You are on page 1of 14

The current issue and full text archive of this journal is available at

22,6 Organizational risk in large
audit firms
Kim K. Jeppesen
590 Department of Accounting and Auditing, Copenhagen Business School,
Frederiksberg, Denmark

Purpose – The main purpose of the paper is to analyze and discuss organizational risk in large-audit
firms. A secondary purpose is to contribute to auditing theory on how organizational risk may be
Design/methodology/approach – The study is conducted as a review of literature on audit-firm
organization, risk management, professions and organization theory.
Findings – Large-audit firms are commonly organized as partnerships relying on hierarchy and
standardization of work processes to control work. The paper argues that this may be an effective way
of organizing audit work in a stable environment. In a volatile environment, however, the strategy
becomes highly risky.
Research limitations/implications – The focus of the paper is on the organization of large-audit
firms and its findings do, therefore, not necessarily apply to small audit firms. The paper presents a
general view of the way large-audit firms are organized and controlled. Local variations may occur but
these are not analyzed in the paper.
Practical implications – The paper analyzes the inherent organizational risk of the common way of
organizing audit work and is therefore of direct interest to partners and other professionals in
large-audit firms. It may also be seen as an example of how organizational-risk analysis can be applied
in the audit process and it discusses the competences needed to perform such analysis. In this respect,
the paper is also of interest to practicing auditors as well as teachers and students of auditing.
Originality/value – Most of the literature on the organization of large-audit firms is relatively old
and this paper seeks to update and critically reinterpret knowledge in the area. It also contributes to an
understanding on how to apply organizational-risk analysis in the audit process.
Keywords Risk analysis, Risk management, Auditing
Paper type Literature review

Why is it important for auditors to understand organizational risk?

It is often claimed that the last decades have changed the traditional-industrial society
into a post-industrial society with a knowledge-based economy. In the post-industrial
society, products and services are increasingly sold on global markets which has made
competition global and speeded up the life cycle of products. Post-industrial production
is therefore characterized by being flexible order production as opposed to the
standardized mass production of the past-industrial society. To be able to seize
opportunities in temporary niches by adapting production to the ever-changing
demands of costumers, flexible production in turn requires a better-educated and
reflective workforce with broader skills, as well as a decentralized organization without
Managerial Auditing Journal a distinct center of power. Flexibility is also created by vertical disintegration of
Vol. 22 No. 6, 2007
pp. 590-603 companies and outsourcing of tasks, and by an increasing use of IT to automate work
q Emerald Group Publishing Limited
processes, which has reduced the need for manual labor substantially. The shift to
DOI 10.1108/02686900710759398 the post-industrial society also involves a general shift from the production of
standardized goods to the production of “signs,” i.e. goods where the primary Organizational
production takes place at the design stage and services where the primary content is of risk in large
an aesthetic character (Clegg, 1990; Parker, 1992; Lash and Urry, 1994; Alvesson, 1995).
The only thing stable these days is change, as some put it, and to be able to survive audit firms
companies must therefore be organized in a way that enables them to adapt swiftly to
changes in the market. Organizational risk, broadly defined as the risk that the
organizational configuration of a company does not support the achievement of its 591
strategy, therefore becomes vital to manage for companies in the post-industrial era.
Large-audit firms are an integrated part of the new production regime and they are
particularly sensitive to organizational risk, since they must understand and manage
the organizational risk of the audit firm as well as understand the organizational risk of
their clients. The latter is the case because organizational risk for the client eventually
may turn into a going-concern problem for the auditor. The purpose of this paper is
primarily to analyze the organizational risks that large-audit firms face. Secondary,
this analysis may also contribute to an understanding on how to analyze the
organizational risk of clients. The indirect approach to the last question inevitably has
its limitations when it comes to generalization since the analysis is focused on
professional services firms and the way they organize, not on other industries and their
way of organizing. The aim is therefore not to produce a general checklist, but rather to
discuss the knowledge needed to analyze organizational risk.

The risk of partnerships

Considering the importance of audit firms surprisingly little has been done in terms of
analyzing their organizational structure and control systems. Furthermore, these firms
have undergone a great deal of change over the last 10-15 years making it worth
reviewing the research previously done to reassess the results. The purpose of this and
the following sections is to analyze past and present literature on the subject in order to
contribute to an updated understanding of the general organizational risks that
large-audit firms face today. It starts, in this section, by analyzing the risk that follows
from being organized as partnerships and subsequently goes on in the next section to
analyze the primary control mechanisms (often called coordination mechanisms) found
in audit firms: standardization of work procedures, hierarchy, and culture. Finally, the
risk of these control mechanisms is analyzed.
A good deal of the literature on the organization of audit firms assumes without much
argument that accountants are professionals and that audit firms consequently are what
Mintzberg (1983) calls “professional bureaucracies” (see for instance Greenwood et al.,
1990; Macintosh, 1985; Post, 1996). When organizations grow to a size where direct
supervision becomes un-accomplishable organizations usually starts to bureaucratize,
especially if their environment is relatively stable. The core of a bureaucracy is
standardization of which there are three possible objects; standardization of work
processes, standardization of output and standardization of skills. Since, professional
work by definition is too complex to be standardized, it is often argued that the
primary-control mechanism in the audit firm is the standardization of skills.
