What is Audit Data Analytics?
Audit data analytics involves the analysis of complete sets of data to identify anomalies and trends for further investigation, as well as to provide audit evidence. This process usually involves an analysis of entire populations of data, rather than the much more common audit approach of only examining a small sample of the data.
Advantages of Audit Data Analytics
With the more thorough analysis offered by data analytics, an auditor can benefit in several ways. For example, the auditor has better advance planning, since analytics can be used early in an audit to identify problem areas. It also results in better risk assessments, based on any anomalies and trends uncovered. In addition, it yields higher-quality audit evidence, since the auditor can now examine far more data than had previously been possible with audit sampling. Finally, it results in the communication of more issues to the client, since data analytics is more likely to uncover a variety of anomalies that could be of interest to those charged with governance of the client.
Disadvantages of Audit Data Analytics
Despite the preceding benefits, the use of audit data analytics can be restricted by the inaccessibility or poor quality of client data, or of data that cannot be converted into the format used by the auditor’s data analytics software. Also, the use of data analytics requires a new set of competencies in which auditors may not have training or experience. And finally, smaller audit firms may not be able to afford the cost of audit data analytics tools.
Nonetheless, audit data analytics represent a significant improvement over traditional audit techniques, and so will likely occupy an increasing proportion of auditor time in the future.
Financial statement auditors increasingly need to know more about their clients’ businesses. Thanks to advances in data analytics and software, many auditors are finding ways to gain deeper understanding of their clients’ organizations than ever.
“The profession is making much better use of the technological advances that we’ve seen over the last 20–30 years,” said James Comito, CPA, the national director of the Professional Standards Group at Mayer Hoffman McCann PC. “So it’s pretty exciting stuff, really.”
Mayer Hoffman McCann is a top-15 national firm whose clients primarily are private companies with annual revenue ranging from $5 million to $300 million. The firm is reevaluating its audit processes and procedures to make better use of new data analytics capabilities and software that are available, in hopes of providing better service to clients.
The use of data analytics probably has not advanced as rapidly in external financial statement auditing as it has in internal auditing, where many organizations use continuous auditing and continuous monitoring of data to identify risks and anomalies as part of their system of internal control [see “Driving faster decisions”]. But data analytics has the potential to transform external auditing just as it has changed internal auditing.
The power of data analytics could make it possible for external financial statement auditors to improve audits by:
- Testing complete sets of data, rather than just testing samples.
- Aiding risk assessment through identification of anomalies and trends, perhaps even through comparison to industry data, pointing auditors toward items they need to investigate further.
- Providing audit evidence through comprehensive analysis of organizations’ general ledger systems.
Comito said data analytics, combined with traditional auditing techniques, will give auditors a better understanding of their clients.
“I think the analytics can be incredibly powerful, a great tool to learn your clients’ business,” he said. “But for the foreseeable future, it’s still a balance between good old-fashioned getting into contracts and reading them and interpreting them, and the use of analytics.”
The possibilities for data analytics technology to change auditing are explored in the white paper Reimagining Auditing in a Wired World, published by the Emerging Assurance Technologies Task Force of the AICPA Assurance Services Executive Committee [ASEC].
According to the white paper:
- The profession needs to achieve a “quantum leap” to redesign audit processes using today’s technology, rather than using information technology to computerize legacy audit plans and procedures.
- Existing auditing standards that are the framework for audit procedures need to be modified to incorporate the concepts of Big Data and “continuous auditing” and encourage auditors to use technologies that increase assurance beyond minimum required levels.
Audit regulators are watching the technological developments in this area with great interest. Martin Baumann, the PCAOB’s chief auditor and director of professional standards, said in a video interview that regulators need to make sure auditing standards facilitate possible improvements in auditing rather than serving as an obstacle to progress in this area.
“That’s important for us as standard setters to stay on top of that, such that the technology and potential uses of it in auditing don’t get ahead of where the auditing standards are,” said Baumann, who was sharing his own opinion and not that of the PCAOB or its staff. “We wouldn’t want auditing standards to be an inhibitor that might otherwise allow technological audit achievements to move ahead.”
Significant changes in audit approach are needed to take advantage of the new environment, according to one of the authors of the white paper, Miklos Vasarhelyi, Ph.D., director of the Rutgers University Accounting Research Center and Continuous Auditing & Reporting Lab.
“The profession is still not doing very much with Big Data, yet,” he said. “But the sources of evidence have changed so dramatically that there can be no way that the profession will not use it. The more difficult prediction is when this change will happen. … It will not occur overnight but will be more ad hoc and evolutionary, and changes in audit practice will continue to occur as corporate processes change.”
Through its Enhancing Audit Quality [EAQ] initiative, the AICPA is looking to move the profession toward the use of new audit technologies and methodologies that will allow auditors to provide more continuous assurance and will result in more timely and relevant audit reporting. For more information about this initiative, see the AICPA EAQ initiative webpage.
ASEC, meanwhile, has established audit data standards to identify key information needed and provide a common framework for audits. These voluntary IT standards create a standardized format for data fields [e.g., naming, formatting, and levels of data fields] and files that are commonly requested from auditors, with the theory being that if file formats are standardized, any company’s system would be capable of producing them in the standardized format. The audit data standards are available at tinyurl.com/mr32kwc.
Advances in data science can be applied to perform more effective audits and provide new forms of audit evidence. Audit data analytics methods can be used in audit planning and in procedures to identify and assess risk by analyzing data to identify patterns, correlations, and fluctuations from models. These methods can give auditors new insights about the entity and its risk environment and improve the quality of analytical procedures in all phases of the audit. Technology permits the creation of Big Data that can be analyzed to improve auditors’ knowledge about the transactions and balances underlying the financial statements. This can help them obtain better evidence for their audit opinions and understand fundamental causes of restatements, fraud, and going-concern issues. [For more on how the use of new technologies will affect auditors, see “Data Analytics: The Auditor’s Role,” below.]
Thanks to technology, audit procedures such as bank confirmations, analytical procedures, and journal-entry testing do not have to be performed on-site by local audit teams. Instead, these tasks can be outsourced to remote teams of specialists and third-party providers, creating opportunities for auditors to focus on higher-risk areas and the potential for fraud.
The white paper recommends that while technology can be used to achieve the same level of assurance more efficiently at a lower cost, a greater benefit would be to achieve a higher level of assurance at a similar cost—resulting in better audit quality for clients and investors and reduced audit risk and liability. For example, computerized data and file interrogation software can be used to perform transaction testing on 100% of a population.
Technology permits more frequent or continuous monitoring of transactions by external auditors. Auditors can benefit from being able to spread audit work throughout the year rather than only during “busy season,” identifying potential issues earlier, and having the ability to modify audit plans in response. Companies can benefit from improved audit quality and client service. Continuous reporting and web-based availability of financial information is replacing periodic issuance of financial statements, which may lead to the requirement for continuous audit assurance, the white paper found.
To prepare auditors for these changes, Vasarhelyi said:
Educational needs must be met. Education is needed for students at the university level and for auditors within accounting firms in areas such as information technology, statistics, modeling, and machine learning methods. In addition, Vasarhelyi suggests that the CPA exam should test these areas. “We are kind of in a double bind on this because the examination people say, ‘They don’t know this stuff, so we can’t test it,’ but the students say, ‘If it is not on the exam, I am not going to study it,’ ” he said. Many universities are offering courses in these areas and creating new majors, but the existing accounting curricula are full and would need to be changed to accommodate additional coursework.
The AICPA is in the midst of the practice analysis research study that will define the next version of the CPA examination, to be announced in 2016 and launched in 2017. “What we heard from the accounting profession, including educators, was to continue assessment of the basics, increase the assessment of higher-order skills such as analysis, interpretation, and defending positions within an audit, and further explore the assessment of professional skepticism, Big Data analytics, and the integration of topics [for example, an audit’s impact on financial reporting, etc.],” reported Michael Decker, vice president–Examinations for the AICPA. “The CPA examination will remain current to the profession in the role it plays as a licensure tool, assessing the minimal competencies of a newly licensed CPA. Reading between the lines, as the profession changes the knowledge and skills required of a newly licensed CPA, so must the examination change in its assessment.”
CPA firms should expand their assurance services. These services should grow beyond annual financial statement audit opinions. Businesses have larger assurance needs in the areas of data quality, security, compliance, fraud prevention and detection, and internal controls. CPAs should offer a different value proposition by offering to provide “coordinated assurance” on functions running on different technologies and platforms. “Assurance needs for businesses are much larger than they were 20 or 30 years ago,” Vasarhelyi said. “There is a big layer of technology between management and the data. Companies worry about their processes and data quality and correctness, and being ‘underassured.’ ”
Auditors should use Big Data and perform deeper analytics. These procedures can help them better understand their clients’ environment and use exception reporting to improve audit quality and detect fraud. Every auditor should have the ability to use stronger audit tools than spreadsheets. They should make use of specialists to perform data analytics as part of the engagement, where available, and work with their clients to incorporate more advanced data analytics throughout the audit program within the IT environment.
Audit procedures should be continuous. Audit procedures should be performed throughout the year, and audit testing should occur more frequently than annually. Auditors should educate their clients on the advantages of continuous auditing, including reduced errors and risk.
Auditing standards need to be updated. Changes in audit approach and procedures are needed to provide the required level of assurance in today’s changed business environment.
Maria L. Murphy [] is a freelance writer based in Wilmington, N.C. Ken Tysiac is a JofA editorial director. To comment on this article or to suggest an idea for another article, contact him at or 919-402-2112.
AICPA RESOURCES
JofA articles
- “Embracing the Automated Audit,” April 2014, page 34
- “Technology and CPAs: Visions of the Future,” June 2012, page 110
Publications
- Analytical Procedures—AICPA Audit Guide [#AAGANP12P, paperback; #AAGANP12E, ebook; #WAN-XX, one-year online access]
- Assessing and Responding to Audit Risk in a Financial Statement Audit [#AAGARR14P, paperback; #AAGARR14E, ebook; #WRA-XX, one-year online access]
- Audit Sampling—Audit Guide [#AAGSAM14P, paperback; #AAGSAM14E, ebook; #WAS-XX, one-year online access]
CPE self-study
- Audit Staff Essentials, Levels 1–3 [cpa2biz.com/ASE, one-year online access]
- CGMA Learning Program: Strategic Management Accounting [#165350, one-year online access]
- Professional Ethics: The AICPA’s Comprehensive Course [#732318001, text; #155701, one-year online access]
For more information or to make a purchase, go to cpa2biz.com or call the Institute at 888-777-7077.
Webpages
Audit Data Standard Working Group
Enhancing Audit Quality initiative
White paper
Reimagining Auditing in a Wired World