Business Risk Audit (BRA) methodologies have been promoted by a number of the large audit firms in response, they claim, to the challenges of the information age and corporate clients' needs for assurance. This paper subjects their claim to critical scrutiny, drawing on the perspectives of neo-institutional theories of legitimacy, the sociology of professional knowledge and the sociology of science and technology. To bring into play new Business Risk Audit methodologies a number of the larger firms have sought, through their auditing practice, to renegotiate the bases of their professional identity and status within audit firms and to widen their jurisdictional claims over other areas of expertise. These moves have been accompanied by the legitimation and embedding of Business Risk Audit in revised constructions of the market for audit, in abstract academic knowledges, reforms of professional education, and professional regulations. In providing a constructivist account of Business Risk Audit technologies, we argue for a theory of audit change that recognises (i) the centrality of legitimation processes and (ii) the co-construction of audit technology and the audit field.
ASJC Scopus subject areas
- Sociology and Political Science
- Organizational Behavior and Human Resource Management
- Information Systems and Management