The Impact of PCAOB-Type Regulations on Auditors Under Different Legal Systems

Abstract

This article analyzes the impact of Public Company Accounting Oversight Board (PCAOB)-type regulatory oversight and legal liability on audit quality and social surplus. We show the conditions under which regulatory oversight can improve audit quality and social surplus, as compared with the impact of legal systems. Moreover, we demonstrate that regulatory oversight is not likely to substitute effectively for a legal system. This is the first study that analyzes the possible effects of an audit regulator on auditors under different legal systems, and our results enhance understanding of the complex relationship between regulatory oversight, a legal system, and social surplus.

Introduction

In order to protect investors and the public interest, the Public Company Accounting Oversight Board (PCAOB) was established by the Sarbanes-Oxley Act of 2002 (SOX) in the United States to oversee the audits of public companies. The board replaced self-regulation to help restore investors’ confidence in capital markets that was harmed by a series of accounting scandals in the early 2000s. The PCAOB sets auditing standards and inspects audit firms. It has investigative authority to identify audit deficiencies and has disciplinary authority to impose sanctions for those deficiencies.

In the United States, auditors also face enforcement from a strong legal system. As a result, the following question arises: What effects on auditors can regulatory oversight have over and above the effects of a strong legal system? In many countries (e.g., China, Japan, and India), the legal system auditors face is weak, so another interesting question is whether regulatory oversight can compensate for a weak legal system in ensuring audit quality. In summary, the primary purpose of this study is to analyze the impact of PCAOB-type regulatory oversight on auditors under different legal systems.

We develop a model that incorporates both auditors’ expected liability costs and a regulatory penalty in the audit cost function and considers both audit effort and audit effectiveness (i.e., investment in quality control). The key features of the model are the following. First, potential legal liability only arises if the auditor fails to detect a client’s material overstatement(s) of income reported in financial statements—that is, makes a Type II error—and the probability of Type II error depends on audit effort and quality control. Whenever there is a lawsuit, there are litigation costs. They are a deadweight loss and cannot be recovered. In contrast, a regulator conducts inspections periodically, independently of any known audit failure. Regulatory penalties are imposed if auditors violate auditing standards and/or quality control standards. Hence, legal penalties can be imposed after an audit failure occurs while regulatory oversight can prevent an audit failure ex ante. However, to establish and maintain a regulatory body is very costly. These differences between regulatory oversight and legal systems resemble the differences between police patrols and fire alarms. ¹

Second, we define audit quality as the probability of detecting material misstatements (assurance level), which is jointly determined by audit effort and audit effectiveness. Audit effectiveness represents the ease with which auditors can detect material misstatements. It results from an audit firm’s quality control system, including staff training, staff assignment to specific clients, and review of work performed. A better quality control system contributes to a higher level of effectiveness.

Third, we distinguish legal systems by their liability rules (strict or negligence-based) and damage awards (strong or weak). Under a strict liability system, auditors will be held liable whenever there is an audit failure due to an undetected material overstatement of income, irrespective of their efforts. Under a negligence-based liability system, auditors will be held liable only if they also fail to exercise due care. We introduce a social planner to consider trade-offs among different combinations of legal system and regulatory oversight and to select the best combination to maximize social surplus (i.e., the benefit of an audit net of the audit costs, litigation cost, and regulatory costs, if any).

Our analyses show that a combination of regulatory oversight and a negligence-based liability regime provides the same maximum social surplus as a combination of regulatory oversight and a strict liability regime. Regulatory oversight can provide complementary incentives to auditors in addition to the court systems, but the regulatory penalties needed to induce auditors’ compliance differ under these two regimes.

If regulatory cost is low, regulatory oversight can improve social surplus even if the damage award is high under a negligence-based liability regime, for two reasons. First, under regulatory oversight, auditors will provide higher assurance by improving their audit effectiveness through investment in better quality control systems. Second, if the project is highly profitable, the damage award is not sufficient to induce the first-best effort (i.e., the level of effort that maximizes the social surplus), so regulatory oversight can improve the social surplus by setting a regulatory penalty to ensure the first-best effort. This is because the first-best effort minimizes both Type I (i.e., an auditor certifies the project to be bad when in fact it is good) and Type II errors. Shareholders can never sue auditors for missing out on a profitable investment opportunity because they have not lost any investment. The legal damage is not sufficient to motivate the auditor to improve her effort to reduce Type I errors. Moreover, when the economy is booming, there is a greater need for regulatory oversight than when the economy is declining. This is because regulatory oversight provides greater incentives than legal systems for an auditor to avoid Type I errors.

If a country has a weak legal system, regulatory oversight can certainly help improve audit quality. Hence, audit regulation should be stronger in a country with a weak legal system than in a country with a strong system. However, the regulatory penalty is not a simple substitute for legal penalties. Regulatory oversight may substitute for a legal system in ensuring high-quality audits only if the regulatory penalty is sufficiently high, regulatory cost is low, and the project is highly profitable (the economy is flourishing). Regulatory oversight will produce lower social surplus compared with legal systems only if the regulatory cost is high and the economy is declining. Regulatory oversight can induce an auditor to increase quality control or audit effort to reduce Type I error (which is very important when the economy is booming), but the legal system can induce her to increase quality control and audit effort due to higher litigation cost. Moreover, regulatory oversight is ex ante costly because of regulatory cost, while legal system is ex post costly because of the litigation cost.

This article makes the following contributions. To the best of our knowledge, this is the first theoretical study directly analyzing the impact of imposing penalties through regulatory investigations on auditors’ behavior. It is also the first to endogenize the audit regulator through a social planner and solve the optimal design choices. The existing literature analyzes how other mechanisms, such as legal liability, loss of future engagements, contingent fees, and reputation loss affect auditor behavior (Bar-Yosef & Sarath, 2005; Corona & Randhawa, 2010; Dye et al., 1990; Hillegeist, 1999; Lu & Sapra, 2009; Melumad & Thoman 1990a, 1990b; Narayanan, 1994; Rothenberg, 2020; Sarath, 1991). Our article provides unique insights concerning the dynamic relationship between regulatory oversight and legal systems (Shavell, 1984). We show when and how much audit regulation is needed under different circumstances. We highlight the unique function that an audit regulator can provide compared with a legal system.

Our model improves upon the existing auditing models where typically an auditor undertakes only one action. Here we consider a multi-tasking model where two of the auditor’s actions (effort and quality control) affect audit quality. In addition, this article contributes to the analytical auditing literature on the interaction between auditors and clients by considering auditor differentiation in cost efficiency and audit effectiveness. This complements prior research (Zhang & Thoman, 1999).

Our article also demonstrates the important role of auditing standards. That is, the additional effect of regulatory oversight compared with only a legal system on social surplus and audit quality is affected by auditing standards. Regulatory oversight is beneficial to investors through the improvement of audit quality, particularly if the auditing standards are properly set. Therefore, our article adds to the existing literature on auditing standards (Gao & Zhang, 2019; Ye & Simunic, 2013).

In addition, our article offers new empirical predictions and provides a theoretical framework to explain several existing empirical findings. According to review articles by Abernathy et al. (2013), DeFond and Zhang (2014), and Knechel et al. (2013), researchers are beginning to examine the effectiveness of the PCAOB’s functions—that is, registration, standard-setting, inspection, and enforcement; however, the number of studies in this area is relatively small (Doogar et al., 2010). Our article provides additional empirical predictions that can strengthen the conclusions drawn from this research. For example, we explore whether the ability of regulatory oversight to improve social surplus is affected by the optimality of auditing standards.

We present a model and solve for equilibriums under various combinations of legal systems and regulatory oversight in the “Model” section. We then compare the social surplus under these mechanisms in the “Comparisons and Social Planner’s Optimal Discipline Choice” section. The “Empirical Implications” section describes the empirical implications of our findings, and the “Conclusions” section concludes.

