Audit data analytics: Rising to the challenge
The use of data analytics in audit is one of today’s big talking points.
We can see that firms are using audit data analytics (ADA) in different ways. At one end of the spectrum we have the extraction of data from a client’s accounting system to a spreadsheet; at the other end, technology now enables the sophisticated interrogation of large volumes of data at the push of a button.
ADA present challenges for those in audit, but it also provides opportunities. Regulators and standard-setters, meanwhile, play a key part in shaping the way audit is undertaken in the future.
In a series of articles, I look at some of the possible challenges and opportunities that the use of ADA might present, as well as considering the role of the regulator.
Five challenges of ADA
1. Equipping auditors with the right skills
Today’s auditors are faced with complex business models which do not always operate in the same way as the more traditional ones.
Technological developments have created sophisticated systems which have greater capabilities and the auditor needs some insight into, and understanding of, how these systems work to be able to audit the organisation effectively.
This presents a challenge around how to appropriately train and educate our future auditors and has implications for the pre- and post-qualification training options that we provide.
These issues were highlighted in the joint ICAS/FRC research into the audit skills of the future
2. Entry barriers for smaller firms
There is a risk that smaller audit firms might be unable to justify the significant financial investment, staff resource and training required to use data analytics in the audit process effectively, meaning that we might see a two-tier audit system emerge.
Furthermore, some smaller firms might withdraw from the audit market to provide more of a business advisory service for their clients, particularly for those clients who have elected for an audit voluntarily following the increased audit exemption thresholds.
3. Interaction of ADA with current auditing standards
The reliability of the data provided by the client might present a challenge and it is likely that some controls testing will still be required to ensure that sufficient, reliable and appropriate audit evidence is being produced.
Consequently, this creates some uncertainty around how the use of ADA interacts with, and satisfies, the International Standards on Auditing (ISAs).
4. Expectation gap
The use of ADA might create an expectation gap among stakeholders who conclude that, because the auditor is testing 100% of transactions in a specific area, the client’s data must be 100% correct. This may lead to unrealistic expectations being placed on the auditor in relation to the detection of fraud and/or error.
Furthermore, because it will only be performed on those transactions already in the system, it is not clear how this type of testing will satisfy the completeness assertion.
5. Data security, compatibility and confidentiality
The extent to which the data retrieved from the client can be relied upon as complete and accurate presents a challenge for the auditor.
ADA are currently being performed on data extracted from the client’s system using the auditor’s own software. There may be compatibility issues between these two systems and the challenge will be ensuring that the data extracted is accurate, complete and reliable and does not become corrupted during the extraction process.
There may also be client confidentiality/data protection issues over the extent of access the auditor is granted to confidential and sensitive information and the security and anti-corruption measures that have been implemented to protect the integrity of the information.