Mercia Newsletter
Driving Audit Quality with automated tools.
In this article, we look to answer some questions you may have related to the use of automated tools and techniques, in particular audit data analytics, on audit engagements.
I’ve heard the ICAEW have included ‘Data Analytics’ into the student training syllabus for upcoming Audit and Assurance exams, but what is it?
In the context of audit, Data Analytics is a specific category within the broad spectrum of technological and automated resources available to an auditor, which for purposes of this article we will refer to as Audit Data Analytics (‘ADA’). We will use the following interpretation of ADA:
The use of data analysis techniques which can be used by the engagement team to perform risk assessment procedures, both controls and substantive testing and completion activities.
Examples could include the filtering and sorting of data to identify outliers, anomalies, deviations and other inconsistencies, or detection and evaluation of trends and patterns within a data set.
In practice ADA can be deployed via various ways. In its simplest form, this can involve searching and sorting of data within a spreadsheet. More complex instances involve sophisticated applications which automate the performance of analysis and can include the use of artificial intelligence and machine learning.
The ISAs do not mention the use of ADA, so can we use it for an ISA compliant audit?
The short answer to this… yes.
Historically, the ISA’s have been silent on the use of technology. More recently however, revisions to ISA (UK) 315 now incorporate application guidance which specifically references the use of ‘automated tools and techniques’. While this indicates such technology is permitted for use in the future and given the revised ISA (UK) 315 is available for early adoption, this is clearly direct confirmation that its use is permitted now.
Recent regulatory feedback we have seen also does not prohibit the use of ADA, rather it encourages and generally praises its use. Any negative comments regarding the use of ADA tend to focus more on audit teams misusing or misunderstanding the application (for example it not being appropriately tailored to specific clients), rather than fundamental weaknesses its use creates.
herefore teams giving proper consideration at the planning stage for how ADA can be used on an engagement, ensuring it is tailored and appraised specific to each client is the key to its use when delivering an ISA compliant audit.
It sounds like the use of ADA is not mandated though and its use will just increase the level of documentation to be added to the file, so why should I use it?
While teams should expect some incremental ‘year one’ costs when deploying ADA for the first time, it is expected its use will allow auditors to feel the benefit from efficiencies in future years, while also enhancing quality. Specific areas this will be achieve include: obtaining a deeper understanding of the entity and its environment and thus driving a more robust risk assessment; giving the ability to analyse large populations and help focus testing on risky areas; improving the ability to detect fraud; giving group teams greater control and oversight over group engagements; and allowing enhanced and more meaningful communication with clients.
Therefore, our view is that auditors should be challenging themselves as to why ADA should not be used on an engagement, rather than why it should be.
Will you be updating the UK Mercia Audit Methodology to incorporate the use of ADA?
Yes. An update to our methodology has now been published which includes dedicated forms and guidance for auditors to consider and appraise the use of ADA on an engagement. Some specific areas for its use are highlighted within our methodology including: risk assessment activities; identifying high risk transactions / journal entries; and stratification of sample sizes, although these potential uses are not exhaustive and teams are able to tailor the methodology further to incorporate wider uses as they deem appropriate.
What are the next steps?
All firms should start to discuss the use of ADA in their audit work. Increasingly clients are asking for it and new staff will have experience of it. It can be a great tool to help the auditor assess risk and focus their work on areas where results are not in line with expectations. Even if the information provided does not help the audit at all, the information can be interesting to clients and demonstrate that the firm is innovative and really understands the business.
Whatever audit system you use, ask your provider to confirm how / when ADA will be added to their programmes and then think how you role it out to the team, and perhaps which clients would be good ones to use as “test subjects.”
What about further training?
Many providers are starting to train in this area, included professional bodies and commercial training providers. If you are interested in more support, please contact Mercia for details of our audit system and audit training courses.