**1. Introduction**

Auditing is a collective process conducted by a professional accounting team with a range of skills, experience, and emotions [1]. An audit consists of collecting evidence to express and issue an audit opinion about whether the financial statements are prepared, in all material aspects, in accordance with an applicable financial reporting framework (ISA 200). Such opinion is on whether the financial statements are presented fairly, in all material respects, or given a true and fair view in accordance with the framework (ISA 200). The fundamental goal of an audit is to reduce uncertainty and enhance the degree of confidence of intended users in the financial statements. As stablished by the reference number 4 of ISA 315, "the objective of the auditor is to identify and assess the risks of material misstatements, whether due to fraud or error, at the financial statement and assertion levels, ( ... ) including the entity's internal control ( ... )". Hence, the audit staff must evaluate and respond to risks caused by uncertainty in the information. Here, three key elements pop up because of their relevance on the auditing process: (i) the audit plan; (ii) the audit staff; and (iii) the audit risk. Of course, these concepts are interdependent.

**Citation:** Porcuna-Enguix, L.; Bustos-Contell, E.; Serrano-Madrid, J.;Labatut-Serer, G. Constructing the Audit Risk Assessment by the Audit Team Leader When Planning: Using Fuzzy Theory. *Mathematics* **2021**, *9*, 3065. https://doi.org/10.3390/ math9233065

Academic Editors: Jorge de Andres Sanchez and Laura González-Vila Puchades

Received: 31 October 2021 Accepted: 26 November 2021 Published: 28 November 2021

**Publisher's Note:** MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

**Copyright:** © 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).

The auditor shall undertake some preliminary engagemen<sup>t</sup> activities at the beginning of the audit engagement, such as performing procedures required by ISA 220, evaluating compliance with ethical and independence requirements, and understanding the engagement. According to ISA 300, the audit plan is more accurate than the overall audit strategy. Planning takes place over the course of the audit, so changes to early planning decisions may happen. Planning activities entail, among others, the auditor's risk assessment procedures, the subsequent nature, timing and extent of further audit procedures and the consideration of those factors that, in the auditor's professional judgement, are significant in directing the engagemen<sup>t</sup> team's efforts.

Even though the audit partner is the person who firstly contacts the client, the role of the audit team leader (ATL) is critical, as they must allocate resources efficiently to lower audit risk up to an acceptable level, as indicated by the International Audit Standards (ISA). It is true that the audit partner will sign the audit report with an opinion, but such an opinion is the final outcome after a grea<sup>t</sup> audit effort. The audit effort is mainly carried out by those who are not the partners, and ATLs (named by the audit partner) are decisive to opt for and issue an opinion or other in the audit report [2,3]. Sincerely, lower-level audit team members gather most audit evidence, however, upward communication and knowledge sharing are decisive for effective and efficient audits [4,5]. In this aspect, audit team leaders play a critical role in easing such information exchange and in encouraging audit team members [6]. Audit leadership is expected to affect group performance [7]. Leadership style not only influences the levels of satisfaction, motivation, and performance of audit team individuals, but also may improve the audit quality practices. Furthermore, appropriate risk audit assessment of the client from the beginning of the audit by audit team leaders may be momentous for an effective and efficient audit execution. Relying more (less) on internal controls implemented by the client leads to performing less (more) substantive audit procedures, which is determined by audit team leaders based on their professional judgement and previous experience [8].

With respect to audit risk assessment, some clarifications must be made in order to understand the meaning of audit risk. According to the IAASB Glossary of Terms (1), audit risk is defined as the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated, so it is a function of material misstatement and detection risk. This term is difficult to measure, as it may be only estimated after the audit work is complete. For this reason, we center our attention in the audit risk assessment. The audit risk assessment is the imperative identification, analysis, and managemen<sup>t</sup> of risks relevant to prepare the financial statements [9], and its procedures take place in the planning period of the audit. During the risk assessment time, the auditor inquires with management, entity staff, performs analytical procedures, observations and inspections, and understands business risks that may result in material misstatements. The audit risk assessment is fundamental to the audit process for several reasons. In accordance with ISAs, audits must follow the risk-based approach, because auditors may not check all transactions and must minimize the chance of giving an inappropriate audit opinion. Addressing insignificant risks in a high level of detail would be inefficient, and no one is prepared to pay for the auditors to do such amounts of work.

