DATA ANALYTICS : THE FUTURE OF AUDIT

Similar documents
International Standard on Auditing (UK and Ireland) 500

International Standard on Auditing (Ireland) 500 Audit Evidence

Audit Evidence. HKSA 500 Issued July 2009; revised July 2010, May 2013, February 2015, August 2015, June 2017

International Auditing and Assurance Standards Board ISA 500. April International Standard on Auditing. Audit Evidence

IAASB Main Agenda (March 2019) Agenda Item

Scope of this SA Effective Date Objective Definitions Sufficient Appropriate Audit Evidence... 6

Audit Evidence. SSA 500, Audit Evidence superseded the SSA of the same title in September 2009.

INTERNATIONAL STANDARD ON AUDITING 500 AUDIT EVIDENCE CONTENTS

ISA 500. Issued March 2009; updated June International Standard on Auditing. Audit Evidence

IAASB Main Agenda (June 2008) Page Agenda Item

Audit Evidence. ISA 500 Issued December International Standard on Auditing

INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 500

IAASB CAG Public Session (March 2018) CONFORMING AND CONSEQUENTIAL AMENDMENTS ARISING FROM DRAFT PROPOSED ISA 540 (REVISED) 1

STATEMENT OF AUDITING STANDARDS 500 AUDIT EVIDENCE

INTERNATIONAL STANDARD ON AUDITING 530 AUDIT SAMPLING AND OTHER MEANS OF TESTING CONTENTS

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a. AUDITING THEORY Risk Assessment and Response to Assessed Risks

CHAPTER 9 TESTS OF CONTROLS

IAASB Main Agenda (February 2007) Page Agenda Item

Auditing Standards and Practices Council

INTERNATIONAL STANDARD ON AUDITING 530 AUDIT SAMPLING AND OTHER MEANS OF SELECTIVE TESTING PROCEDURES CONTENTS

Audit Sampling and Other Means of Testing

Analytical Procedures


Seminar Internal Control Identification and Filtering

MULTIMEDIA COLLEGE JALAN GURNEY KIRI KUALA LUMPUR

Using Data Analytics in Audits

Chapter 8 Analytical Procedures

VERSION #1 WRITE ON YOUR SCANTRON!!!

covered member immediate family impaired not a covered member close relative not impaired

Characteristics of Audit Sampling 7

Chapter 06. Audit Planning, Understanding the Client, Assessing Risks, and Responding. McGraw-Hill/Irwin

The Auditor s Responses to Assessed Risks

Evaluating Internal Controls

Detailed competency map

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

REGISTERED CANDIDATE AUDITOR (RCA) TECHNICAL COMPETENCE REQUIREMENTS

Audit Practice Introduced by HKSA (HKSA 315 and 330) 1 February 2008

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

Auditing Standards and Practices Council

AT Assertions, Audit Procedures and Audit Evidence Red Sirug Page 1

Audit Evidence This section is effective for audits of financial statements for periods ending on or after December 15, 2012.

Institute of Chartered Accountants of India. Standards on Auditing

Chapter 18. Integrated Audits of Public Companies. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Internal Audit Report Accounts Payable September 2017

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

AUDIT TECHNIQUES---SA 500

Prerequisite(s): ACCT 1020 or permission of the Business & Technology Department Chair

How well you are prepared to deal with IFC

International Standard on Auditing (Ireland) 300. Planning an Audit of Financial Statements

Analytical Procedures

NEPAL STANDARDS ON AUDITING AUDIT SAMPLING AND OTHER SELECTIVE TESTING PROCEDURES

CHAPTER -10 CIS AUDIT

ISA 520 Proposed SAS AU Section 329 Comments

IAASB Main Agenda (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1

Memo. Date: October 2018 INTRODUCTION

computer-assisted Chapter 10 Substantive testing, audit techniques and audit programmes

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Auditing Standards and Practices Council

IAASB Main Agenda (March 2005) Page Agenda Item 12-C

WATCH WORDS FROM THE PEER REVIEW PROCESS

Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

Proposed International Standard on Auditing 315 (Revised)

AUDIT RESPONSIBILITIES AND OBJECTIVES

Internal Controls and Sampling Tests

IAASB Main Agenda (December 2004) Page Agenda Item

International Standard on Auditing (Ireland) 315

(Effective for audits of financial statements for periods ending on or after December 15, 2013) CONTENTS

Analytical Procedures

The Financial Edge. The Financial Edge. An Introduction

IAASB Main Agenda (September 2004) Page Agenda Item PROPOSED REVISED INTERNATIONAL STANDARD ON AUDITING 540

Audit evidence. chapter. Chapter learning objectives. When you have completed this chapter you will be able to:

International Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation

3/29/15. Module 3: Audit objectives, evidence, procedures, and documentation

THE AUDITOR S RESPONSES TO ASSESSED RISKS SRI LANKA AUDITING STANDARD 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS

ACCA Certified Accounting Technician Examination Paper T8 (INT) Implementing Audit Procedures (International Stream)

INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 520

SECTION A CASE QUESTIONS (Total: 50 marks)

Assurance Hand Note Professional Stage-Knowledge Level By: Shafique Ahmed-Sr. Officer (Internal Audit-BSRM) Assurance

BSc (Hons) Accounting with Finance. Cohort: BACF/13/FT/Aug & BACF/13/PT Jan & BACF/12B/FT. Examinations for Semester I / 2014 Semester II

STATISTICAL SAMPLING METHOD, USED IN THE AUDIT - views, recommendations, findings

PLEASE complete #1-25 on your green scantron and the rest of them in your blue book.

How to Maximize Your Internal Controls Program. June 15, 2017 Atlanta, GA

SUGGESTED SOLUTIONS/ ANSWERS EXTRA ATTEMPT EXAMINATIONS, MAY of 11 AUDIT & ASSURANCE [P2] PROFESSIONAL LEVEL

Due: Tuesday, May 1, 2007 by 5:45 p.m.

Mapping of Original ISA 315 to New ISA 315 s Standards and Application Material (AM) Agenda Item 2-C

SUGGESTED SOLUTIONS Audit and Assurance. Certificate in Accounting and Business II Examination March 2014

Idaho PTE Business Education Course with Essential Learning Outcomes and Learning Indicators

Accounting 408 Exam 2, Chapters 3, 4, 5, 6, E, F

The Role of Analytics in Auditing The Importance of What the Numbers Indicate and Lack to Indicate

Preparing for a Headache-free Audit

UNIVERSITY OF TOLEDO INTERNAL AUDIT DEPARTMENT MANAGE FIXED ASSETS

Special Audit Techniques. CA Final Paper 3: Advanced Auditing & Professional Ethics Chapter 5 CA Arijit Chakraborty

Chapter 2. The CPA Profession

Implementation Tool for Auditors

Presenter: CPA CATHERINE MUEMA

FOUNDATIONS IN ACCOUNTANCY Paper FAU (UK) Foundations in Audit (United Kingdom)

Re: Exploring the Growing Use of Technology in the Audit, with a Focus on Data Analytics

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

UTPA FY2013 Financial Audit

ILLUSTRATIVE RISKS OF MATERIAL MISSTATEMENT, RELATED CONTROL OBJECTIVES AND CONTROL ACTIVITIES. (Refer paragraphs 77 and 100)

Transcription:

Institut des Réviseurs d Entreprises Institut royal Instituut van de Bedrijfsrevisoren Koninklijk Instituut

The purpose of this publication is to demonstrate that data analytics techniques are embedded in the audit approach and that data analytics offers many opportunities to improve the audit quality. TODAY DATA ANALYTICS TECHNIQUES ARE ALREADY EMBEDDED IN THE AUDIT APPROACH Today most of the auditors apply data analytics in their day-to-day audit activities. The techniques are sometimes basic, in other situations more complex. Basic analytics procedures are performed through softwares such as excel that used to sort information (for example top 10 customer by revenue) and match data from separate sources (for example individual fixed assets still in use in the fixed assets management system with the fixed asset as recorded in the general legder). More advanced procedures involve IT audit techniques and are used, for example, to recalculate the accuracy of trade receivables ageing balance, to realize a three way match detail testing, to isolate goods shipped without sales invoice,... BUT DATA ANALYTICS OFFERS MANY OTHER OPPORTUNITIES TO IMPROVE AUDIT QUALITY Data analytics is a key element in the strategy to improve audit quality. Analytics tools will assist the auditor in the identification of risks through procedures such as the search for one time vendors, direct expenditure postings, vendors with payments on multiple bank accounts, duplicated payments,... NEW SKILLS MORE ADDED VALUE AND AUDIT CREDIBILITY LARGER COVERAGE FROM SIMPLE TO COMPLEX TECHNIQUES MAXIMISATION OF PROFFESSIONAL SKEPTICISM AND JUDGMENT BETTER UNDERSTANDING OF AUDIT APPROACH DATA ANALYTICS BETTER AUDIT QUALITY SHIFT TO MORE EXPERIENCED AUDITORS BETTER ANALYSIS OF AUDITED ENTITY BETTER ANALYSIS OF EXCEPTION EMBEDDED IN THE AUDIT APPROACH

1. DATA ANALYTICS, Data analytics (DA) is the process of examining data sets in order to draw conclusions about the information they contain, increasingly with the aid of specialized systems and software. Data analytics technologies and techniques are widely used in commercial industries to enable organizations to make more-informed business decisions and by scientists and researchers to verify or disprove scientific models, theories and hypotheses. With the increasing volume of data in business today, data analytics can be used as an audit technique to better understand and analyze large volumes of data. Equipped with a more in-depth knowledge of the entity s business, the auditor is able to focus on items of greater audit interest. Data analytics may also provide recommendations to clients. Will sampling techniques disappear and systematically be replaced by full coverage of the population? Many questions remain unanswered. The objective of this document is to provide a high level overview of data analytics in the audit approach and to provide examples of data analytics audit procedures. The International Auditing and Assurance Standards Board (IAASB) is currently evaluating whether and to what extent data analytics should be integrated into the international standards on auditing (ISA s). The way an audit is executed has not fundamentally changed in many years, but now it is time for the audit profession to adapt to the new technologies available. 2. ADVANTAGES AND CHALLENGES Data analytics enhances audit quality because the population tested is larger with the objective that 100 % of the data is screened. As a result, auditors can generally derive a combination of quality and value from its use. Data analytics provide an opportunity to maximize the effectiveness of the human element. For example, technology solutions can reduce the amount of time dedicated to manual analysis, allowing more time to be spent by the auditor on the more judgmental aspects of an analysis Data analytics increases the automation in the audit process which allows the auditor to increase his focus on the more fundamental audit procedures and the more complex and risky areas of audit. The application of professional skepticism and professional judgment is improved when the auditor has a robust understanding of the entity and its environment. In an increasingly complex and high-volume data environment, the use of technology and data analytics offers opportunities for the auditor to obtain a more effective and robust understanding of the entity and its environment, enhancing the quality of the auditor s risk assessment and response. The enhanced use of professional skepticism and professional judgment in the audit process will also impact the attractiveness of audit as a career option. Data analytics presents an opportunity for more valuable and informed engagement and dialogue with those charged with governance within the audited entity. Modern data analysis methods also support producing more reliable information for the users. Ultimately, data analytics adds value to the audit and thus increases the credibility of the audit. While the benefits are clear, data analytics also means new challenges. The analytic techniques should be embedded in the audit approach but testing large populations often generates a high number of exceptions. What is the audit conclusion in case of numerous exceptions? Also the acquisition of data can take significant time for the audit team. The information delivered by the client should be in a format that can be used by the auditor and this is not always obvious. The fragmentation of the ERP systems market is also a hurdle: the format of information can be different from system to system. The use of data analytics in the audit can encompass a wide range of techniques. The auditor of the future should be familiar with simple data analytics, but also more complex data analysis techniques. Data analytics should be embedded in the audit approach, not acquiring tools.

3. INTEGRATION OF DATA ANALYTICS IN THE AUDIT APPROACH Data analytics is integrated in the audit approach conforming the International Standards on Auditing (ISAs). Consequently, the ISA audit approach remains unchanged. Data analytics can be applied throughout the phases of the audit, including: Plan the audit. Perform tests of operating effectiveness of control. Perform substantive procedures. Evaluate results. Data analytics can either be exploratory (plan the audit) or used to perform further audit procedures (i.e., tests of controls and substantive procedures). 3.1 PLAN THE AUDIT Exploratory data analysis (EDA) is an approach to analyzing data sets to summarize their main characteristics, often with visual methods. The auditor does a first and general analysis of the information of the data in order to get preliminary insights about the data. It can be used in the planning phase and during the risk analysis. It starts with looking at the data and asking questions such as: What does the data indicate? Does the data suggest something might have gone wrong? Where do the risks appear to be? Are there potential fraud indicators? What assertions should we focus on? What models and approaches appear to be optimal for analytical procedures? Exploratory data analytics are generally used when performing risk assessment procedures, including: Understanding the entity and its environment. Identifying and assessing the risks of material misstatement. Designing further audit procedures that are tailored to the risks identified. Population analysis can also be performed through data analytics. It can help the auditor design tailored audit procedures by providing general information about a population (e.g., total distribution of debits/credits, amounts, volume, and timing of transactions) based on common fields in the general ledger. Depending on the types of statistics, this insight can be used for enhanced risk assessment. It can also be used prior to the performance of the further audit procedures when we have obtained the population and want to enhance the auditor s understanding of the population. 3.2 IMPLEMENTATION OF THE AUDIT APPROACH When using data analytics to perform audit procedures, the techniques are more structured than exploratory data analytics and tend to be more mathematical and analytical (e.g., regression analysis). Using data analytics to perform audit procedures can provide the auditor with sufficient appropriate audit evidence regarding the assessed risks. The following types of procedures could be supported by data analytics: Tests of controls. Tests of details. Substantive analytical procedures. Tests of Controls Inspection or reperformance of controls Data analytics may be used to test the operating effectiveness of controls through inspection of the data for evidence of the control operating as designed. In some circumstances, data analytics can also reperform the control activity itself. Tests of Details Recalculations Data analytics can be used to perform a recalculation of an entire population as opposed to only a sample of items. Reconciliations and Roll forwards Data analytics can be used to compare and agree information from multiple sets of data, or to roll forward data from one period to the next. Substantive Analytical Procedures Regression Analysis Data analytics can be used to analyze the relationships between variables in the data to identify differences between recorded amounts and our established expectations that may warrant further investigation. Other Data analytics may also be useful in other ways.

Automation of Manual Procedures Data analytics may be used to perform time-consuming and often tedious manual audit procedures. Journal Entry Testing to Address the Risk of Management Override of Controls Data analytics are often used for testing journal entries to address the risk of management override of controls through the use of an electronic approach. 3.3 EVALUATION OF MISSTATEMENTS An audit allows the auditor to express an opinion about whether the financial statements are free of material misstatement. Because the auditor must limit overall audit risk to a low level, reasonable assurance must be at a high level. Stated in mathematical terms, if audit risk is 5 percent, then the level of assurance is 95 percent. When analyzing exceptions and misstatements, the auditor should always keep in mind that the main objective should be to provide reasonable assurance. However, data analytics will not lead to providing an absolute assurance. Deviations identified through data analytics should be analyzed, sorted and clustered. Part of the deviations can often be justified. For example, when a system is configured to prevent pricing changes, a manual price change is a deviation. However, if the change has been duly approved, there is no issue from an audit point of view. And what if data analytics identifies misstatements? Regardless of the audit technique employed to identify misstatements, once the auditor has established that a misstatement exists, he should investigate the nature and cause of any misstatements identified and evaluate their possible effect on the purpose of the audit procedure and on other areas of the audit. In general, there are 3 different types of misstatements: Factual Misstatements are misstatements about which there is no doubt. Judgmental Misstatements are differences arising from the judgments of management concerning accounting estimates that the auditor considers unreasonable, or the selection or application of accounting policies that the auditor considers inappropriate. Projected Misstatements are our best estimate of misstatements in populations, involving the projection of misstatements identified in audit samples to the entire populations from which the samples were drawn. When the auditor performs a data analytics as a test of details to test 100 percent of the population, he typically would not identify a projected misstatement because he has not performed an audit sample. Audit sampling procedures are used to draw inferences about the entire population based on the results of testing a sample of selected items from the population. This involves projecting factual misstatements identified in the sampled items to the remainder of the population (projected misstatement). However, when using data analytics as a test of details, there may be circumstances in which the auditor identifies a large number of exceptions such that it is not practical to investigate them all individually. If he samples the exceptions and identifies a factual misstatement in his sample, and the nature and cause of the misstatement is specific to the exception population, it is appropriate to project the identified misstatement to the population of exceptions, resulting in a projected misstatement. For example, the use of data analytics as a test of details to perform a 100 percent match of recorded invoices to a standard price listing. In this example, the invoice prices are automatically generated at the time an invoice is created based on the standard price listing; however, there are circumstances in which deviations from the standard price listing may be approved and manually overridden. The results of the data analytic identified a number of exceptions indicating manual overrides from the standard pricing had been applied to invoices. In order to assess whether these manual overrides are properly approved, the auditor selects a sample of the exceptions to test. Upon investigation of the sample of exceptions he determines that a portion of them were not properly approved and therefore represent factual misstatements in the population. It would then be appropriate to extrapolate the identified factual misstatement over the remaining population of exceptions to determine the corresponding projected misstatement within the population.

Data analytics tools The auditor can use classical data analytics tools but also more sophisticated techniques. Below are examples of tools Excel Analytics ACL IDEA CaseWare Softwares that can aid in performing analytical procedures by using regression analysis to model the relationship between an amount being tested and data expected to be predictive of the amount. In analytics, the acquisition of data is key. The information used by the auditor should be validated (for example reconciled to the general ledger and/or analysis of the period covered for completeness). Any change made to the base information should be documented. Examples of data analytics routines Data analytics can be applied throughout the phases of the audit. Please find below some examples of data analytics routines and considerations per audit phase: CONTROL OBJECTIVES EXAMPLES PLAN THE AUDIT Planning First inventory of data analytics possibilities. Today, the auditor always considers the use of data analytics techniques in the planning phase. The more the core processes are supported by an information system, the more data analytics possibilities there are. The auditor must ask the following questions: To what extent are processes supported by an information system? To what extent are underlying data of transactions available? What kind of data analytics might be applied? Which tools do I have available? Evaluation of the data quality of the general ledger whereby an attempt will be made to check whether the data is complete, honest and available for the desired period. To deal with the following topics on the basis of interviews and first procedures: To what extent are controls available that guarantee the completeness, integrity and availability of underlying data? We think of examples such as: Access to underlying data and the possibility to make changes; Review of the underlying data by the client by, among other things, reconciliation of any subsystems to the general ledger; Does the contact (IT manager, financial manager, etc.) have enough expertise with the client to handle data extraction? Risk assessment First analysis of the general ledger to determine the most important transaction flows within the organization. A good analysis can lead to a better description of the identified risks and the data analytics possibilities. In total this will lead to a more targeted approach to the risks. This data is used, among other things, for the preliminary analytical review. Through data analytics procedures obtain a first insight into: Type and volume of transactions; Mapping core processes; Checking accounting transactions against expected accounting patterns (example: are all turnover entries booked directly against the trade receivables? Are there turnover entries which do not pass through the sales ledger?) Seasonality of transactions; Mapping the evolution of relevant KPIs (stock rotation, number of days of customer credit, etc.)

EXECUTE THE AUDIT Tests of controls Perform tests of controls using data analytics Examples include the following tests of controls: Analysis of all paid invoices of the fiscal year: approval present? Timely? Correct person? Analysis of credit limits by customers: are there exceedances? SOD analysis on Order to Cash Cycle (This data analytics procedure identifies the sales processing permissions assigned to each user based on their ERP profile (on the extraction date) and compares these permissions to pre-defined expectations for how permissions would normally be assigned to prevent ERP users having incompatible duties when processing sales transactions. Analysis of access rights of users and possible changes throughout the fiscal year Preparation of the activity-role matrix (which activities relate to which roles and related statistics) Substantive procedures Transaction analysis of various business processes by means of data analytics techniques Examples include: Three-way match within the order-to-cash cycle (This data analytics procedure compares information from the customer invoice details used to record revenue with the related sales order and delivery document information within the ERP (i.e., three- way match). The comparison is focused on the attributes of quantity and price). Transaction flow verification: verify whether the actual booking sequences are aligned with the designed process as described in our risk assessment. Inventory subledger data analysis (This data analytics routine perform specific subledger data analysis (balance as per year-end, costing method, manual changes and negative quantities/cost by inventory category). Analysis of payments made after period end (This data analytics procedure categorizes cash payments recorded subsequent to the period end through to the Extraction Date. The categorization is done based on the earlier of the expected delivery date (as recorded on the purchase order) or delivery date obtained from the underlying invoice or delivery document to which the payment relates, as cash payments that appear to relate to goods delivered before the period end or after the period end and also identifies the period in which the related liability was originally recorded.)

Instituut van de Bedrijfsrevisoren Institut des Réviseurs d Entreprises E. Jacqmainlaan 135/1 1000 Brussels This paper was prepared by the working group Data Analytics, which is composed of the following members: Olivier De Bonhome, Erik Gjymshana (technical advisor) Mieke Jans (prof. University of Hasselt), Daniel Kroes (president), Marc Marissen, Filip Simpelaere, Jeroen Trumpener and Sébastien Verachtert Institut des Réviseurs d Entreprises Institut royal Instituut van de Bedrijfsrevisoren Koninklijk Instituut

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback