4 key steps for auditors in assessing technology risks

By Ken Tysiac

Emerging technology has brought a seemingly endless set of new risks to the clients that engage CPAs to perform audits.

Unauthorized personnel can wreak havoc, data can get lost or become inaccessible, and third-party providers can be unreliable. Meanwhile, avoiding all these risks by avoiding the latest technology also can put a client at risk of failing due to a competitive disadvantage.

Some of the challenges associated with technology are addressed in a new Center for Audit Quality (CAQ) resource for auditors, audit committees, and management, Emerging Technologies, Risk, and the Auditor’s Focus. (The CAQ is affiliated with the AICPA.)

According to the publication, key steps for auditors in a changing technology environment include:

  • Maintaining sufficient professional skepticism when reviewing management’s risk assessment for new systems.
  • Understanding the direct and indirect effects of the new technology and determining how its use by the entity affects that auditor’s overall risk assessment.
  • Understanding how the technologies impact the flow of transactions, assessing the completeness of the in-scope internal control over financial reporting systems, and designing a sufficient and appropriate audit response.
  • Assessing the appropriateness of management’s processes to select, develop, operate, and maintain controls related to the organization’s technology based on the extent the technology is used.

The publication states that auditors also should gain a holistic understanding of changes in the industry and the IT environment before designing audit procedures. And if specialized skills are needed to determine the impact of new technologies, auditors may need to involve a subject-matter expert.

Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com) is the JofA’s editorial director.

SPONSORED REPORT

2019 State of Financial Reporting Survey

We surveyed nearly 600 finance and accounting professionals on their month-end close and reporting processes. See the results.

VIDEO

What RPA is and how it works

Robotic process automation is like an Excel macro that can work on multiple applications, says Danielle Supkis Cheek, CPA. RPA can complete routine, repetitive tasks such as data entry, freeing up employee time from lower-level chores.