Setting aside the inherent risk for the difficulty in its estimation, we focus on the assessment of internal controls and the probability of detecting errors and irregularities by ATLs when planning. These terms are defined in ISA 315, and will be explained in more detail later. The audit risk assessment in the planification phase by the audit team leader (ATL) is highly based on subjective judgements. The ATL must evaluate internal control and the expected existence of errors and irregularities in the financial statements, so they determine if a risk is classified a key risk, material risk, or insignificant risk (it is not black or white, but there might be shades of gray). The application of fuzzy theory is particularly meaningful, as audit risk assessment involves people thoughts, inference, and perception [10], so fuzzy method retains a certain degree of fuzziness in such aspect. Compared to econometric analysis (symmetric approach), fuzzy method (asymmetric

approach) does not draw a conclusion based on a single correct answer (reject or not a null hypothesis) but provides different solutions (decisions) based on consistency and frequency thresholds. In addition, fuzzy technique does not either show estimates of each hypothesized relationship through the net effects, but covers the influence of other variables, leading to various combinations of conditions.

The aim of this study is to construct the assessment of the expected audit risk by the audit team leader (ATL) during the planification phase of the audit. To do so, the use of fsQCA has powerful potential into the audit arena, as the audit risk assessment is critically related to auditors' judgement and perception. We argue that ATL characteristics are core conditions in determining the audit risk assessment when planning.

This research has been made with data coming from a Spanish sample. Spain is classified as a code law country [11], unlike Anglo-Saxon countries such as USA or UK (common law) where the accounting and auditing culture is more developed by tradition and where private professional bodies played an important role in the organization of the audit profession from the beginning [12]. Differently, in Spain the main organisms in this sense are public. The Spanish environment is characterized by weak investor protection and low risk of litigation, where the fundamental stakeholders are families, banks, and industrial companies [13,14]. The banking sector dominates over the capital market, as a result, agency problems may arise. The average cost of debt of Spanish SMEs is 22%, compared to the 7% of the Eurozone as a whole [15]. According to Kim et al. [16], audits may contribute to reducing information asymmetries, and thus the cost of financing, so it may generate incentives to financial entities to preserve their dominance. In this context, no market-based institutional incentives exist (i.e., litigation costs, reputation loss, etc.) and auditor decisions may be influenced by managers and other parties. Despite the existence of grea<sup>t</sup> efforts to empower audit legislation and construct cohesive professional audit infrastructure aiming at solving these questions, pressures on the audit risk assessment by ATLs when planning can occur. In Spain, more than the 88% of Spanish audit firms are small- and medium-sized, shaping the real Spanish audit market behavior, unlike most of studies exploring the actions of the Big Four or second-tier audit firms. Audits of SME firms are likely to be conducted by a very small audit team. Presumably, complexity of audits should be lower (ISA 300), but coordination and audit team leader implication must be higher, so ATL characteristics (together with the pressure and progression within the audit firm) are supposed to directly affect audit risk assessment and audit team behavior. These reasons come to justify the relevance of the audit risk assessment (internal control, errors, and irregularities) in the Spanish scenario.

We use hand-collected and private data taken from legal applications declared by audit firms to the national public oversight board (ICAC), spanning 2001 to 2015. The sample consists of a balanced panel of 1338 Spanish firm-year observations. The audit risk assessment is set to be the outcome. Consistent with ISA 315, we use three outcomes: (i) the absence of internal control; (ii) the presence of expected errors; and (iii) the presence of expected irregularities. A complete set of contrasted conditions has been used to explain the focus outcomes. The analysis of necessity reveals that there is no exclusive necessary condition, but a comprehensive set of conditions must be given for perceived high audit risk when planning (expected bad internal control and expected errors and irregularities in the financial statements). More specifically, four conditions are the most significant drivers of the outcome, either for their higher consistency values or for the wider difference between their presence and absence: the presence of female ATLs, inexperienced ATLs, old-audited clients, and large board sizes. The sufficient analyses show that more than one possible configuration (i.e., combination of conditions) happens, and that causal asymmetry may occur. Regarding the absence of internal control, the results demonstrate that female and inexperienced ATLs planning the audit of firms with a high proportion of property, plants and equipment, high leverage ratios, less profitability and large board sizes are expected to have bad internal control. For the presence of expected errors, the likelihood of expecting error in the financial statements increases as perceived internal control worsens

(same conditions are met), and also when the audit tenure is shorter. Lastly, for the presence of irregularities, conditions such as experience gain importance. Irregularities are intended errors, and experienced ATLs are capable of expecting or forecasting irregularities because of their widespread background and prior accumulated know-how.