Standardization of skills is combined with a tight system of recruitment, socialization
and indoctrination that makes the accountant member of a “clan” (Ouchi, 1980), a
community sharing a profound common agreement of what constitutes proper behavior
and of common goals and interests. Although clan control was intended to be an
MAJ alternative to the bureaucratic controls of standardization, most applications of Ouchi’s
22,6 clan-ideas to accounting nevertheless see clan control as a supplement to bureaucracy,
for instance Macintosh (1985), Hanlon (2004) and Pierce and Sweeney (2005).
To some degree, standardization of skills combined with clan control may have
been the way audit firms were controlled in the past. Hanlon (2004) analyzes the
changes in organizational structures that have taken place in professional service firms
592 over a 150-year period. He argues that whereas “collegiate professionalism” with clan
control may have been the primary control mechanism from around 1920 up till 1980,
the turn to “commercialized professionalism” – of which the accounting profession is
seen as the archetype (Hanlon, 1996) – changed this over the last couple of decades.
The tenet in the new form of professionalism is commercial behavior rather than social
service, which has led writers such as Zeff (2003) and Wyatt (2004) to describe the
change as a decline in professionalism. The change came about because elite groups
within the large-audit firms pushed for more centralized-bureaucratic controls in order
to enable a growth strategy. A second reason for the turn to bureaucratic control was
that it was seen as a means of securing an acceptable and uniform quality of the audit
service as a reply to the many lawsuits against audit firms in the USA from around
1980 onwards. And third, as a result of the internationalization of audit firms,
bureaucratic controls were also needed to accomplish the “seamless web” that most
audit firms were eager to create.
Similar to Hanlon’s “collegiate professionalism,” Greenwood et al. (1990) argue that
audit firms are “professional partnerships” emphasizing the collegiality, peer
evaluation and autonomy of the partners in the firms. Later, the same writers talk
about “pluralistic partnerships” adding the autonomy of the partner to the traits above
while arguing that it is mainly the small audit firms that are organized this way
(Greenwood et al., 1997). The large-audit firms are moving in the direction of
“managed professional partnerships” or “managerial professional bureaucracies,”[1]
characterized by a strong focus on commercialism and following centralized attempts
to position the firm strategically according to analysis of the market/client base to take
advantage of market trends. This involves an entire repositioning of the firm as
professional-business advisors instead of audit firms and such a repositioning cannot
be accomplished without centralized strategic decision-making and subordinates
complying with the strategic decisions taken. For operating controls, these firms rely
heavily on bureaucratic standardization of work. Large-audit firms are therefore under
pressure to abandon the partnership structure in favor of a corporate structure, or at
least to adopt traits from this.
The pressure to adopt corporate structure is further reinforced by developments in
the mix of services marketed by these firms. It is often argued by practitioners that
consulting tasks, such as giving advice and adapting standard solutions to specific
client needs, require a high degree of partner autonomy (Bruce, 1994). This is because
partnerships create an entrepreneurial culture among the partners that clients like. The
more consulting being done, the better the “professional partnership” would therefore
be. Auditing, however, is widely seen as a standardized commodity by academics as
well as practitioners (see for instance Brown et al., 1996; Bruce, 1994), and to produce a
standardized service the corporate structure is more adequate since it supports
bureaucratic controls in the form of formalized and standardized practices (Greenwood
and Empson, 2003). With the selling off of the consulting arms of the large-audit firms,
auditing has become more important for the audit firms and so is therefore the Organizational
incentives to organize with a centralized-corporate structure. The partnership
structure is nevertheless an ideal that is seldom completely abandoned when audit
risk in large
firms incorporate. Although owners of incorporated-audit firms formally are audit firms
shareholders, they commonly refer to themselves as partners[2]. While this may be
seen as a response to the divided nature of the audit firm’s services, it also tends to
cause problems because elements of the egalitarian-decision processes are retained. 593
Finally, the size of the large-audit firms makes the professional partnership
ideal problematic. Professional partnerships are founded on a consensus ideal,
which is incompatible with the large number of partners in the big firms. KPMG
and PricewaterhouseCoopers (PWC), for instance, have 6,667 and 8,019 partners,
respectively, (2005 figures), and it is hard to imagine all these coming to consensus
on strategic issues. In fact, the National Managing Partner of Grant Thornton in
the UK suggests that for a group of much more than 20 partners the essence and
spirit of partnership is impossible (Bruce, 1994). Other practitioners see the
partnership structure as creating endless committees and having a lack of
direction (Bruce, 1996). In other words, as the audit firms grow in size, the
egalitarian consensus ideal of the professional partnership comes under pressure.
