Documentation Requirements and Quantified versus Qualitative Audit Risk Assessments

The "not documented, not done" requirements of Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 3 substantially increased auditors' obligations to document their risk assessments. This study examines a potentially unintended consequence of such a requirement on auditors who have pressure to reach lenient, client-preferred risk assessments. Because documentation requirements potentially expose auditors' lenient judgments to more ex post scrutiny (e. g., regulator inspection, litigation), one would ordinarily not expect that adding them would cause auditors with client pressures to become more lenient. However, I expect that adding documentation requirements leads auditors who assess risk in qualitative (rather than quantified) terms to engage more in a specific word-smithing strategy that is shown by prior research to help rationalize reaching more lenient audit conclusions. Thus, even though documentation potentially exposes more lenient judgments to scrutiny, I show that auditors assessing risk in qualitative terms respond to this pressure by rationalizing their lenient assessments even more vigilantly. This leads to more lenient judgments, ironically, as a result of adding the documentation requirement. Adding documentation requirements does not have this effect on quantified risk assessments. Prior research also suggests that auditors typically assess risk in words. Thus, under common conditions, the PCAOB's documentation requirements may have unintended effects, with adverse implications for audit effectiveness contrary to their regulatory intent.