The contribution of this work is threefold. First, we focus the research on the audit risk assessment by the audit team leaders (ATLs), who are the pivotal audit members in the planification phase, and thus in the subsequent test of controls and substantive audit procedures. Secondly, the use of fuzzy-set modelling allows us to deal with the fuzziness when assessing audit risk. In addition, primary objective data connected to internal control and the probability to uncover errors or irregularities have been used. As far as we know, this is the first study doing so. One may find the application of fuzzy theory fundamentals to auditing so as to explain the formation of an effective quality audit team [17], to construct and check the effectiveness and efficiency of an artificial intelligence audit tool compared to human auditors [18], to design a more precise audit detection risk assessment system [10], to gain additional insights into the relationship between firm characteristics and audit fees [19], or to propose a client acceptance method in order to improve audit firms' risk managemen<sup>t</sup> [20], among others. However, no one refers to the ambiguity or vagueness when assessing audit risk in the planification regarding internal control and the expectation to find errors and/or irregularities. Last, but not least, this study is responsive to the call from regulators to consider audit team attributes, in particular, ATL characteristics, as important factors that affect audit quality practices [21], which is directly influenced by the audit risk assessment when planning.

The remainder of the paper is structured as follows. Section 2 outline the basics of fuzzy-set qualitative comparative analysis aiming at showing its potentiality in the auditing arena. In Section 3, a prior study about ATL designation and their audit risk assessment of the client in the planification stage is re-visited. We briefly describe the role of ATLs of SMEs audit firms on the audit risk assessment and also explain the selection of the outcome and conditions. Sample and descriptive statistics state in Section 4. Section 5 shows the empirical fuzzy-set results, and finally Section 6 concludes, with a brief discussion on the treated topic and some limitations are exposed.

#### **2. Fuzzy-Set Qualitative Comparative Analysis (fsQCA)**

## *2.1. Fuzzy Set Basics*

The fuzzy set theory seeks to solve fuzzy data in realistic context. It means a set signifying conditions with specific and apparently clear properties but imprecise boundaries. We may mathematically articulate the fuzzy set as follows:

The universal set or universe of discourse is called "U"; a set "A" is any well-defined collection of objects; an object in a set is called "ai", which represents an element or member of that set. Sets are defined by simple statements and the fact whether a particular object having a certain property belongs to a particular set may be described as A = {a1, a2, a3, ... , an}. If the elements "ai" (i = 1, 2, 3, ... , n) of a set "A" are subset of universal set "U", then set "A" may be mapped for all members x X by its characteristic function μA (x) = 1 if x X, 0 otherwise (note that the fuzzy subset A on U means that for any X U, there is a real number) However, fuzzy logic consists of many degrees of membership [0, 1], and all are allowed. In this sense, when the universe of number of A is {0,1}, then the membership function of A becomes μÃ (x): A → [0, 1] to x U, where the maximum degree of membership is the top heigh of the fuzzy set (equals to 1) and the minimum degree of membership is the bottom heigh of the fuzzy set (equals to 0). Note that Ã is one fuzzy subset on U and μÃ (x) [0, 1] is one number for each x U to show membership degree of x for Ã, which is the membership degree of U.

#### *2.2. Key Points to Keep in Mind*

Firstly, it is required to define all elements that will constitute the pathway of the fuzzy logic. To that end, Table 1 is presented, following Valaei et al. [22]. We display three columns: (i) symmetric concepts that are mostly used in regression terminology; (ii) asymmetric concepts that are most frequently used in fuzzy set nomenclature; and (iii) a brief explanation of such terms.


**Table 1.** Symmetric vs. asymmetric concepts.

Note: symmetric concepts are just tabulated for informational and comparative purpose. The explanation alludes to asymmetric concepts.

Secondly, apart from the previously defined concepts, for appropriate use of the fsQCA, some assumptions or application hypotheses must be taken into consideration [23]:


The third aspect to bear in mind is the order and number of steps that are cardinal so as to run appropriately the fuzzy pathway. The indispensable stages are as follows:

**Step 1**—Substantial theoretical and empirical knowledge of the matter of interest. The state of art is essential to be controlled. Fuzzy logic is far away from mixing many ingredients (conditions) to cook a recipe (outcome), so "more" does not mean "better". It is true that in qualitative analysis certain subjective bias can be introduced by researchers, but their own knowledge of the field of study also lead to a richer analysis and understanding of the data.

**Step 2**—Data calibration. Data treatment can be considered the most important step in fuzzy modelling. Unlike traditional approaches, data are transformed from ]−∞, +∞[ to [0, 1], that is, into degrees of membership in the target set, where 0 meaning full non-membership (absence/negation) and 1 full membership (presence). To avoid misunderstandings, researchers have to clearly define the cut-off points that will determine the degree of membership. Differently from crisp sets, whose variables may discretely take values of 0 or 1, conditions are usually calibrated through an n-value fuzzy set, specifying the values of an interval-scale variable that correspond to n-qualitative breakpoints [27]. For instance, a three-value fuzzy set is one of the most used direct log-odd transformation methods, where the 95th percentile (0.95) is the threshold for full membership, 5th percentile (0.05) is the full non-membership threshold, and the cross-over point (0.50) is the threshold for "ambiguous" or "do not care" cases.