The large-audit firms therefore typically introduce control by hierarchy, creating
different classes of partners in addition to the hierarchy among the salaried
professionals. Typically three types of partners are found: salaried partners who
do not own equity or have voting rights; equity or national partners, who own
equity, have national voting rights and are eligible for election to the
national-management committee; and international partners, who in addition may
vote and participate in the international management of the firm. In spite of the
introduction of hierarchy, the equity-partners still expect influence and typically
elect the partners for the national-management committee for a fixed-term of
5-6 years after which they return to the normal partner ranks again (see for
instance Greenwood et al., 1990; Bruce, 1994). Sometimes they retain the right to
vote on major-strategic decisions as well. The hierarchical organization of the large
partnership is relatively costly because tiers of middle line management is added
to the organization while it simultaneously maintains residual traces of the
collegial processes in small partnerships (Greenwood and Empson, 2003).
To sum up the argument: small-audit firms are traditionally organized as
partnerships, but the partnership organization becomes a source of risk when the audit
firm grows bigger. This is the case because the partnership organization with its
consensus ideal makes strategic decision making slow and difficult. Without the ability
to make fast-strategic decisions audit firms may get in serious trouble when unforeseen
threats in the environment occur. In a call to “rethink the partnership” a former
Andersen partner notes: “the partnership structure does not serve the public
accounting firm – nor the public – particularly well. It makes decision-making, rapid
response to change, and crisis management extremely difficult” (Toffler, 2003,
pp. 247-8). Seen in this light the fate of Andersen is not only the story of failed audits, it
is also the story of failure to manage organizational risk.
Controlling the behavior of employed professionals
So far, the paper has focused primarily on the partnership level. The partners are
nevertheless only the top 10 percent of the professional iceberg with the remaining
MAJ 90 percent or more being salaried professionals[3]. To make sure their decisions are
22,6 carried out, partners therefore need an effective control or coordination mechanism.
In professional partnerships, the primary operating control mechanism of the
employed workforce is socialization into accepting the objectives of the partners
(Greenwood et al., 1990). This is done by a selective recruitment policy where (at least
in certain cultures) minority groups and working class people are excluded (Hanlon,
594 2004), by recruiting employees with a personality type that is robust to bureaucracy[4],
and by application of a mentoring-training system, which installs a partner worldview
in the employees (Covaleski et al., 1998). One of the major rewards in this system is the
promise of future partnership often referred to as “the lure of partnership” (Greenwood
and Empson, 2003). As mentioned before, large-audit firms have moved away from the
professional partnership structure and may now be seen as managerial professional
bureaucracies (Brown et al., 1996; Greenwood et al., 1997). The managerial-professional
bureaucracy is still a partnership, but a partnership where the egalitarian traits of the
professional partnership have been abandoned in favor of centralized management for
the reasons stated above. Since, centralized management cannot rely solely on
decentralized recruitment and socialization as the primary-control mechanism, it has to
be supplemented by other mechanisms. In the managerial professional bureaucracy,
auditors are primarily controlled by a combination of three types of control
mechanisms. These are presented below and in the following section the risks are
First, auditors are supposed to conduct their work according to professional
standards, whether these are local-auditing standards or international standards on
auditing, and compulsory peer review systems are in place to secure compliance with
these. Auditing standards are by their nature normative although they usually allow
firms or partners a certain degree of autonomy. The higher management generally
considers risk, the more likely it is to try to control that risk by bureaucratic rules and
compliance controls (Bax, 2000). The audit-risk model still in use was the audit firms
answer to the litigation boom in the USA in the early 1980s, and the models-primary
function is to coordinate and control-audit work by allowing centralized control with
the risk and materiality decisions in the audit process. The audit-risk model is usually
implemented in a highly structured version, where comprehensive-auditing manuals
prescribe standardized working procedures (see for instance Post, 1996), and where key
decisions are centrally controlled by audit automation or decision-support systems as
argued by Manson et al. (2001), Knechel (2007) and MacLullich (2003). The turn to
business-risk audits was expected to place greater emphasis on subjective judgment
and thereby make the audit process less structured, but MacLullich (2003) shows that
subjective judgment and structure goes well together, as the large-audit firms now rely
on the use of decision-support systems that guide auditors through the pre-planned
stages of the audit and standardize the documentation of their subjective work.
Standardization of work procedures is therefore the primary-control mechanism in the
audit profession.
Secondly, as the audit firms grow in size, further levels of hierarchy are added to the
organization to enable control by direct supervision as well as leverage the personnel
more thoroughly. Although textbooks such as Hayes et al. (2005, pp. 28-39) only
mention four hierarchical layers, in practice there is sometimes more. In Denmark,
for example, KPMG has eighth layers in the hierarchical structure of its auditors.
The same is the case for PWC but this firm appears to sub-divide each hierarchical Organizational
level even further[5]. In other words, middle-line management becomes quite extensive risk in large
making direct supervision a major-supplementary control mechanism in large-audit
firms. Recent studies by Pierce and Sweeney (2005) and Barrett et al. (2005) indicate audit firms
that partner and manager involvement in the audit-review process have increased in
the Big Four as a result of the adoption of the business risk audit approach and the use
of electronic documentation. Although this development may reduce the need for a 595
multi-layered hierarchy, it still emphasizes the importance of direct supervision as a
control mechanism to supplement standardization of work procedures.
