Effects of risk-based inspections on auditor behavior

Shefchik, Lori B.

27 August 2014

I examine how risk-based inspections influence auditor behavior in a multi-client setting. I conduct an experiment using an abstract setting that captures the theoretical constructs present in the audit ecology. I manipulate the presence of risk-based inspections between-participants and the level of client risk (higher vs. lower) within-participants. Consistent with the theoretical predictions, under conditions of high resource pressure, I find that auditor effort is higher under a regime with risk-based inspections as compared to a regime without inspections, and the auditor effort increases more for higher-risk clients than for lower-risk clients. More notably, following attentional control theory, I predict and find that risk-based inspections diminish the quality of auditor decision performance for lower-risk clients. Specifically, auditors' decision performance is worse (i.e., more suboptimal) for lower-risk clients than for higher-risk clients (ceteris paribus), but only under a risk-based inspections regime. Likewise, auditors' decision performance for lower-risk clients is worse in a regime with risk-based inspections than in a regime without inspections. I theorize that accountability pressures from PCAOB inspections combined with pressures from high resource constraints (that naturally occur in the audit environment) induce task-related anxiety on auditors. Following attentional control theory in a multi-task setting, I predict anxiety interrupts auditors' decision-making processing shifting attention toward higher-risk clients contributing to the anxiety, and away from lower-risk (untargeted) clients, thereby decreasing the quality of decision performance for lower-risk clients. I perform several supplemental analyses to test the underlying theory. First, I conduct a second experiment where auditors operate under relatively lower resource pressure and find that auditors’ decision performance is no longer worse for lower-risk clients in an inspections regime. The results support the theory that it is the combined pressures of inspections and high resource constraints causing the negative effects. Second, I conduct a supplemental experiment and measure participants' levels of anxiety. In support of the underlying theory, participants' reported anxiety levels are higher under a regime with versus without inspections. Third, I perform several robustness checks to rule out alternative explanations of the findings. The findings of this study contribute to the auditing literature, and they have practical and regulatory implications. First, by identifying higher auditor effort in a regime with inspections, I join others in documenting potential benefits of inspections on auditor behavior, and thus audit quality. Second, by examining the effect of risk-based inspections on auditor effort in a multi-task setting, I extend prior research by providing evidence that inspections increase auditor effort more for higher-risk clients than for lower-risk clients. Third, and most notably, by identifying diminished auditor decision performance for lower-risk clients under a risk-based inspections regime, this is the first study to provide theory and evidence on how risk-based inspections can lead to potential negative consequences on audit behavior, and thus audit quality.

Auditing

Auditor behavior

PCAOB inspections

Resource pressure

Multi-client setting

Human Resource Management and the Permeable Organization: The Case of the Multi-Client Call Centre

Grugulis, C. Irena, Cooke, F.L., Rubery, J., Carroll, M.

2009 June 1924

No / Despite the interest over recent years in the fragmentation of organizations and the development of contracting, little attention has been paid to the impact of the associated inter-organizational relationships on the internal organization of employment. Inter-organizational relations have been introduced primarily as a means of externalizing - and potentially rendering invisible - employment issues and employment relations. In a context where inter-organizational relationships appear to be growing in volume and diversity, this constitutes a significant gap in the literature that this paper in part aims to fill. The purpose of the paper is two-fold: to develop a framework for considering the internal and external organizational influences on employment and to apply this framework within a case study of a multi-client outsourcing call centre. We explore the interactions between internal objectives, client demands and the use of external contracting in relation to three dimensions of employment policy: managing the wage-effort bargain, managing flexibility and managing commitment and performance. It is the interplay between these factors in a dynamic context that provides, we suggest, the basis for a more general framework for considering human resource policy in permeable organizations.

Human Resource Management

Multi-Client call Centres

Inter organizational relationships

Employment relationships

Call Centres

Outsourcing Network Services via the NBI of the SDN / Externalisation de services réseau via l'interface nord de SDN

