Data analytics is about enhancing audit quality. While there are differing philosophies as to what evolving technologies mean to the auditing profession, audit quality remains a fundamental objective. High quality, focused, and effective audits should closely align with the way companies manage their data and their operations. Data analytics offer a practical way to manage important aspects of audits where data is both available and reliable. Audit procedures performed to discover and analyze patterns, identify anomalies, and obtain information from our clients’ data populations can assist in achieving greater insights in designing the nature, timing, and extent of the audit approach, as well as in communicating the results obtained to management and those charged with governance.
In a complex and dynamic world, companies need to be forward-thinking and insightful about their businesses. As technologies continue to evolve, the ever expanding use of data analytics demonstrates a particular willingness to embrace such change.
Traditional audit analytics provide many benefits to the efficiency and effectiveness of an audit and have been part of the audit toolbox for many years. However, traditional techniques can be limited by being too prescriptive and unfocused, reducing insights delivered to auditors and their clients.
Modern technology enabled data analytics improve the risk assessment process, the depth of substantive procedures, and the focus of tests of controls.
Such data analytics are often described as either being ‘exploratory’ or ‘confirmatory’. Exploratory data analytics are used to identify attributes within a particular data set that are of potential interest because they may represent a potential risk of material of material misstatement or have other implications for the audit, such as vendor pricing concessions or discounts outside of accepted ranges. The results of exploratory data analytics may then be used, for example, in designing and performing further confirmatory audit data analytics, or provide the basis for other types of audit procedures. Confirmatory audit data analytics are ordinarily designed to obtain evidence that will either refute or confirm certain assumptions within the data sets; an example being the comparison of gross margin variances at the individual item level to standards.
In both cases, modern data analytics make it viable for the auditor to use more detailed analysis models than were previously practical, which introduces added rigor to the audit procedures.
The BDO Advantage
BDO has been investing in and developing a suite of data analytics tools we refer to as ‘BDO Advantage’. BDO Advantage combines the benefits of modern technology with our knowledge and understanding of our clients’ businesses. BDO Advantage is transforming our audit approach by functioning as the engine that summarizes and presents complete data set outliers and anomalies. This information is then incorporated into the subjective assessments within our audit strategy. Consider inventory reserves as an example; it is now possible to identify patterns between purchases activity and sales activity at the individual inventory item number when evaluating inventory obsolescence estimates. BDO Advantage includes analytical tools that create data visualizations that enhance our understanding of our clients’ revenue streams, purchases activities, control activities, and inventory movements to more dynamically explore and focus our efforts on patterns, trends and outliers. Such risk-based tools and applications allow flexibility in developing customized solutions that can easily be applied across any business, component or data set. The advanced data analytics solutions available to auditors include benchmarking (e.g., against historical data, industry and peer group information, etc.) and dashboards that not only highlight matters of relevance for consideration in addressing audit risks, but have the added potential benefit of complimenting conversations with financial executives and board of directors with succinct visualizations highlighting specific business issues and risks.
Graphs, charts and tables and other forms of visualization more effectively identify potential problem areas. Quite simply, a picture paints a thousand words. Through tools like Advantage, entire data populations can be reduced quickly to identify those things that matter most, more quickly.
Further expansion of technology enabled data analytics is the first step in helping auditors keep pace with the changes in the environment in which audits are being performed. In time, audits will become increasingly automated, although personal involvement of the auditor will continue to be necessary, particularly as it relates to understanding inputs and assumptions and evaluating trends, patterns, and outliers. The profession is currently assessing several potential barriers to expanded use of technology enabled data analytics.
Experience in Using Data Analytics
Data visualization is only half of the battle. There are certain skills necessary to appropriately assess what data to target, what types of information within data sets are important, and what represents an outlier versus an exception. BDO is already dedicating significant training and development efforts of staff and partners to help enhance and refine these skills sets. Auditors have recognized that data analytics are not effective if they are performed in isolation – they need to be effectively integrated into all phases of the audit and with other procedures.