Thirdly, although the Public Oversight Board (2000, pp. 104-5) emphasized the
importance of giving the performance of high-quality audits highest priority in
performance evaluations on all levels in the audit firm, little appears to have
changed since then. According to Hanlon (2004) commercial behavior is still
encouraged by incentive systems where partners usually “eat what they kill,”
where elevation to partnership is restricted to the few demonstrating the ability to
acquire new clients, and where salaried professionals are remunerated according to
scorecard evaluations of their performance. PWC for instance, has initiated a
performance appraisal and development programme (PADP), according to which
employee performance on all engagements of a certain size (typically, engagements
on which the employee has been working for more than two weeks) must be
evaluated. At the yearly appraisal interviews, the employee must bring along at
least 3-4 such “Appraisals.” Based on these a personal development plan is drawn
up and remuneration decided. The PADP program measures the employee on a 1-5
scale on eight areas: the ability to exceed client expectations, efficiency,
performance, risk management, supervision and development of subordinates, use
of technology, communicative skills and performance gaps. Formalized incentive
systems are therefore another supplementary control mechanism, in particular in
the large-audit firms.
In addition to the control mechanisms discussed above Martinez and Jarillo (1989)
provide an overview of a number of other control mechanisms such as
departmentalization/divisionalization, budgeting systems, informal communication,
and socialization into a corporate culture. All of these are also applied in various
degrees by audit firms. According to Stevens (1991) Price Waterhouse and Arthur
Andersen in particular relied heavily on corporate culture for coordination, Andersen
to a degree where their auditors nicknamed themselves “Arthur Androids” (Squires
et al., 2003; Toffler, 2003). Arthur Andersen was fairly successful in centrally
controlling the culture, mainly because all auditors from around the world from time to
time had to attend the St Charles Training Center in Illinois, where they were socialized
to accept the corporate culture. This, however, is a costly coordination mechanism and
it was still supplemented by formalized standard operating procedures for conducting
audits as well as for general management (Squires et al., 2003). Nevertheless, corporate
culture is a control mechanism that plays a supplementary role in some audit firms.
Bell et al. (1997, p. 28) consider corporate culture a source of risk in itself to the extent it
does not support the chosen business strategy. A particular cultural risk mentioned is
“command-and-control tactics by upper management that inhibit employee flexibility
and learning,” a culture, which often develops in hierarchical bureaucracies.
MAJ Although many writers are critical towards bureaucracy, there are exceptions.
22,6 Adler and Borys (1996) and Adler (1999) argue that too much focus has been on the
coercive side of bureaucracy and point to the possibility of creating enabling
bureaucratic structures. These are characterized by a general desire to empower
employees, mainly by creating bureaucratic structures in the form of best practice
methods, on which employees are given influence. Where the coercive bureaucratic
596 system sees errors as costly mistakes that need to be corrected by designing foolproof
systems, the enabling bureaucratic system sees errors as learning opportunities that
must be used to correct the best practice system. In this respect, the idea of enabling
bureaucracy is related to the perspectives that follow from applying the
knowledge-based theory of the firm. From this perspective, Hatherly (1998a, b)
argues that the audit firm should be seen as a serial learning business. In such a
business, the organization develops a set of principles that govern business activity
and these principles are applied to a variety of situations. Positive as well as negative
feedback from employees is looped back through the organization and the principles
are updated accordingly, thereby empowering employees.
The chances for creating enabling bureaucratic structures in audit firms are
unfortunately reduced by the presence of some of the forces mentioned by Adler and
Borys (1996) as encouraging a coercive logic; that is asymmetries of power, knowledge,
skills, and rewards. The partnership ideal is based on a clear distinction between the
relatively few partners and the many employees. Since, partners are usually owners of
the audit firm they bear the downside financial risk of the behavior of their employees.
As discussed earlier, this risk was the driving force behind the development of the
audit risk model and its implementation in the form of structured-audit methodologies.
Structure in auditing is defined as “a systematic approach to auditing characterized by
a prescribed, logical sequence of procedures, decisions, and documentation steps, and
by a comprehensive and integrated set of audit policies and tools designed to assist
the auditor in conducting the audit” (Cushing and Loebbecke, 1986, p. 32). In the
international audit firms, the audit policies and the structured methodologies are
usually centrally defined, with the US branch playing a prominent role in the process.
Feedback from employees in the periphery of the world has to travel a long way and
pass through many layers of hierarchy before reaching the center. If it is at all possible
to establish a feedback loop it will become fairly sluggish. Auditing is therefore more
likely a formula application business, where knowledge is applied in the audit process
rather than systematically generated. Or to put it differently, audit innovation only
takes place to the extent it is initiated, organized and fully controlled by top
management in the big audit firms[6]. The price for this control is paid in terms of the
speed at which innovation takes place. It is interesting to note that it took the big audit
firms 5-10 years to develop and implement the business risk audit approaches. The
centrally controlled learning strategy is clearly best suited in a stable-business

The risk of the applied control mechanisms

So far, the paper has argued that the large-audit firms have centralized their strategic
and much of their operational decision making. Audit work and innovation is controlled
by highly standardized work processes as well a by direct supervision in an extensively
hierarchical organization, sometimes supported by a uniform corporate culture.