Model

Setup

Model elements and timeline

An entrepreneur seeks to sell a firm to outside investors, perhaps for life cycle reasons. If investors purchase the firm, they must invest $I for the firm’s project to generate a positive payoff. A good project will generate a payoff of R and a bad project will generate a payoff of zero. Investors and the entrepreneur share the prior belief that the probability of a good project is β.^2,3 The entrepreneur is the manager and owner of the firm. He will claim the project type is good to sell the firm at a high price. Investors know his incentives and will ignore his claim without an audit, and they will use prior beliefs to price the firm. Auditing is needed to provide assurance concerning the manager’s assertions. ⁴

If the entrepreneur hires an auditor, he must pay a fee, F. We assume the auditor’s detection probabilities are

$$P(\mathrm{Good}\mathrm{signal}|\mathrm{Good}\mathrm{project})=P(\mathrm{Bad}\mathrm{signal}|\mathrm{Bad}\mathrm{project})=\mathrm{ta},$$ (1)

where $\mathrm{ta}\in [0,1]$ . The auditor incurs cost $1/2(\mathrm{\mu }{a}^2)$ for effort a and cost $1/3(k{t}^3)$ to generate t, where $\mathrm{\mu }$ and $k$ are cost multipliers. The $t$ captures the effectiveness of an audit and can be thought of as a transformation of auditor effort, $a$ , into an assurance level, $\mathrm{ta}$ . It represents the ease with which auditors can detect the true project type given effort $a$ . It can be thought of as an outcome of an audit firm’s quality control system. A better quality control system contributes to a higher t. For example, the more able and experienced the personnel assigned to a particular engagement, the less direct supervision is needed (Public Company Accounting Oversight Board [PCAOB] QC 20.11, 2003). We define $\mathrm{ta}$ as the assurance level and an audit failure occurs with probability $1-\mathrm{ta}$ . ⁵ The audit failure includes both Type I (the auditor receives a bad signal, but the project is actually good) and Type II errors (the auditor receives a good signal, but the project is actually bad). The auditor chooses the quality control system t before the audit is performed. We define audit quality by the assurance level ( $\mathrm{ta}$ ). We assume the auditor will report her findings truthfully to investors. ⁶

The auditor may face disciplinary enforcement actions from two sources: legal systems and regulatory monitors (e.g., Mookherjee & Png, 1992) who were chosen by a social planner at the beginning of the game. The social planner can choose regulatory monitors without legal systems, legal systems without regulatory monitors, or both legal and regulatory monitors. There are two types of legal systems: a strict liability or a negligence-based liability regime (Schwartz, 1997). We present all the notation in Online Appendix I.

To summarize, the sequence of events (i.e., timeline) is as follows:

• The social planner chooses a discipline mechanism for auditors. Auditors chooses quality control systems t.

• The entrepreneur chooses to hire an auditor for fee $F. Given t, the auditor chooses effort a to collect audit evidence and to generate a report.

• Investors choose whether to buy the firm at a certain price and, if so, they invest $I in its project.

• The state of the project is realized, and investors sue the auditor if the auditor made a Type II error and if the social planner put a legal system in place. A court determines whether the auditor is liable for the damage payment according to the liability rules.

• If there is regulatory enforcement in addition to a legal system, then the regulator will investigate the auditor and impose penalties if the auditor fails the inspection. Regulatory enforcement can occur either before or after the project payoffs are realized.

The social planner’s options

A common discipline mechanism for auditors is legal liability. Legal regimes affecting auditors consist of liability rules and damage awards (Schwartz, 1997). Liability rules determine whether an auditor is liable for the damages incurred by investors. Damage awards capture the amount the auditor must pay the investors for their damages and is typically less than the amount of investment (Palmrose, 2005). We denote damage awards by $D\in [0,I]$ and use D to represent the strength of a legal system. A strong legal system imposes a larger D. The liability rules can be strict or negligence-based. Under a strict liability rule, auditors will be held liable if they issue a good report but the project turns out to be bad, irrespective of their effort. The negligence-based rule means auditors will be regarded as liable only if they were negligent in performing their audits. Auditors are sued for making a Type II error because investors lose their investment relying on the auditor’s attestation that the project is good, but the project turns out to be bad. Auditors are not sued by investors for making a Type I error because investors have not suffered any loss from their investments. ⁷

Strict liability legal systems

Under this regime, the auditor will be found liable whenever the auditor certifies the project to be good, but it turns out to be bad (i.e., Type II error). This is possible if one holds the view that auditors should be responsible for the fair presentation of financial statements (DeFond & Zhang, 2014). The auditor will have to pay $D$ if she made a Type II error. $D\in [0,I]$ is the damage award. She also incurs a litigation cost $W<D$ . This includes time and effort incurred by the auditor in preparing a legal defense. This cost is a deadweight loss.^8,9 Laux and Newman (2010) argues that if $D>I$ , then ex post, investors are better off if the project fails and empirical evidence indicates the damage payment is substantially smaller than investors’ losses. Schwartz (1997) has similar arguments.

Negligence-based legal systems

Under a negligence-based legal system, we assume the courts will turn to auditing standards (denoted by s) to determine the due diligence level of effort, and to evaluate possible auditor negligence (Ye & Simunic, 2013). If audit effort is greater than or equal to the standards, then the auditor has exercised due diligence. We model the court-based standard by assigning liability for damages $D\in (0,I]$ if $a<s$ , and zero otherwise. That is, the probability of compliance, denoted by $p(a)$ , equals one if $a\ge s$ , and zero otherwise. The legal system cannot directly influence or regulate t. Courts typically impose liability on auditors for negligence. For example, in Deloitte & Touche v. Livent Inc. the court did not consider why negligence occurred, but only whether or not it did occur. Moreover, we assume that the auditing standards are perfectly precise in determining assurance levels. ¹⁰ Again, whenever there is a lawsuit, the auditor incurs a litigation cost $W<D$ , irrespective of whether the auditor is found liable. This regime resembles the major discipline mechanism faced by auditors prior to the establishment of the PCAOB in the United States.

Regulatory monitors only

Another discipline tool is an audit regulator. We assume the regulator sets the assurance standards. The standards state that an auditor should provide an assurance level of $t_{s}s$ . The s is the level of effort required by auditing standards and $t_s$ is the level of audit effectiveness/quality control required by quality control standards. Since the audit regulator sets $t_s$ and s separately, rather than setting a fixed assurance level, a and t are complements. ¹¹ We model regulatory monitors in terms of their potential for investigation and enforcement, independent of whether there is an audit failure. For example, the PCAOB (post SOX) reviews and investigates auditors’ compliance with auditing standards and quality control standards on an ongoing basis. These reviews and investigations are more stringent than inspections under a self-regulation regime. For example, Anantharaman (2012) found that those firms that chose their own peer reviewers tended to receive peer review opinions that were more favorable than their subsequent PCAOB reports. The regulator always investigates auditors regularly. If the regulator discovers that the auditor is negligent ( $a<s$ and/or $t<t_s$ ), a menu of penalties, denoted by $d$ , will be imposed on her. ¹² Specifically, the regulatory penalty is $d_a$ if $a<s$ but $t=t_s$ ; and is $d_t$ if $t<t_s$ , but a = s; and if both $a<s$ and $t<t_s$ , then ${\mathrm{\delta }}_a$ to punish $a<s$ and ${\mathrm{\delta }}_t$ to punish $t<t_s$ . In this case, auditor due diligence means $a=s$ and t = t_s. The probability of compliance, denoted by $p(\mathrm{ta})$ , equals one if $a\ge s$ and $t\ge t_s$ , and it is zero otherwise. These assumptions are consistent with practice. For example, the PCAOB inspects and evaluates an audit firm’s quality control system and requires that the root causes of negligence be corrected.

Moreover, regulatory costs are significant. We denote these costs by C. For example, to establish and maintain the PCAOB operations, the social planner has to fund the PCAOB’s budget. The average budget of the PCAOB from 2018 to 2020 is US$269.3 million per year. ¹³ It includes various personnel costs (salaries, employee benefits, payroll taxes, etc.), non-personnel costs (administrative expenses, consulting and professional fees, facilities, etc.), and capital expenditures (IT, facilities build-out). This is an important cost. To reduce such costs, the U.S. White House proposed to consolidate the responsibilities of the PCAOB under the Securities Exchange Commission (SEC) starting in 2022, essentially making the PCAOB a department of the SEC.

Regulatory monitors and strict legal systems

If the social planner chooses both regulatory monitors and a strict liability legal system, then auditors must pay investors D if they make Type II errors and the regulator will impose penalties if auditors violate any quality control standards or auditing standards. Auditors also must spend W (litigation cost) to deal with any litigation. The regulator’s investigation and its outcome do not depend on the presence of an audit failure. Thus, the regulatory penalty is not a simple addition to the damage payment determined by courts. However, if audit failures trigger investigations, any related penalties could be added to the expected court-imposed costs without any substantive change to the model. Thus, the investigation can occur any time after the audit is completed. There are material costs to establish and maintain the regulatory oversight.