**Step 3**—Necessity conditions. The analysis of necessity for the presence and the absence or negation of the outcome is prerequisite before proceeding with the scrutiny.

**Step 4**—Truth table. To undertake sufficiency analysis, we must generate the truth table that reveals which combinations of conditions or configurations are sufficient for the focal outcome to occur.

**Step 5**—Boolean algebra. Once the Truth table is generated, all configurations (2k rows) are not significant, so the number of cases and Boolean logic must be employed. Researcher must remove those low frequency settings and leave out redundant clauses to reduce the initial 2k configurations to simplified combinations. For this purpose, consistency and coverage must be defined.

Thus, having said the above, the theoretical an empirical framework of this study is to apply the fuzzy theory to construct the assessment of the expected audit risk by the audit team leader (ATL) during the planification stage of the audit work of their audited clients.

#### **3. Re-Examining the Data of a Prior ATLs and Audit Risk Assessment Study**

The goal of this study is not to provide a fully comprehensive and instructional guide about fuzzy-set Qualitative Comparative Analysis (fsQCA). One may find in the existing literature complete guides of fuzzy-set modelling on managemen<sup>t</sup> (e.g., [29]), entrepreneurship (e.g., [23,30]), artificial intelligence, expert systems, control engineering, and multi-principle decision making and risk assessment [31–33] for the presence of ambiguity. Undoubtfully, the problem of imprecision also appears in accounting and auditing (e.g., [34]), where concepts such as materiality, fair value, reliability or risk assessment are not essentially two-dimensional but a scale of degrees. It is noticeable that it does not refer to the uncertainty of the occurrence or not occurrence of an event, but the lack of clarity in the assessment and judgements, which directly affects usefulness and predicting power of accounting information. Instead, we pursue to sketch out the method for those who are interested in employing this qualitative approach to their fields of study, especially in the auditing arena.

The word "fuzzy" means "vagueness" or "ambiguity", and fuzziness occurs when the boundary of a piece of information in not clear-cut. Zadeh [35] proposed the fuzzy set theory, which is an extension of classical set theory where components have a degree of membership. Classical set theory establishes evident sharp (crisp or exact) boundaries with apparently no uncertainty associated (i.e., black–white, true–false, good–bad, etc.); contrarily, fuzzy set theory considers ambiguous boundaries (e.g., the gray color exists between black and white; describing human reasoning by true or false is frequently insufficient; audit risk evaluation is not only good or bad). Hence, running fsQCA facilitates to incorporate imprecise values to obtain non-symmetric relationships (necessary and sufficient conditions).

The fsQCA approach is based on complexity theory following the principles of conjunction, equifinality, and causal asymmetry. Conjunction refers to the notion that conditions interacts interdependently reveling combinations of sufficient conditions for the outcome. Equifinality denotes the existence of multiple equally effective combinations of conditions to reach the same high outcome score. Causal asymmetry indicates that conditions driving an outcome in one combination may be simultaneously unrelated or even oppositely related in another configuration linked with the same outcome [36].

The aim of this study is, therefore, to spotlight the potentiality that fsQCA have into the auditing arena, in particular, for the audit risk assessment by audit team leaders (ATLs) during the planification level. Next, we will use this powerful qualitative technique to re-visit data from earlier research that had used symmetric quantitative approaches. We select the investigation carried out by [37], who operated with multiple regression analysis, consistent with what is commonly performed in the risk aversion associated with female gender [38–40], female appointment decisions (e.g., [41]), and gender diversity in audit risk assessment and quality (e.g., [42,43]).

The audit risk assessment is highly based on audit personnel's subjective judgements. Auditing is a process of collecting evidence to express and issue an audit opinion about on whether the financial statements are prepared, in all material aspects, in accordance with an applicable financial reporting framework (ISA 200). Such opinion is on whether the financial statements are presented fairly, in all material respects, or give a true and fair view in accordance with the framework (ISA 200). The general purpose is to reduce uncertainty and enhance the degree of confidence of intended users in the financial statements. To do so, the audit staff must evaluate and respond to risks caused by uncertainty in the information. The application of fuzzy theory is particularly meaningful, as audit risk assessment involves people' thoughts, inferences, and perception [10], so fuzzy method retains a certain degree of fuzziness in such respect.

We selected the Porcuna-Enguix et al. [37] study for four main reasons. First, it represents the first work in analyzing audit team leader (ATL) attributes, while most studies look to audit partners. ATLs have a substantial role when issuing the audit report, since they have direct contact with the audit client and the potential risks compared to the signing audit partners. Second, the first work that explores the effect of the gender attribute of ATLs when appointed by the audit partner to an audit engagement, especially, in the audit risk assessment. Third, the Spanish context illustrates a peculiar but representative setting worldwide, in spite of limited related SME studies. Fourthly, using the same data as that earlier study allows us to both demonstrate whether or not fsQCA may report different results about alternative routes to audit risk assessments, and avoid subjectivity that would be linked to collecting a new sample.

In Porcuna-Enguix et al. [37], the audit risk assessment in the planification phase is measured in three ways as required by ISA 315. The evaluation of internal control (intcontrol) uses a Likert scale ranging discretely from 1 to 5, with 1 being bad internal control and 5 good internal control. The probability of expected errors (error) follows the same Likert-scale as intcontrol, with 1 being unlikely to uncover errors and 5 more likely. The probability of expected irregularity, with 1 being less likely to uncover irregularities and 5 more likely. Therefore, these are expected or perceived "audit risk assessment" in the planification stage, unlike the term "audit risk". The study has several "interest" and "control" variables seeking to determine whether female ATLs are appointed to riskier clients and whether female ATLs are more likely to be conservative or prudent when assessing audit risk in the planification stage of the audit engagement.

Table 2 presents the results from the ordered probit sample selection model (regression equation). The variable of interest "GENDER" was previously estimated (selection equation), but untabulated, and was then incorporated into the regression equation. This symmetric procedure was chosen so as to control for existing endogeneity problems [44]. We found that riskier audited clients were assigned to female ATLs (untabulated results). From the regression equation, we observed that female ATLs are more likely to uncover deficiencies in the internal control of the client and are more likely to find expected errors and irregularities during the planification phase. In addition, further analysis, also untabulated, demonstrates a more indulgent or tolerant attitude of experienced female ATLs towards possible internal control weaknesses and to inform about irregularities, attitudes traditionally attributed to males. Note that auditing is male-conditioned environment, so there might exist an intrinsic motivation to enhance their job opportunities such as promotion or just to not jeopardize their surveillance in the audit firm.

In order to align the fsQCA with that Heckman modelling study, we considered including all the same antecedent variables used by Porcuna-Enguix et al. [37] as conditions in our configural model, with the exception of "SIZE", "CATA" and "COMPULSORY" for two reasons: (i) SIZE (log of total assets) and CATA (current assets to total assets) were not statistically significant in all cases; and (ii) COMPULSORY was removed because the final balanced fuzzy set consists of firms that must be audited, as indicated in Spanish audit law. The three dependent variables of audit risk assessment represent the outcomes.


**Table 2.** Ordered probit sample selection results for Audit Risk Assessment [37].

\*\*\*, \*\*, and \* indicate statistical significance at the 1%, 5%, and 10% level, respectively.

#### *3.1. The Role of the Audit Team Leaders (ATLs) of Some Audit Firms on the Audit Risk Assessment*

Audit work is labor-intensive, resulting in high staff costs [45]. Audit firms often adopt aggressive pricing strategies [46], which place pressure on audit engagement. As a result, efforts by audit teams to work with short deadlines and to lower costs may compromise audit quality [47], and undoubtedly this price–time–effort conflict influences audit team members' behavior and thus audit practices. Of course, the audit partner possesses a high degree of autonomy to exert professional judgment [48], and this autonomy includes the possibility to alter audit prices (i.e., maximize audit fees) and planned hours (i.e., minimize audit effort). The audit partner also holds the decision of designating the audit team leaders [ATLs] [49], who are presumed to be the main character of the audit team appointed. When an audit partner agrees with the client to carry out an audit engagement, they must adjudicate which audit member is going to be responsible (audit team leader) for the audit team. This arrangemen<sup>t</sup> is not meaningless, as individual characteristics are vital for the planification and audit risk managemen<sup>t</sup> [50]. Therefore, the determination of the ATL is significantly affected by audit evidence collected when planning the audit. In turn, audit evidence hinges on detection risk, among others.

The role of the ATL is critical as they must allocate resources efficiently to lower audit risk up to an acceptable level, according to the International Audit Standards (ISA). Even though the audit report is signed by the audit partner, the audit effort is mainly carried out by those who are not the partners, and ATLs are decisive to opt for and issue an opinion or other in the audit report [2,3]. The ATLs act as the pivotal character in an audit engagement. The ATLs duties are mainly associated with assigning functions to audit team members, evaluating risk managemen<sup>t</sup> activities within the client, and ensuring compliance with established internal control procedures by examining records, operating practices, reports, documentation, etc.

