Speakers: Julia Walsh (IT Audit Inspector, FRC) ; Olaf Riedel (IT Audit Partner, EY. Chair of IT Committee, the German Auditors Association (IDW))
Session moderated by Myles Thompson (Chair of the Audit and Assurance Policy Group, Accountancy Europe)
As part of the agenda of its Digital Day on 19 June 2018, Accountancy Europe organised a breakout discussion on today’s challenges and opportunities in using data analytics in audit.
Panellists started with the premise that technology is changing the world in which we operate. Audit firms make more use of companies’ data to enhance audit quality. The possibilities of using data analytics to increase audit quality are endless. However, ‘the real challenge is to identify the right capabilities and the useful outcome of audit procedures using data analytics’, as highlighted by Olaf Riedel.
The discussion explored the tension between innovation and regulation in making use of data analytics in audit work. Regulators now see numerous examples in practice where data analytics improve both the risk assessment process and the audit testing. As outlined by Julia Walsh, auditors should leverage the use of data analytics in a way to meet the expectation of regulators.Both parties should have open and constructive dialogue to make this happen.
Although audit teams increasingly embrace innovation, very often auditors also do other substantive work to make sure they are on the safe side for regulatory purposes. This duplication of work does not bring progress and the right balance in the audit approach should be sought. However, considering the rising public expectation, Myles Thompson emphasised that ‘data analytics techniques should be used more widely and more efficiently’.
To effectively use data analytics in audit procedures, auditors should ensure completeness and accuracy of the underlying data used. To this end, firms have to invest in people and tools and adjust their methodologies to ultimately increase the degree of confidence placed in the results provided.
For Julia Walsh, there is currently no consistent use of data analytics across the practice and across jurisdictions. Using data analytics consistently, as well as providing best practices on the procedures to be performed, would enhance audit quality.
The fundamental aspect is how the use of data analytics fits within the existing methodologies of both audit firms and regulators. Currently, practitioners do not have the methodologies aligned to make best use of data analytics. Olaf Riedel pointed out to a key question on whether ‘auditors still need audit sampling if they perform fully satisfactory controls’ test work’. Currently auditors still do, although they know controls are working. A joint effort to work with regulators to innovate in the profession is required.
From a practical standpoint, a major hurdle in making effective use of data analytics in audit work is the increase in the number of IT/legacy systems of companies in the current complex environment. However, the various databases extracted from various (sub)systems can still be put into buckets to understand how to leverage their use in performing data analytics, while the auditor should focus on the completeness and accuracy of the information flowing into the financial statements captions. To this end, Olaf Riedel outlined that, from the practitioner’s standpoint, a key challenge in using data analytics remains, ‘what data to use?’. The starting point to answer this question should be the data the companies’ IT (sub)systems provide.
Our panellists agreed that ‘the people perspective’ is also key. Getting the right capabilities and integrating Data Analysts within the audit team, would enable using data analytics as an effective substantive testing tool, and as a tool to perform work around the internal controls systems. We need common understanding of what IT is and involve IT specialists in the team. As such, the real challenge is to identify the right capabilities and what is the outcome of the data analytics routines/tests performed. The IT tools are out there and are available also for small and medium sized firms – ex. IDEA. The issue is to get the understanding and training.
Julia Walsh raised the point that a recent challenge is that some entities are reluctant to handover to auditors the databases required for performing analytics, due to the new GDPR requirements. This should be a temporary issue, as how to use personal data should be clarified going forward.
Currently auditors do not make best use of data analytics in their controls’ test work. The internal control systems of companies also change under the impact of technology, thus influencing the way auditors work. Automation will soon enable auditors to fully test internal controls with data analytics. For example, a company might have 2-3 ways from order to cash as per internal procedure. However, in practice, the auditor might identify numerous exceptions to investigate and follow-up by using IT tools. This would add value to clients, as they might not be aware of the instances of internal procedures override (Olaf Riedel).
The use of predictive analytics bring the focus on prospective information reporting rather than on historic information reporting. Therefore, the discussion with audit clients will focus more and more on predictions and risks. Auditors should be able to ‘make use of the fast-changing technology to add more value to their clients by opening a new perspective to understand their business’ (Olaf Riedel).
The widespread use of ERPs makes possible the standardisation of data analytics routines. Understanding the particularities and functionalities of wide-spread ERPs (ex. MS Navision, SAP, Oracle) are key to determine how to tailor Data Analytics in that specific ERP environment (Olaf Riedel).
When looking at the data analytics auditors performed, ‘data analytics enable auditors to better design and address anti-fraud procedures’; thus, auditors set the bar further regarding their role, to meet the growing public expectations from the profession (Julia Walsh).
Data analytics are currently used in routine areas of the business, while their use would add more value in the judgmental areas such as valuation models, etc.
Auditors have a position of trust and have access to the data in companies’ IT systems. Following the use of machine learning tools, based on transactions’ history, the auditor could identify different data patterns and approaches to take going forward (Julia Walsh). The ability to use data analytics and more sophisticated modelling tools to form judgements will gain traction. In the future, machines may change the way we audit by questioning the estimates clients do, while training bots might be installed on computers to perform data analytics for standard areas (Olaf Riedel).
Julia Walsh explained how using the right tools could add value to a routine procedure, for instance to the verification of the cash flow statement. In the old days, when auditing the cash flow statement, a second staff would do a double check, with slightly different results. This simple exercise could be done by using a machine learning system to also identify patterns; the possibilities are limitless when using the right tools. Audit firms should develop standard sets of routines to the teams, which then decide on what and where to use these standard sets.