Regulatory monitors and negligence-based legal systems

This option is a combination of regulatory monitoring and a negligence-based legal system. That is, courts will impose damage award D to auditors if they exert effort less than auditing standards (i.e., $a<s$ ). Regulators impose a menu of penalties to auditors according to their violations, as stated in the section “Regulatory monitors only.” Auditors spend W (litigation cost) to deal with the litigations. There are material costs to establish and maintain the regulatory oversight.

Equilibrium Analysis Under Regulatory Oversight and a Negligence-Based Legal System

Under this section, we solve the equilibrium when auditors face both regulatory monitors and a negligence-based legal system, the discipline mechanisms used in the current practice.

Objectives

Entrepreneur

The entrepreneur’s expected firm price when there is an independent audit, p_a, is the following, where investors hold rational expectations that the auditor will exert effort $a=\hat{a}$ and $t=\hat{t}$ :

$$p_a=\underset{\begin{array}{c}\mathrm{invest}\mathrm{in}\mathrm{detected}\hfill \\ \multicolumn{1}{c}{\mathrm{good}\mathrm{project}}\end{array}}{\underbrace{\mathrm{\beta }\hat{t}\hat{a}(R-I)}}-\underset{\begin{array}{c}\mathrm{invest}\mathrm{in}\mathrm{undeteced}\hfill \\ \multicolumn{1}{c}{\mathrm{bad}\mathrm{project}}\end{array}}{\underbrace{(1-\mathrm{\beta })(1-\hat{t}\hat{a})I}}+\underset{\begin{array}{c}\mathrm{expected}\mathrm{damage}\hfill \\ \multicolumn{1}{c}{\mathrm{award}}\end{array}}{\underbrace{(1-\mathrm{\beta })(1-\hat{t}\hat{a})(1-p\left(\hat{a}\right))D}}.$$ (2)

The firm’s price without an audit is denoted by $p_n$ and it is equal to $\mathrm{\beta }(R-I)-(1-\mathrm{\beta })I$ if $\mathrm{\beta }>(I/R)$ , and equal to zero otherwise. The entrepreneur will hire the auditor if the audit fee F is sufficiently low $(F<E[p_a]-p_n)$ . Given $\mathrm{\beta }>(I/R)$ , the incremental benefit of an audit is the difference between missing out on investing in a good project and avoiding investing in a bad project (i.e., $-\mathrm{\beta }(R-I)(1-\mathrm{ta})+\mathrm{ta}(1-\mathrm{\beta })I$ ). Given $\mathrm{\beta }<(I/R)$ , the incremental benefit of an audit is the difference between investing in a detected good project and investing in an undetected bad project (i.e., $\mathrm{\beta }\mathrm{ta}(R-I)-(1-\mathrm{ta})(1-\mathrm{\beta })I$ ). Since the difference between these two cases is determined by the exogenous parameters, $\mathrm{\beta }(R-I)-(1-\mathrm{\beta })I$ , and is not affected by endogenous variables, in the rest of the article, we focus on the case when $\mathrm{\beta }>(I/R)$ to streamline the analysis. The first-best audit effort and quality control as well as key economic forces are the same for these two cases.

Auditor

The auditor chooses her effort and effectiveness by taking the non-contingent fee F as given and trading off audit cost with the expected liability and expected regulatory penalty:

$$\begin{array}{c}\underset{a,t}{\mathrm{Max}}F-\underset{\mathrm{effort}\mathrm{cost}}{\underbrace{\frac{1}{2}\mathrm{\mu }{a}^2}}-\underset{\mathrm{quality}\mathrm{control}\mathrm{cost}}{\underbrace{\frac{1}{3}k{t}^3}}-\underset{\mathrm{expected}\mathrm{liability}}{\underbrace{(1-\mathrm{\beta })(1-\mathrm{ta})(1-p\left(a\right))D}}-\underset{\mathrm{expected}\mathrm{litigation}\mathrm{cost}}{\underbrace{(1-\mathrm{\beta })(1-\mathrm{ta})W}}-\underset{\mathrm{expected}\mathrm{regulatory}\mathrm{penalty}}{\underbrace{(1-p\left(\mathrm{ta}\right))d}}.\hfill \end{array}$$ (3)

Recall D is damage award, d is regulatory penalty, and W is litigation cost. The entrepreneur, investors, and the social planner anticipate the optimization (Equation 3) when determining their conjectures of the auditor’s effort and effectiveness.

The regulator

The regulator incurs significant regulatory cost $C$ and receives budgets from the social planner. Regulatory penalty is a wealth transfer between the regulator and auditors. The regulator follows the instruction of the social planner to set auditing standards and quality control standards. Since it is a not-for-profit organization, its goal is to maintain a balanced budget. It always inspects the auditor regularly.

Social planner

We define the social surplus as the sum of the expected payoffs of each player. It has the following expression given both regulatory oversight and a negligence-based liability system:

$$\begin{array}{c}{\pi }_{\mathrm{rn}}=\underset{\mathrm{mising}\mathrm{investment}\mathrm{in}\mathrm{good}\mathrm{project}}{\underbrace{-\beta (R-I)(1-\mathrm{ta})}}+\underset{\mathrm{avoid}\mathrm{investment}\mathrm{in}\mathrm{bad}\mathrm{project}}{\underbrace{\mathrm{ta}(1-\beta )I}}-\underset{\mathrm{effort}\mathrm{cost}}{\underbrace{\frac{1}{2}\mu a^2}}\hfill \\ -\underset{\mathrm{quality}\mathrm{control}\mathrm{cost}}{\underbrace{\frac{1}{3}k{t}^3}}-\underset{\mathrm{litigation}\mathrm{cost}}{\underbrace{(1-\beta )(1-\mathrm{ta})W}}-C.\hfill \end{array}$$ (4)

This reflects the fact that neither a legal penalty nor a regulatory penalty contributes to the social surplus, since a legal penalty is a transfer between the firm and the auditor, and a regulatory penalty is a transfer between the regulator and auditor. The auditor could make a Type I error and investors will not invest in the project upon receiving a bad report, though the project’s true type is good. But the auditor is able to detect a bad project with probability $\mathrm{ta}$ and investors can avoid investing in a bad project. The audit effort cost and quality control costs reduce the social surplus. Legal systems introduce an unavoidable deadweight loss resulting from litigation costs of lawsuits. To sustain regulatory oversight, the social planner must incur the cost of C. ¹⁴

The corresponding first-best effort level $a_{\mathrm{fb}}$ and audit effectiveness $t_{\mathrm{fb}}$ satisfy:

$$a_{\mathrm{fb}}={[\mathrm{\beta }(R-I)+(1-\mathrm{\beta })(I+W)]}^3/\left({\mathrm{\mu }}^{2}k\right)$$ (5)

$$t_{\mathrm{fb}}={[\mathrm{\beta }(R-I)+(1-\mathrm{\beta })(I+W)]}^2/\left(\mathrm{\mu }k\right).$$ (6)

The first-best effort and quality control are increasing with the litigation cost, the amount of investment, and the cash flow $R$ . They decrease with the cost multipliers. They increase with the likelihood of project being bad $(1-\mathrm{\beta })$ if $R<2I$ , and otherwise, decrease with this likelihood. We assume the exogenous parameters satisfy $[\mathrm{\beta }(R-I)+(1-\mathrm{\beta })(I+W){]}^5/({\mathrm{\mu }}^3{k}^2)\le 1$ so that $t_{\mathrm{fb}}{a}_{\mathrm{fb}}\le 1$ . The first-best social surplus under regulatory oversight and a negligence-based regime is

$$-\mathrm{\beta }(R-I)(1-t_{\mathrm{fb}}{a}_{\mathrm{fb}})+t_{\mathrm{fb}}{a}_{\mathrm{fb}}(1-\mathrm{\beta })I-(1/2)\mathrm{\mu }{a_{\mathrm{fb}}}^2-(1/3)k{t_{\mathrm{fb}}}^3-(1-\mathrm{\beta })(1-t_{\mathrm{fb}}{a}_{\mathrm{fb}})W-C$$

Equilibrium

In equilibrium, the auditor chooses effort and effectiveness to minimize her total cost. The social planner correctly conjectures the auditor’s choices and sets the regulatory penalties to induce the auditor to take the optimal actions. The regulator always inspects the auditor and follows the social planner’s instruction to set auditing standards and quality control standards.

