Source: bit.ly/1CCwP6O
Financial statement auditors increasingly need to know more about
their clients’ businesses. Thanks to advances in data analytics and
software, many auditors are finding ways to gain deeper understanding
of their clients’ organizations than ever.
“The profession is making much better use of the technological
advances that we’ve seen over the last 20–30 years,” said James
Comito, CPA, the national director of the Professional Standards Group
at Mayer Hoffman McCann PC. “So it’s pretty exciting stuff, really.”
Mayer Hoffman McCann is a top-15 national firm whose clients
primarily are private companies with annual revenue ranging from $5
million to $300 million. The firm is reevaluating its audit processes
and procedures to make better use of new data analytics capabilities
and software that are available, in hopes of providing better service
to clients.
The use of data analytics probably has not advanced as rapidly in
external financial statement auditing as it has in internal auditing,
where many organizations use continuous auditing and continuous
monitoring of data to identify risks and anomalies as part of their
system of internal control (see “
Driving
faster decisions”). But data analytics has the potential to
transform external auditing just as it has changed internal auditing.
The power of data analytics could make it possible for external
financial statement auditors to improve audits by:
- Testing complete sets of data, rather than just testing
samples.
- Aiding risk assessment through identification of
anomalies and trends, perhaps even through comparison to industry
data, pointing auditors toward items they need to investigate
further.
- Providing audit evidence through comprehensive
analysis of organizations’ general ledger systems.
Comito said data analytics, combined with traditional auditing
techniques, will give auditors a better understanding of their clients.
“I think the analytics can be incredibly powerful, a great tool to
learn your clients’ business,” he said. “But for the foreseeable
future, it’s still a balance between good old-fashioned getting into
contracts and reading them and interpreting them, and the use of analytics.”
The possibilities for data analytics technology to change auditing
are explored in the
white paper Reimagining Auditing in a Wired
World, published by the Emerging Assurance Technologies Task Force
of the AICPA Assurance Services Executive Committee (ASEC).
According to the white paper:
- The profession needs to achieve a “quantum leap” to redesign
audit processes using today’s technology, rather than using
information technology to computerize legacy audit plans and
procedures.
- Existing auditing standards that are the
framework for audit procedures need to be modified to incorporate
the concepts of Big Data and “continuous auditing” and encourage
auditors to use technologies that increase assurance beyond minimum
required levels.
Audit regulators are watching the technological developments in this
area with great interest. Martin Baumann, the PCAOB’s chief auditor
and director of professional standards, said in
a video interview that regulators need to make
sure auditing standards facilitate possible improvements in auditing
rather than serving as an obstacle to progress in this area.
“That’s important for us as standard setters to stay on top of that,
such that the technology and potential uses of it in auditing don’t
get ahead of where the auditing standards are,” said Baumann, who was
sharing his own opinion and not that of the PCAOB or its staff. “We
wouldn’t want auditing standards to be an inhibitor that might
otherwise allow technological audit achievements to move ahead.”
Significant changes in audit approach are needed to take advantage
of the new environment, according to one of the authors of the white
paper, Miklos Vasarhelyi, Ph.D., director of the Rutgers University
Accounting Research Center and Continuous Auditing & Reporting Lab.
“The profession is still not doing very much with Big Data, yet,” he
said. “But the sources of evidence have changed so dramatically that
there can be no way that the profession will not use it. The more
difficult prediction is when this change will happen. … It will not
occur overnight but will be more ad hoc and evolutionary, and changes
in audit practice will continue to occur as corporate processes change.”
Through its Enhancing Audit Quality (EAQ) initiative, the AICPA is
looking to move the profession toward the use of new audit
technologies and methodologies that will allow auditors to provide
more continuous assurance and will result in more timely and relevant
audit reporting. For more information about this initiative, see
the
AICPA EAQ initiative webpage.
ASEC, meanwhile, has established audit data standards to identify
key information needed and provide a common framework for audits.
These voluntary IT standards create a standardized format for data
fields (e.g., naming, formatting, and levels of data fields) and files
that are commonly requested from auditors, with the theory being that
if file formats are standardized, any company’s system would be
capable of producing them in the standardized format. The audit data
standards are available at
tinyurl.com/mr32kwc.
Advances in data science can be applied to perform more effective
audits and provide new forms of audit evidence. Audit data analytics
methods can be used in audit planning and in procedures to identify
and assess risk by analyzing data to identify patterns, correlations,
and fluctuations from models. These methods can give auditors new
insights about the entity and its risk environment and improve the
quality of analytical procedures in all phases of the audit.
Technology permits the creation of Big Data that can be analyzed to
improve auditors’ knowledge about the transactions and balances
underlying the financial statements. This can help them obtain better
evidence for their audit opinions and understand fundamental causes of
restatements, fraud, and going-concern issues. (For more on how the
use of new technologies will affect auditors, see “Data Analytics: The
Auditor’s Role,” below.)
Thanks to technology, audit procedures such as bank confirmations,
analytical procedures, and journal-entry testing do not have to be
performed on-site by local audit teams. Instead, these tasks can be
outsourced to remote teams of specialists and third-party providers,
creating opportunities for auditors to focus on higher-risk areas and
the potential for fraud.
