Management Persuasion Tactics

In our paper, Concede or Deny: Do Management Persuasion Tactics Affect Auditor Evaluation of Internal Control Deviations?, which was recently accepted for publication in the Accounting Review, we study when and how management persuasion tactics reduce auditors’ judgments about observed internal control deviations. By requiring auditors to opine on the effectiveness of a client’s internal controls over financial reporting, the Sarbanes Oxley Act of 2002 (SOX) creates a new pressure point for management. Reports of material weaknesses in internal controls can indirectly affect a firm’s cost of equity capital and chief financial officers are often replaced within six months after these reports. This new regulatory environment provides a strong incentive for managers to attempt to persuade auditors that observed internal control deviations are not deficiencies. Moreover, auditor judgments are subjective because observed deviations can indicate control system deficiencies or only the inherent limitations of internal controls.

We study two types of persuasion tactics, concessions and denials. Psychology research indicates that concessions and denials have different costs and benefits and are differentially effective dependent on when they are used. A concession’s benefit is to increase trust by accepting responsibility, while its cost is admitting connection to a failure event. A denial’s benefit is disassociation from a failure event, while its cost is lack of acceptance of responsibility or intent to change. We examine the effects of concession and denial in IT security breaches and manual application control breakdowns, because these contexts are theorized to produce comparatively different cost-benefit weightings.

We conducted an experiment where one hundred and six senior-level auditors from a Big 4 public accounting firm read a case and then assessed two internal control deviations. Materials consisted of background information about a manufacturing company, summary financial statements, a narrative description of the revenue transaction processing cycle, information concerning auditor identified control deviations, and a conversational vignette between an auditor and a client manager. All deviations were designed such that they could have potentially contributed to a more than inconsequential misstatement of the financial statements and the root cause was employee failure to follow procedures. We manipulated management’s persuasion tactic (concession or denial) and the control deviation context (IT security breaches or manual application control breakdowns). For IT security breaches, we find that auditors judge management’s explanation more adequate, management less at fault, and the control deficiency less significant when management concedes an inconsequential deficiency than when management denies any deficiency at all. As expected, we observe no differences in auditor judgment between concessions and denials for manual application control deviations.

AS 5 indicates that auditor tests of control include inquiry of management, but it also requires that auditors’ exercise professional skepticism and form an independent opinion. We observe a lack of independence in auditor judgment when management persuasion tactics manipulate perceived explanation adequacy. Our results represent a source of inconsistent judgment and reduced professional skepticism that should be addressed in auditor training. Our study also informs regulators as to the strong, independent effect that explanation adequacy can have on auditor judgment of control deficiency that is not acknowledged in AS 5 or other standards. Finally, our results extend prior research on internal control evaluation as part of the audit risk model to that of an opinion on internal control and add to the theory underlying the audit explanation literature by indicating when and how persuasion tactics and perceptions of explanation adequacy affect auditor judgment.

The full paper is available for download here.