Auditor’s effort and audit effectiveness decision

The auditor selects effort and effectiveness to optimize Equation 3. The auditor’s effort and effectiveness will either be an interior effort choice or the auditing standard s and quality control standards $t_s$ . The auditor will never generate assurance greater than the standards because that would do nothing to reduce the expected liability or the regulatory penalty, but it would increase audit costs. We solve the game using backward induction. We solve a first given t and then solve for t, because the auditor invests t first before servicing clients and then chooses a for each client individually in practice. We present the proof in Online Appendix II.

• Lemma 1: There exist threshold values of regulatory penalties such that the auditor chooses combinations of t and a to minimize her total costs, under regulatory oversight and a negligence-based legal system.

The social planner’s choices on penalties and standards

Given that there are regulatory oversight and negligence-based liability systems, the social planner chooses the regulatory penalty and sets the standards to induce first-best effort and quality control. We summarize the regulator’s decisions in equilibrium in the following proposition; cutoff values ( $d_a^{\mathrm{rn}}$ , $d_t^{\mathrm{rn}}$ , ${\mathrm{\delta }}_a^{\mathrm{rn}}$ , ${\mathrm{\delta }}_t^{\mathrm{rn}}$ ) are defined in the proof. ¹⁵ The regulatory penalty is $d_a\ge d_a^{\mathrm{rn}}$ if $t=t_s$ , but $a<s$ ; and is $d_t\ge d_t^{\mathrm{rn}}$ if $t<t_s$ , but $a=s$ ; and if both $a<s$ and $t<t_s$ then the penalty is ${\mathrm{\delta }}_a\ge {\mathrm{\delta }}_a^{\mathrm{rn}}$ to punish $a<s$ and ${\mathrm{\delta }}_t\ge {\mathrm{\delta }}_t^{\mathrm{rn}}$ to punish $t<t_s$ . Note that the regulator sets the standards according to the social planner’s instructions.

• Proposition 1: Under regulatory oversight and a negligence-based legal system, there exist threshold penalty values $d_a^{\mathrm{rn}}$ , $d_t^{\mathrm{rn}}$ , ${\mathrm{\delta }}_a^{\mathrm{rn}}$ , ${\mathrm{\delta }}_t^{\mathrm{rn}}$ such that the regulator sets the standard toughness as $s^{*}=a_{\mathrm{fb}}$ , and the audit quality control as t_s^* = t_fb. The auditor exerts the first-best effort and the first-best quality control.

This proposition indicates that a rational social planner can anticipate the auditor’s behavior and utilize regulatory tools to induce the auditor to behave optimally (i.e., first-best). Following the instructions of the social planner, the regulator sets standards requiring auditors to exert first-best effort and effectiveness. The social planner sets the expected penalty at a sufficiently high level such that the auditor will exercise due care. ¹⁶

Although in equilibrium, the social planner sets optimal standards and penalties so that the auditor complies with standards, we observe noncompliance in practice. Our results are achieved by assuming all auditors are the same and the regulator can set the standards specifically for this type of auditor. However, auditors are different, and the regulator cannot set a unique set of standards that are optimal for every type of auditor. We can observe noncompliant auditors in the markets if we analyze the impact of regulatory oversight on audit markets. In addition, we also observe noncompliance under a strict liability regime without a regulator.

Next, we conduct comparative statics analysis on the cutoff values of regulatory penalties as shown in Proposition 1 to shed light on empirical observations of penalty differences across countries. The analysis shows that the cutoff values for regulatory penalties, except $d_t^{\mathrm{rn}}$ , are decreasing functions of the legal damage award. That is, the regulatory penalties are higher if legal penalties are lower. This is consistent with an empirical observation that the regulatory penalties imposed on auditors are much higher in China than in the United States, though auditors face lower legal penalties in China. For example, consider the China Securities Regulatory Commission’s 2016 enforcement to Reanda Certified Public Accountant on being negligent in auditing Fujian Liancheng Orchid 2012 to 2014 financial statements: there was a 2,050,000 RMB (approximately US$290,000) fine and confiscation of 2,050,000 RMB in revenue for the audit firm. A warning was issued to the two engagement partners with 50,000 RMB (US$7,000) fine each. ¹⁷ In contrast, the typical fine imposed by the U.S. PCAOB is US$10,000. ¹⁸ This fine is considerably smaller than typical fines in China. The following corollary summarizes the discussion.

• Corollary 1: The cutoff values of regulatory penalties are decreasing functions of the legal damage award, except that $d_t^{\mathrm{rn}}$ is not a function of D.

The penalty imposed on the auditor for not building sufficient audit effectiveness (i.e., $d_t^{\mathrm{rn}}$ ) is not a function of D. This is because the effectiveness is not enforced if the disciplinary enforcement on auditors is only from the legal system.

Equilibrium Analysis Under Regulatory Oversight and a Strict Liability Regime

If there are both a legal system and regulatory oversight, there are litigation costs $(1-\mathrm{\beta })(1-\mathrm{ta})W$ and the costs of maintaining the regulatory oversight C. Hence, the expression of social surplus under regulatory oversight and a strict liability regime is the same as that under regulatory oversight and a negligence-based liability regime. The social surplus under regulatory oversight and a strict liability regime is

$$\begin{array}{c}{\mathrm{\pi }}_{\mathrm{rs}}=\underset{\mathrm{mising}\mathrm{investment}\mathrm{in}\mathrm{good}\mathrm{project}}{\underbrace{-\mathrm{\beta }(R-I)(1-\mathrm{ta})}}+\underset{\mathrm{avoid}\mathrm{investment}\mathrm{in}\mathrm{bad}\mathrm{project}}{\underbrace{\mathrm{ta}(1-\mathrm{\beta })I}}-\underset{\mathrm{effort}\mathrm{cost}}{\underbrace{\frac{1}{2}\mathrm{\mu }{a}^2}}\hfill \\ -\underset{\mathrm{quality}\mathrm{control}\mathrm{cost}}{\underbrace{\frac{1}{3}k{t}^3}}-\underset{\mathrm{litigation}\mathrm{cost}}{\underbrace{(1-\mathrm{\beta })(1-\mathrm{ta})W}}-C.\hfill \end{array}$$ (7)

Maximizing the above expression yields the maximum ${\mathrm{\pi }}_{\mathrm{rs}}$ when $a_{\mathrm{fb}}=[\mathrm{\beta }(R-I)+(1-\mathrm{\beta })(I+W){]}^3/({\mathrm{\mu }}^{2}k)$ and $t_{\mathrm{fb}}=[\mathrm{\beta }(R-I)+(1-\mathrm{\beta })(I+W){]}^2/(\mathrm{\mu }k)$ . They are the same as the first-best effort and quality control under regulatory oversight and a negligence-based liability regime.

The key difference is that standards become irrelevant in determining the auditor’s liability. The auditor’s total cost becomes

$$\frac{1}{2}\mathrm{\mu }{a}^2+\frac{1}{3}k{t}^3+(1-\mathrm{\beta })(1-\mathrm{ta})(D+W)+(1-p\left(\mathrm{ta}\right))d.$$ (8)

Depending on the regulatory penalties for noncompliance with the standards, the auditor’s effort and effectiveness will either be an interior effort choice or the auditing standard s and quality control standards $t_s$ . Again, we solve a first given t and then solve for t, because the auditor invests t first and then chooses a for each client individually in practice.

• Lemma 2: Under regulatory oversight and a strict liability regime, there exist threshold values of regulatory penalties such that the auditor chooses combinations of t and a to minimize her total costs.

The social planner then chooses regulatory penalties to induce the auditor to exert the first-best effort and quality control. We summarize the penalties in the following proposition; cutoff values ( $d_a^{\mathrm{rs}}$ , $d_t^{\mathrm{rs}}$ , ${\mathrm{\delta }}_a^{\mathrm{rs}}$ , ${\mathrm{\delta }}_t^{\mathrm{rs}}$ ) are defined in the proof. The regulatory penalty is $d_a\ge d_a^{\mathrm{rs}}$ if $t=t_s$ , but $a<s$ ; and is $d_t\ge d_t^{\mathrm{rs}}$ if $t<t_s$ , but $a=s$ ; and if both $a<s$ and $t<t_s$ , then the penalty is, ${\mathrm{\delta }}_a\ge {\mathrm{\delta }}_a^{\mathrm{rs}}$ to punish $a<s$ and ${\mathrm{\delta }}_t\ge {\mathrm{\delta }}_t^{\mathrm{rs}}$ to punish $t<t_s$ .