Aflatoonian, Amin

19 September 2017

Au cours des dernières décennies, les fournisseurs de services (SP) ont eu à gérer plusieurs générations de technologies redéfinissant les réseaux et nécessitant de nouveaux modèles économiques. Cette évolution continue du réseau offre au SP l'opportunité d'innover en matière de nouveaux services tout en réduisant les coûts et en limitant sa dépendance auprès des équipementiers. L'émergence récente du paradigme de la virtualisation modifie profondément les méthodes de gestion des services réseau. Ces derniers évoluent vers l'intégration d'une capacité « à la demande » dont la particularité consiste à permettre aux clients du SP de pouvoir les déployer et les gérer de manière autonome et optimale. Pour offrir une telle souplesse de fonctionnement, le SP doit pouvoir s'appuyer sur une plateforme de gestion permettant un contrôle dynamique et programmable du réseau. Nous montrons dans cette thèse qu'une telle plate-forme peut être fournie grâce à la technologie SDN (Software-Defined Networking). Nous proposons dans un premier temps une caractérisation de la classe de services réseau à la demande. Les contraintes de gestion les plus faibles que ces services doivent satisfaire sont identifiées et intégrées à un modèle abstrait de leur cycle de vie. Celui-ci détermine deux vues faiblement couplées, l'une spécifique au client et l'autre au SP. Ce cycle de vie est complété par un modèle de données qui en précise chacune des étapes. L'architecture SDN ne prend pas en charge toutes les étapes du cycle de vie précédent. Nous introduisons un Framework original qui encapsule le contrôleur SDN, et permet la gestion de toutes les étapes du cycle de vie. Ce Framework est organisé autour d'un orchestrateur de services et d'un orchestrateur de ressources communiquant via une interface interne. L'exemple du VPN MPLS sert de fil conducteur pour illustrer notre approche. Un PoC basé sur le contrôleur OpenDaylight ciblant les parties principales du Framework est proposé.Nous proposons de valoriser notre Framework en introduisant un modèle original de contrôle appelé BYOC (Bring Your Own Control) qui formalise, selon différentes modalités, la capacité d'externaliser un service à la demande par la délégation d'une partie de son contrôle à un tiers externe. Un service externalisé à la demande est structurée en une partie client et une partie SP. Cette dernière expose à la partie client des API qui permettent de demander l'exécution des actions induites par les différentes étapes du cycle de vie. Nous illustrons notre approche par l'ouverture d'une API BYOC sécurisée basée sur XMPP. La nature asynchrone de ce protocole ainsi que ses fonctions de sécurité natives facilitent l'externalisation du contrôle dans un environnement SDN multi-tenant. Nous illustrons la faisabilité de notre approche par l¿exemple du service IPS (système de prévention d'intrusion) décliné en BYOC. / Over the past decades, Service Providers (SPs) have been crossed through several generations of technologies redefining networks and requiring new business models. The ongoing network transformation brings the opportunity for service innovation while reducing costs and mitigating the locking of suppliers. Digitalization and recent virtualization are changing the service management methods, traditional network services are shifting towards new on-demand network services. These ones allow customers to deploy and manage their services independently and optimally through a well-defined interface opened to the SP¿s platform. To offer this freedom to its customers, the SP must be able to rely on a dynamic and programmable network control platform. We argue in this thesis that this platform can be provided by Software-Defined Networking (SDN) technology.We first characterize the perimeter of this class of new services. We identify the weakest management constraints that such services should meet and we integrate them in an abstract model structuring their lifecycle. This one involves two loosely coupled views, one specific to the customer and the other one to the SP. This double-sided service lifecycle is finally refined with a data model completing each of its steps.The SDN architecture does not support all stages of the previous lifecycle. We extend it through an original Framework allowing the management of all the steps identified in the lifecycle. This Framework is organized around a service orchestrator and a resource orchestrator communicating via an internal interface. Its implementation requires an encapsulation of the SDN controller. The example of the MPLS VPN serves as a guideline to illustrate our approach. A PoC based on the OpenDaylight controller targeting the main parts of the Framework is proposed. We propose to value our Framework by introducing a new and original control model called BYOC (Bring Your Own Control) which formalizes, according to various modalities, the capability of outsourcing an on-demand service by the delegation of part of its control to an external third party. An outsourced on-demand service is divided into a customer part and an SP one. The latter exposes to the former APIs which allow requesting the execution of the actions involved in the different steps of the lifecycle. We present an XMPP-based Northbound Interface (NBI) allowing opening up a secured BYOC-enabled API. The asynchronous nature of this protocol together with its integrated security functions, eases the outsourcing of control into a multi-tenant SDN framework. We illustrate the feasibility of our approach through a BYOC-based Intrusion Prevention System (IPS) service example.

Sofware Defined Networking

Northbound Interface

Api

Bring Your Own Control

Outsourcing

Multi-Tenancy

Réseau logiciel programmable

Interface nord

Interface de programmation applicative

Apporter votre propre contrôle

Externalisation / Délégation

Multi-Client

004