Human resources are the most important asset for all audit firms, and a balance between the skills of audit members and the complexity of audit engagements is needed. The optimal point is to avoid under-auditing (not taking unnecessary risks) or over-auditing (keep costs at a competitive level). This time and economic effectiveness must be properly provided by the ATL [8], which depends on their professional judgement and prior accumulated experience. Their leadership must prevail, facilitating upward communication and knowledge sharing, while also promoting good group relationships within the audit team members to perform more effective and efficient audits [5,6].

To allocate resources, the audit team members have to gather information and the ATL must keep the audit risk at an acceptable level. The assessment of the audit risk in the planification phase by the ATL is critical. This really determines the confidence in the internal control of the client and the subsequent substantive audit procedures. For instance, after the initial evaluation of the audit risk when planning, if the ATL concludes that internal controls are more effective than they actually are and that a material misstatement in the financial statement assertions does not exist when in fact it does, it affects the audit effectiveness, leading to issuing an inappropriate audit opinion (under-auditing). Contrarily, if the ATL concludes that internal controls are less effective than they actually are and that material misstatements in the financial statements assertions exists when in fact it does not, it hurts the audit efficiency increasing audit costs (over-auditing). A deficient audit risk assessment boosts sampling risk, that is, the risk that the auditor's conclusion based on a sample may be different from the conclusion if the entire population were subjected to the same audit procedure (ISA 530), inducing to the two already mentioned erroneous conclusions.

ISA 300 establishes information about "considerations specific to smaller entities". The above explanation applies to all audit firms and audit engagement, nevertheless, small- and medium-sized audit firms are singular for their available resources. In an audit engagement, the entire audit may be conducted by a small audit team compared to others. With a smaller team, the role of the ATL is essential to favor coordination, communication, and member motivation. The audit is not so complex and time-consuming, but losing clients because of a deficient audit risk assessment is costly. The market share of small- and medium-sized audit firms is strikingly lower than that of the Big Four and second-tier audit firms. Small- and medium-sized audit firms usually have a lower diversified client portfolio, so if things go wrong, they spread through the market by word of mouth very easily and quickly. According to these discrepancies, we may appreciate two main differences between ATLs in SME audit firms from those in Big Four or secondtier audit firms: (i) pressure and (ii) progression. First, time pressure is considerably more notable for ATLs in SME audit firms. Being efficient is imperative and the opposite might be very costly. Dysfunctional auditing behaviors might be expected because of such pressures [51]. Consequently, evaluating those factors or combination of them affecting audit risk assessment by ATLs in SME audit firms is determinant as they are the most representative figure (in number) in the audit market, shaping market behavior. Secondly, Big Four and second-tier audit firms have many employees at different levels. For instance, n-degrees of entry-level employees (e.g., assistant auditors), n-degrees of senior level (e.g., auditor, senior auditor, lead auditor or audit team leader, etc.), a partner with their own degrees of advancement, and finally director or managing director level (top managemen<sup>t</sup> positions). In case of SME audit firms, progression is shorter with fewer levels such as assistant, audit team leader, and partner. As seen, promotion in SME audit firms is not as long, slow, or tough as their larger mates. Why is this relevant? Investors perceive a lower quality of accounting information when the audited client's managemen<sup>t</sup> exerts influence on auditors (e.g., [52]), and auditor–client identification on audit client's acquiescence to client-preferred treatment occurs in non-Big 4 firms [53]. Understanding the factors that might alter or modify audit risk assessment when planning is crucial as it determines the subsequent audit procedures. Moreover, client familiarity is desirable but may threaten auditor objectivity, and this is closely linked with the auditor position within the firm, affecting the audit quality practices.

Having exposed the above, we find contrasting results in the existing literature on this matter. Small- and medium-sized audit firms usually face the handicap of offering a lower quality audit in comparison to larger ones. There is a certain and questionable "bigness syndrome" because size indicates sufficient staff to carry out the audit engagement, which may

ensure quality or independence [54,55] or higher prices when clients go public [56]. Other arguments reinforce the appointment of larger audit firms [57]: to reduce agency costs; to reduce information asymmetry; etc. However, less complexity ("the larger the more to lose" or "size matters" hypotheses) does not imply less attention or worse audit risk assessments. In fact, Lawrence et al. [58] show that the differences in proxies for audit quality between Big 4 and non-Big 4 auditors are more likely due to client characteristics. Boone et al. [59] explained that little evidence exists of a difference in audit quality between Big 4 and second-tier audit firms. Comprix and Huang [60] find no evidence that small audit firms are associated with real activity manipulation. Oppositely, Svanström [51] described, using a sample of Swedish small audit firms, a positive association between perceived time pressure (time budget pressure and time deadline pressure) and dysfunctional auditing behavior (e.g., superficial reviews of client documents, premature signing-off or accepting weak client explanations). Even though less audit complexity in small audit firms exists, time pressure is more marked as resources are more limited. Furthermore, Svanström [51] finds that training activities may reduce such dysfunctional audit behavior, nevertheless, small audit firms have limited opportunities to arrange such training activities with invited experts.

Therefore, we argue that ATLs of small- and medium-sized audit firms play a crucial role in assessing the audit risk in the planification phase. Furthermore, the ATL characteristics are core conditions to evaluate and determine managemen<sup>t</sup> risks.

## *3.2. Outcome and Conditions*

Based on a review of prior research, the aim of this study is to forecast the expected or perceived audit risk assessment by the ATL, especially by female ATLs. This outcome is supposed to depend on the presence or negation/absence of several conditions. Therefore, we expect several configurations to explain the same outcome as audit risk assessment involves skepticism and judgments by auditors. As established by reference number 4 of the ISA 315, "the objective of the auditor is to identify and assess the risks of material misstatements, whether due to fraud or error, at the financial statement and assertion levels, ( ... ) including the entity's internal control ( ... )". In this sense, our main focus outcomes will be the assessment of internal control (intcontrol), the probability to expect errors (error) and the likelihood to expect irregularities (irreg) in the planification phase. Conditions, together with outcomes, are briefly described in Table 3, and explained in detail below.

The focus outcomes are three to enrich the analysis. As established in ISA 315, the internal control is the internal "process designed, implemented and maintained by those charged with governance, managemen<sup>t</sup> and other personnel to provide reasonable assurance about the achievement of an entity's objectives regarding reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. The term "controls" refers to any aspects of one or more of the components of internal control". Material misstatements due to errors or mistakes are supposed to be unintended, with no fraud, such as arithmetic errors, misinterpretations, inadvertences, or incorrect application of accounting principles and standards without intent to cause harm by act or omission. Unlike errors, irregularities relate to intended acts or omissions with fraud, such as record and document manipulation, falsification or alteration, misappropriation, and irregular use of assets, record fictitious operations, or the improper and intentional application of accounting principles and standards.

With respect to the economic and financial features of the audited client, the ratio property, plant and equipment to total assets (ppe), leverage ratio (lev), and return on assets (roa) have been selected. Capital assets are purchased (bought or constructed) to be used in a business and are often the largest accounting item on a balance sheet. Even though the value is usually high, the risk associated is often low or moderate. Overall, these assets are depreciated (accounting expense record) over their useful life and are presented in a balance sheet by the book value (cost minus accumulated depreciation). Though appreciation in market value is not allowed, decreases are booked known as impairments, which may be reversed if those circumstances that originated the impairment disappear. Property, plant and equipment walkthrough consists of looking for ways that this item might be overstated, though understatements may also occur. Concerns about who authorizes the purchase, reconciliations, consistent depreciation methods, adequate records, the existence of controls, segregation of duties, period physical inventories and custody, schedules upon sale, capitalization of repair expenses (not expensed), etc. are questions to look at (primary risks). The higher capital assets, the wider gap for discretion or managerial choice.


**Table 3.** Description of outcomes and conditions.

Information asymmetry and uncertainty about the use of funds (loans) by insiders, such as managers or shareholders, are problems that all creditors (debtholders) face when granting such loans. Insiders may take actions that contribute to their wellness at the expense of creditors (agency conflicts). Basically, once insiders obtain the financing, they may undertake riskier investments or underinvest (e.g., [61]). Riskier decisions sometimes threaten future repayments to creditors and renouncing positive net present value projects because they may benefit creditors. It is true that this opportunistic behavior may be limited through covenants in creditors' debt contracts in terms of accounting numbers. However, again, restrictions may encourage managerial accounting choices such as incomeincreasing or -decreasing practices [62]. The higher the leverage, the greater the probability for discretion and the more need for reliable monitoring of accounting information.

Related to managerial accounting choices, those more profitable audited firms may have used discretion to achieve such strong economic positions. Profitability does not necessarily mean bad practices, however, high profitability may be the result of confusing accounting practices, and may increase the likelihood of uncovering material misstatements in the financial statements (unreliable accounting numbers) by independent auditors. Proving this behavior, Hardies et al. [42] found evidence that higher return-on-assets values

increase the likelihood that an auditor issues a going concern opinion, as an indicator of audit quality.

Regarding audit team leader (ATL) features, we may distinguish two characteristics: gender and experience. The gender diversity on ATLs is not trivial. The ATL may be chosen by the audit firm or the audited client to meet operating and contracting environment [63]. Attitudes towards corporate social responsibility [64], preference to overlap audit quality to cost reduction [65], or riskier positions may precipitate female appointments' decisions [41], because of their more prudent posture when assessing audit risk when planning. Moreover, women take more time to plan in an audit engagement, which directly influences the subsequent work execution [66]. Experience is another ATL attribute that affects audit work and the professional judgment of the ATL to assess audit risk. The experience (competence characteristic) of the audit personnel is listed as one of the main audit quality indicators [67,68]. Experience promotes general and industry expertise and enhances the ability of auditors to identify and assess audit risk. Professional background and experience make auditors stay alert and focused and make their clients feel higher audit quality which leads to audit premium. Experienced auditors are more accurate in interpreting, judging, and assessing information, so the audit risk assessment becomes more reasonable and targeted to carry out further audit procedures [69]. Therefore, the accumulation of this professional competence facilitates interpretation, judgment, problem-solving skills, the allocation of audit resources and the evaluation of audit risk, which is the cornerstone. Experimental studies such as Koch et al. [70], for example, demonstrate that experienced auditors are more likely to issue unqualified audit opinions, as a signal of either client internal control deficiencies and/or the existence of uncorrected material misstatements in the financial statements, due to fraud or error.

Associated to audit client features, we have chosen the number of years that the client is being audited by the audit firm (yaudited), whether the audit work for certain client is new (new) and the total board of directors (bod). The length of the audit–client relationship (audit tenure) is fully related to information and insurance roles and firm risk affects auditor behavior [71]. Nevertheless, the directional effect is still unanswered [72] because time might (not) threaten auditor independence. For instance, on the one hand, some argue that longer audit tenure erodes agency costs (less information asymmetry), which leads to better audit quality [54]. Shorter audit tenure denotes lack of adequate knowledge of the clients and the industry during the early years of the audit engagemen<sup>t</sup> [73] and widens the lag between hiring an auditor and the motivation to engage in earnings managemen<sup>t</sup> by the client [74]. In this respect, Myers et al. [75] found that the use of discretionary accruals diminishes as audit tenure increases. In addition, changing auditors is costly and may influence audit quality because less effort may trigger less audit adjustments as a consequence of a weaker audit risk assessment. Meanwhile, others proclaim that longer audit tenures jeopardize objectivity and skepticism, which also influences audit quality. According to these different points of view, the Spanish audit law 22/2015 (which incorporated the Directive 2014/56/UE into the national law) tried to find the midpoint. Thereby, overall, the duration of an audit engagemen<sup>t</sup> may be no shorter than three years and no longer than nine years counting from the date on which the first year to be audited starts (Article 22.1, Audit law 22/2015). The explanation being new clients are in line with the precedent reasoning. Finally, despite considering small- and mediumsized firms, our sample consists of compulsory audit engagement, so differences between ownership and control should presumably be assumed. This is the so-called board size effect: communication and coordination problems rise as group size increases [76], which broadens management–board conflicts (agency problems).

#### **4. Sample and Descriptive Statistics**

The data to run the fuzzy analysis came from 24 small- and medium-sized audit firms, with the information taken from their legal application declared to the national public oversight board, that is, to the Spanish Accounting and Auditing Institute (ICAC) spanning 2001 to 2015. These audit firms were randomly chosen regarding their size and areas of activity. Finally, the required information about the assessment of audit risk was sent by 13 audit firms, including their evaluation of internal control, error, and irregular probabilities of the client, and were assessed by the audit team leader during the planification phase.

Our hand-collected data values are original and no estimation process which would imply a high subjectivity charge has been employed in our sample. Our sample consists of a balanced panel of 1338 firm-year observations.

Untabulated distribution by economic sector shows that service is the most audited industry, followed by construction, manufacturing, agriculture and supplies. In addition, an untabulated correlation matrix does not sugges<sup>t</sup> any multicollinearity problem associated with quantitative variables.

Table 4 displays the descriptive statistics of the original quantitative data and of the calibration cut-off points. As shown, we have used three qualitative breakpoints at 95%, 50% and 5%. It is important to say the dummy variables such as gender and new have not been calibrated for logical reasons. On the one side, the gender attribute of an audit team leader (ATL) will take value 1 if female and 0 if male, so "do not care" values do not exist; on the other hand, variable new will take 1 if first-time audit by the ATL for a specific client and 0 otherwise, so "ambiguity" values do not exist either.


**Table 4.** Balanced sample descriptive statistics and calibration parameters for fsQCA.