We believe this hurdle is being lowered every day. Current tools are becoming increasingly user-friendly and our professionals’ current toolbox contains several effective data analytic tools that will continue to evolve with technological advances.
Companies are increasingly expecting auditors to make greater use of technology enabled data analytics. However, there can be resistance from those responsible for maintaining the integrity and security of the data. Concerns over data access typically include unintentionally corrupting or changing of data sets or security concerns when providing access to sensitive data.
Audit firms are overcoming this barrier by providing clear and persuasive information to companies regarding how data integrity and security will be maintained to preserve the confidential and sensitive nature of company information.
Companies may have a patchwork of systems, including older legacy systems or combinations of smaller applications. As a result, there can be a cost involved in converting data sets into usable formats. Similarly, the reliability of data can vary. Data sets may have a higher level of reliability if they come from a system for which internal controls are operating effectively.
Audit analytics methodology should include establishing expectations, applying a degree of precision that would identify a material misstatement of the financial statements, performing an analysis based on reliable data, and investigating and obtaining corroborated explanations for all variations from expectations above a specified investigation threshold. Qualitative as well as quantitative factors such as the precision of expectations and the investigation thresholds should be considered when determining the extent of reliance placed on data analytics for audit purposes. Consideration of the internal controls environment and any system deficiencies, including program change controls and access management controls, is also a critical component of data analytics.
A solid understanding of the systems producing the data on which any data analytics would be based is essential to ensure the audit procedures are adequately designed and based on data that has integrity. What is and what is not possible is often largely dictated by this understanding, which is why diligence on the systems must be done very early in the audit process.
Outliers and Exceptions
Perhaps the most pressing matter in the audit profession is the notion of ‘outliers’ vs. ‘exceptions’. Outliers typically have some attributes that deviate from the norm, whereas exceptions are a subset of outliers that vary in nature or size to the extent that they warrant further investigation to assess whether they represent possible risk of material misstatement.
When the number of outliers is large, it may be inefficient and ineffective to allocate audit resources to investigate all outliers as possible exceptions when the likelihood of material misstatement is low. The auditing profession is currently wrestling with the concept of outliers, triaging outliers as to their potential significance, and developing a framework that can be used to classify items as outliers or as exceptions. Until such time as there is greater clarity in the professional literature, the potential impact on any one audit engagement is largely facts and circumstances driven.
Investing in the Profession
In December 2015, the Rutgers Business School and the American Institute of CPAs American Institute of Certified Public Accountants (AICPA) announced the formation of the Rutgers AICPA Data Analytics Research Initiative (‘RADAR’). RADAR is a research initiative that is comprised of founding members from the Rutgers Business School, the AICPA, CPA Canada, and eight US Audit firms, including BDO. RADAR is a collaborative effort formed in response to the growing recognition of the value of integrating data analytics into the traditional financial statement audit. RADAR intends to explore the effectiveness of various analytic techniques with the goal of providing further supporting evidence for the potential development of authoritative guidance around the use and applicability of these techniques in practice. The profession is currently wrestling with several issues into which the RADAR group is looking to clarify through research. For example, a common limitation of improved exception and outlier identification techniques is that they can generate large numbers of outliers and exceptions. The participating RADAR professionals are investigating philosophies and evaluating frameworks to better classify what distinguishes an outlier from an exception based on potential risk characteristics.
The theory and methodology being researched under RADAR will inform the development of the AICPA Audit Data Analytics Guide currently being developed by the joint AICPA Assurance Services Executive Committee (ASEC)/ Auditing Standards Board (ASB) working group. The research findings will also serve as the basis for further potential professional standards setting regarding the evolving use of data analytics in the context of the financial statement audit, and implications for the auditing standards set and maintained by these organizations.
More information regarding the RADAR initiative can be found on the RADAR page
Continuing the Dialogue
BDO encourages both audit committees and financial accounting and reporting management to further consider and speak to your auditors about the benefits of incorporating data analytics tools and methodology into your audit engagements. For additional audit committee and financial reporting tools and resources, visit BDO’s Corporate Governance page