Understanding Auditors Sense of Responsibility for Detecting

Fraud Within Organizations

F. Todd DeZoort1
Paul D. Harrison2
Received: 8 May 2014 / Accepted: 28 January 2016
_ Springer Science+Business Media Dordrecht 2016

Abstract The objective of this study is to evaluate

auditors perceived responsibility for fraud detection.
Auditors play a critical role in managing fraud risk within
organizations. Although professional standards and guidance
prescribe responsibility in the area, little is known
about auditors sense of responsibility for fraud detection,
the factors affecting perceived responsibility, and how
responsibility affects auditor performance. We use the triangle
model of responsibility as a theoretical basis for
examining responsibility and the effects of accountability,
fraud type, and auditor type on auditors perceived fraud
detection responsibility. We also test how perceived
responsibility affects auditor brainstorming performance
given the importance of brainstorming in audits. A sample
of 878 auditors (241 external auditors and 637 internal
auditors) participated in an experiment with accountability
pressure and fraud type manipulated randomly between
subjects. As predicted, accountable auditors report higher
detection responsibility than anonymous auditors. We also
find a significant fraud type 9 auditor type interaction with
external auditors perceiving the most detection responsibility
for financial statement fraud, while internal auditors
report similar detection responsibility for all fraud types.
Analysis of the triangle models formative links reveals
that professional obligation and personal control are significantly
related to responsibility, while task clarity is not.
Finally, the results indicate that perceived responsibility
positively affects the number of detection procedures
brainstormed and partially mediates the significant
accountabilitybrainstorming relation.
Keywords Audit _ Fraud detection _ Responsibility _
Accountability _ Brainstorming

Introduction
The fraud problem continues to plague organizations and
stakeholders around the world (e.g., ACFE 2014; Firth
et al. 2005; Greer and Tonge 2006; Robinson et al. 2012).
For example, PwC (2014) reports that approximately half
of U.S. organizations suffered from fraud in the past
2 years and that a majority of respondents from these
organizations indicate an increase in the number of frauds
occurring. The Association of Certified Fraud Examiners
(ACFE 2014) indicates that total annual fraud losses have
increased steadily over the years to approximately $3.7
trillion globally and that fraud costs organizations 5 % of
their annual revenue. These frauds include financial statement
fraud, misappropriation of assets, and corruption
schemes involving companies of all sizes, ages, and
industries from all over the world.
In an effort to deal with the fraud problem, organizations

and the organizational governance and ethics literature

(e.g., Bobek et al. 2013, 2010; Cohen et al. 2010; Leeand Fargher 2013; Soltani 2014) have focused on the roles
primary governance mechanisms play in fraud risk management.
1 For example, the SarbanesOxley Act of 2002
was designed to improve organizational governance and
fraud risk management in a variety of ways, including
required management and auditor assessments of internal
controls, audit committee monitoring of internal controls
mitigating fraud risk, and management certification of
financial statements. In practice, enterprise risk management
and GRC (governance, risk management, and compliance)
systems within organizations also have evolved to
explicitly consider fraud risk (Tie 2011; Hagenbaugh 2005;
Soltani 2014).
Two critical governance mechanisms responsible for
managing fraud risk are the external (independent) audit
and internal audit functions.2 External auditors and internal
auditors have long been on the frontline of governance and
fraud risk management efforts, receiving considerable
public and professional scrutiny in high-profile fraud cases
(e.g., Enron, HealthSouth, Parmalat, Satyam, Tyco,
WorldCom) where fraud and misconduct went undetected
for extended periods of time. However, despite strong
expectations and accountability for fraud detection, the
literature (e.g., CAQ et al. 2013) suggests an expectation
gap problem in the area of fraud detection that undermines
the quality of fraud risk management. The business ethics
research literature (e.g., Adamson et al. 2014; Cohen et al.
2010; Davis et al. 2014; Firth et al. 2005; Jamnik 2011;
Kerler and Killough 2009) highlights that such audit failures
represent important business ethics issues that extend
fraud case analysis beyond the ethical failures of fraud
perpetrators.
Professional guidance for external auditors and internal
auditors differs substantially in the way they address fraud
detection. For external auditors, professional standards
(e.g., AICPA 1997, 1988, 2002) prescribe responsibility to
plan and perform the audit to obtain reasonable assurance
of detecting fraud. Alternatively, professional standards
for internal auditors (e.g., IIA 2009, 2011) do not
establish explicit fraud detection responsibility, but instead
imply detection responsibility in guidance related to due
care, risk management, and engagement objectives. Marks
(2013) suggests that while internal auditors might be
motivated to add value to their organizations by detecting
fraud, they should instead advocate managements
responsibility in the area and help ensure adequate preventive
and detective controls.
Ultimately, although the literature prescribing auditors
fraud-related responsibilities is extensive, little is known
about how external and internal auditors perceive their
responsibility for fraud detection, the factors underlying
their perceived responsibility, and how responsibility
affects complex pressureperformance relations in audit
settings in an extremely high stakes environment. The lack
of empirical evidence about auditors sense of responsibility

for managing the fraud problem raises critical questions

about a possible disconnect between prescribed and
perceived responsibilities in the area. For example,
although an extensive literature highlights the importance
of auditors in fraud detection, the ACFE (2014) found that
external auditors and internal auditors detected only 3 and
14 %, respectively, of frauds in their global fraud study.
These low detection rates and high-profile fraud cases have
produced strong regulator concern about auditor fraud
detection responsibility, a lack of auditor professional
skepticism (i.e., an attitude that includes a questioning
mind, alertness for possible fraud, and critical assessment
of evidence) that reflects perceived detection responsibility,
and auditor testing (Hedley et al. 2011; PCAOB 2012;
Tabuena 2013).
The primary objective of this study is to evaluate auditors
perceived responsibility for fraud detection. We use
the triangle model of responsibility (TMR) (Schlenker et al.
1994; Schlenker 1997) as a theoretical basis for evaluating
responsibility and its formative factors (i.e., task clarity,
personal control, and professional obligation). We also
examine whether responsibility assessments differ across
accountability level, fraud type, and auditor type. Finally,
we evaluate the extent that accountability pressure, fraud
type, auditor type, and perceived detection responsibility
affect auditors brainstorming of fraud detection audit
procedures given the importance of such brainstorming in
auditing (AICPA 2002; Ramos 2004; Lynch 2006).
This study is motivated in several ways. First, we
evaluate a possible expectations gap between auditors
prescribed and perceived fraud detection responsibilities.
The literature highlights the importance of perceived
responsibility in understanding individual attitudes and
behavior. In an accounting context, DeZoort et al. (2012)
used the TMR and found considerable variation in tax
professionals perceived responsibility for tax fraud
detection across tax engagement type and audit client status.
Boyle et al. (2015) find that perceived responsibility
for fraud detection significantly moderates the link between
fraud model type and auditors fraud risk assessments.

Although professional audit standards and related

guidance prescribe fraud-related responsibilities for auditors,
there are calls for more research on fraud detection
(e.g., Albrecht et al. 2014; Anand et al. 2014) in an
empirical literature that lacks evidence related to the extent
that auditors actually perceive (sense) detection responsibility
in different contexts. We include both internal
auditors and external auditors in this study because, while
both groups are considered pillars of governance and fraud
risk management, they are very different auditor types with
distinct missions, employers, and professional (technical

and ethical) standards. The motivation for studying fraud

type effects reflects the literatures longstanding distinction
of three primary types of fraud (i.e., financial statement
fraud, misappropriation of assets, and corruption) that
differ greatly in description, frequency, and magnitude
(ACFE 2014). Specifically, despite the relative frequency
of asset misappropriation and corruption cases (ACFE
2014), the fraud literatures focus on auditor detection of
relatively high-cost financial statement fraud raises questions
about the generalizability of auditor responsibility
judgments and performance results across fraud type.3
Second, this study is motivated by the need to test the
theorized link between responsibility and accountability
developed in the psychology and organizational behavior
literatures. While Schlenker (1997) describes responsibility
as the psychological glue that connects an individual to a
set of prescriptions for conduct and to an event that is
governed by those prescriptions (p. 241), accountability is
a prominent, related pressure stimulus construct that
involves being answerable to evaluative audiences for
performing up to prescribed standards that are relevant to
fulfilling obligations, duties, expectations, and other charges.
4 Specifically, responsibility theory posits that responsibility
flows from accountability because anticipated or
actual evaluations affect the events, related rules, and
perceived identity images that comprise responsibility.
Although prior audit research (e.g., DeZoort et al. 2006;
Hoffman and Patton 1997; Kennedy 1993) provides
consistent evidence that accountability affects auditor
judgment and decision-making, the literature lacks empirical
evidence about the impact of responsibility when
evaluating the accountabilityperformance relation.
Accordingly, we test the extent that responsibility mediates
the relation between accountability and fraud-related
performance.
Finally, this study is motivated by the fraud brainstorming
literature (e.g., Brazel et al. 2010; Carpenter
2007; Carpenter et al. 2011; Hoffman and Zimbelman
2009) emerging after external audit standards started
requiring fraud-related brainstorming during financial
statement audits. Professional standards require external
auditors to brainstorm how and where a clients financial
reporting might be susceptible to fraud, how financial
statement fraud could be committed and concealed, and
how assets could be misappropriated (AICPA 2002). The
research literature involving auditor brainstorming has
developed to consider factors affecting the quality of
auditor brainstorming performance.5 Trompeter et al.
(2013) call for additional brainstorming research focused
on factors impacting brainstorming quality. We address
this call and extend brainstorming performance research by
providing an initial empirical test of the effects of
responsibility, accountability, and fraud type on auditor
brainstorming performance.
We use an experimental design that manipulates two
levels of accountability pressure (anonymous and review)

and three types of fraud (financial statement fraud, misappropriation

of assets, and corruption) randomly between
subjects. The design also includes two distinct auditor
types (external auditors and internal auditors) to evaluate
difference among prominent auditor groups involved in
fraud risk management. Specifically, the 878 participants in
the study include 241 external auditors from two Big 4
public accounting firms and 637 internal auditors from five
countries.
The results provide evidence that both accountability
pressure and fraud type affect auditors perceived responsibility
for fraud detection and their subsequent brainstorming
performance. As predicted, accountable auditors
report higher levels of fraud detection responsibility than
anonymous auditors. A significant interaction between
fraud type and auditor type reveals that external auditors

perceive the most detection responsibility for financial

statement frauds, while internal auditors perceived similar
detection responsibility across the three fraud types.
Analysis of the TMR links revealed that personal control
and professional obligation were significantly related to
perceived responsibility for detection, while task clarity
was not. We also find that auditors perceived detection
responsibility is positively related to brainstorming performance
and that responsibility partially mediates the
accountabilitybrainstorming relation. Further, internal
auditors brainstormed more detection procedures overall
(and specifically for misappropriation of assets and corruption
schemes) than external auditors despite lacking
authoritative prescription in the area. Finally, supplemental
results indicate that auditors clearly believe that company
management has the most responsibility for fraud
detection.
The remainder of the paper is organized as follows. The
next section uses responsibility theory and the fraud
detection literature to develop the studys hypotheses
related to fraud type and accountability effects. The third
section details the research design and method. The fourth
section presents the studys results. The final section discusses
the studys implications and limitations.

Background and Hypothesis Development

The Triangle Model of Responsibility
The TMR (Schlenker et al. 1994; Schlenker 1997) provides
an integrative theoretical framework for evaluating auditors
perceived responsibility for fraud and links among
accountability, responsibility, and performance. In this
context, perceived responsibility connects individuals to
performance standards and to events covered by those
standards. The model provides that responsibility is a
function of three formative factors, including the event,
prescriptions, and identity (see Fig. 1). The event is the
action under examination. For example, the event under
examination in this study is the undetected fraud occurring

within the audit client. Prescriptions are the formal and

informal rules of conduct that apply to a specific situation
and provide guidance for behavior. Such guidance includes
professional standards (e.g., ISA No. 240, SAS No. 99) and
related laws (e.g., SarbanesOxley Act), moral and ethical
principles, and company policies. Identity focuses on the
individuals roles, qualities, commitments, aspirations, and
pretensions as they relate to the event and prescriptions. In
this study, we focus on the extent that audit professionals
identify with their role in fraud detection.
The TMR provides that perceived responsibility is a
direct positive function of the strength of the links between
the three formative factors (Schlenker 1997). For example,
the model specifies that individuals perceive responsibility
to the extent they have a clear well-defined set of prescriptions
they consider applicable to the event (prescriptionevent link or task clarity). In this study, the strength of
the task clarity link and its effect on perceived fraud
detection responsibility relate to the extent that prescriptions
governing the fraud event are specified in advance,
relevant to the situation, objective (not subject to alternative
interpretations), and not in conflict with other prescriptions.
Alternatively, the link and its effect on
responsibility are weakened if the prescriptions are
ambiguous, conflicting, difficult to prioritize, or of questionable
relevance to the event. Similarly, perceived
responsibility reflects the extent that individuals perceive
themselves bound by the prescriptions given their identity
(prescription-identity link or professional obligation). The
strength of the professional obligation link and its effect on
responsibility depend on how clearly audit professionals
believe specific prescriptions apply to their role as an
auditor. For example, this links effect on responsibility is
strengthened to the extent that professionals believe the
standards, rules, and policies in their area are applicable to
them. Finally, the model describes that individual sense of
responsibility reflects the extent they feel connected to the
event and have personal control over it (identity-event link
or personal control). The personal control links effect on
responsibility relates positively to audit professionals
intent and ability to contribute to detecting fraud that has a
material effect on the financial statements. The link is
weakened to the extent professionals perceive a lack of
control over fraud detection due to unforeseeable or
unpredictable outcomes.
The empirical literature includes a number of studies
from various domains that test and provide support for the
theoretical links proposed by the TMR. For example, themodel has been used to link responsibility to self-directed
learning (Kohns and Ponton 2006), work ethic (Christopher
and Schlenker 2005), and employment status (Wohl et al.
2002). In an accounting setting, DeZoort et al. (2012) used
the TMR to test tax professional responsibility for tax fraud
detection and found that the models components were
positively related to perceived responsibility and that the
professional obligation and personal control links mediated
the effects of tax engagement type (i.e., tax compliance vs.

tax planning) and audit client status (i.e., audit client vs.
not an audit client) on perceived detection responsibility.
Accountability and Responsibility
The TMR describes accountability and responsibility as
related but distinct constructs. While responsibility reflects
an individuals connection to an event and prescriptions
governing an event, accountability deals with being
answerable to audiences for performing up to prescribed
standards that are relevant to fulfilling obligations, duties,
expectations, and other charges (Schlenker 1997). With
these perspectives in mind, Schlenker (1997, p. 250) asserts
that responsibility is not identical to accountability,
rather, responsibility flows from accountability.
The psychology literature provides alternative explanations
for why accountability pressure affects individual
judgment and decision-making, including social anxiety
(e.g., Schlenker and Leary 1982), self-attention (e.g.,
Carver 1979), and politically based impression management
(e.g., Tetlock 1992). We test the effects of accountability
pressure on auditor perceived responsibility for
fraud detection and judgment performance. The accounting
literature provides a large body of evidence showing that
accountability pressure affects individual judgment and
decision-making (see DeZoort et al. 2006 for a review). For
example, the accountability literature in auditing (e.g.,
Buchman et al. 1996; Cuccia et al. 1995; Hackenbrack and
Nelson 1996) shows that when audience views are known,
auditors tend to shift their attitudes and behavior to match
the evaluative audience. However, the literature lacks
evidence linking accountability to responsibility and subsequent
decision-making.
In this study, we test the extent that accountability
pressure increases auditors assessments of their responsibility
for fraud detection. Specifically, we predict that
auditors who are accountable to an evaluative audience
(with expectations of auditor fraud detection responsibility)
will report higher perceived responsibility for fraud
detection than anonymous auditors who are not confronted
with an evaluative audience. Accountability in this context
represents an external pressure stimulus that should motivate
an internal response in the form of increased perceived
responsibility. Stated formally:
H1 Accountable auditors will feel more responsibility for
detecting fraud than anonymous auditors.
Responsibility and Fraud Type
We predict that perceived responsibility for fraud detection
will differ significantly across fraud type. Although professional
audit standards do not distinguish among fraud
type in fraud-related guidance, we expect auditors to perceive
differences in detection responsibility given the
potential for different perceptual salience and personal
involvement among financial statement fraud, misappropriation
of asset, and corruption. Research in psychology
provides consistent evidence of salience effects on individual
attitudes and judgments. For example, the literature
(e.g., Taylor and Fiske 1978; Eagly and Chaiken 1993;

Case 2006) highlights that salience draws attention,

increases personal involvement and obligation, and affects
evaluative judgments. The literature also highlights that
salience effects on attitudes are affected by both the frequency
and the magnitude of source information (see Eagly
and Chaiken 1993 for a review).
Specifically, despite identical prescribed detection
responsibilities for financial statement fraud, asset misappropriation,
and corruption frauds that have a direct and
material effect on the financial statements, we hypothesize
that auditors will report higher levels of responsibility for
detecting financial statement fraud than for other fraud
types. While financial statement fraud cases are less common
than asset misappropriation cases and corruption cases
(ACFE 2014; KPMG 2003), evidence suggests they are
riskier and more costly for auditors. For example, after
considering fraud frequency and median cost results, the
ACFE (2010) estimated that financial statement fraud
accounts for over two-thirds of total fraud losses, while
asset misappropriation and corruption account for less than
one-third of losses. Beyond actual fraud cost, the consequences
of financial statement fraud for stakeholders,
including lost market capitalization, lost investor confidence,
lost jobs, and bankruptcy, are typically much higher
in financial statement fraud cases. In addition, high-profile
financial statement fraud cases around the world (e.g.,
Enron, Parmalat, WorldCom) have produced the largest
legal and reputational consequences for auditors and
motivated the passing of rigorous legislation like the Sarbanes
Oxley Act of 2002 designed to protect investors
(Beasley and Hermanson 2004; Palmrose 2007).
Collectively, we assert that these risk and cost/consequence
factors increase the salience of financial statement
fraud detection responsibilities for auditors compared to
alternative fraud types. The accounting and psychology
literature (e.g., Case 2006; Haynes et al. 1998; Joe 2003;
Plous 1993) provide strong evidence of a positive relation

between information salience and impact on individual

judgment and decision-making. For example, Joe (2003)
found that redundant press coverage increased the salience
of company debt problems and consequently increase
auditor pessimism about client going concern prospects.
Similarly, Haynes et al. (1998) found a positive association
between salience of clients interests and impact of client
preference on auditor judgments in a proposed inventory
write-down case. Ceteris paribus, this increased salience
should lead to higher levels of perceived responsibility
among auditors for financial statement fraud than for asset
misappropriation and corruption. Stated formally:
H2 Auditors will feel more responsibility for detecting
financial statement fraud than they will for detecting asset

misappropriation and corruption.

Auditor Type
External auditors and internal auditors represent two distinct
types of auditors involved in fraud risk management.
External auditors prescribed responsibilities for fraud
detection are explicit and well documented in the literature,
with professional standards charging them with providing
reasonable assurance for detecting financial statement
fraud, misappropriation of assets, and corruption that has a
direct and material effect on the financial statements
(AICPA 1988, 2002; IFAC 2009a, b). The research literature
also emphasizes the importance of external auditors
fraud-related responsibilities with numerous studies
focused on auditors fraud risk assessments (e.g., Asare and
Wright 2004; Glover et al. 2003; Knapp and Knapp 2001;
Shelton et al. 2001) and how various contextual factors
(e.g., auditor experience, decision aid availability, time
pressure, provision of non-audit services) affect such
assessments (e.g., Braun 2000; Eining et al. 1997; Hoffman
and Patton 1997; Joe and Vandervelde 2007).
Although the internal audit function is firmly established
as a pillar of fraud risk management (e.g., Norman et al.
2010; IIA 2009; IIA et al. 2008; Deloitte 2012; PricewaterhouseCoopers
2004), professional standards for internal
auditors differ from external audit standards because they
do not clearly prescribe a specific level of fraud detection
responsibility for internal auditors. Instead, the professional
literature states that internal auditors should exercise professional
skepticism and generally be alert for fraud (IIA
2009; IIA et al. 2008), but not necessarily have the
expertise of a person whose primary responsibility is
detecting and investigating fraud (IIA Attribute Standard
1210, Proficiency).6 Despite a lack of explicit authoritative
guidance in the area, the literature clearly implies fraud
detection responsibility for internal auditors. For example,
PricewaterhouseCoopers (2010) surveyed over 2000
internal auditors and found that fraud detection activities is
the largest area of growth for internal audit activities as a
result of cost pressures within organizations. The ACFE
(2014) reported that internal audit is one of the most
common sources of fraud detection, with a detection rate
that is over four times the detection rate found for external
auditors. Further, Certified Fraud Examiners involved in
fraud investigations indicate that the internal audit function
is one of the most important control mechanisms for fraud
detection and limiting fraud losses (ACFE 2014).
Although both external auditors and internal auditors
play a critical role in fraud risk management and fraud
detection, we predict that the two auditor groups will
perceive different levels of fraud detection responsibility
given differences in their professional audit standards. For
external auditors, explicit prescription of fraud detection
responsibility should lead to higher perceived responsibility
than found among internal auditors lacking clear
authoritative prescription. Stated formally:
H3 External auditors will feel more responsibility for

detecting fraud than internal auditors.

Brainstorming Effort
Finally, we evaluate fraud-related brainstorming among
auditors to test how responsibility impacts auditor performance.
Auditor brainstorming is a critical element of fraud
risk management and fraud detection. For external auditors,
professional standards (e.g., SAS No. 99) require
fraud-related brainstorming among audit team members.
Such efforts should involve all audit team members and
include consideration of how and where the entitys
financial statements might be susceptible to material misstatement
due to fraud, how management could perpetrate
and conceal financial statement fraud, and how assets could
be misappropriated (AICPA 2002, para. 14). Ramos
(2004) highlights that the brainstorming session should
help the engagement team identify procedures that could be
performed to detect fraud. For internal auditors, Lynch
(2006) asserts that brainstorming should be an integral part
of their work because it can help them maintain professional
skepticism and improve their fraud prevention and
detection efforts.
The importance of auditor brainstorming has motivated
a number of studies focused on how brainstorming affects
the link between fraud risk factors and auditor fraud risk
assessments. For example, Carpenter (2007) found that
auditor fraud risk assessments improved after fraud brainstorming
sessions. Brazel et al. (2010) found that auditor

brainstorming quality moderated the relation between fraud

risk assessments and related audit testing. We extend this
line of research to evaluate links among perceived
responsibility and brainstorming performance.
First, we predict that auditors perceived responsibility
for fraud detection will affect the number of fraud detection
procedures brainstormed. The TMR posits positive relations
between responsibility and ego involvement (the
personal importance of an event to an individual), memory
access, and commitment (binding of the self to something
else like goals and actions). Responsibility theory also
provides that perceived responsibility increases self-engagement,
which in turn affects individual determination to
achieve goals. In the context of fraud detection, we predict
that the positive link between perceived responsibility and
determination should manifest itself in the number of
fraud-related audit procedures brainstormed by auditors.
Specifically, higher perceived responsibility for fraud
detection among auditors should lead to greater brainstorming
effort and more proposed audit procedures. Stated
formally:

H4 Perceived responsibility for fraud detection will be

positively related to the number of fraud detection procedures
brainstormed.
Figure 2 provides a conceptual overview of the predicted
relations in the study. We test these predictions with
samples of external auditors working in public accounting
and internal auditors working for the organizations that
they audit.

Method
Participants
A total of 1077 auditors participated in the study. For the
external auditor group, two Big 4 public accounting
firms provided 294 auditors from 49 different cities/offices
in the United States. The participants included 174 Associates
(audit experience M = 1.78 years), 96 Experienced
Associates (audit experience M = 2.58 years), and 24
Senior Associates (audit experience M = 3.25 years). A
majority (53 %) of the participants were male and onethird
(32 %) were CPAs. We administered the experiment
at regional and national training sessions within the participating
firms. Contact partners from both firms reviewed
and approved the study and the research materials prior to
administration.
For the internal auditor sample, 783 internal auditors
from five countries (i.e., Australia, Belgium, Canada,
Mexico, and the U.S.) participated in the study at IIA
meetings in 12 cities around the world. The participants
averaged 9.35 years of audit experience. While specific job
titles varied greatly, 24 % of the internal auditors had less
than 3 years of experience, 37 % had between three and
9 years, and 39 % had 10 or more years. We control for
audit experience and country affiliation in subsequent
analysis given the variation in these variables. A majority
of the participants were male (62 %) and had at least one
professional license (56 %). The instrument was translated
to Spanish for the Mexican participants and to French for
participants in Quebec. We used professional translators
and independent reviewers to confirm translation accuracy
and found no significant language-based differences in the
responses. The Institute of Internal Auditors Research
Foundation reviewed, approved, and endorsed the study
and research materials prior to administration.7
Research Instrument
After providing informed consent to participate, we
manipulated accountability at two levels (anonymous and
accountable) randomly between subjects at each data collection
session. Accountable participants were asked to
provide their names and e-mail addresses because their
responses were subject to review by the researchers. Participants
in the anonymous group provided no personal
information and were told that no effort would be made to
link them to their responses.
After the accountability treatment, internal auditor (external
auditor) participants were told to assume they were
working as an internal auditor (external auditor) at a publiclytraded tool manufacturer. Company background

information (see Appendix A) described the company as

average risk with stable growth and financial health.
Summary financial information provided unaudited
account balances and performance results. Fraud type (financial
statement fraud, misappropriation of assets, and
corruption) was then manipulated randomly between subjects
in each data collection session. All three fraud treatments
described a current period fraud in an area where the
participants were going to conduct audit work. The financial
statement fraud scheme described a situation where a
member of management prematurely recorded expenses by
purchasing unneeded supplies prior to year-end and
immediately expensing them even though none of the
supplies were used. The asset misappropriation

scheme described a situation where a member of management

stole cash from the company prior to year-end
using a billing scheme. The corruption scheme described a
situation where a member of management paid bribes to
major distributors to ensure preferential treatment of the
companys products. Participants were told that the manager
committing the fraud was acting alone (no collusion)
and that the fraud is unknown to other client personnel and
auditors on the audit team. All three frauds schemes were
written to overstate expenses by $100,000 to standardize
the effect on net income.8 The fraud amount in the scenario
represented 10 % of net income, 7 % of pretax income, and
1 % of total assets.
After describing the fraud, we asked six questions related
to the TMR links (see Appendix A, Panel C). Specifically,
two questions related to prescription-identity (professional
obligation) link, two questions related to the prescriptionevent
(task clarity) link, and two questions related to the
identity-event (personal control) link. The questions were
adapted in first person format from Schlenker et al. (1994)
and their order was randomized. After assessing the triangle
links, we asked the participants to indicate how much
overall responsibility they had for detecting this fraud
during the engagement, how committed they are to detecting
this type of fraud during their audit work, and how they
assessed the materiality of the fraud. We also asked the
participants to allocate 100 % responsibility for detecting
this type of fraud among various constituents involved in
fraud risk management, including the external audit team,
management, internal accountants, the board of directors
and audit committee, and internal auditors.
Next, we asked the participants a series of question to
assess income and experience effects. Specifically, participants
were asked to indicate the impact of the fraud on net

income and whether the impact on income affects their

detection responsibility. We also asked participants to
indicate the likelihood that they would detect this fraud if
they were conducting normal audit tests in this area and
whether their responsibility for detecting this fraud would
change if this was their second year on the engagement
rather that their first year. Following these questions, we
asked the participants to brainstorm as many audit procedures
as possible that would be useful for detecting the
fraud. The audit literature (e.g., Carpenter et al. 2011)
highlights the importance of both individual and group
brainstorming techniques. We focus on individual brainstorming
in this study for several reasons. First, individual
effort typically precedes group interaction. Further,
although professional standards require external auditors
to ultimately brainstorm in teams, internal auditors do not
have such a requirement. Finally, the literature (see Carpenter
et al. 2011 for a review) provides evidence that
group interaction impedes quantitative brainstorming
output. We used an unstructured open brainstorming
approach in this study so participants could share individual
ideas without team interaction or researcher-imposed
rules.9
Finally, prior to gathering demographic information, we
used two established scales to measure and control for
individual differences in professional commitment and
(external and internal) locus of control that could affect
perceived responsibility for fraud detection. We used the
15-item Professional Commitment scale (Aranya and Ferris
1984; Porter et al. 1974) and the 16-item Locus of Control
scale (Spector 1988). The two scales were not significantly
related to responsibility and are subsequently omitted from
the rest of the analysis.
Both groups of auditors took approximately 20 min on
average to complete the instrument and no significant differences
in completion time were found among auditor
type, treatment group, or experience level. All participants
were fully debriefed upon completion of the study.

Results
Manipulation Checks
We used two multiple-choice questions to assess whether
the participants comprehended the accountability and fraud

type manipulations. First, we asked the participants to

indicate whether the fraud in their case involved a supply
expense scheme designed to prematurely recognize
expense in the current year, the theft of cash using a billing
scheme involving a shell company, or the payment of
bribes to major distributors to ensure preferential treatment.
Ninety-four percent of the auditors passed this manipulation
check question. Second, we asked the participants to
indicate whether they were anonymous or whether their
responses were subject to review and feedback. Eighty-five
percent of the auditors passed this manipulation check
question. A total of 878 auditors (241 external auditors and
637 internal auditors) correctly answered both questions
and are included in the remainder of the analysis.10
Descriptive Results
The results show that the participants found the case to be
both realistic (M = 78.41, SD = 19.46 on a 0100 scale
anchored not at all realistic and extremely realistic)
and understandable (M = 78.44, SD = 17.52 on a 0100
scale anchored very difficult to understand and very
easy to understand). In addition, the participants in all
three fraud type groups found the fraud to be material, with
materiality representing the perceived importance of the
fraud. Using a 0100 scale anchored highly immaterial
and highly material, the overall mean of 67.56
(SD = 24.98) is significantly higher than the scale midpoint
(t = 20.83, p\.001). No significant differences in
realism, understandability, or materiality emerged across
accountability level, fraud type, auditor type, or country
affiliation.
Table 1 provides descriptive statistics and correlations
for the study variables. Overall, the participants indicated a
moderate and varied level of responsibility for detecting
the fraud (M = 61.28, SD = 23.64) on a scale anchored
0 = no responsibility and 100 = total responsibility.
The TMR link results reveal that the participants perceived
task clarity (M = 65.99, SD = 20.44), professional obligation
(M = 70.75, SD = 21.06), and personal control
(M = 66.05, SD = 18.47) related to the fraud case, with
the TMR link measures representing the average of the two
0100 measurement items for each link. We used a multitrait
matrix (Campbell and Fiske 1959) to evaluate
correlations among the six responsibility model items to
assess their convergent and discriminant validity. The
results provide evidence of construct validity, with coefficients
consistently higher among items designed to measure
the same construct than among items measuring
different constructs. We also find evidence of reliability,
with Cronbachs alpha exceeding 0.75 for all of the
responsibility links. The participants brainstormed an
average of 1.96 (SD = 1.47) fraud detection procedures.
Perceived Responsibility for Fraud Detection
We used ANCOVA to assess the effects of accountability
pressure, fraud type, and auditor type on the participants
perceived responsibility for fraud detection after controlling
for the TMR links and audit experience. The results in

Table 2 indicate a significant accountability pressure effect

(F(1, 862) = 21.61, p\.001). As predicted in H1,
accountable participants reported significantly more fraud
detection responsibility (M = 65.16, SD = 22.08) than
anonymous participants (M = 58.11, SD = 24.45)
(t(876) = 4.44, p\.001). This finding provides support
for the assertion in responsibility theory (Schlenker 1997)
that responsibility flows from accountability.
The results also show a significant fraud type main
effect (F(2, 862) = 3.20, p = .02). However, the overall
results do not provide support for H2 because the auditors
in the financial statement fraud group (M = 62.06,
SD = 22.58) did not report significantly higher detection
responsibility than the auditors in the misappropriation of
assets group (M = 61.65, SD = 24.53, t(580), p = .83)
and the corruption group (M = 60.17, SD = 23.72, t(572),
p = .32). Further, the insignificant auditor type main effect
(F(1, 862) = 1.87, p = .17) contradicts H3 because,
despite a lack of explicit fraud detection standards for
internal auditors, we find no significant difference in fraud
detection responsibility between external auditors (M =
59.27, SD = 23.93) and internal auditors (M = 62.04,
SD = 23.50).
Beyond the predicted main effects, the results reveal a
significant interaction between fraud type and auditor type
(F(2, 862) = 3.62, p = .02). As shown in Fig. 3, although
the difference between external auditor (M = 65.21,
SD = 22.46) and internal auditor (M = 60.75, SD = 22.56)
responsibility for detecting financial statement fraud is not
statistically significant (t(276) = -1.50, p = .13), the
external auditors report significantly lower detection
responsibility than the internal auditors for misappropriation
of assets (external auditor M = 56.54 vs. internal auditor
M = 63.50, t(302) = 2.20, p = .02) and corruption (external
auditor M = 55.86 vs. internal auditor M = 61.72,
t(294) = 1.98, p = .05). Further, the results for the external
auditors are consistent with H2 because their reportedsignificantly
higher than their reported responsibility for misappropriation
of assets (t(161) = 2.29, p = .02) and
corruption (t(158) = 2.63, p = .01). The accountability
pressure x fraud type and accountability 9 auditor type
interactions are both insignificant.
The covariate results involving the TMRlinks indicate that
professional obligation and personal control are significantly
related to perceived detection responsibility (p\.001),
although task clarity link is not significant.As predicted by the
TMR, subsequent analysis indicates that professional obligation
and personal control are positively related to perceived
detection responsibility. Audit experience is significant in the
model, with follow-up analysis revealing an inverse relation
between amount of audit experience and perceived detection
responsibility. Finally, the results showthat country affiliation
is not significant in the model.

Brainstorming
We also tested the extent that fraud detection responsibility
affects auditor brainstorming to evaluate whether perceived
responsibility impacts auditor performance behavior. Simple regression results provide support for H3 by indicating
a significant positive relation between responsibility
and the number of fraud-related audit procedures brainstormed
(b = .11, p = .001).
We also ran a multivariate ANCOVA to evaluate the
effects of responsibility, accountability, fraud type, auditor
type, and audit experience on the number of procedures
brainstormed. In addition to the significant responsibility
effect (F(1, 862) = 10.90, p = .001), the results in Table 3
indicate a significant main effects for accountability pressure,
fraud type, and auditor type. Specifically, accountable
auditors brainstormed significantly more fraud
detection procedures (M = 2.29, SD = 1.55) than anonymous
participants (M = 1.69, SD = 1.34, F(1, 862) =
13.35, p\.001). For fraud type, auditors in the misappropriation
of assets group (M = 2.18, SD = 1.48) brainstormed
more procedures than auditors in the financial
statement fraud group (M = 1.88, SD = 1.44, t(580),
p = .01) and the corruption group (M = 1.78, SD = 1.45,
t(598), p\.001). Finally, the auditor type main effect
(F(1, 862) = 22.37, p\.001) indicates that internal
auditors (M = 2.16, SD = 1.48) brainstormed significantly
more procedures than external auditors (M = 1.42,
SD = 1.29).
The results also again indicate a significant interaction
between fraud type and auditor type (F(2, 862) = 3.37,
p = .03). As shown in Fig. 4, although the difference in
brainstorming between external auditors (M = 1.67,
SD = 1.43) and internal auditors (M = 1.97, SD = 1.44)
in the financial statement fraud condition is not significant
(t(276) = 1.60, p = .11), internal auditors brainstormed
significantly more detection procedures than external
auditors in the misappropriation of assets condition (internal
auditor M = 2.47 vs. external auditor M = 1.40,
t(302) = 5.78, p\.001) and the corruption condition
(internal auditor M = 2.04 vs. external auditor M = 1.16,
t(294) = 4.59, p\.001). Finally, internal auditors in the
misappropriation of assets group brainstormed significantly
more detection procedures than internal auditors in the
financial statement fraud group (t(417) = -3.44, p\.001)
and internal auditors in the corruption group
(t(439) = 3.16, p = .002). For the external auditors, the
only significant brainstorming difference emerged between
the financial statement fraud group and the corruption
group (t(158) = 2.48, p = .01). The two-way interaction
between accountability pressure and fraud type and the
three-way interaction among accountability, fraud type,
and auditor type were again both insignificant.
For the remaining control variables, the results indicate
that both audit experience and country affiliation are significant
in the model. Interestingly, while we found an

inverse relation between audit experience and perceived

detection responsibility, supplemental test results for
brainstorming reveal that audit experience is positively
related to brainstorming output (b = .19, p\.001). In
addition, auditors from the U.S. (M = 1.73, SD = 1.35)
and Mexico (M = 1.93, SD = 1.26) brainstormed significantly
less detection procedures than participants from
Australia (M = 2.40, SD = 1.87), Belgium (M = 2.46,
SD = 1.96), and Canada (M = 2.30, SD = 1.42) (p\.01
for all comparisons).
We next conducted a four-step mediation analysis
(Baron and Kenny 1986) to evaluate the extent that
detection responsibility mediates the accountability
brainstorming relation. The results indicate that perceived
responsibility mediates the relation between accountability
and brainstorming performance, helping explain the finding
that accountable auditors brainstorm more fraud-related
procedures than anonymous participants. First, the results
indicate a significant positive relation between accountability
and brainstorming (b = .21, p\0.001). Second,
we find a significant positive relation between accountability
pressure and perceived responsibility (b = .15,
p\0.001). Third, after controlling for accountability, the
results indicate a significant positive relation between
perceived responsibility and brainstorming output
(b = .08, p = 0.01). Finally, after controlling for responsibility,
the results show a reduced, although still significant,
relation between accountability pressure and
brainstorming output (b = 0.14; p\.001), suggesting that
responsibility partially mediates the accountabilitybrainstorming
relation.
Supplemental Results
We asked a number of supplemental questions to better
understand the participants and the primary results. For
example, we asked the auditors to assess the likelihood that
they would detect the fraud if they were conducting normal
audit tests in the area. Using a 0100 scale anchored no
chance of detection and absolutely would detect, the
results indicate moderate levels of confidence in detecting
the fraud (M = 55.38, SD = 22.25). Although ANCOVA
results reveal insignificant accountability pressure, fraud
type, auditor type, and audit experience effects, we do find
a strong positive relation between perceived detection
responsibility and likelihood of detection (F(1, 862) =
105.18, p\.001).
We also asked the participants to allocate fraud detection
responsibility across various governance groups
involved in fraud risk management. Specifically, the participants
allocated 100 % detection responsibility among
management, internal accountants, the board and audit
committee, internal auditors, and external auditors. For
example, the participants clearly assigned the most detection
responsibility to company management (M = 37.85, SD = 24.64, p\.001 for all between-group comparisons).
The participants also identified a clear second-tier group,
with the internal audit team (M = 19.97, SD = 15.22) and
internal accountants (M = 18.91, SD = 16.10) assigned

significantly more detection responsibility than the external

auditor team (M = 12.60, SD = 13.37) and board/audit
committee (M = 4.05; SD = 6.99) (p\.001 for all comparisons).
Finally, despite the importance of the board and
audit committee in fraud risk management and fraud
detection (AICPA 2005), the auditors clearly assigned the
lowest amount detection responsibility to these groups
(p\.001 for all comparisons). MANOVA results reveal
no significant accountability pressure or fraud type effects,
although we did find an auditor type effect. Interestingly,
although the external auditors and the internals assigned
similar detection responsibility to the internal audit team
(external auditor M = 20.20 vs. internal auditor
M = 19.87, t(856) = -.33, p = .74), the external auditors
allocated significantly more responsibility to the external
audit team (M = 17.65) than the internal auditor participants
did (M = 10.54, t(857) = -7.15, p\.001).

Discussion
Overall, the results from 878 auditors indicate moderate
and varied levels of perceived fraud detection responsibility.
As suggested by responsibility theory, we found that
accountable auditors perceived significantly more fraud
detection responsibility than anonymous auditors. We also
found a significant interaction between fraud type and
auditor type with external auditors perceiving the most
detection responsibility for financial statement frauds,
while internal auditors perceived similar detection
responsibility across the three fraud types. Analysis of the
TMRs formative links reveals that personal control and
professional obligation are significantly related to perceived
responsibility for detection, while task clarity was
not.
The results also provide insight into auditor performance,
with detection responsibility significantly affecting
brainstorming performance and partially mediating the
accountabilitybrainstorming relation. Accountable auditors
also brainstormed significantly more fraud detection
procedures than anonymous auditors. Further, internal
auditors brainstormed more detection procedures than
external auditors, and a significant interaction between
fraud type and auditor type revealed that internal auditors
brainstormed significantly more misappropriation of assets
and corruption detection procedures than external auditors.

Collectively, these results have a number of implications

for policymaking, practice, and research. From policy and
practice perspectives, our results highlight the need for

standard-setters and organizational policymakers to consider

the gap between prescribed and perceived responsibilities
when considering the efficacy of fraud-related
standards and fraud detection processes (e.g., risk assessment,
tests of controls, substantive tests). Our review of the
extant literature related to policy and practice suggests an
implicit assumption that accounting professionals internalize
fraud detection responsibility standards as prescribed.
However, this studys results indicate the need for
policymakers and accounting professionals to evaluate this
assumption and consider potential implications of a responsibility
gap in future policymaking and training sessions.
For example, our findings suggest that external
auditors could benefit from additional guidance to help
them interpret and operationalize authoritative fraud
detection standards and supporting guidance. For internal
auditors (who currently lack an explicit fraud detection
rule), standard-setters could develop a specific and explicit
fraud detection standard to provide authoritative guidance
in the area. Ultimately, the results suggest that both types
of auditors also could benefit from increased education and
training that focuses on the difference between prescribed
(rules-based) responsibility and perceived responsibility
(individual-based), as well as the need for increased professional
skepticism and quality control in the fraud
detection area. In the context of the TMR and its formative
factors, such training could improve task clarity, professional
obligation, and personal control to increase and
reduce variation in perceived detection responsibility. Such
education and training also could improve auditor brainstorming
performance.
From a research perspective, our findings extend the
fraud literature by highlighting the importance of perceived
responsibility in understanding auditors fraud-related
judgments. Although the extant fraud detection literature
focuses almost exclusively on prescribed standards for
responsibility, future fraud-related research needs to consider
the importance of perceived responsibility for fraud
detection. For example, our results extend the auditor
brainstorming literature (e.g., Carpenter 2007; Brazel et al.
2010) by showing the potential for brainstorming performance
to be affected by auditor type, fraud type,
accountability, perceived responsibility, and country affiliation.
The finding that auditors in the misappropriation of
assets group brainstormed significantly more procedures
than auditors in the other two fraud type groups likely
reflects the fact that about 85 % of fraud cases involve
misappropriation schemes, compared to 36 % for corruption
and 9 % for financial statement fraud (ACFE 2014).
For auditor type, the finding that internal auditors
brainstormed more procedures than external auditors is
arguably surprising given that external auditors have a
formal detection standard that requires brainstorming,
while internal auditors do not. However, internal auditors
detect fraud about five times as often as external auditors
(ACFE 2014), suggesting that they are perhaps more

attuned to procedures in the area. The specific causes of the

country-based brainstorming differences among the internal
auditors (i.e., more procedures brainstormed in Australia,
Belgium, and Canada than in the U.S. and Mexico)
are harder to explain. Ultimately, future research is needed
to clarify these root causes of brainstorming differences
and evaluate training procedures for improving brainstorming
performance in less common and typically more
complicated corruption and financial reporting schemes.
The study also extends testing of the TMR by formally
testing relations among accountability, responsibility, and
performance in an experimental setting. The findings
extend the accountability literature (e.g., Chang et al. 1997;
Cloyd 1997; DeZoort et al. 2006) by providing empirical
evidence that accountability and responsibility are distinct
constructs and that perceived responsibility mediates the
accountabilitybrainstorming relation. Future experimental
research should further evaluate the distinction between
responsibility and accountability and consider the impact
of perceived responsibility when evaluating professional
decision-making and performance effectiveness and
efficiency.
We also suggest that future research continue to evaluate
the dimensions comprising the TMRs formative factors.
For example, our finding that the professional obligation
link is significantly related to perceived detection responsibility
raises questions about the extent that the professional
obligation link reflects an ethical duty that
transcends technical standards and compliance to reach
classical, virtue-based orientations of right and wrong.
Further, the findings of an inverse relation between audit
experience and detection responsibility are consistent with
prior research indicating an inverse relation between
auditor experience and auditor moral reasoning level (e.g.,
DeZoort and Lord 1994; Enyon et al. 1997; Ponemon 1990;
Shaub 1994; Thorne et al. 2003). DeZoort and Lord (1994)
and Ponemon (1990) suggest experience-based ethical
differences among auditors likely reflect changing roles
and socialization as they ascend through the hierarchical
ranks of their firms. Future research is needed to better
understand specific links among work experience, responsibility
and its formative dimensions (e.g., professional
obligation), and ethics (both compliance-based and virtuebased).
The results should be considered in the context of the
studys limitations. First, given our research objective and
constraints (e.g., instrument length, participant access), thestudy does not fully consider the variety of contextual
factors that could affect the accountability and fraud type
results. Although we control for select factors (e.g., audit
experience, country affiliation), the auditor fraud risk
assessment literature suggests a variety of additional factors
(e.g., time pressure, decision aid availability, group
interaction) that could interact with our studys focal
variables in both external auditor and internal auditor
contexts.
We also suggest the need for further study of the contextual
factors used in our study. For example, we used

only income-decreasing fraud cases in this study to provide

consistency and realism across fraud type. Ultimately,
although this approach provides a more conservative test of
responsibility effects than an income-increasing fraud case,
future research is needed to address whether specific
income effect affects this studys findings. In addition, the
fraud manipulations used in this study represent just one
specific scheme that could exist within each primary fraud
type (i.e., financial statement fraud, misappropriation of
assets, corruption). Future research is needed to further
evaluate the effects of alternative contextual factors and the
extent that our results are sensitive to the specific schemes.
Finally, the studys use of only one level of accountability
pressure suggests the need for future research to better
understand how differential accountability strength and
complex accountability (to more than one evaluative
audience) affect perceived responsibility and performance.
DeZoort et al. (2006) provide evidence that accountability
pressure strength matters when considering auditor judgment
and decision-making. While our relatively weak level
of accountability (i.e., review) pressure produced significant
results, alternative levels of accountability strength
(e.g., justification, feedback) could produce important
additional evidence about the responsibility gap and its
implications for practice.
Second, we recognize the sample limitation in the study.
Although the internal audit sample includes 783 professionals
represents five countries, the sample of 294 external
auditors comes only from the USA, limiting our ability to
evaluate country affiliation effects for this group. The
results do indicate that country affiliation is not significant,
but future research is needed to evaluate external auditor
results in a global sense.
Finally, we highlight the need for additional research to
evaluate the effects of perceived responsibility on audit
effectiveness and efficiency. For example, our brainstorming
task involved only individual effort to brainstorm
potential fraud detection audit procedures. While the extant
brainstorming literature in accounting recognizes the
importance of individual auditor brainstorming (e.g.,
Beasley and Jenkins 2003), it also provides evidence of
differences between individual and group brainstorming
(e.g., Carpenter et al. 2011). Accordingly, future research is
needed to evaluate the extent that our findings of a link
between perceived responsibility and brainstorming performance
extend to an audit team setting.
Acknowledgments We gratefully acknowledge the generous help
we received from The Institute of Internal Auditors (IIA) Research
Foundation and from professionals at the participating public
accounting firms, IIA chapters, and IIA affiliates. We also appreciate
research assistance and helpful comments from Bruce Barrett, Steve
Farmer, Francesca Gino, Dana Hermanson, Travis Holt, Denise
Leggett, Mark Nelson, Kurt Reding, Barry Schlenker, Jonathan
Stanley, Jeffrey Swerdlow, Mark Taylor, Erin Weber, and workshop
and seminar participants at the American Accounting Association
Auditing Midyear Conference, Kennesaw State University, and The
University of Alabam