• Proposition 2: Under regulatory oversight and a strict legal system, there exist threshold penalty values $d_a^{\mathrm{rs}}$ , $d_t^{\mathrm{rs}}$ , ${\mathrm{\delta }}_a^{\mathrm{rs}}$ , ${\mathrm{\delta }}_t^{\mathrm{rs}}$ such that the regulator sets the standard toughness as $s^{*}=a_{\mathrm{fb}}$ , and the quality control as ${t_s}^{*}=t_{\mathrm{fb}}$ . The auditor exerts the first-best effort and the first-best quality control.

Comparing the regulatory penalty threshold values $d_a^{\mathrm{rs}}$ , $d_t^{\mathrm{rs}}$ , ${\mathrm{\delta }}_a^{\mathrm{rs}}$ , ${\mathrm{\delta }}_t^{\mathrm{rs}}$ under regulatory oversight and a strict legal system with $d_a^{\mathrm{rn}}$ , $d_t^{\mathrm{rn}}$ , ${\mathrm{\delta }}_a^{\mathrm{rn}}$ , ${\mathrm{\delta }}_t^{\mathrm{rn}}$ , we find that $d_a^{\mathrm{rs}}>d_a^{\mathrm{rn}}$ , ${\mathrm{\delta }}_a^{\mathrm{rs}}>{\mathrm{\delta }}_a^{\mathrm{rn}}$ , $d_t^{\mathrm{rs}}<d_t^{\mathrm{rn}}$ , and ${\mathrm{\delta }}_t^{\mathrm{rs}}={\mathrm{\delta }}_t^{\mathrm{rn}}$ . First, $d_a^{\mathrm{rs}}>d_a^{\mathrm{rn}}$ is because complying with auditing standards does not help eliminate a damage award in a strict liability regime and thus, the auditor needs stronger regulatory incentives to comply with the standards. Second, ${\mathrm{\delta }}_a^{\mathrm{rs}}>{\mathrm{\delta }}_a^{\mathrm{rn}}$ is due to a positive net effect from the strict liability. The direct effect is the same as above, that is, complying with standards does not help eliminate a damage award in a strict liability regime and thus, the auditor needs stronger regulatory incentives to comply with the standards. However, the strict liability also has an indirect effect. Quality control does not reduce the expected liability under a negligence-based regime, but it does under a strict liability regime. Hence, the auditor increases quality control under the strict liability regime. The increase of quality control then reduces expected litigation cost, so the auditor needs fewer incentives. The direct effect dominates the indirect effect, and thus, ${\mathrm{\delta }}_a^{\mathrm{rs}}>{\mathrm{\delta }}_a^{\mathrm{rn}}$ . Third, the $d_t^{\mathrm{rs}}$ is less than the $d_t^{\mathrm{rn}}$ under a negligence-based and regulatory oversight regime. The main effect is that the auditor has more incentive to increase quality control under a strict liability regime than under a negligence-based regime and thus, requires fewer regulatory incentives to comply with the quality control standards. Fourth, ${\mathrm{\delta }}_t^{\mathrm{rs}}={\mathrm{\delta }}_t^{\mathrm{rn}}$ is because under both a strict and a negligence-based regime, complying with quality control standards does not eliminate the auditor’s liability.

We summarize these results in the following corollary.

• Corollary 2: The regulatory penalty threshold values under regulatory oversight and a strict legal system have the following relation with those threshold values under regulatory oversight and a negligence-based regime: $d_a^{\mathrm{rs}}>d_a^{\mathrm{rn}}$ , ${\mathrm{\delta }}_a^{\mathrm{rs}}>{\mathrm{\delta }}_a^{\mathrm{rn}}$ , $d_t^{\mathrm{rs}}<d_t^{\mathrm{rn}}$ , and ${\mathrm{\delta }}_t^{\mathrm{rs}}={\mathrm{\delta }}_t^{\mathrm{rn}}$ .

Proposition 2 and Corollary 2 imply that if the regulatory penalties are not properly set, the first-best social surplus will not be obtained, and they can cause lower audit effort and quality control. If the regulatory penalties are set properly, the auditor will exert the first-best effort and quality control, and the social planner can achieve the same maximum social surplus as the surplus under regulatory oversight and a negligence-based liability regime.

Equilibrium Analysis Under Negligence-Based Liability Regimes

When the discipline mechanism includes only negligence-based liability regime, there is no regulator. Hence, the regulatory cost $C$ is zero. The social surplus becomes

$$\begin{array}{c}{\mathrm{\pi }}_n=\underset{\mathrm{mising}\mathrm{investment}\mathrm{in}\mathrm{good}\mathrm{project}}{\underbrace{-\mathrm{\beta }(R-I)(1-\mathrm{ta})}}+\underset{\mathrm{avoid}\mathrm{investment}\mathrm{in}\mathrm{bad}\mathrm{project}}{\underbrace{\mathrm{ta}(1-\mathrm{\beta })I}}-\underset{\mathrm{effort}\mathrm{cost}}{\underbrace{\frac{1}{2}\mathrm{\mu }{a}^2}}\hfill \\ \multicolumn{1}{c}{-\underset{\mathrm{quality}\mathrm{control}\mathrm{cost}}{\underbrace{\frac{1}{3}k{t}^3}}-\underset{\mathrm{litigation}\mathrm{cost}}{\underbrace{(1-\mathrm{\beta })(1-\mathrm{ta})W}}.}\end{array}$$ (9)

The first-best audit effort and quality control are the same as those under regulatory oversight and negligence-based liability regime, as specified in Equations 5 and 6.

When there is no regulator, following the practice, we assume the audit profession itself sets auditing standards and quality control standards. One can refer to this as “self-regulation,” but self-regulation does not enforce compliance with standards effectively (Anantharaman, 2012). Hence, there are no regulatory penalties. As demonstrated in Ye and Simunic (2013), the audit profession will set standards to maximize the social surplus as long as it can keep part of the social surplus. Therefore, auditing standards $s=a_{\mathrm{fb}}$ as in Equation 5 and quality control standards $t=t_{\mathrm{fb}}$ as in Equation 6.

Next, we solve the equilibrium effort and audit effectiveness. The auditor’s total cost becomes

$$\underset{\mathrm{effort}\mathrm{cost}}{\underbrace{\frac{1}{2}k{a}^2}}+\underset{\mathrm{quality}\mathrm{control}\mathrm{cost}}{\underbrace{\frac{1}{3}\mathrm{\mu }{t}^3}}+\underset{\mathrm{expected}\mathrm{liability}}{\underbrace{(1-\mathrm{\beta })(1-\mathrm{ta})(1-p\left(a\right))D}}+\underset{\mathrm{expected}\mathrm{litigation}\mathrm{cost}}{\underbrace{(1-\mathrm{\beta })(1-\mathrm{ta})W}}.$$ (10)

If the auditor complies with auditing standards, she can avoid the liability. However, since the auditor does not incur any penalty if her quality control is below the standards, she has less incentive to comply with such standards. Since the first-best effort increases with the profitability of the project $R$ and auditing standards are set at the first-best, it may become less costly for an auditor to choose noncompliance, because the maximum damage award is I. Hence, she chooses audit effort equal to the standards if the damage award is sufficiently large given $R<R^{†}$ and chooses quality control to minimize her total cost given $a=s$ . We summarize the result in the following lemma.

• Lemma 3: There exists a threshold value of damage award such that the auditor chooses to comply with auditing standards under a negligence-based liability regime if $R<R^{†}$ .

If the cash flow of a good project (i.e., $R$ ) is very large, then a damage award less than or equal to I may not be sufficient to induce the auditor to exert the first-best effort. This is because the auditor may make both Type I and Type II errors, but the legal system only punishes the auditor for making Type II errors. The first-best effort is higher than what the legal system can motivate the auditor to undertake, since the first-best effort minimizes both Type I and II errors. Note that a higher chance of the project being good reduces the $R^{†}$ . In other words, if the project has very high chance of success and/or is very profitable, then the auditor may not comply with the first-best standards. Those standards are set very high to reduce Type I errors and avoid missing out on profitable projects.

Substituting the equilibrium effort and quality control into the social surplus expression yields the maximum surplus under a negligence-based liability regime given $R<R^{†}$ .

$$-\mathrm{\beta }(R-I)(1-t_{n1}{a}_{\mathrm{fb}})+t_{n1}{a}_{\mathrm{fb}}(1-\mathrm{\beta })I-\frac{1}{2}\mathrm{\mu }{a_{\mathrm{fb}}}^2-\frac{1}{3}k{t_{n1}}^3-(1-\mathrm{\beta })(1-t_{n1}{a}_{\mathrm{fb}})W,$$

where $t_{n1}={[a_{\mathrm{fb}}(1-\mathrm{\beta })W/k]}^{\frac{1}{2}}$ .

