Social Identification and Differences in External and Internal Auditor Objectivity Free

In response to whether Auditing Standard No. 2 (AS2; PCAOB 2004) provided sufficient guidance to maintain an appropriate balance between audit effectiveness and efficiency, the Public Company Accounting Oversight Board (PCAOB) released Auditing Standard No. 5 (AS5; PCAOB 2007), which encourages external auditors to rely more on internal auditors' work in certain circumstances. Consistent with these standards, in its inspections the PCAOB investigates whether external auditors utilize issuers' internal audit departments effectively (PCAOB 2009), and has displayed a continued interest in understanding the effects of external auditors' reliance on judgments of internal auditors when forming audit opinions (2011 Academic Research Synthesis Project). As external auditors continue to be encouraged to reduce redundant audit procedures, in part by relying on internal auditors for low-risk control evaluations (PCAOB 2007), scrutiny of internal auditors' objectivity and the overall effect of this audit process evolution will continue.

Stefaniak et al. (2012; hereafter SHC) examined how internal and external auditors may be susceptible to unique objectivity differences. Prior research in accounting and psychology indicates that individuals' objectivity and judgments are affected by the extent to which they are “attached” to a particular group, such as an employer or audit client. Attachment to a group or organization is broadly referred to in the psychology literature as “social identification.” In the case of auditors, SHC were interested in how auditors' attachment to an employer, as would be the case with internal auditors, or to a client, as would be the case with external auditors, relates to their objectivity on the type of lower-risk control deficiency that is associated with the enhanced reliance indicated by AS5. Differences in the effect of social identification on internal and external auditors' judgments are important to the profession because both types of auditors can “attach” themselves to their employers or clients. Understanding the nuances related to group attachment and objectivity is important to corporate governance and the management of audit functions because of how auditor decisions affect audit planning, including the nature, timing, and extent of audit procedures, and the later evaluation of these procedures.

Social identification has its psychological roots in social identity theory, which asserts that one's self-concept is influenced by one's perception of actual or symbolic membership in a specific group (Mael and Ashforth 1992). While auditors cannot easily quantify personality variables in practice, the extent of a person's social identification with an entity can be identified informally with some ease. For example, in an organizational setting, individuals who identify greatly with, or who are deeply attached to an organization, often refer to the organization in the first person (e.g., “We met the SEC filing deadline”), while individuals who do not perceive themselves as psychologically intertwined with an organization more likely will use the third person (e.g., “They met the SEC filing deadline”). Further, individuals who are deeply attached to an organization typically take criticism of and compliments about the organization personally, and they are greatly interested in what others think about the organization.

SHC, in a controlled experiment with practicing internal and external auditors, asked auditors to complete a hypothetical case that included an internal control failure at their employer or client. SHC found that, as internal auditors reported higher levels of attachment to the employer, their control deficiency evaluations were more conservative. They suggest that this finding results from lower risks associated with internal auditors reporting “bad news” to their employer, as well as internal auditors' concerns about the organization's long-term sustainability. Conversely, SHC found that higher levels of attachment reported by external auditors was related to increased leniency (i.e., less conservative evaluations) when evaluating client control deficiencies.

In this paper, we discuss SHC's findings and explain why the relationship between social identification and both internal and external auditors' objectivity exists. We examine the importance of social identification in auditor judgments, and discuss the implications for practicing internal and external auditors. The primary implication from SHC is that external auditors' reliance on internal auditors' work, as recommended by AS5, can improve audit quality. The improvement occurs because the higher level of internal auditors' identification with their employer is associated with less lenient (i.e., more conservative) deficiency judgments, a positive outcome. If external auditors follow AS5 guidance encouraging dependence on internal auditors, it could positively impact the overall quality of control evaluations.

Although it is difficult to identify and address differences in control evaluations in actual work settings, the controlled design utilized in SHC provides evidence that external auditors should be encouraged to consider their reliance on internal audit departments, and particularly on internal auditors with identifiably higher levels of employer identification. This reliance could improve audit efficiency and provide the opportunity to reduce redundant tests and/or reallocate scarce firm resources to procedures related to tests of higher-risk issues. Further, this study, similar to some other auditing research, measures a personality variable and links it to behavior. We acknowledge that practitioners may be inclined not to find this research useful because it is not feasible to measure these variables in real-world settings. However, in many cases (including ours), it may be possible to informally assess these personality variables and, in conjunction with research findings, adapt audit plans accordingly. For example, external auditors may consider who within the internal audit department performed or supervised the work in a particular area of internal control when deciding whether or how much reliance to place on that work.

From a social psychology perspective, social identity can be divided into four distinct dimensions—the most important being “cognitive identification” (i.e., the knowledge of being a member of a certain group). Through cognitive identification with a group, people become psychologically intertwined with the fate of the group, feel a common destiny with the group, and experience the group's successes and failures as their own (cf. Tolman 1943). This attachment is so strong that individuals can perceive personally harmful activities as worthwhile if they improve overall group well-being (Staw 1984). Strong group attachment is capable of providing alternative explanations for individual behavior beyond what may be predicted by people's economic incentives alone.

Social identification affects auditor perceptions in consistent and predictable ways because, when individuals sense a strong attachment to a particular group, they have difficulty objectively evaluating information related to the group (Brewer 1999) and are more willing to behave in ways that protect the group (Thompson 1995). Often, members of the group engage in “protectionist” behaviors to guard the group as a whole and their position within the group specifically. This desire to protect the group poses unique problems for external and internal auditors.