The white paper recommends that while technology can be used to
achieve the same level of assurance more efficiently at a lower cost,
a greater benefit would be to achieve a higher level of assurance at a
similar cost—resulting in better audit quality for clients and
investors and reduced audit risk and liability. For example,
computerized data and file interrogation software can be used to
perform transaction testing on 100% of a population.
Technology permits more frequent or continuous monitoring of
transactions by external auditors. Auditors can benefit from being
able to spread audit work throughout the year rather than only during
“busy season,” identifying potential issues earlier, and having the
ability to modify audit plans in response. Companies can benefit from
improved audit quality and client service. Continuous reporting and
web-based availability of financial information is replacing periodic
issuance of financial statements, which may lead to the requirement
for continuous audit assurance, the white paper found.
To prepare auditors for these changes, Vasarhelyi said:
Educational needs must be met. Education is needed for
students at the university level and for auditors within accounting
firms in areas such as information technology, statistics, modeling,
and machine learning methods. In addition, Vasarhelyi suggests that
the CPA exam should test these areas. “We are kind of in a double bind
on this because the examination people say, ‘They don’t know this
stuff, so we can’t test it,’ but the students say, ‘If it is not on
the exam, I am not going to study it,’ ” he said. Many universities
are offering courses in these areas and creating new majors, but the
existing accounting curricula are full and would need to be changed to
accommodate additional coursework.
The AICPA is in the midst of the practice analysis research study
that will define the next version of the CPA examination, to be
announced in 2016 and launched in 2017. “What we heard from the
accounting profession, including educators, was to continue assessment
of the basics, increase the assessment of higher-order skills such as
analysis, interpretation, and defending positions within an audit, and
further explore the assessment of professional skepticism, Big Data
analytics, and the integration of topics (for example, an audit’s
impact on financial reporting, etc.),” reported Michael Decker, vice
president–Examinations for the AICPA. “The CPA examination will remain
current to the profession in the role it plays as a licensure tool,
assessing the minimal competencies of a newly licensed CPA. Reading
between the lines, as the profession changes the knowledge and skills
required of a newly licensed CPA, so must the examination change in
its assessment.”
CPA firms should expand their assurance services. These
services should grow beyond annual financial statement audit opinions.
Businesses have larger assurance needs in the areas of data quality,
security, compliance, fraud prevention and detection, and internal
controls. CPAs should offer a different value proposition by offering
to provide “coordinated assurance” on functions running on different
technologies and platforms. “Assurance needs for businesses are much
larger than they were 20 or 30 years ago,” Vasarhelyi said. “There is
a big layer of technology between management and the data. Companies
worry about their processes and data quality and correctness, and
being ‘underassured.’ ”
Auditors should use Big Data and perform deeper
analytics. These procedures can help them better understand
their clients’ environment and use exception reporting to improve
audit quality and detect fraud. Every auditor should have the ability
to use stronger audit tools than spreadsheets. They should make use of
specialists to perform data analytics as part of the engagement, where
available, and work with their clients to incorporate more advanced
data analytics throughout the audit program within the IT environment.
Audit procedures should be continuous. Audit procedures
should be performed throughout the year, and audit testing should
occur more frequently than annually. Auditors should educate their
clients on the advantages of continuous auditing, including reduced
errors and risk.
Auditing standards need to be updated. Changes in audit
approach and procedures are needed to provide the required level of
assurance in today’s changed business environment.
Regardless of the industry or profession, the prospect of
mechanization or automation brings concerns about the potential loss of
jobs. But increased use of data analytics in auditing is not expected to
diminish the need for skilled and trained auditors.
“The software programs are fantastic,” said James Comito, CPA, the
national director of the Professional Standards Group for Mayer Hoffman
McCann PC. “They can aggregate data and provide us with a whole lot of
information. But at the end of the day, it still requires a
knowledgeable auditor to stand back from that, analyze that information,
and make a determination whether that information is consistent with
what the auditor expected, or whether it’s not, in which case there is
more investigative work that the auditor has to do. And I don’t think
that will change anytime soon.”
As data analytics takes on a larger role in auditing of financial statements, auditors may want to consider:
While maintaining objectivity and
skepticism, auditors may want to inquire extensively with clients about
the metrics monitored by clients’ management. This effort to understand
the business and what’s important to management can help the auditors
set up data analytics tools in the most useful way for the audit.
Auditors may have their firms’ IT
professionals engage the clients’ IT staff to make sure the clients’
systems are producing reliable data. Audit data analytics software won’t
produce the desired results if the data entering the system are not
reliable and appropriately precise.
Younger auditors may be
more comfortable at first with the technology than veteran auditors who
have been conducting engagements for a long time with little or no use
of analytical technology. Firms that plan to use audit data analytics
need to have programs in place to train all auditors on how to use the
technology.
“There will
always be a need to do a certain amount of detailed testing around
certain aspects of U.S. GAAP,” Comito said. “You’re going to have to
read contracts. There are clauses in contracts that have meaning in U.S.
GAAP that a pure analytic may not cover.”
