As technology improves and the business landscape changes, the demand for assurance services is evolving.
Advances in technology are making it possible for auditors to review 100% of transactions, rather than just a sample. Assurance is being sought beyond financial statements in areas such as sustainability reporting and information security.
“It presents an opportunity,” said Theresa Grafenstine, CPA, CGMA, inspector general of the U.S. House of Representatives. “There’s this huge demand out there, and we need to make sure we step up and make sure we are filling that gap.”
During a presentation Tuesday at the AICPA governing Council meeting in Maui, Hawaii, Grafenstine said it’s imperative for CPAs to embrace the new opportunities in assurance services. The AICPA Assurance Services Executive Committee (ASEC) and AICPA Auditing Standards Board (ASB) have numerous initiatives aimed at enabling CPAs to bring their core competencies to bear in meeting compliance and market-driven needs.
Financial statement audits
There also is an opportunity to add value through an evolution of the traditional financial statement audit process. Eighty-four percent of preparers, 76% of audit committee members, and 70% of financial statement users said in a recent Deloitte survey that auditors should make more use of advanced technologies in their work.
Technology is making it possible for auditors to review all transactions instead of just a sample and is providing the potential for more timely feedback. Innovation is expected to move financial statement audits over time from a historic, paper-based, point-in-time model to a modern model that leverages structured, electronic data available in real or near-real time. This would enable advanced analytics and continuous monitoring of controls and risk for better decision-making.
“It’s taking away manual aspects of what we used to do for analysis and using technology to help us with our analysis to point out the issues or exceptions ahead of time, so that we are being much more proactive and provide a lot more value to our clients,” Grafenstine said in a phone interview.
To support the integration of automated techniques and analytics into practice, ASEC and the ASB are undertaking projects to develop and test new methodologies and are developing a new, more comprehensive Audit Analytics guide to replace the current Analytical Procedures guide.
Other assurance opportunities
New opportunities for CPA assurance are not confined to innovating the audits of financial statements. Areas of opportunity include:
- Legal and regulatory compliance. New assurance needs driven by legislation and regulation include SEC requirements for reporting on conflict minerals and guidance. In addition, activities of various governmental and nongovernmental agencies relating to the reporting of greenhouse gas emissions information may result in voluntary requests for assurance. The ASB has worked to ensure that CPAs have adequate guidance in these areas, and ASEC has developed white papers for legislators and regulators to help them design credible verification programs that can be carried out by CPAs.
- Performance audits. The ASB is considering standards for a new category of engagements in the private sector to provide flexibility to better meet client assurance needs.
- Risk management. In the United States, the current demand for CPA services related to risk management is limited to advisory engagements, for which the AICPA recently developed a guide, Enterprise Risk Management: Guidance for Practical Implementation and Assessment. From a public sector perspective, the Office of Management and Budget may start requiring executive branch agencies to implement enterprise risk management, which could lead to a need for effectiveness audits.
- Information security. ASEC and the ASB are collaborating to develop practitioner guidance for performing examination-level attestation engagements related to cybersecurity.
Grafenstine said that CPAs’ concern for the public interest demands that they step forward to provide these services.
“If CPAs don’t do it, somebody else is going to step in and do it,” she said. “And they’re not going to have the same type of standards that CPAs follow. They’re not going to have our code of ethics. They’re not going to have the rigor that a CPA brings to assurance services. So I think it’s an obligation to fill these demands.”
History of innovation
To meet those evolving market needs, CPAs need to continue to look forward and anticipate them, Grafenstine said. Citing information security, she said CPAs have a long history of providing such forward-looking services.
In 1974, Statement on Auditing Standards No. 3, The Effects of EDP on the Auditor’s Study and Evaluation of Internal Control (now superseded), presented early guidance related to electronic data processing.
In 1997, when dial-up modems were the norm and email was just getting off the ground, the AICPA joined the Canadian Institute of Chartered Accountants to create WebTrust, which licensed public accounting firms and practitioners to provide assurance services for e-commerce sites.
With Service Organization Control reports and the developing new cybersecurity attestation guidance, CPAs are continuing to embrace opportunities to provide value-added services in this area.
“We’re not forgetting about our core business of financial statement auditing,” Grafenstine said. “We’re focused on that as well, and we’re making sure we’re providing value and continuing to evolve the financial statement audit. But also, in addition, we’re looking at these other types of services that we can and should be providing.”
—Ken Tysiac (email@example.com) is a JofA editorial director.