Equilibrium Analysis Under Strict Liability Regimes

Similar to the negligence-based liability regime, when the discipline mechanism includes only a strict liability regime, there is no regulator. Hence, the regulatory cost $C$ is zero. The social surplus becomes

$${\mathrm{\pi }}_s=-\mathrm{\beta }(R-I)(1-\mathrm{ta})+\mathrm{ta}(1-\mathrm{\beta })I-\frac{1}{2}\mathrm{\mu }{a}^2-\frac{1}{3}k{t}^3-(1-\mathrm{\beta })(1-\mathrm{ta})W.$$ (11)

The first-best audit effort and quality control are the same as those under the previous regimes $:a_{\mathrm{fb}}=[\mathrm{\beta }(R-I)+(1-\mathrm{\beta })(I+W){]}^3/({\mathrm{\mu }}^{2}k)$ and $t_{\mathrm{fb}}=[\mathrm{\beta }(R-I)+(1-\mathrm{\beta })(I+W){]}^2/(\mathrm{\mu }k)$ .

The key difference between the negligence-based liability regime and the strict liability regime is how the auditor responds to the change of the discipline mechanism. Under a strict liability regime, the auditor will be held liable whenever a Type II error occurs, that is, when the auditor issues a clean opinion on a good report and investors invest in the project, but the project subsequently fails. Courts do not rely on auditing standards to judge whether the auditor is liable. The auditing standards and quality control standards are irrelevant to the auditor. The auditor’s total costs become

$$\frac{1}{2}\mathrm{\mu }{a}^2+\frac{1}{3}k{t}^3+(1-\mathrm{\beta })(1-\mathrm{ta})(D+W).$$

The auditor chooses both a and t to minimize her total cost. She chooses quality control first and given the quality control, she chooses audit effort when she visits the client. First-order conditions yield $t_{\mathrm{nc}}=[(1-\mathrm{\beta })(D+W){]}^2/(\mathrm{\mu }k)$ and $a_{\mathrm{nc}}=[(1-\mathrm{\beta })(D+W){]}^3/({\mathrm{\mu }}^{2}k)$ .

We substitute the auditor’s choices into the social surplus and obtain the maximum surplus under a strict liability system:

$$-\mathrm{\beta }(R-I)(1-t_{\mathrm{nc}}{a}_{\mathrm{nc}})+t_{\mathrm{nc}}{a}_{\mathrm{nc}}(1-\mathrm{\beta })I-\frac{1}{2}\mathrm{\mu }{a_{\mathrm{nc}}}^2-\frac{1}{3}k{t_{\mathrm{nc}}}^3-(1-\mathrm{\beta })(1-t_{\mathrm{nc}}{a}_{\mathrm{nc}})W.$$ (12)

Equilibrium Analysis Under Regulatory Oversight Only

If there is only regulatory oversight to discipline auditors and the legal system is very weak (essentially damage award is zero), then there is no litigation cost because there will be no litigation against auditors. The regulatory cost C remains. The social surplus becomes

$$\begin{array}{c}{\mathrm{\pi }}_r=\underset{\mathrm{mising}\mathrm{investment}\mathrm{in}\mathrm{good}\mathrm{project}}{\underbrace{-\mathrm{\beta }(R-I)(1-\mathrm{ta})}}+\underset{\mathrm{avoid}\mathrm{investment}\mathrm{in}\mathrm{bad}\mathrm{project}}{\underbrace{\mathrm{ta}(1-\mathrm{\beta })I}}-\underset{\mathrm{effort}\mathrm{cost}}{\underbrace{\frac{1}{2}\mathrm{\mu }{a}^2}}\hfill \\ -\underset{\mathrm{quality}\mathrm{control}\mathrm{cost}}{\underbrace{\frac{1}{3}k{t}^3}}-C.\hfill \end{array}$$

The first-best audit effort and quality control are the following:

$$a_{\mathrm{fb}}^r={[\mathrm{\beta }(R-I)+(1-\mathrm{\beta })I]}^3/\left({\mathrm{\mu }}^{2}k\right)$$ (13)

$$t_{\mathrm{fb}}^r={[\mathrm{\beta }(R-I)+(1-\mathrm{\beta })I]}^2/\left(\mathrm{\mu }k\right)$$ (14)

It is straightforward to see that $a_{\mathrm{fb}}^r<a_{\mathrm{fb}}$ and $t_{\mathrm{fb}}^r<t_{\mathrm{fb}}$ . The litigation costs when legal system is in place motivate the auditors to work harder to reduce the chance of litigation.

The auditor chooses her effort and quality control to minimize her total cost:

$$\frac{1}{2}\mathrm{\mu }{a}^2+\frac{1}{3}k{t}^3+(1-p\left(\mathrm{ta}\right))d.$$ (15)

The probability of compliance $p\left(\mathrm{ta}\right)$ is equal to one if the auditor complies with both auditing standards and quality control standards, $a=s$ and $t=t_s$ . If the auditor does not comply with the standards, she will receive a menu of penalties. The regulatory penalty is $d_a^r$ if $t=t_s$ , but $a<s$ ; and is $d_t^r$ if $t<t_s$ , but $a=s$ ; and if both $a<s$ and $t<t_s$ , then is ${\mathrm{\delta }}_a^r$ to punish $a<s$ and ${\mathrm{\delta }}_t^r$ to punish $t<t_s$ . The following lemma summarizes the auditor’s choices.

• Lemma 4: The auditor will choose compliance versus noncompliance according to the regulatory penalties.

Since the social planner would like to maximize the social surplus, it will set the regulatory penalties such that it is more cost efficient for the auditor to comply with both auditing and quality control standards. The following proposition summarizes the threshold values of the penalties and the equilibrium under regulatory oversight.

• Proposition 3: Under regulatory oversight, there exist threshold penalty values $d_a^r$ , $d_t^r$ , ${\mathrm{\delta }}_a^r$ , ${\mathrm{\delta }}_t^r$ such that the regulator sets the standard toughness as $s^{*}=a_{\mathrm{fb}}^r$ , and the quality control as ${t_s}^{*}=t_{\mathrm{fb}}^r$ . The auditor exerts the first-best effort and the first-best quality control.

Substituting $a_{\mathrm{fb}}^r$ and $t_{\mathrm{fb}}^r$ into ${\mathrm{\pi }}_r$ yields the maximum social surplus under the regulatory oversight. That is,

$$-\mathrm{\beta }(R-I)(1-t_{\mathrm{fb}}^r{a}_{\mathrm{fb}}^r)+t_{\mathrm{fb}}^r{a}_{\mathrm{fb}}^r(1-\mathrm{\beta })I-\frac{1}{2}\mathrm{\mu }{a}_{\mathrm{fb}}^2-\frac{1}{3}{\mathrm{kt}}_{\mathrm{fb}}^3-C.$$

Comparisons and Social Planner’s Optimal Discipline Choice

In this section, we compare the maximum social surplus under each type of discipline regime and discuss the trade-offs of these choices. Table 1, presented in Online Appendix III, summarizes the equilibrium audit effort and quality control as well as the maximum social surplus under various regimes.

The regulatory oversight and negligence-based liability regime provides the same maximum social surplus as the regulatory oversight and strict liability regime. However, to achieve this result, the regulatory penalties imposed on auditors when they do not comply with either type of standard differ under these two regimes, as shown in Corollary 2. Hence, we then focus on the comparison between the regulatory oversight and negligence-based liability regime and three other regimes: negligence-based liability regime, strict liability regime, and only regulatory oversight.

Negligence-Based Liability Regime

Under a negligence-based liability regime, if a legal system is strong (i.e., D is large) and if the cash flow of a good project (i.e., $R$ ) is not very large, then the audit liability is sufficient to ensure the first-best audit effort, and regulatory enforcement cannot improve audit effort. On the other hand, quality control is not first-best under the negligence-based liability regime because the quality control is not enforced by courts under this regime. Regulatory enforcement induces the auditor to exert the first-best effort and to create first-best audit effectiveness (more quality control) by enforcing both. Hence, the auditor will build higher quality control under regulatory oversight than under legal enforcement. Therefore, regulatory enforcement can improve social surplus even if the damage award is high.

