By Victoria Kitts, CPA, CFE
I’ve recently read many blog posts, news articles, and LinkedIn stories that seem to be trying to look into a crystal ball to see the future of auditing.
Some sources talk about changes to professional standards that would allow auditors to rely more on data analysis as direct audit evidence. Others foresee more automation, such as linking the accounting transactions from the general ledger directly to outside sources like bank records.
And still others talk about Bitcoin, Blockchain, and the challenges and opportunities that digital currency brings – a topic that Clark Nuber has addressed in a recent article.
It’s clear that the auditing process and procedures, like the rest of the business world, will need to be refurbished to keep up with the ever-changing environment. But before we say goodbye to sampling forms and confirmations, what kinds of changes can we expect to see in the more immediate future?
Data analytics are here to stay. Analytical procedures have always been a part of the audit process, but new technologies allow us to slice and dice transactions in more ways than ever.
The Rutgers AICPA Data Analytics Research Initiative (RADAR), is studying integration of data analytics into the audit process, with the goal of demonstrating how this can lead to advancements in the public accounting profession.
This fall, they will issue an update to the AICPA Analytical Procedures Guide that discusses audit data analytics at a foundational level, and provides examples of how to integrate tools and techniques into the audit process.
Some plans for the future include developing a framework to sort through large populations of data to identify possible exceptions, researching process mining techniques to evaluate internal control effectiveness, and determining how to generate visualizations that can be used as audit evidence.
One constantly changing area is information technology. Accounting processes and related controls look a lot different than they used to, and so should auditing procedures over those processes.
Gone are the days when auditors can review the physical cancelled check for a disbursement. First, no one gets cancelled checks back from the bank any more. Second, much of the cash disbursements and receipts process has gone paperless. There is no “signature” to review.
Instead, auditors should look at who has authorization and access to generate an electronic funds transfer. Are multiple people needed to complete the transfer, or can one person make a payment single-handedly?
Auditors should be testing various controls over your IT systems, including access controls, change management (for example, who can add a new user), and security protocols. Auditors need to be testing through the computer and no longer testing around it.
Direct Access to Transactional Details
Currently, your auditor probably requests a trial balance report from your general ledger (G/L), leaving the rest of the prepared-by-client schedules up to you to complete.
This means you summarize the annual activity of various accounts into an easy-to-read roll-forward format. You also provide transactional detail of selected accounts, and the auditors make their requests for testing individual items from that detail.
What if your auditor requests an accountant’s copy of your entire G/L package up front? Your auditor could use that detail to fulfill some of their own requests on the pre-audit list. For example, you wouldn’t need to export and send them a list of contributions for the year, nor would you need to prepare a roll-forward of pledges receivable.
Data analysis on the entire population can be considerably more informative than just testing a sample of transactions. By utilizing analysis procedures in their audit planning and risk assessment, the auditor may be able to hone in on risk areas with the click of a button.
Samples can then focus on the higher risk areas, providing more meaningful audit evidence instead of spending time testing less risky transactions.
Giving your auditor all of the detail at once also often allows them to answer some of their own questions by diving in to the underlying transactions.
Everyone in your office knows when the audit is going on. The best conference room is reserved for a week or two, the accounting department is working late, and the audit team has so many questions for so many people. While that may be a tried-and-true model for many organizations, not all of them like putting their day jobs aside for the duration of fieldwork.
What if your auditors instead began the work from their own office, using the G/L detail you’ve provided as a starting point? They can gather questions and make requests for supporting documents before coming to your office. Their onsite time is then focused on staff interviews, reviewing source documents, and tying up loose ends.
The Bottom Line
For now, the financial statement audit process will likely continue to include vouching to external support, confirming balances with third parties, and sampling. But you can expect to see a larger emphasis on data analytics, IT controls, and creative ways of shaping the fieldwork process.
Please contact Victoria Kitts if you have questions or would like more information about this topic.
© Clark Nuber PS, 2017. All Rights Reserved