Rapid changes in technology are a reality of the current business environment. In addition to affecting how business is done, these changes present new challenges to auditors.
The internet, cloud computing, and the pervasive use of mobile devices enable auditors to practice in a globally connected environment. Technology can be used to transform auditing and improve audit effectiveness, according to the white paper Reimagining Auditing in a Wired World, published by the Emerging Assurance Technologies Task Force of the AICPA Assurance Services Executive Committee (ASEC).
According to the white paper:
- The profession needs to achieve a “quantum leap” to redesign audit processes using today’s technology, rather than using information technology to computerize legacy audit plans and procedures.
- Existing auditing standards that are the framework for audit procedures need to be modified to incorporate the concepts of Big Data and “continuous auditing” and encourage auditors to use technologies that increase assurance beyond minimum required levels.
Significant changes in audit approach are needed to take advantage of the new environment, according to one of the authors of the white paper, Miklos Vasarhelyi, Ph.D., director of the Rutgers University Accounting Research Center & Continuous Auditing & Reporting Lab.
“The profession is still not doing very much with Big Data, yet,” he said. “But the sources of evidence have changed so dramatically that there can be no way that the profession will not use it. The more difficult prediction is when this change will happen. … It will not occur overnight but will be more ad hoc and evolutionary, and changes in audit practice will continue to occur as corporate processes change.”
Through its Enhancing Audit Quality (EAQ) initiative, the AICPA is attempting to move the profession toward the use of new audit technologies and methodologies that will allow auditors to provide more continuous assurance and will result in more timely and relevant audit reporting. For additional information about this initiative, see the AICPA EAQ initiative webpage.
Advances in data science can be applied to perform more effective audits and provide new forms of audit evidence. Audit data analytics (ADA) methods can be used in audit planning and procedures to identify and assess risk by analyzing data to identify patterns, correlations, and fluctuations from models. These methods can give auditors new insights about the entity and its risk environment and improve the quality of analytical procedures in all phases of the audit. Technology permits the creation of Big Data that can be analyzed to improve auditors’ knowledge about the transactions and balances underlying the financial statements. This can help them obtain better evidence for their audit opinions and understand fundamental causes of restatements, fraud, and going-concern issues.
Thanks to technology, audit procedures such as bank confirmations, analytical procedures, and journal entry testing do not have to be performed on-site by local audit teams. Instead, these tasks can be outsourced to remote teams of specialists and third-party providers, creating opportunities for auditors to focus on higher-risk areas and the potential for fraud.
The white paper recommends that while technology can be used to achieve the same level of assurance more efficiently at a lower cost, a greater benefit would be to achieve a higher level of assurance at a similar cost—resulting in better audit quality for clients and investors and reduced audit risk and liability. For example, computerized data and file interrogation software can be used to perform transaction testing on 100% of a population.
Technology permits continuous, or more frequent, monitoring of transactions by external auditors. Auditors can benefit from being able to spread audit work throughout the year rather than only during “busy season,” identifying potential issues earlier, and having the ability to modify audit plans in response. Companies can benefit from improved audit quality and client service. Continuous reporting and web-based availability of financial information is replacing periodic issuance of financial statements, which may lead to the requirement for continuous audit assurance, the white paper found.
To prepare auditors for these changes, Vasarhelyi said:
- Educational needs must be met. Education is needed for students at the university level and for auditors within accounting firms in areas such as information technology, statistics, modeling, and machine learning methods. In addition, Vasarhelyi suggests that the CPA exam should test these areas. “We are kind of in a double bind on this because the examination people say, ‘They don’t know this stuff, so we can’t test it,’ but the students say, ‘If it is not on the exam, I am not going to study it,’ ” he said. Many universities are offering courses in these areas and creating new majors, but the existing accounting curricula are full and would need to be changed to accommodate additional coursework.
- CPA firms should expand their assurance services. These services should grow beyond annual financial statement audit opinions. Businesses have larger assurance needs in the areas of data quality, security, compliance, fraud prevention and detection, and internal controls. CPAs should offer a different value proposition by offering to provide “coordinated assurance” on functions running on different technologies and platforms. “Assurance needs for businesses are much larger than they were 20 or 30 years ago,” Vasarhelyi said. “There is a big layer of technology between management and the data. Companies worry about their processes and data quality and correctness, and being ‘underassured.’ ”
- Auditors should use Big Data and perform deeper analytics. These procedures can help them better understand their client’s environment and use exception reporting to improve audit quality and detect fraud. Every auditor should have the ability to use stronger audit tools than spreadsheets. They should make use of specialists to perform analytics as part of the engagement, where available, and work with their clients to incorporate more advanced analytics throughout the audit program within the IT environment.
- Audit procedures should be continuous. Audit procedures should be performed throughout the year, and audit testing should occur more frequently than annually. Auditors should educate their clients on the advantages of continuous auditing, including reduced errors and risk.
- Auditing standards need to be updated. Changes in audit approach and procedures are needed to provide the required level of assurance in today’s changed business environment.
Maria L. Murphy ( firstname.lastname@example.org ) is a freelance writer. She has worked in public accounting as an audit and technical review partner and as a national office director, in private industry in accounting and financial reporting roles, and most recently as the editor-in-chief of The CPA Journal.