Nonetheless, as implied in Lemma 3, if the cash flow of a good project (i.e., $R$ ) is very large, the damage award is not sufficient to induce the first-best effort, and regulatory oversight can improve the social surplus by setting regulatory penalty to ensure the first-best effort. This is because the first-best effort minimizes both Type I and Type II errors. The auditor is not sued for making Type I errors. The legal damage is not sufficient to motivate the auditor to improve her effort to reduce Type I errors. In this case, the regulatory enforcement has two benefits: improving quality control and improving audit effort. Hence, if the social planner expects the project to be highly profitable, it will be more likely to engage in regulatory oversight on top of the negligence-based liability system.

However, it is very costly to establish and maintain audit regulatory oversight. Therefore, whether regulatory oversight can improve the social surplus depends on these trade-offs. Define the benefits generated by the regulatory enforcement relative to a negligence-based liability system by C_n. If these benefits are greater than the regulatory costs, then the regulatory enforcement can improve the social surplus and the social planner will choose the regulatory oversight and negligence-based regime rather than the negligence-based liability regime only. Otherwise, the reverse is true. We summarize the above discussions in the following proposition.

• Proposition 4: If $C>C_n$ , then regulatory enforcement will impair social surplus in the presence of a strong negligence-based legal system, but regulatory enforcement can improve social surplus if $C<C_n$ .

We conduct the above analysis based on the condition that the regulator can set and enforce quality control, but courts cannot enforce it. If we relax this condition (i.e., courts can enforce both effort and quality control), what is the incremental effect of regulatory oversight? Whether regulatory oversight is beneficial depends on the project profitability. As discussed above, if the cash flow of a good project (i.e., $R$ ) is very large, even a strong legal system cannot induce first-best audit effort and quality control since auditors are not liable for Type I errors and the damage award cannot be larger than the investment amount, but a regulator can set a regulatory penalty sufficiently large to induce first-best audit effort. In this case, the regulatory oversight can still provide incremental benefit. On the other hand, if the profitability of a good project is not large, then the regulatory oversight can impair social surplus. The reason is as follows. Lower profitability of a good project requires lower first-best audit effort and quality control. When the legal system is strong, courts can impose sufficiently large penalties for noncompliance so as to induce auditor compliance with both auditing and quality control standards (equal to the lower first-best audit effort and quality control) and thus, maximum social surplus can be achieved. The regulatory oversight reduces social surplus due to the significant regulatory costs.

Next, we discuss another scenario: when the regulator is not able to perfectly induce optimal actions, that is, the toughness of the standards is set too high for exogenous reasons. Conventional wisdom suggests that regulatory enforcement can improve audit effort and social surplus, given that greater enforcement implies higher expected penalties. However, our analysis shows that whether regulatory enforcement improves the surplus depends on the auditing standards, regulatory costs and the level of the damage award. Regulatory enforcement does not necessarily improve social surplus. If the regulator sets the standards too tough, then regulatory enforcement may reduce social surplus. Due to the regulatory penalty, the auditor will comply with standards that are tougher than the first-best (optimal). This action will impair social surplus. If, for some exogenous reasons (e.g., building a reputation for being stringent), the regulator sets the standards too tough (i.e., above first-best effort and below the highest standards that auditors will comply with), then regulatory enforcement can reduce social surplus. This result is consistent with the audit practice. The PCAOB Auditing Standards No. 2 was replaced by No. 5 since the former was perceived as being too tough. This result improves upon the existing literature, since it shows the direct link between regulator, standards, and social surplus. Corollary 3 summarizes these discussions. ¹⁹

• Corollary 3: For a given $t=t_{\mathrm{fb}}$ , regulatory enforcement can cause auditor over-investment in effort and will reduce social surplus if $s\in (a_{\mathrm{fb}},{\overline{s}}_R)$ .

Strict Liability

The analysis under a strict liability regime is similar to the analysis under a negligence-based regime if the cash flow from a good project is very high ( $R\ge R^{†}$ ). When the project is very profitable, the first-best effort must be very high to reduce Type I errors. It would be too costly for the auditor to comply with the first-best effort, and thus, she ignores the standards and behaves as if under a strict liability regime. Under a strict liability regime, the auditor will be held liable whenever there is a Type II error, regardless of her choices of effort and quality control. Complying with the standards does not help reduce the auditor’s liability. The maximum social surplus under a strict liability regime is

$$-\mathrm{\beta }(R-I)(1-t_{\mathrm{nc}}{a}_{\mathrm{nc}})+t_{\mathrm{nc}}{a}_{\mathrm{nc}}(1-\mathrm{\beta })I-\frac{1}{2}\mathrm{\mu }{a_{\mathrm{nc}}}^2-\frac{1}{3}k{t_{\mathrm{nc}}}^3-(1-\mathrm{\beta })(1-t_{\mathrm{nc}}{a}_{\mathrm{nc}})W,$$

where $a_{\mathrm{nc}}={\left[(1-\mathrm{\beta })(D+W)\right]}^3/\left({\mathrm{\mu }}^{2}k\right)$ and $t_{\mathrm{nc}}={\left[(1-\mathrm{\beta })(D+W)\right]}^2/\left(\mathrm{\mu }k\right)$ .

Establishing a regulator to monitor the auditor can increase both audit effort and quality control. But regulatory cost could be high. Hence, the social planner chooses whether to add a regulator based on these two trade-offs (improve audit quality vs. higher regulatory cost). Denote the increase of social surplus due to higher audit effort and quality control by $C_s$ . The following corollary summarizes the finding.

• Corollary 4: If $C>C_s$ , then regulatory enforcement will impair social surplus in the presence of a strict liability system, but regulatory enforcement can improve social surplus if $C<C_s$ .

Regulatory Oversight Only

In the United States, the legal system may be sufficiently stringent. However, countries such as China, Japan, and India (as well as others) have weak legal systems where the damage award size is nearly zero when audit failures occur. Can regulatory oversight be sufficient to achieve the highest social surplus? We show that using only regulatory oversight can save the litigation cost, but regulatory oversight combined with a legal system can induce higher audit effort and quality control. When there is a legal system, litigation cost is unavoidable and the social planner requires higher levels of audit effort and quality control to maximize the social surplus compared with when there is only regulatory oversight (i.e., the first-best effort and quality control are higher). However, the benefit due to the improvement of audit quality is less than the cost imposed by litigation deadweight loss. Hence, the combination of legal system and regulatory oversight does not provide higher social surplus than regulatory oversight only. However, this result is obtained under the assumption that regulatory oversight will inspect each audit and has perfect information regarding the project. If the regulator has poor knowledge of the riskiness of the project (public common knowledge is the mean of the riskiness) while the auditor has perfect information, then regulatory oversight can create a great chance of error. In contrast, legal systems can verify that information. If we add this positive effect of legal systems into the model as a fixed benefit, then whether the combination of regulator and liability is better than regulator alone will depend on this trade-off: benefit from information verification versus the net cost from litigation deadweight loss (i.e., litigation cost minus benefit from higher audit quality).

The difference of social surplus between regulatory oversight only and the combination of regulatory oversight and legal system increases with $W$ , $I$ , $\mathrm{\mu }$ , $k$ and decreases with $\mathrm{\beta }$ if $R>2I+W$ and decreases with $R.$ Higher $W$ , $I$ , $\mathrm{\mu }$ , $k$ , and lower $R$ will make regulatory oversight better than the combination. When litigation cost is larger, a liability system imposes more costs, which makes the combination of regulatory oversight and liability system less desirable. When it is more costly to increase audit effort or quality control, the improvement from audit effort and quality control decreases, making it less beneficial to have both a regulator and court. When the investment increases, the benefits from higher audit quality decrease, and thus, it is less beneficial to have both. Moreover, if the project is more likely to be profitable ( $\mathrm{\beta }$ increases), then it is less likely litigation will occur and deadweight loss from litigations will be smaller. However, if $R>2I-[((1-t_{\mathrm{fb}}{a}_{\mathrm{fb}})W)/(t_{\mathrm{fb}}{a}_{\mathrm{fb}}-t_{\mathrm{fb}}^r{a}_{\mathrm{fb}}^r)]$ , then if the project is more likely to be good, audit quality has to increase and the benefit from the combination regime increases. If $R$ is very small, then if the project is more likely to be good, the auditor does not have to work as hard to detect a bad project. Audit quality is reduced, which makes the combination regime less attractive.