Large-audit firms are therefore not professional bureaucracies in Mintzberg’s (1983) Organizational
terms and probably have not been so for a long time judging from Sorensen and risk in large
Sorensen’s (1974) analysis of the professional-bureaucratic conflict in large-audit firms
and its consequences in terms of job dissatisfaction and migration. Fogarty (1992, audit firms
p. 141) also questions the influence of professionalism in the socialization of
accountants. It seems that the argument for classifying audit firms as professional
bureaucracies is that since auditors are professionals, and since professional work per 597
definition is too complex to be standardized, then audit firms must be professional
bureaucracies controlled by standardization of knowledge. As it is argued above,
organizational reality at the large-audit firms suggests that it is now possible to
standardize professional work, perhaps because of the development of automated
decision-support systems in auditing. Large-audit firms are now centrally managed
firms with standardization of work processes and direct supervision through an
extensive middle line management as the central-control mechanisms, usually
supported by some degree of corporate culture. Therefore, they closely resemble
Mintzberg’s (1983) description of the machine bureaucracy, although most audit
partners probably would hesitate to acknowledge this, just as the CEO commenting “we
don’t refer to the controls we are establishing by using the B word” (Adler, 1999, p. 47).
The paradox of bureaucracy is that its popularity in practice is inversely proportional
to its reputation.
As long as the environment remains stable being a machine bureaucracy does not
necessarily cause problems. It is, according to Mintzberg (1983), an effective way of
controlling mass-production. However, if the environment becomes unstable, hierarchy
becomes dysfunctional. In these cases, the operating core experiencing problems
producing, adapting or selling the standardized product typically do not have the
authority to deviate from the standards. Operative problems are consequently referred
up through the hierarchy, often ending at the top level in the cases where the problems
are of a fundamental character. This has the effect that top-management is being
overburdened with operative decisions at a time where it is crucial that it concentrates
on making strategic decisions. Generally, the combination of bureaucracy and
hierarchy will slow down corporate decision making, making it dysfunctional in the
“new economy” of flexible specialization where fast decisions are required to seize
opportunities in temporary niches. Auditors must be aware of this to understand their
client’s business:
Perhaps, the greatest challenge an external auditor faces during a period of rapid change
is to develop an understanding of the implications of recent “shocks” to the economic
system within which the client operates, and to anticipate the speed with which such
shocks will impact his client’s profitability and survival (Bell et al., 1997, p. 23).
There is also evidence that large-audit firms consider their own business subject to this
development. Ernst and Young’s (1994) Audit Innovation Project was partly initialized
because of perceived changes in the environment:
We must adapt to rapid change in the global business environment. We have been successful,
but that does not ensure future success. We need a dynamic service delivery model to address
these evolving issues, and we need to adapt to our marketplace from a position of strength.
According to Elliott (1994, 1996, 1997, 1998) the accounting profession is generally
experiencing the threats as well as opportunities of change in information technology
MAJ and change in investors need for information. These changes allegedly necessitated the
22,6 need to “reengineer” auditing to focus on business risk and also lead to opportunities in
the form of assurance services. If the large-audit firms find themselves in rapidly
changing environments their organizational form could therefore be a cause of severe
Adding to these problems, the standardized routine work in the machine
598 bureaucracy is also a source of risk. The well-known downside of such
standardization is that it deprives employees of autonomy and control over their
work situation, as well as of the stimulation of innovative challenges. Working in
machine bureaucracies therefore often leads to dissatisfaction and demotivation,
which is why it is often recommended that such organizations recruit people with
low expectations of work (Adler and Borys, 1996). However, as Sennett (1998) points
out, routine also has a positive side in the sense that it provides people with a high
degree of predictability in their lives, a predictability that can serve as the
background on which to evaluate alternatives. Without a certain degree of routine,
people would completely loose control over their lives. How much control a person
needs is in the end a question of personality, and Mintzberg (1983, p. 179) notes that
whereas some people are quite happy to subject to standardized routine work,
“there appear to be more jobs in Machine Bureaucracies than people happy to fill
them.” The personality of auditors has been studied in a number of geographical
settings, and the findings are remarkably similar. In MBTI tests, the ESTJ and ISTJ
personalities (2 out of 16 possible types) generally comprise 30-50 percent of all
auditors, in some cases even more (Wheeler, 2001). The “J” in the type indicates that
auditors are generally people who prefer to live a planned and structured life, people
who do not easily set aside plans, standards and customs. Research indicates that
“J”-types generally comprise between 60 and 90 percent of all auditors (Wheeler,
2001). Seen in this light it is really not a surprise that auditors do not always see
themselves as working in highly bureaucratic organizations. Rahman and Zanzi
(1995) for instance show how Big-Six auditors find their work only moderately
structured, whereas Pierce and Sweeney (2005) report different opinions among
partners and managers about the degree of perceived structure in the audit process.
Older studies indicate that perceived bureaucracy is much greater at the lower
levels of the hierarchy (Montagna, 1974). The results probably reflect the fact that
what is moderately structured to a “J”-personality could be seen as excessively
structured by the opposite personality type with a much lower routine tolerance
threshold. These people will tend not to take jobs in audit firms or, if they do, to
loose motivation and leave for other jobs after a short time.
