Data analytics helps auditors gain deep insight

Technology provides opportunity to test full data sets rather than just samples.
By Maria L. Murphy, CPA, and Ken Tysiac

Data analytics helps auditors gain deep insight
Image by gyn9038/iStock

Financial statement auditors increasingly need to know more about their clients’ businesses. Thanks to advances in data analytics and software, many auditors are finding ways to gain deeper understanding of their clients’ organizations than ever.

“The profession is making much better use of the technological advances that we’ve seen over the last 20–30 years,” said James Comito, CPA, the national director of the Professional Standards Group at Mayer Hoffman McCann PC. “So it’s pretty exciting stuff, really.”

Mayer Hoffman McCann is a top-15 national firm whose clients primarily are private companies with annual revenue ranging from $5 million to $300 million. The firm is reevaluating its audit processes and procedures to make better use of new data analytics capabilities and software that are available, in hopes of providing better service to clients.

The use of data analytics probably has not advanced as rapidly in external financial statement auditing as it has in internal auditing, where many organizations use continuous auditing and continuous monitoring of data to identify risks and anomalies as part of their system of internal control (see “Driving faster decisions”). But data analytics has the potential to transform external auditing just as it has changed internal auditing.

The power of data analytics could make it possible for external financial statement auditors to improve audits by:

  • Testing complete sets of data, rather than just testing samples.
  • Aiding risk assessment through identification of anomalies and trends, perhaps even through comparison to industry data, pointing auditors toward items they need to investigate further.
  • Providing audit evidence through comprehensive analysis of organizations’ general ledger systems.

Comito said data analytics, combined with traditional auditing techniques, will give auditors a better understanding of their clients.

“I think the analytics can be incredibly powerful, a great tool to learn your clients’ business,” he said. “But for the foreseeable future, it’s still a balance between good old-fashioned getting into contracts and reading them and interpreting them, and the use of analytics.”

The possibilities for data analytics technology to change auditing are explored in the white paper Reimagining Auditing in a Wired World, published by the Emerging Assurance Technologies Task Force of the AICPA Assurance Services Executive Committee (ASEC).

According to the white paper:

  • The profession needs to achieve a “quantum leap” to redesign audit processes using today’s technology, rather than using information technology to computerize legacy audit plans and procedures.
  • Existing auditing standards that are the framework for audit procedures need to be modified to incorporate the concepts of Big Data and “continuous auditing” and encourage auditors to use technologies that increase assurance beyond minimum required levels.

Audit regulators are watching the technological developments in this area with great interest. Martin Baumann, the PCAOB’s chief auditor and director of professional standards, said in a video interview that regulators need to make sure auditing standards facilitate possible improvements in auditing rather than serving as an obstacle to progress in this area.

“That’s important for us as standard setters to stay on top of that, such that the technology and potential uses of it in auditing don’t get ahead of where the auditing standards are,” said Baumann, who was sharing his own opinion and not that of the PCAOB or its staff. “We wouldn’t want auditing standards to be an inhibitor that might otherwise allow technological audit achievements to move ahead.”

Significant changes in audit approach are needed to take advantage of the new environment, according to one of the authors of the white paper, Miklos Vasarhelyi, Ph.D., director of the Rutgers University Accounting Research Center and Continuous Auditing & Reporting Lab.

“The profession is still not doing very much with Big Data, yet,” he said. “But the sources of evidence have changed so dramatically that there can be no way that the profession will not use it. The more difficult prediction is when this change will happen. … It will not occur overnight but will be more ad hoc and evolutionary, and changes in audit practice will continue to occur as corporate processes change.”

Through its Enhancing Audit Quality (EAQ) initiative, the AICPA is looking to move the profession toward the use of new audit technologies and methodologies that will allow auditors to provide more continuous assurance and will result in more timely and relevant audit reporting. For more information about this initiative, see the AICPA EAQ initiative webpage.