Finally, we check whether regulatory oversight can replace legal systems by comparing the social surplus under regulator monitor only with that under a negligence-based regime given $R\ge R^{†}$ or a strict liability system. Under both legal systems, the maximum equilibrium audit effort is $a_{\mathrm{nc}}=[(1-\mathrm{\beta })(I+W){]}^3/({\mathrm{\mu }}^{2}k)$ , and quality control $t_{\mathrm{nc}}=[(1-\mathrm{\beta })(I+W){]}^2/(\mathrm{\mu }k)$ , since $D\le I$ . Under regulatory oversight only, the audit effort is $a_{\mathrm{fb}}^r=[\mathrm{\beta }(R-I)+(1-\mathrm{\beta }){]}^3/({\mathrm{\mu }}^{2}k)$ , and quality control is $t_{\mathrm{fb}}^r=[\mathrm{\beta }(R-I)+(1-\mathrm{\beta })I{]}^2/(\mathrm{\mu }k)$ . The difference in the quality control under these two regimes is $[(1-\mathrm{\beta })W-\mathrm{\beta }(R-I)][(1-\mathrm{\beta })(2I+W)+\mathrm{\beta }(R-I)]/(\mathrm{\mu }k)$ . Hence, it could be positive or negative. The difference in audit effort has a similar structure. Intuitively, regulatory oversight can induce the auditor to increase quality control or audit effort to reduce Type I error, but legal system can induce her to increase control and effort due to higher litigation cost. Moreover, regulatory oversight is ex ante costly because of regulatory cost, while legal system is ex post costly because of the litigation cost. Therefore, the social planner chooses one system over the other after considering these trade-offs. Moreover, the comparison between regulatory oversight and a negligence-based liability regime given $R<R^{†}$ is similar. Corollary 5 summarizes the finding.

• Corollary 5: Relying only on regulatory oversight may provide higher social surplus than using both regulatory oversight and liability system. However, regulatory oversight may not replace legal systems. The difference of social surplus between regulatory oversight only and the combination of regulatory oversight and legal system increases with $W$ , $I$ , $\mathrm{\mu }$ , $k$ and decreases with $R$ . This difference decreases with $\mathrm{\beta }$ if $R>2I-[((1-t_{\mathrm{fb}}{a}_{\mathrm{fb}})W)/(t_{\mathrm{fb}}{a}_{\mathrm{fb}}-t_{\mathrm{fb}}^r{a}_{\mathrm{fb}}^r)]$ and increases with $\mathrm{\beta }$ if $I<R<2I-[((1-t_{\mathrm{fb}}{a}_{\mathrm{fb}})W)/(t_{\mathrm{fb}}{a}_{\mathrm{fb}}-t_{\mathrm{fb}}^r{a}_{\mathrm{fb}}^r)]$ .

In summary, the social planner can choose one disciplinary system over another by considering specific trade-offs among various options. For example, a regulatory oversight could be the best if the regulatory cost is not too high. ²⁰ To better illustrate the comparisons, we present the social surplus under different regimes in Online Appendix IV Figure 1. It shows that if regulatory cost is not too high, then regulatory oversight only may provide the highest social surplus, that is ${\mathrm{\pi }}_r\ge {\mathrm{\pi }}_{\mathrm{rn}}={\mathrm{\pi }}_{\mathrm{rs}}$ , though the relative position of line ${\mathrm{\pi }}_r$ and ${\mathrm{\pi }}_{\mathrm{rn}}$ is affected by the litigation cost $W$ . If $C<C_n$ , then ${\mathrm{\pi }}_{\mathrm{rn}}>{\mathrm{\pi }}_n$ given $R<R^{†}$ ; otherwise, ${\mathrm{\pi }}_{\mathrm{rn}}\le {\mathrm{\pi }}_n$ given $R<R^{†}$ . If $C<C_s$ , then ${\mathrm{\pi }}_{\mathrm{rn}}>{\mathrm{\pi }}_s={\mathrm{\pi }}_n$ given $R>R^{†}$ ; otherwise, ${\mathrm{\pi }}_{\mathrm{rn}}\le {\mathrm{\pi }}_s={\mathrm{\pi }}_n$ given $R>R^{†}$ .

Empirical Implications

Regulatory Oversight Incremental Effect

Proposition 4 suggests that regulatory oversight can improve social surplus even in the presence of a strong legal system if the regulatory costs are not too high. Moreover, it implies that when the project has very high prospects (high chance of success and/or high profitability), in other words, when the economy is doing well, there is a greater need for regulatory oversight than when the economy is doing poorly. This is because regulatory oversight provides greater incentives than legal systems for an auditor to avoid Type I errors.

Corollary 3 predicts that if the regulatory penalty is too high and the standards are too tough, then the social surplus can be impaired by regulatory oversight. This is because the auditors will comply with a tough standard if the expected penalty of noncompliance outweighs the cost of effort. Therefore, Corollary 3 suggests that the capital market’s reaction to the addition of regulatory oversight can be positive or negative, depending on the toughness of a standard.

Regulatory Oversight Substituting for Weak Legal Systems

In countries such as China, Japan, India, and others, auditors face little litigation risk and low legal penalties. China lacks nearly all the institutional characteristics that engender independent auditing, and there are virtually no cases of shareholder litigation against auditors (DeFond et al., 2000). Subsequent to a series of accounting scandals and audit failures, such as Zheng Bai Wen 2000 and Yin Guang Xia 2001, the Chinese Supreme Court issued a corrective notice in January 2002 to allow intermediate courts to accept lawsuit cases against auditors (Chen et al., 2010). However, the number of lawsuits filed against auditors remains small compared to the United States. A similar situation exists in Japan: The ability of Japanese shareholders to successfully indict auditors and demand compensation for audit negligence due to fraud is relatively low (Numata & Takeda, 2010). Auditors’ legal liability is essentially nonexistent in Japan (Skinner & Srinivasan, 2012). Litigation in Japan, including securities litigation, is much less prevalent than in Western countries, although this is gradually changing (Ginsburg & Hoetker, 2006). Despite the increase in litigation rates, which began around 1990, expected litigation costs are still lower in Japan than in the United States. West (2001) provides evidence that the number of shareholder-derived lawsuits in Japan has increased, but that the settlements are unusual and the stockholders rarely win. Similarly, the litigation risk is low in India (Choi et al., 2008). For example, the auditor of Satyam, the Indian arm of PricewaterhouseCoopers, was not sued for the accounting scandal at all in India; rather, the SEC fined it US$6 million.

Our analysis predicts that audit regulation should be stronger in a country with a weak legal system (i.e., D is small) compared with countries with a strong system (Corollary 1). We also show that regulatory oversight may substitute for a legal system in ensuring high-quality audits if the regulatory penalty is sufficiently high, regulatory cost is small, and the project is highly profitable (the economy is flourishing) (Corollary 5). But regulatory oversight will produce lower social surplus than legal systems if the regulatory cost is high and the economy is declining. These results imply that for countries with a booming economy and where setting up regulatory oversight is relatively less costly, regulatory oversight is a better choice. For countries with a declining economy and where regulatory oversight is costly, legal system can be a better choice.

Conclusions

We develop a theoretical model to show how regulatory oversight can affect audit quality and social surplus under different legal systems. Our analysis suggests that regulatory oversight can improve social surplus even if the legal system is strong. This is because auditors will provide higher assurance by improving their audit effectiveness through better quality control systems and exerting higher effort to reduce Type I errors. However, if the regulatory oversight is too costly to maintain, then regulatory oversight can place too much burden on the social planner in the presence of a strong legal system and can impair social surplus. Therefore, the net effect of regulatory oversight on social surplus will depend on these cost/benefit trade-offs. In addition, if, due to exogenous reasons, the auditing standards are too tough, then regulatory oversight can improve audit effort; however, this improvement will impair social surplus. Proper setting of auditing standards is important in ensuring a positive impact of regulatory oversight on social surplus. When the legal system is weak, regulatory oversight can improve social surplus by setting proper standards and regulatory penalties, but it cannot substitute completely for a strong legal system if the regulatory cost is high and the economy is declining.

Our research expands upon the theoretical auditing literature with respect to the impact of regulatory oversight on audit quality, as determined by the assurance level, and it also investigates the dynamic relationship between regulatory oversight, legal systems, and auditing standards. It provides timely policy implications for regulators and explains why an audit regulator can be beneficial even when a legal system is strong. Our model provides a theoretical framework that explains some of the existing empirical findings, and it also provides predictions that can be tested empirically.