winch, R. S. Langer, J. I. Rowe, & J.
M. Yanni (Eds.), Proceedings of the 22nd international
systems dynamics conference.
Kennedy, J., Kleinmuntz, D. N., & Peecher, M. E. (1997).
Journal of Accounting Research, 35(Supplement), 105–123.
Kinney, W. R. (1983). A note on compounding probabilities in
auditing. Auditing: A Journal of Practice & Theory, (Spring),
13–22.
Kinney, W. R. (1989). Achieved audit risk and the audit
outcome space. Auditing: A Journal of Practice & Theory,
8(Supplement), 67–84.
Kinney, W. R. (1997). Forward. In T. Bell, F. Marrs, I.
Solomon, & H. Thomas (Eds.), Auditing organizations
through a strategic-systems lens: The KPMG business mea-
surement process. KPMG LLP.
Knechel, R. W. (2005). The business risk audit: Origins and
obstacles (and opportunities?). Working paper. University
of Florida.
Koonce, L. (1992). Explanation and counterexplanation in
analytical review. The Accounting Review, (January), 59–76.
Kruglanski, A. W., & Webster, D. M. (1996). Motivated closing
of the mind: ‘‘seizing’’ and ‘‘freezing’’. Psychological Review,
103(2), 263–283.
Levitt, S. D., & Dubner, S. J. (2005). FREAKONOMICS. New
York: HarperCollins Publishers Inc.
Lyon, J. D., & Maher, M. W. (2005). The importance of
business risk in setting audit fees: evidence from cases of
client misconduct. Journal of Accounting Research, 43(1),
133–151.
Malacinski, A., Dominick, S., & Hartrick, T. (2001). Measuring
Web Traffic, part 1. http://www-128.ibm.com/developer-
works/Web/library/wa-mwt1/ (accessed March 24, 2006).
Mautz, R. K., & Sharaf, H. A. (1961). The philosophy of
auditing. Evanston: American Accounting Association.
Messier, W. F., Glover, S. M., & Prawitt, D. F. (2006). Auditing
& assurance services: A systematic approach (4th ed.). New
York: McGraw-Hill Irwin.
Mettenheimer, H. J. (1869). Auditor’s guide. Analyzed and
restored by P.L McMickle and P.H. Jensen in The auditor’s
guide of 1869 (1988). New York: Garland Publishing.
Montgomery, R. H. (1939). Fifty years of accountancy. New
York: The Ronald Press, Co.
485
Nagar, V., & Rajan, M. V. (2005). Measuring customer
relationships: the case of the retail banking industry.
Management Science, 51(6), 904–919.
O’Donnell, E., & Schultz, J. (2005). The halo effect in business-
risk audits: can strategic risk assessment bias auditor
judgment about accounting details? The Accounting Review,
80(3), 921–940.
Olken, Benjamin A. (2005). Monitoring Corruption: Evidence
from a Field Experiment in Indonesia. Harvard University
and NBER working paper.
Robson, K., Humphrey, C., Khalifa, R., & Jones, J. (2005).
Transforming audit technologies: Business risk audit meth-
odologies and the audit field. Working paper.
Securities and Exchange Commission (SEC) (2003). Report
pursuant to Section 704 of the Sarbanes–Oxley Act of 2002.
Securities and Exchange Commission. (2005). Litigation release
No. 19454. Accounting and auditing enforcement release No.
2341. SEC charges seven individuals with aiding and abetting
financial fraud at Royal Ahold’s US foodservice subsidiary
for signing and returning false audit confirmations. (Novem-
ber 2). http://www.sec.gov/litigation/litreleases/lr19454.htm
(accessed April 30, 2006).
Senge, P. M. (1990). The fifth discipline: The art and practice of
the learning organization. New York: Doubleday.
Shibano, T. (1990). Assessing audit risk from errors and
irregularities. Journal of Accounting Research, 28(Supple-
ment), 110–140.
Sorensen, J. E., & Sorensen, T. L. (1980). Detecting manage-
ment fraud: Some organizational strategies for the indepen-
dent auditor. In R. K. Elliott & J. J. Willingham (Eds.),
Management fraud: Detection and deterrence (pp. 195–206).
New York: Petrocelli Books, Inc.
Sprague, C. E. (1907). Philosophy of accounts. New York:
Ronald Press.
Staub, W. A. (1942). Auditing developments during the present
century. Cambridge, MA: Havard University Press.
Sterman, J. D. (1989). Modeling managerial behavior: Misper-
ceptions of feedback in a dynamic decision making exper-
iment. Management Science, 35(3), 321–339.
Sterman, J. D. (2000). Business dynamics: Systems thinking and
modeling for a complex world. Irwin McGraw-Hill.
Surowiecki, J. (2004). The wisdom of crowds: Why the many are
smarter than the few and how collective wisdom shapes
business, economies, societies, and nations. Doubleday.
Wallace, W. A. (1995). Auditing (3rd ed.). South-Western
College Publishing.
Warren, K. (2002). Competitive strategy dynamics. John Wiley
& Sons Ltd.
Wilks, T. J., & Zimbelman, M. F. (2004). Using game theory
and strategic reasoning concepts to prevent and detect
fraud. Accounting Horizons, 18(3), 173–184.
Zimbelman, M. F., & Waller, W. S. (1999). An experimental
investigation of auditor-auditee interaction under ambigu-
ity. Journal of Accounting Research, (Supplement), 135–155.