The combination of extensive hierarchy and partnership is also a cause of
motivational problems, since it clearly shows that very few will become partners. The
“lure of partnership” does therefore not work that well anymore, in some cases causing
a “brain drain” problem with large numbers of professionals leaving for better
opportunities elsewhere. This has allegedly caused some consulting firms to consider
abandoning the partnership structure and incorporating instead (Greenwood and
Empson, 2003, p. 926). Audit firms are knowledge intensive firms who depend on being
able to attract end keep talented young professionals. A centralized organization
relying mainly on standardization of work processes and hierarchy for control is
hardly suited for this purpose and is therefore also a source of risk.
Conclusion Organizational
Large-audit firms are commonly organized as partnerships relying primarily on risk in large
hierarchy and standardization of work processes to control work. This is an
organizational structure, which has its roots in the industrial society that auditing itself audit firms
is a product of. It is therefore an organizational structure that is adapted to
standardized mass-production in a stable environment. As long as the environment
remains relatively stable, as long as the needs of users of financial statements and 599
clients does not change frequently, the common way of organizing audits firms
therefore works well from an audit firm’s perspective. There is, however, signs that
society is changing into what some writers call the post-industrial society, i.e. a society
characterized by constant changes in demand, to which industry adapts by switching
to flexible order production. Flexible production in turn calls for supportive
organizational structures that enable swift strategic responses, decentralized operative
decisions, and organizational learning from experience.
Large-audit firms are part of this change in the production regime. Although the
audit market hardly changes with the same speed as the markets for industrial goods,
it is nevertheless subject to changes in demand too, as evidenced by the recent report
from the CEO’s of the international audit networks (Global Public Policy Symposium,
2006). The large-audit firms do need to adapt to changes in their environment and they
accordingly need an organizational structure that enables this. The
common-partnership structure has for some time been considered problematic in
this respect because its makes strategic decision-making difficult and slow. It may
therefore be a source of fundamental risk when strategic decisions are most needed, i.e.
in cases where the basis for the present strategy is changing. The reliance on
standardization of work procedures combined with hierarchy and culture as control
mechanisms are sources of risk too, although this is not as commonly recognized.
Standardization of work procedures makes production extremely inflexible, it does not
encourage innovation, it de-motivates employed professionals, and it inhibits the
establishment of a learning organization. The extensive hierarchy makes learning even
more difficult since it delays and filters the information flow upwards in the
organization and usually also creates a competitive culture among employees which
discourage knowledge sharing. Hierarchy and bureaucracy are usually supplemented
with attempts to create a corporate culture that controls the behavior of employees.
This too is a source of risk since corporate culture is fundamentally uncontrollable and
may turn dysfunctional as in the case of Arthur Andersen.
The present way of organizing large-audit firms therefore only works well to the
extent that the environment is relatively stable. The more volatile the environment is,
the higher the inherent organizational risk becomes. Organizational risk in large-audit
firms therefore calls for management but the common responses provide an
organizational dilemma. On one hand, the common organizational response to the
partnership element of organizational risk is to adopt a corporate structure where
power is centralized in order to facilitate strategic decision-making. The bureaucracy
element of organizational risk, on the other hand, is best responded to by building
learning capabilities into the bureaucracy. This requires the establishment of a
knowledge-sharing system where local experiences quickly lead to revisions of global
standardized working procedures. For this to work, the audit firm will need short lines
of communication and a relatively flat organization, which does not allow for hierarchy
MAJ as a mechanism of coordination and control. Organizational risk in large-audit firms is
22,6 therefore not easy to manage. The managerial problem is how to centralize strategic
decision-making while simultaneously decentralizing operational decision making.
A solution will inevitably require that strategic and operational-decision processes are
detached, but this is hardly possible within the traditional egalitarian frames of the
partnership. Large-audit firms therefore often incorporate or otherwise adopt traits
600 from the corporate structure to support strategic decision making.
Although this paper has focused on the organizational risk of large-audit firms, it
may also be seen as an example of the kind of analysis expected of auditors to
understand the entity as required by ISA 315. This paper implicitly suggests that such
an understanding is not possible without competence in risk management and
organizational theory. Present auditing textbooks support this view. Eilifsen et al.
(2006, p. 187), for example, note that “The appropriateness of an entity’s organizational
structure depends on its size and the nature of its activities” and give as examples that
high-tech industries need flexible organizational structures whereas highly regulated
industries need tightly controlled structures. The theoretical framework to assess
organizational risk is nevertheless not set out explicitly in textbooks such as Eilifsen
et al. (2006) and Hayes et al. (2005), which both seem to assume that students are
already familiar with organizational theory. Whether this assumption is realistic
certainly calls for consideration by those in charge of educational programs in
auditing. Furthermore, the need to understand organizational risk is just one of the
sources of risk that the auditor is expected to assess according to the conceptual
framework set out by Bell et al. (1997). Others may be found in an entity’s culture, in the
political environment and in internal communication, to mention a few of the more
unconventional sources of risk that the auditor is expected to assess too. The focus on
business risk in the audit process therefore increases the complexity and risk of the
audit process and calls for auditor qualifications that go far beyond technical auditing.