ASEC, meanwhile, has established audit data standards to identify key information needed and provide a common framework for audits. These voluntary IT standards create a standardized format for data fields (e.g., naming, formatting, and levels of data fields) and files that are commonly requested from auditors, with the theory being that if file formats are standardized, any company’s system would be capable of producing them in the standardized format. The audit data standards are available at tinyurl.com/mr32kwc.

Advances in data science can be applied to perform more effective audits and provide new forms of audit evidence. Audit data analytics methods can be used in audit planning and in procedures to identify and assess risk by analyzing data to identify patterns, correlations, and fluctuations from models. These methods can give auditors new insights about the entity and its risk environment and improve the quality of analytical procedures in all phases of the audit. Technology permits the creation of Big Data that can be analyzed to improve auditors’ knowledge about the transactions and balances underlying the financial statements. This can help them obtain better evidence for their audit opinions and understand fundamental causes of restatements, fraud, and going-concern issues. (For more on how the use of new technologies will affect auditors, see “Data Analytics: The Auditor’s Role,” below.)

Thanks to technology, audit procedures such as bank confirmations, analytical procedures, and journal-entry testing do not have to be performed on-site by local audit teams. Instead, these tasks can be outsourced to remote teams of specialists and third-party providers, creating opportunities for auditors to focus on higher-risk areas and the potential for fraud.

The white paper recommends that while technology can be used to achieve the same level of assurance more efficiently at a lower cost, a greater benefit would be to achieve a higher level of assurance at a similar cost—resulting in better audit quality for clients and investors and reduced audit risk and liability. For example, computerized data and file interrogation software can be used to perform transaction testing on 100% of a population.

Technology permits more frequent or continuous monitoring of transactions by external auditors. Auditors can benefit from being able to spread audit work throughout the year rather than only during “busy season,” identifying potential issues earlier, and having the ability to modify audit plans in response. Companies can benefit from improved audit quality and client service. Continuous reporting and web-based availability of financial information is replacing periodic issuance of financial statements, which may lead to the requirement for continuous audit assurance, the white paper found.

To prepare auditors for these changes, Vasarhelyi said:

Educational needs must be met. Education is needed for students at the university level and for auditors within accounting firms in areas such as information technology, statistics, modeling, and machine learning methods. In addition, Vasarhelyi suggests that the CPA exam should test these areas. “We are kind of in a double bind on this because the examination people say, ‘They don’t know this stuff, so we can’t test it,’ but the students say, ‘If it is not on the exam, I am not going to study it,’ ” he said. Many universities are offering courses in these areas and creating new majors, but the existing accounting curricula are full and would need to be changed to accommodate additional coursework.

The AICPA is in the midst of the practice analysis research study that will define the next version of the CPA examination, to be announced in 2016 and launched in 2017. “What we heard from the accounting profession, including educators, was to continue assessment of the basics, increase the assessment of higher-order skills such as analysis, interpretation, and defending positions within an audit, and further explore the assessment of professional skepticism, Big Data analytics, and the integration of topics (for example, an audit’s impact on financial reporting, etc.),” reported Michael Decker, vice president–Examinations for the AICPA. “The CPA examination will remain current to the profession in the role it plays as a licensure tool, assessing the minimal competencies of a newly licensed CPA. Reading between the lines, as the profession changes the knowledge and skills required of a newly licensed CPA, so must the examination change in its assessment.”

CPA firms should expand their assurance services. These services should grow beyond annual financial statement audit opinions. Businesses have larger assurance needs in the areas of data quality, security, compliance, fraud prevention and detection, and internal controls. CPAs should offer a different value proposition by offering to provide “coordinated assurance” on functions running on different technologies and platforms. “Assurance needs for businesses are much larger than they were 20 or 30 years ago,” Vasarhelyi said. “There is a big layer of technology between management and the data. Companies worry about their processes and data quality and correctness, and being ‘underassured.’ ”

Auditors should use Big Data and perform deeper analytics. These procedures can help them better understand their clients’ environment and use exception reporting to improve audit quality and detect fraud. Every auditor should have the ability to use stronger audit tools than spreadsheets. They should make use of specialists to perform data analytics as part of the engagement, where available, and work with their clients to incorporate more advanced data analytics throughout the audit program within the IT environment.

Audit procedures should be continuous. Audit procedures should be performed throughout the year, and audit testing should occur more frequently than annually. Auditors should educate their clients on the advantages of continuous auditing, including reduced errors and risk.

Auditing standards need to be updated. Changes in audit approach and procedures are needed to provide the required level of assurance in today’s changed business environment.

Maria L. Murphy (emailmariamurphy@gmail.com) is a freelance writer based in Wilmington, N.C. Ken Tysiac is a JofA editorial director. To comment on this article or to suggest an idea for another article, contact him at ktysiac@aicpa.org or 919-402-2112.


Data analytics: The auditor’s role

by Ken Tysiac

Regardless of the industry or profession, the prospect of mechanization or automation brings concerns about the potential loss of jobs. But increased use of data analytics in auditing is not expected to diminish the need for skilled and trained auditors.

“The software programs are fantastic,” said James Comito, CPA, the national director of the Professional Standards Group for Mayer Hoffman McCann PC. “They can aggregate data and provide us with a whole lot of information. But at the end of the day, it still requires a knowledgeable auditor to stand back from that, analyze that information, and make a determination whether that information is consistent with what the auditor expected, or whether it’s not, in which case there is more investigative work that the auditor has to do. And I don’t think that will change anytime soon.”

As data analytics takes on a larger role in auditing of financial statements, auditors may want to consider:

Planning carefully. While maintaining objectivity and skepticism, auditors may want to inquire extensively with clients about the metrics monitored by clients’ management. This effort to understand the business and what’s important to management can help the auditors set up data analytics tools in the most useful way for the audit.

Getting IT involved. Auditors may have their firms’ IT professionals engage the clients’ IT staff to make sure the clients’ systems are producing reliable data. Audit data analytics software won’t produce the desired results if the data entering the system are not reliable and appropriately precise.

Learning how to use the tools. Younger auditors may be more comfortable at first with the technology than veteran auditors who have been conducting engagements for a long time with little or no use of analytical technology. Firms that plan to use audit data analytics need to have programs in place to train all auditors on how to use the technology.

Maintaining traditional testing skills. “There will always be a need to do a certain amount of detailed testing around certain aspects of U.S. GAAP,” Comito said. “You’re going to have to read contracts. There are clauses in contracts that have meaning in U.S. GAAP that a pure analytic may not cover.”


AICPA RESOURCES

JofA articles

Publications

  • Analytical Procedures—AICPA Audit Guide (#AAGANP12P, paperback; #AAGANP12E, ebook; #WAN-XX, one-year online access)
  • Assessing and Responding to Audit Risk in a Financial Statement Audit (#AAGARR14P, paperback; #AAGARR14E, ebook; #WRA-XX, one-year online access)
  • Audit Sampling—Audit Guide (#AAGSAM14P, paperback; #AAGSAM14E, ebook; #WAS-XX, one-year online access)

CPE self-study

  • Audit Staff Essentials, Levels 1–3 (cpa2biz.com/ASE, one-year online access)
  • CGMA Learning Program: Strategic Management Accounting (#165350, one-year online access)
  • Professional Ethics: The AICPA’s Comprehensive Course (#732318001, text; #155701, one-year online access)

For more information or to make a purchase, go to cpa2biz.com or call the Institute at 888-777-7077.

Webpages

Audit Data Standard Working Group  

Enhancing Audit Quality initiative

White paper

Reimagining Auditing in a Wired World

SPONSORED REPORT

How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.

VIDEO

Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

COLUMN

Deflecting clients’ requests for defense and indemnity

Client requests for defense and indemnity by the CPA firm are on the rise. Requests for such clauses are unnecessary and unfair, and, in some cases, are unenforceable.