The nature of the interactions between organizations and both internal and external auditors fosters social identification (Knippenberg and Schie 2000). For example internal auditors are intertwined deeply in an organization's operations, often establishing informal partnerships with management (Bou-Raad 2000) and audit committees (Carcello et al. 2005). Further, external auditors, through time spent with the client providing independent assurance services, also become attached to the clients they audit. The effects of social identification on external auditors have been established in prior accounting research. For example, Bamber and Iyer (2007) used social identity theory as the basis for a study that investigated how external auditors are influenced by their clients. They found that, as external auditors' identification with their audit clients increased, they were more likely to exhibit increased leniency when resolving an accounting issue, a result consistent with SHC's findings. In addition, accounting research has found that accountants with increased identification with their employing firm are less likely to leave their accounting firm (Bamber and Iyer 2002) and, when they do leave, are more inclined to benefit their former firm at their subsequent employer (Iyer et al. 1997).

External auditors can be viewed as fixed-term independent contractors who develop a type of attachment to their client organizations, thereby causing them to focus on establishing and maintaining relationships with their employers (Millward and Brewerton 2002; Bamber and Iyer 2007). External auditors must develop and maintain client relationships to ensure that clients do not become dissatisfied and seek replacements; however, they also must provide objective, high-quality audits with appropriate evaluations of the firm, including its internal controls (Stefaniak et al. 2012). Prior accounting research shows that external auditors' desire to maintain client relationships can affect their objectivity (Carcello et al. 2000; Blay 2005; Carey and Simnett 2006) and can cause them to acquiesce to client-preferred accounting positions (Bamber and Iyer 2007).

Internal auditors, however, differ from external auditors on several dimensions. For example, since SOX, internal auditors are more likely to form informal partnerships with management (Bou-Raad 2000), and likely do not have the same level of employment relationship risk in that they have longer-term employment horizons with the organization, which yields less risk that their employers will seek a replacement if they are dissatisfied with the internal auditors' decisions (Balkaran 2008). Moreover, internal auditors' employers typically are the internal auditor's primary income source; accordingly, internal auditors are more likely to be concerned with the organization's long-term sustainability because the costs associated with seeking and securing new employment are high (Stefaniak et al. 2012).

To investigate the effects of social identification on internal and external auditors, SHC used responses from 40 internal auditors and 48 external auditors who participated in a controlled experiment. SHC instructed internal (external) auditor participants to assume that they were employed by (engaged to perform external audit services for) Tango Sierra, a hypothetical, publicly traded prescription drug manufacturer. They provided participants with information about Tango Sierra's operations and then asked them to evaluate a specific internal control over financial reporting.

The SHC case informed participants that Tango Sierra's policies state that users should have their access to its network and applications revoked within five days of termination. However, during testing, the audit team discovered that a few terminated users with access (including remote login) to the accounts payable system had not had their access to the network and applications revoked within five days. Tango Sierra's IT director explained that access was not revoked because the human resources department did not send termination notifications to the IT department on a timely basis, but that user privileges were revoked immediately after receiving the delinquent termination notifications. After participants reviewed information concerning the control issue, SHC measured (on a seven-point scale) the extent to which internal and external auditors cognitively identified (again, the knowledge of being a member of a certain group) with Tango Sierra by asking participants three questions (responses also provided):

The responses to these statements show that internal auditors perceived a greater level of identification with Tango Sierra than do external auditors. In addition to the extent of identification, SHC also measured (on a seven-point scale) the “likelihood that Tango Sierra's access controls could not prevent or quickly detect a material misstatement,” and examined whether internal and external auditors responded differently. In general, they found that internal auditors were more conservative (i.e., indicated a higher likelihood of misstatement associated with the control) than were external auditors. However, and more importantly, the more that internal auditors identified with Tango Sierra, the more conservative they were in evaluating the control deficiency. Conversely, SHC found that the more that external auditors identified with Tango Sierra, the more lenient they were when evaluating the control deficiency.

SHC's results support the PCAOB position that external auditors can and should enhance their reliance on internal auditors' work in certain circumstances, as recommended by AS5. The enhanced reliance can not only encourage more efficient use of scarce oversight resources, but also yield improved overall audit quality. SHC's research indicates that, when AS5's recommendations are followed, external auditors can confidently rely on internal auditors' work in certain circumstances, allowing for a less costly audit and/or a reallocation of external audit resources to higher-risk aspects of the audit engagement. Taken together, this yields a positive effect on the value provided by the external audit function for public accounting firms, their clients, and other firm and regulatory stakeholders.

Understanding internal and external auditor objectivity is particularly important to practitioners given that Auditing Standard No. 5 encourages external auditors to rely on internal auditors to increase the efficiency of lower-risk internal control evaluations (PCAOB 2007). Stefaniak et al. (2012) conducted an experiment that investigated how the relationships that internal auditors form with their employers, and external auditors form with their audit clients, influence their objectivity. By examining internal and external auditors' responses to a case concerning an internal control issue, SHC found that as internal auditors are more attached to their employers, the more conservative they are when evaluating control deficiencies. Conversely, SHC found that as external auditors are more attached to their audit clients, the more lenient they are when evaluating control deficiencies. The primary implication of this study is that external auditors' reliance on internal auditors' work, as suggested by AS5, can improve audit quality. That is, because internal auditors' employer identification is associated with less lenient audit judgments, if external auditors follow AS5 guidance encouraging reliance on others (specifically internal auditors), then this reliance could have a positive impact on the quality of control evaluations. Likewise, we suggest that external audit firms should discourage partners, managers, and staff from using the term “we” when referring collectively to themselves and the client. Such focus could indicate or induce enhanced identification with a client, which in turn could impair objectivity. We acknowledge that practitioners likely will not find it feasible to measure these variables in real-world settings. However, in many cases (including ours), it may be possible to informally assess these personality variables and, in conjunction with research findings, adapt audit plans accordingly.