1. In some sense, the “managerial professional bureaucracy” is a contradiction in terms, since
professional bureaucracies are generally not easily manageable according to Mintzberg
2. Of the Big Four in Denmark, only KPMG remains a formal partnership. PWC, Deloitte and
Ernst & Young have now incorporated but still refer to their leadership as partners.
3. Typically around 8 percent of the professionals are partners. To take a few examples from
2005 annual reports: PWC has 8,019 partners and a client service staff of 94,877. KPMG has
6,667 partners and a client service staff of 76,073.
4. Andersen, for instance, MBTI-tested their employees as part of the effort to get a
homogeneous internal culture. They also taught auditors to identify the personality types of
clients to facilitate interaction (Squires et al., 2003, pp. 50-51).
5. From the bottom up, the KPMG hierarchy in Denmark is: Junior assistant, Assistant,
Assistant Manager, Manager, Senior Manager, Partner, Managing Partner and Senior
Partner. The equivalent PWC hierarchy is: Junior 1-2, Associate 1-2, Senior Associate 1-4,
Manager 1-4, Senior Manager, National Partner (salaried), Equity Partner and International
Partner. See also Table 2 in Post (1996).
6. Ernst & Young’s Audit Innovation project is a typical example of how audit innovation
takes place in large-audit firms. Ernst & Young’s International Council formed the Future
Vision Task Force in October 1992 and a steering committee comprised of partners from Organizational
seven countries was appointed to oversee the project. The Vision Task Force analysed
practices on over 100 engagements in 10 countries identifying problems and potential risk in large
improvements. It reported in 1994 and on the basis of this vision the new audit approach was audit firms
centrally developed by in Ohio, Cleveland between 1994 and 1997. In 1997, the worldwide
implementation process was initiated and it was generally considered completed by the turn
of the century.
Adler, P.S. (1999), “Building better bureaucracies”, The Academy of Management Executive,
Vol. 13 No. 4, pp. 36-49.
Adler, P.S. and Borys, B. (1996), “Two types of bureaucracy: enabling and coercive”,
Administrative Science Quarterly, Vol. 41 No. 1, pp. 61-89.
Alvesson, M. (1995), “The meaning and meaninglessness of postmodernism: some Ironic
remarks”, Organization Studies, Vol. 16 No. 6, pp. 1047-75.
Barrett, M., Cooper, D.J. and Jamal, K. (2005), “Globalization and the coordination of work in
multinational audits”, Accounting, Organizations and Society, Vol. 30 No. 1, pp. 1-24.
Bax, E. (2000), “The paradox of bureaucratic risk control”, Risk Management, February, pp. 19-22.
Bell, T., Marrs, F., Solomon, I. and Howard, T. (1997), Auditing Organizations Through a
Strategic Systems Lens, KPMG Peat Marwick LLP, Amsterdam.
Brown, J.L., Cooper, D.J., Greenwood, R. and Hinings, C.R. (1996), “Strategic alliances within a
big-six accounting firm”, International Studies of Management & Organization, Vol. 26
No. 2, pp. 59-79.
Bruce, R. (1994), “Doomed but dedicated”, Accountancy, Vol. 114 No. 1212, pp. 44-6.
Bruce, R. (1996), “Whiter than white?”, Accountancy, Vol. 117 No. 1233, p. 56.
Clegg, S. (1990), Modern Organizations. Organization Studies in the Postmodern World, Sage,
Covaleski, M.A., Dirsmith, M.W., Heian, J.B. and Samuel, S. (1998), “The Calculated and the
avowed: techniques of discipline and struggles over identity in big six public audit firms”,
Administrative Science Quarterly, Vol. 43 No. 2, pp. 293-327.
Cushing, B.E. and Loebbecke, J.K. (1986), Comparison of Audit Methodologies of Large
Accounting Firms, American Accounting Association, Sarasota, FL.
Eilifsen, A., Messier, W.F., Glover, S.M. and Prawitt, D.F. (2006), Auditing & Assurance Services
(International Edition), McGraw-Hill Education, Maidenhead.
Elliott, R.K. (1994), “Confronting the future: choices for the attest function”, Accounting Horizons,
Vol. 8 No. 3, pp. 106-24.
Elliott, R.K. (1996), “Auditing reborn”, CA Magazine, August, pp. 36-8.
Elliott, R.K. (1997), “Adding value to audits”, CA Magazine, November, pp. 35-7.
Elliott, R.K. (1998), “Assurance services and the audit heritage”, The CPA Journal, June, pp. 40-7.
Ernst & Young (1994), The Audit Innovation Vision Summary, Ernst & Young, New York, NY.
Fogarty, T.J. (1992), “Organizational socialization in audit firms: a theoretical framework and
agenda for future research”, Accounting, Organizations and Society, Vol. 17 No. 2,
pp. 129-49.
Global Public Policy Symposium (2006), Global Capital Markets and the Global Economy: A Vision
From the CEOs of the International Audit Networks, November, available at: www.
MAJ Greenwood, R. and Empson, L. (2003), “The professional partnership: relic or exemplary form of
governance?”, Organization Studies, Vol. 24 No. 6, pp. 909-33.
Greenwood, R., Hinings, C.R. and Brown, J. (1990), “‘P2-form’ strategic management: corporate
practices in professional partnerships”, Academy of Management Journal, Vol. 33 No. 4,
pp. 725-55.
Greenwood, R., Hinings, C.R., Brown, J. and Cooper, D. (1997), “Promoting the professions”,
602 Business Quarterly, Vol. 61 No. 4, pp. 64-70.
Hanlon, G. (1996), “‘Casino capitalism’ and the rise of the ‘commercialised’ service
class – an examination of the accountant”, Critical Perspectives on Accounting, Vol. 7
No. 3, pp. 339-63.
Hanlon, G. (2004), “Institutional forms and organizational structures: homology, trust and
reputational capital in professional service firms”, Organization, Vol. 11 No. 2, pp. 187-210.
Hatherly, D. (1998a), “Is the risk-driven audit too risky?”, Accountancy, August, p. 72.
Hatherly, D. (1998b), “Learning audits”, Accountancy, November, pp. 75-6.
Hayes, R., Dassen, R., Schilder, A. and Wallage, P. (2005), Principles of Auditing: An Introduction
to International Standards on Auditing, 2nd ed., Pearson Education Ltd, Harlow.
Knechel, W.R. (2007), “The business risk audit: origins, obstacles and opportunities”, Accounting,
Organizations and Society, Vol. 32 Nos 4/5, pp. 383-408.
Lash, S. and Urry, J. (1994), Economies of Signs & Space, Sage, London.
MacLullich, K.K. (2003), “The emperor’s new clothes? New audit regimes: insight from Foucault’s
technologies of the self”, Critical Perspectives on Accounting, Vol. 14 No. 8, pp. 791-811.
Macintosh, N. (1985), Social Software of Accounting and Information Systems, Wiley, Chichester.
Manson, S., McCartney, S. and Sherer, M. (2001), “Audit automation as control within audit
firms”, Accounting, Auditing & Accountability Journal, Vol. 14 No. 1, pp. 109-30.
Martinez, J.I. and Jarillo, J.C. (1989), “The evolution of research on coordination mechanisms in
multinational corporations”, Journal of International Business Studies, Vol. 20 No. 3,
pp. 489-514.
Mintzberg, H. (1983), Structure in Fives: Designing Effective Organizations, Prentice-Hall,
Englewood Cliffs, NJ.
Montagna, P.D. (1974), Certified Public Accounting. A Sociological View of a Profession in Change,
Scholars Book Co., Houston, TX.
Ouchi, W.G. (1980), “Markets, bureaucracies & clans”, Administrative Science Quarterly, March,
pp. 129-41.
Parker, M. (1992), “Post-modern organizations or postmodern organization theory”, Organization
Studies, Vol. 13 No. 1, pp. 1-17.
Pierce, B. and Sweeney, B. (2005), “Management control in audit firms – partners’ perspectives”,
Management Accounting Research, Vol. 16, pp. 340-70.
Post, H.A. (1996), “Internationalization and professionalization in accounting services”,
International Studies of Management & Organization, Vol. 26 No. 2, pp. 80-103.
Public Oversight Board (2000), Report of the Panel on Audit Effectiveness, available at: www.
Rahman, M. and Zanzi, A. (1995), “A comparison of organizational structure, job stress, and
satisfaction in audit and management advisory services (MAS) in CPA firms”, Journal of
Managerial Issues, Vol. 7 No. 3, pp. 290-305.
Sennett, R. (1998), The Corrosion of Character. The Personal Consequences of Work in the New Organizational
Capitalism, W.W. Norton & Company, Inc., New York, NY.
Sorensen, J.E. and Sorensen, T.L. (1974), “The conflict of professionals in bureaucratic
risk in large
organizations”, Administrative Science Quarterly, Vol. 19 No. 1, pp. 98-106. audit firms
Squires, S.E., Smith, C.J., McDougall, L. and Yeack, W.R. (2003), Inside Arthur Andersen: Shifting
Values, Unexpected Consequences, Prentice-Hall, Englewood Cliffs, NJ.
Stevens, M. (1991), The Big Six, Touchstone, New York, NY. 603
Toffler, B.L. (2003), Final Accounting: Ambition, Greed, and the Fall of Arthur Andersen,
Broadway Books, New York, NY.
Wheeler, P. (2001), “The Meyers-Briggs type indicator and applications to accounting education
and research”, Issues in Accounting Education, Vol. 16 No. 1, pp. 125-50.
Wyatt, A.R. (2004), “Accounting professionalism – they just don’t get it!”, Accounting Horizons,
Vol. 18 No. 1, pp. 45-53.
Zeff, S. (2003), “How the US accounting profession got where it is today”, Accounting Horizons,
Vol. 17 No. 3, pp. 189-205 & Vol. 17 No. 4, pp. 267-286.

Corresponding author
Kim K. Jeppesen can be contacted at:

To purchase reprints of this article please e-mail:

Or visit our web site for further details: