This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The late 1990s has shown a new development in audit approach. The new approach was led by audit firms Ernest Young, KPMG 1997 and by researchers Bell 1997, Lemon 2000, Knechel 2001. This approach aims to link risks that arise from understanding the client's business from its operation with the accounting choices that the client uses to measure, record and report the results of operation (Kotchetova 2002, Elliott, Kinny). (Lemon 2000) used the term "Business Risk Approach" to describe this method while (Bill 1997) used a more popular term "Strategic Systems Audit". Both terms reflect serve the same concept where auditors perform more rigorous analysis of the client business risk than in traditional base audit (Ketchekova 2002).
Globalization changed markets environment and corporations became large, complex and interdependent. These corporations started to apply new technological and informational innovations that altered the landscape form (Bell, 1997). As a result, practitioners raised questions about the value of traditional audit procedures and its adaptability to these quick changes (Robson et al, 2007). Moreover, the early 1990s showed a considerable amount of audit failure (Enron, Wrorldcom) that raise further questions about the audit practice efficiency and effectiveness under the new informational age (Bell 1997, Humphrey 2002). Hence, the new era comes with new challenges for the audit firms. (Rugby 2007) summarizes these challenges as follows:
1- The competition between audit firms.
2- The litigation environment.
3- The negative reputation from previous audit failure.
4- The development of new methods
5- The reporting time pressure.
6- The change in the technology and the usage of the IT solutions by the audit clients.
7- The development of new risks attached with the new economic rules.
These problems have challenged the traditional audit to cope with its new economic environment. For instance, the development in IT solution had created a different environment for the internal control, Therefore chances to manipulate the accounts by low-staff had dramatically decreased and the number of errors had minimized due to the development of IT softwares.
"JDM" Under Top "SSA" Audit
(Bell et al. 1997) argues that audit profession and practitioners have to change their view of the client business. Furthermore, he maintains that traditional audit was unable to connect the client organization parts, and used to treat them as separate parts, rather than looking at the organization as a "complex living system", (Bell et al. 1997) argues that "the parts are connected and affecting one another". They hold that in order to adapt with complex organizations structures, audit profession needs to develop new audit approaches that can deal with these new complex structures. In his publication of "Auditing through a Strategic-Systems Lens: the KPMG Business Measurement Process" in 1997, he introduced a technical expiration for "SSA" as the new audit methodology , where the auditor goals did not change in providing an independent opinion about the financial statement and whether it was presented fairly according to GAAP but they proposed to shift the auditor's attention at management level where auditors can observe their attitude toward the organization control and the strength of the client control environment rather than focusing on the client transactional level. In other words, they proposed to shift auditors attention toward top level staff (how managers manage their business and what the possible outcomes are possible from their applied strategy on financial statement.) at the client organizations and replace the bottom-up approach to a top down approach when forming the audit.
Strategic system auditing partitioned into two components, "Strategy" which is defined as" how the organization generates values from differentiating its services or product from other competitors" (Simmons 1992), and "system" which is defined by (Bill et al, 1997) as a "collection of parts that interact to function as a whole", where the client's business processes/sub processes, risk management, controls, and information system represent the organization parts (Berberich, 2005). Therefore, "SSA" approach pays more attention to integrate and interact the system to its components (Salterio and Weirich, 2002).
The process starts with the business processes and down to the financial statement. Many researchers claim that "SSA" approach offers greater audit effectiveness, efficiency, client service, better cites over the corporate governance and consistency with international level (Humphrey 2002).
On his part, (Knechel 2001) provides us with a 4 step processes toward systematic audit approach as follow:
The literature shows many researchers who developed similar models, such as (Bell 1997) 5 KPMG step process, which starts with strategic analysis, process analysis business measurement, risk assessment for the previous component and continues improvement. (Ketchekova 2003) uses the term strategic content and strategic process to investigate the auditor analysis for inherent and control risk. Moreover, the spread of (Knechel 2001) model between researchers referred to (Eilifsen et al 2001) practical implementation for (Knechel 2001) model, to Czech bank in 1997. Of particular interest in this study is the third process of (Knechel 2001) model under the effect of time pressure. However, the other three processes are related to this dissertation due to the interrelationship among the model components. The next part will cover the major researches about each process in details.
Business risk can be defined as the risk factors that could influence the management performance. It describes the uncertainty of an event that could influence the organization goals and objectives (Jordan 2005). The purpose of risk management for any organization is to maintain the best possible results out of the organization limited recourses. Organizations in general follow their objectives that have been set throughout its life. Furthermore, organizations from different backgrounds faces risk as daily life in their operation cycles. These risks vary in their natures and dimensions. For instance, the reliance on limited numbers of supplier could create risks that could harm the organization from the supply failure which will ultimately affect the organization performance .Hence, management tends to secure the better results by assessing those risks. They have to determine and control those risks in order to reduce any undesirable out comes that could prevent the organization from reaching its goals and objectives. Therefore, improper management of business risks will ultimately lead to serious impact on a client's operations and financial position (Lemon et al. 2000). Hence, auditors conduct a strategic analysis that is considered as an important step towards forming expectations about the client's financial statements. Moreover the CICA's,AASB and the (IFAC), have issued a new assurance standards in 2005 that require analysis similar to the strategic analysis on all audit engagements.
In a strategic analysis, the auditor aims to understand the client's business strategy and evaluates the client's industry, the client's competitive advantage, the risks that threaten the strategy's success and the client's responses to these risks.
The client strategy includes the client management goals, specific strategies, the magnitude of the strategy, corporate timing and the way those strategies affect the client's business performance under its environment, the auditor gathers and integrates the information obtained from the client's business industry, competitive forces, the magnitude and timing of the strategy rather than beginning with a company's financial statements. Auditors construct a business model, perform analyses of external threats, and determine strategic positioning to help identifying the most serious threats to the client's key strategic objectives by using the client's existing structure (Ballou et al. 2004). The auditor scans the client position in the industry, the core products and services that create the value, the competitive advantages, and the nature of the client alliance with other companies, in order to understand any uncontrollable external risks (Ketchkova, 2002). Moreover, the auditor observes the management response to those risks and begins to develop a holistic perspective about the effects of those risks in the client financial statements (O'Donnell, 2005). It also helps the auditors to understand whether the client sufficiently maintain the auditor expectation .Additionally, the auditor's identify the significant classes of transactions that could be threatened by the identified business risks (O'Donnell 2003). The auditor then assesses the magnitude and impact of the threats to determine the strategic risks facing the client. It can be concluded that the auditor needs to build a holistic perspective about the client external client.
The SSA auditors are equipped with a framework or guideline that may help the auditor to understand the client's business strategy. For example, there are more than one available frameworks to understand the industrial surrounding risks for the client. Such as, Porter (1980) who provides a model that may help to analyse the company industrial structures and provide useful information about the strategy applied. He suggested a model of 5 factors:
1- Competitive Rivalry: where the goal is to assess the intensity of competition between existing firms in an industry.
2- Availability of Substitutes: where the goal is to measure the likelihood that customers will switch to a competitive product or service that serves the similar goal of the client product.
3- Power of Buyers: where the goal is to measure how much pressure customers can place on a business.
4- Power of Suppliers: where the goal is to measure how much pressure suppliers can place on a business.
5- Threat of New Entrants: where the goal is to measure the barriers for new competitors to enter the industry.
Other common approaches that have been used to analysis the macro- environmental forces, such as PEST, PESTEL, STEEPLE, etc..., one of the most common types is the PEST analysis where some analyses add two other factor PESTEL. Understanding these vital pieces of information about the client industry using specific frameworks provides the auditor with a wider view about how risky and sustainable is the client business under his environment.
Organizations operate under a sequence of core process structures that designed to add values to the business, where the object is to transform inputs into useful output. Hence, business process is a structured set of activities, which produces a specific output and creates value for the organization, the process has a significant impact upon the business performance. Therefore, any errors on the organization process may lead to devastated outcomes. The auditor analyses the client businesses process in order to obtain an in-depth knowledge about the client process. The auditor look for detecting any weakness or material misstatements in the client processes and determines the risks that the client has on, the effectiveness, efficiency, control, or/and compliance issue of its processes. Therefore, the auditor analysis every sub-processes included in the core process in order to understand the core process. For instance, Technology management is a core business process, which includes the following sub-processes:
(4) Exploitation; and
(5) Protection, where each sub-process has input then process and finally an output (R. Phaal, 2001) in order to form the whole core process.
The auditor chooses the core processes by subjectively weighing three elements:
(1)The strategy applied to the core process, by investigating the essential of the process to achieve the client strategic objects.
(2) The inherent business risk of the core process
(3) The strength of the client's control environment
The structures for business process analysis aim to build a systematic thinking tools that enhance the auditor understanding of how the client's create values and whether the activities are showing an effective and efficient performance .Moreover, it enhances the auditor ability to linked each core process specific accounts in the financial statement by forming a holistic perspective about affected transactional classes in the clients accounts. The auditor identifies classes of transactions related to each core process that may contain misstatement risks (e.g., routine versus non-routine transactions and accounting estimates) and relates these risks to specific account balances.
The auditor is expected to build a comprehensive understanding about the client business process risks such as:
(1) How the client creates value,
(2) Whether the client process are effectively aligned with the client strategy,
(3) The level of process risks that threaten the business objectives,
(4) The process control effectiveness of risks,
(5) The effectiveness of the identified core process activities and their related risks and controls to the client financial statement (Bell et al. 1997).
Business process structure analysis has been reviewed in literatures. (O'Donnell & Schultz 2003). They investigate the effect of using different audit supports softwares in auditors risk assessment in an experimental study that compares between auditors using a business process focused with auditor using transaction cycle focus. The results indicate that auditors using business process focused indentified more risks than their components Porter (1985) introduced a generic value chain model that comprises a sequence of activities found to be common for a wide range of firms. Porter model among others used as a tool to analyse the organization processes in order to form a holistic perspective about the organization process . (Bell et al. 2005) monograph of KPMG present the company process analysis framework as the Management Information Intermediaries (MII) that is, includes the "mechanisms and processes that management uses to transform selected input into an output", such as people, policies, applicable financial reporting and internal control frameworks, computer networks, software programs and documentation (e.g., invoices), as well as internal control over financial reporting". (Ballou 2004) investigates how strategic positioning aspect of the auditor's business process analysis can postpone the audit effectiveness. They examine the effects of changes in the strategic positioning of one critical client business process on the auditor's evaluation of another (unrelated) critical business process. Further investigation for business process accomplished by researchers . Table () summarizes there founds .
Risk assessment in "SSA" audit goes beyond static process. Unlike traditional audit where the auditors determine the audit risk (Inherent Risk ,Control risk and Detection risk) during the planning phase and build a general hypothesis to execute the audit judgment about the client financial statement (unless in case of discovering information in later stage that could affect the main hypothesis to be revised) , but through a continues process of assessing and reassessing the client strategic risks, business risks, and process risks and relating these risks to overall audit risk.
During this phase, the auditor forms a mental model through using his/her build up knowledge which is gained from strategic analysis and client process analysis. The auditor then combines this knowledge with any other finding such as: the management's perception or/and management consideration for red flags in order to assess the reasonableness of the client management act toward those risks. Moreover, the auditor assesses the control effectiveness over these red flags and evaluate whether the managers sufficiently react to those risk in order to control them under an acceptable level. The remain risks (the one contains a high level risk) from strategic and process analysis are grouped to their related accounts in the client financial statement. The auditor then builds an expectation about how those risks could affect the client financial statement. The results of this integration help the auditor to measure the validity of the client financial statement assertion.
Risk assessment under "SSA" has been reviewed in details by researchers, (Ketchcova 2003) In her Ph. D. Dissertation, she investigates whether auditors under SSA can make more accurate and effective audit tests to assess the client business risk and the risk of material misstatement and its components, Moireover, she investigates whether the analysis of a client's strategy content (strategic analysis) or strategy process enhance the auditor risk assessment. The results support "systems thinking" driven analyses of client strategy content and strategy process. (O'Donnell 2001) examines whether top down reasoning provides a more appropriate framework for describing audit judgment than bottom up reasoning during the risk assessment. Followed by a series of studies comparing the process focus in "SSA" versus the objective focus in traditional audit, (O'Donnell 2003), investigates the task complexity between the two methods and provides evidence that "SSA" is less complex than traditional audit .Also, it improves the auditor judgments under risky environment (O'Donnell and Schultz 2003, J. Schultz et al 2009, Kotchetova et al 2006) and enhances the auditor knowledge (O'Donnell 2001, Kopp and O'Donnell 2005, Kotchetova et al 2006 ), many other studies summarized in table () investigates other factors such as : the senior auditor judgment versus Partners' judgment to assess the risk (Michelle Chandler 2007), integrating the business risk assessments (J. Schultz et al 2009), the Systems-Thinking Decision Support tools (O'Donnell &Perkins 2008). The halo effect on auditor judgment (O'Donnell & Schultz 2005), the decision aids (Dowling & Leech 2007), Analytical procedure role in forming mental model (Ballou & Hetiger, 2005), and the identification of significant financial statement assertions and planned audit procedures (Shelton et al 2009). To this extend, this dissertation aim to expand the scope of literature by investigating the effect of time pressure on auditors risk assessment under traditional compared to "SSA" audit.
Risk evaluation under "SSA" audit approach aims to integrate the results of risk assessment for the client strategy and process with the residual risk analysis . In residual risk analysis, the auditor develops an expectation about the "key financial statement assertions and assess the audit implications (including assertion- or account- level risk assessments and planning audit tests)" at more detailed levels of analysis(Bell et all. 1997), The auditor integration for those component provide a holistic expectation about the client financial statements which aim to compare these expectation with the client's operation and financial true position. Therefore, the auditor reviews some vital procedures such as:
Financial and non-financial performance
In order to gain sufficient knowledge about the client business that expected to enhance the auditor judgment about the effectiveness of those procedures. For instants, accounting estimation for mining industries requires a comprehensive understanding about this industry by the auditor in order to be capable of issuing an accurate evaluation about these accounts or any non-routine accounts.
Evaluating the risk enhance the auditor knowledge to identify the key facts of the audit planning in order to reduce residual risks into an acceptable level (Bedard & Graham, 2002) . The auditor rely on evidence that he/she has gathered, or any identified risks that could influence the auditor's judgment during the audit engagement stage to indentify the client's business risks. The auditor identifies these risks by going through the evidence from large data base of the client financial accounts where the auditor aims to filter those data and determine whether they constitute a threat to the audit . Therefore, analysing the client strategy and the client processes in order to identify client risks that affect the financial statement and the transactional level relies heavily on the auditor built up knowledge about the audit client (Bedard & Graham, 2002, Humphry, 2001).
The auditor develops a sufficient knowledge about the client business to be able to develop a mental models that contain an integrated business model of all the information collected through the strategic analysis ,process analysis, residual risk analysis, risk assessment and risk evaluation to identify the financial statement risks for his/her client (Bell 1997, O'Donnell 2005). Therefore, building an accurate mental model relies on three factors:
1- Top down holistic view. (Bell et all. 1997)
2- Structure framework (such as: casual loop (O'Donnell, 2008)).
3- Systematic thinking process. (Ballou et al 2005)
Risk evaluation under "SSA" has been reviewed in detail by many researchers, (Bruynseels 2011) investigates going concern issue by specialized auditors in the client industry, (Eilifsen et al, 2001) practical experiment shows the effectiveness of risk evaluation under "SSA". Furthermore, (O. Bowlin, 2008) investigates the auditor sensitivity to fraud risk under "SSA" and (van Buuren 2007) shows how the non-big audit use a more simple tools to evaluate the client risk that considered as a hybrid tool between "SSA" and traditional audit. Table () provides a summary for further studies applied on risk evaluation under "SSA" including the main findings.
Knechel (2001) provides four step processes toward systematic audit approach as follow:
Strategic Analysis: Where the auditor aim to understand the client's business strategy and evaluates the client's industry, the client's competitive advantage, the risks threaten the strategy's success, and the client's responses to these risks.
Process analysis: Where the auditor seeks to obtain an in-depth knowledge about the client process and look to detect any weakness or material misstatements in the client processes and determine the risks that the client has on, the effectiveness, efficiency, control, or/and compliance issue of its processes.
Risk assessment: the auditor builds an expectation about how the identified risks could affect the client financial statement and the results of integrating risks causes help the auditor to measure the validity of the client financial statement assertion
Risk evaluation: the auditor integrates the results of risk assessment for the client strategy and process with the residual risk analysis and form a holistic expectation about the client financial statements which aim to compare these expectations with the client's operation and financial true position.
The Changes Came With "SSA"
The arrival of "SSA" went beyond an adjustment of audit procedure. In fact, "SSA" audit approach was a turning point in the audit profession. Despite the fact that Traditional audit practitioners were well informed about understanding the client's risk, the term itself can be found at the early stages of the audit profession (Matthews and Pirie, 2000). (SAS 300 par 3) required from auditors to "obtain an understanding of the accounting and internal control systems sufficient to plan the audit and develop an effective audit approach (Figure 1) where is the end of this quotation ".The auditor is expected to evaluate whether the management for his client's are using an appropriate and reasonable accounting procedures. Furthermore, the auditor is expected to identify areas deserving special consideration at later stages of the audit process (AU311.06 AICPA 2000). However, (Bell et all, 1997) monograph argues that audit regulations did not provide adequate information about the importance of understanding the client's business and how auditors could decompose the client's business risk into the audit process, and more important, how this knowledge that the auditor acquired from the assessment of the client business risk could enhance the effectiveness of the judgment. Moreover, traditional base audit did not detail how to obtain sufficient information from understanding client's business and how to integrate and processed them by auditors (Kotchetova 2002). Hence, (Bell et all. 1997) suggest a new innovation on the audit profession under the name of strategic system audit "SSA" which becomes very popular subject by researchers in later years. This section shall review the various streams of audit studies in order to determine the main changes in the audit profession that caused by applying "SSA" audit approach. Two main changes will be discussed in this section. The first are the methodological changes of shifting from traditional audit to "SSA". The second are the changes in the audit firm practise from traditional audit to "SSA".
As mentioned at the outset,, the late 1990's was very challenging for large audit firms .The competition between companies put the audit fee under pressure due to the similarity of the services that have been provided. However, non-audit services were the audit firms' outlet to compensate the diminished profit of audit service. Besides its effectiveness, audit firm partners have seen the appearance of "SSA" as a new and as an opportunity to recapture the audit prestige and a solution for the declining profit (Humphry, 2002 and Khalifa, 2007).
"SSA" reinvents the audit as a commercial practise rather than the previous look as a public good under the traditional audit. The new audit was oriented toward creating value to the audit client, by commenting upon client business risk and the accounting implication from the client's industry point of view. "SSA" approach was based on risks that threaten the client to achieve organization objectives rather than just concentrating on the transactional level on the organization, the auditors under this approach have to obtain an in depth knowledge about their client and view the company as "living system" where all parts must be connected and coordinate with each other in order to achieve the most efficient and effective process (Bell et al. 1997). Moreover, besides the value added from the service, SSA has created a unique type of service that focuses on a broader range of business risk and helps to ensure that the auditor fully understands the client risks and control (Joust, 2007). Hence, the goal of the audit itself has not been changed while providing a greater effectiveness, efficiency, client service, better governance and consistency at an international level (Bell et al 1997). In addition, , the rationality and legitimacy for audit task has changed. The audit under the new approach offers a hybrid service (Robson et al, 2007) of audit and non-audit service in the same job; they aim to create value for their clients based on their acquired deep knowledge about the client industry. Moreover, the new audit approach claims not to interrupt the independency of the auditor from issuing fair opinion. But by a process of mutual interest between business directors and the auditor where both sides are aiming at the same direction of creating value for the organization and make the client business flourishes.
In order to provide a value added audit, audit firms face challenges. According to Rehab, there are 5 components associated with the new view of audit; these components need to be fulfilled by the profession in order to create the attained value from the audit service. They are as follows: (See Figure â€¦)
1- Business knowledge: the challenge to decompose the knowledge into the audit functions.
2- The audit market: the challenge of finding the profitability of the audit and the new market.
3- "PSF" firms: the challenge of the new appearance as a professional service firm.
4- Education reform/regulations: the challenge to restructure education and training for auditors in order to combine it with the new philosophy.
5- Value added services: the challenge to entrepreneurial opportunities for other "added value" services that audit firms could provide, including internal control.
Business risk analysis
The auditors evaluate whether the client's strategic planning process matches the threats that they could face within their capabilities. Ketchekova (2002) argues that auditors evaluate the client's strategy through investigating the following:
2- Industry level
3- Firm specific strategic risk factors
4- Management reaction to the verified risks
The rigorous analysis for the client business enhances the auditor understanding to the potential relation between clients' strategy and their accounting choices (Elliot, Eilifsen 2001, and Kinchela 2001). While traditional base audit did not provide enough information about the need for understanding the client business risks (Bell 1997). Business risk provides a task structure for this purpose which can generate a positive performance effects on the auditor's sense of scepticism and the estimation judgment for the auditor (O'Donnell 2004). Moreover, (Lemon 2000, Salterio and Werich 2001: 11) this is the first time you mention the number of page, you should do this all the time suggest that business risk structure covers the following points:
1- Analysing and understanding the client business, industry, regularity, and market environment.
2- Building a business model for the client strategy and its internal control.
3- Analysing the client strategy, financial position and the client business processes.
4- Evaluating the client business risk, and the risk of material misstatement that has been detected.
5- Planning the process and procedure to test the reliability of the financial statement.
The strategic analysis of the client under "SSA" approach comprises an analysis of the client's industry, the client's strategy to achieve a sustainable competitive advantages, the threat that could affect the success of the client's strategy, and the way the client responses to those risks. The aforementioned process designed to assist the auditor to a better understanding of the adequacy and feasibility of the client's strategy. Furthermore, it aims to enhance the gain of knowledge about the external business environment and the client's internal processes and resources (Bell, 1997). Obtaining a comprehensive and complete knowledge about the client's business risk for evaluating the client's business risk expected to direct the "lens" on the critical area for any potential material misstatement and/or frauds (Bell et al 1997). The auditor then performs the planning process in order to gather sufficient evidences for the financial statement assertion.
Developing an expectation under traditional audit was based on the changes or differences appears in the client financial account that materially varies from the industrial index. It is followed by raising a random walk assumption through the client accounts and finally building an expectation. Therefore, the process of developing an expectation under traditional audit and build a mental model is not complicated (Balllou, 2005) .The auditors use a deductive reasoning for generating their expectation (Koonce, 1993). Then develop a hypothesis and test it. Meeting the hypothesis means that the auditor successfully explains the phenomena. Otherwise, the auditor has to generate a different hypothesis that explains the client accounts differences (Libby 1985).
The auditor under "SSA" audit draw a comprehensive understanding to the client system parts, rather than treat these parts separately. This comprehensive scan excepted to enhance auditors ability to interact with the client complex environment where the client external environment such as suppliers, debtors and customers affect the economic situation for the audit client. Bell et al. (1997) argue that understanding the client business environment could improve the auditor's understanding for his client system dynamics which will eventually result in developing mental models that may include all the vital parts of the client's system and lead to a more efficient audit. Moreover, ( Choy, 2000) suggests that the auditor who gains an understanding of his/here client systems is more likely to achieve better integrated mental model which will lead to a better decision making process when compared to the lack of system understanding .Therefore, the construction process of "SSA" mental model required a successful integration between the client system parts, which can be achieved by maintaining a deep understanding to the client system and its environment.
Another factor that may affect the development of the mental model is the auditor ability to interact with the client's complex tasks. Bonner (1994) suggests to dissolve the complex task into three components, complex input ,complex process and complex output. Furthermore, he suggests that each of these components has an amount of clarity of information that can enhance the understanding for the complete complex task. Traditional audit relied on scanning a wide variety of the tasks' input to gather information's about the client and its environment. This heavily concentration on task input could create overload information (Ketchecova, 2000). Consequently, that makes it even more complex to integrate them with a mental model that aims to explain any fluctuations. "SSA" ,also enter s a process of gathering information about the audit client and understanding his environment but unlike traditional audit information is required to translate the external information and non-financial data in a systematic order in order to build a mental representation in later stages (Kenchel, 2001). As a result, both traditional and SSA audit contain a different type of a complex input. However, the SSA provides a different position for the auditor to analyse the client complex processes. Moreover, "SSA" applies a systems theory-based framework that helps the auditor to understand and document the results of analysing the client industry, objects, and strategy. For example, the auditor may use the porter model (Porter 1980, see previous section) to identify the threats that surround the client and enhance the auditor ability to develop a mental model about the client's business and turn the auditor "lens" (Bell, 1997) on specific strategy that is driven by the former mental model . Thus, it expected to improve the auditor's ability to deal with complex task and improve auditors performance (Ketchecova, 2001), while traditional audit relies on directing the auditor's attention toward the general strategy driven by the auditor's mental model. In other words, "SSA" relies on forming an explicit model about the client's business, while traditional audit relies on an implicit model of the client's business.
As can be seen, it can be noted that constructing a mental model to explain the client system varies between the two methods. Traditional audit tends to generalize the assumptions based on implicit view about the client system to form a mental model, while "SSA" tends to separate the system and explicitly form a view to construct the mental model. These two different procedures raise a question about the role of auditors experience in this situation. Ketchecova (2002) supports this view when contradicted results appears showing that senior auditors who use traditional audit to assess the client risk doesn't significantly varies from senior auditors who use "SSA". This could indicates that an experience auditor under traditional audit produce more accurate mental model than non-experience one. However, the other results show that the chances are higher to perform an error under a complex process for traditional auditor's compared to "SSA".
On his part, Koonce (1993) suggests a cognitive characterization for auditing the client under the traditional audit. Later on, Ballou (2005) suggests a cognitive characterization of the analytical procedure consistent with the client complex system theory for SSA which focuses on developing an expectation about unexpected finding during auditing the client. (Ballou 2005) argues that SSA approach is based on developing a unique complex system mental model for the audit client. Similarly, Bell (2002) suggests that to develop a mental model with taking into consideration the following criteria:
1- Strategy: indicates the client's position on its industry.
2- The client's business model: w determines the client's business process and strategic alliance.
3- Any other internal or external forces.
SSA treats each client as a unique case that has his own errors and misstatement. The auditor is not depending on the auditor's general knowledge to build the expectation about the audit client but rather by building a unique complex system for the client and presents it in mental model. Therefore, SSA offers the tools for the auditor to perform mental stimulations that rely on the updates in the complex system when expectations about the audit client are not met ex???????? What is this?: revising the model, additional information could lead to different expectation (sterman, 2000) .
The stages for building a mental model under SSA contain the following:
First stage: Analytical procedure determination
The first phase of the audit processes under the SSA builds a very similar mental representation to the one on traditional audit. However, the goal and subgoals for the mental model differs from each other (Ballou, 2005).
In traditional audit, the auditor relies on his/her previous knowledge to address the clients account statement that is expected to have similarity across engagement (Koonce, 1993). While SSA goals and the sub-goals rely on determining which portion of the complex system mental model needs to generate a mental simulation to assemble an expectation (Balou, 2005). Moreover, SSA environment generates more sub-goals than in traditional audit, where in SSA, the auditor's attention is to concentrate on understanding the client's business , industry and their ability to manage their business risk which in turn, enhance the auditor flexibility to access the various parts of the client complex system in order to develop an expectation related to any sub-goals.
Second stage: developing expectation based on the mental model
The auditor uses the mental model in order to explain or build an expectation about a specific event that is acquired during auditing the client based on linking between the variables in the auditor mental model. Therefore, the auditor identifies which objective being sought and specified from the constructed mental model that will be utilized for the simulation.
(Klein, 1999) suggests 3 causal factors that the auditor can rely on to generate a mental simulation:
1- The Evaluation of coherence.
2- The applicability.
3- The completeness.
If these three factors are achieved, the auditor should be able to generate a sequence of actions to make an expectation that explains past or future event. Hence, the auditor uses these results from the mental stimulation and compares it with the management assertion results.
Third stage: A- The expectation and the auditor's decision
Analytical procedure under SSA has an important role in determining whether the built expectations from the mental stimulation in the second stage are reasonably met by the management assertion and whether the available evidences are sufficient to confirm the expectation with the reality or additional evidences need to be gathered under to support the mental stimulation. However, if the expectation did not meet the auditor's expectation then he/she needs to perform additional information search to determine whether the client complex system mental model needs to be adjusted in order to meet the management assertion or the client need to adjust according to the auditor mental model . In other words, the auditor directs the client to change his way and follow the auditor's expectation.
Traditional audit takes a different path during this phase where the auditors generate a new hypothesis that aims to explain the event if the expectation did not meet their expectation with the management assertion, while SSA is based on a unique mental model for the audit client. Therefore, building a new mental model cannot provide the answer for the deviation but rather than that, the auditor performs information search to adjust the client mental model to determine whether there is a reasonable explanation for the unexpected results and whether an adjustment and further mental stimulation is needed.
Third stage: B- How to search for information
For the information search under SSA, the auditor relies explicitly on his/here own goals and beliefs that have been built during the audit (Ballou, 2005). Hence, when an unexpected event occurs, the auditor utilizes his/her developed mental model based on his/her holistic perspective that has been growing through the audit process and applies his/her information search based on those beliefs. Therefore, the auditor's beliefs are a number of small actions that led to a major effect resulted from the natural linkage between the client complex system. Consequently, any deviation or a bad linkage may cause the unexpected event to occur.
As a result, the SSA audit relies on component beliefs in developing an information search strategy for unexpected analytical procedure results.
Fourth stage: compare the expectation with actual results
In the last stage, the auditor makes a comparison between the revised expectation with the information reported by the audit client. Therefore, if those results meet the auditor's expectation, then the auditor can be assured that his assertions are supported.
Otherwise, the auditor needs to perform additional information search. Hence, this cycle will be repeated until:
1- The auditor's expectations are met.
2- The revised expectations are not meeting the auditor's beliefs and requires from the client to adjust his information in order to meet the auditor's expectation.
Analytical procedure process applied during planning and completion stages under traditional audit. (SAS No.56) elements were the main reference for auditors to perform an effective and an efficient analytical procedure to scan for unexpected fluctuations in the client's accounts and to receive explanation from the client's management about those fluctuations. Analytical procedure under (T.A) designed to direct auditors attention toward the client financial reporting issue at the beginning of the audit process (planning stage) and to help auditors to identify any issue that could have been missed during the audit at the final stage of the audit (completion stage). Analytical procedure under traditional audit was performed during the substantive test as the only source of the scrutiny or as a combination with other detailed tests. However, the introduction of "SSA" audit brought a different view for analytical procedure as it heavily grounded on analytical procedure to underly the concept of utilizing an understanding of an organization's economic environment , strategy and business process performance and financial report (Bell, 2002 and KPMG, 1999). Analytical procedure used heavily to analyse the client strategy and business processes (see Bell et al.2002, Bell et al.1997 and Elifisen 2001). As a result, researchers had point it out that auditors under "SSA" should be able to handle different types of analytical procedures to enhance the mental model construction (Ballou, 2005). Furthermore, analytical procedure under "SSA" should enhance the auditors ability to develop an expectations about the constructed mental model by using various types of analytical procedures (O'Donnell, 2004 and Ballou, 2005). Hence, the use of analytical procedure under "SSA" contains the following phases:
The first phase of analytical procedures aims to establish a comprehensive understanding for the strategic analysis stage. The auditor's target is to understand the client strategy. The auditor builds a mental model that relies on the deep understanding of the organization's external environment , the industry index, the client strategic objects, the client actions to achieve the organization's objectives, and the strategic oriented control where the client aim is to set those strategies in order to create an environment that is capable of producing the obtained strategy (King, 2002, Bell, 1997 and Ballou, 2005) .
The second phase of analytical procedures involves a critical analysis of the client business process. The auditor develops an expectation about the client's business performance (Bell et al 1997, 2002), such as: comparing the client performance vertically through the years. The auditor builds an expectation about the effectiveness of the process and sub-process (Bell et al. 1997) .Then, measures each process control and utilize the operational data as a key performance indicator of the effectiveness for each of those processes that aim to achieve the organization's objectives (Ballou, 2005) .
The outcome of applying and comparing the results of the analytical procedure process should indicate the relationship between the transactions and accounts in the client financial statement , which in its turn helps the auditors to link those accounts in a logical sequence for adding information to the mental model . Consequently, the auditor will be able to determine the nature, extension and timing of subsequent audit test based on whether the developed expectations by the auditor are meeting the actual results from the auditor examining the client financial statement and the management assertion about any issues the auditor found .
The third phase aims to reduce residual risk into an acceptable level. Therefore, the auditor determines the level of the residual risk and prepares the substantive test , including substantive analytical procedure and other test of details tools.
From the above, it can be noted that analytical procedure under "SSA" audit affects the overall audit with the following:
Analytical procedure under (TA) applied during planning and completion stages while "SSA" applied it during strategic and business process analysis stages.
Analytical procedure under "SSA" is expected to provide a wilder and greater source of evidence than traditional audit (Bell et al. 2002).
Both audit procedures uses analytical procedures for substantive test in order to control the residual risk level. However, "SSA" is more equipped to perform a more refined overall analytical procedure. (Ballou, 2005)