A Simulation Study of the Influence of PCAOB Regulatory Guidance on the Internal Control Audit Process: An Analysis of Relationships, Risk and Information Sharing

Abstract

Section 404 of the Sarbanes–Oxley Act (SOX) altered the relationship between auditors and their clients by requiring an external audit of companies’ internal controls. Regulatory guidance is interpreted and applied by external auditors to comply with SOX. The purpose of this paper is to apply service operations management theories and techniques to the internal control audit process to better understand the role regulatory guidance plays in audit services. We discuss service operations management theories that apply to the production of audit services and employ the operations management technique of simulation to examine the effects of a historical relationship between the client and the auditor, information sharing between the client and the auditor, and the auditor’s perceived risk of the client on the internal control audit process. The application of service operations management theories and the simulation results illustrate that risk and information sharing are key factors for the audit process. The results suggest the updated Public Company Accounting Oversight Board guidance from Auditing Standard 2 to Auditing Standard 5 appropriately increased audit effectiveness by encouraging risk-based judgments and information sharing. This paper merges accounting and service operations management research to examine the effects of regulatory guidance on the internal control audit process. The paper uses simulation to illustrate the importance of interpreting regulatory guidance and the specific effects of risk and information sharing on the internal control audit process.