Navigating Uncharted Waters: A look at auditing reforms in 2023 and the use of audit analytics
For auditors, 2023 is shaping up to be an unprecedented year. Since 2021, there has been a notable surge in the efforts of financial and accounting regulators to address audit quality. Moreover, they are actively pursuing the modernization of outdated auditing standards.
The Public Company Accounting Oversight Board (PCAOB) issued a proposed set of amendments in June 2023 to its auditing standards to address the greater use of technology by auditors, especially when analyzing information in electronic format. The proposed reforms are expected to come with increased levels of supervision and enforcement in the auditing profession, particularly due to the increasing concern among regulators regarding the escalating risk of fraud during economic uncertainty and declining audit quality. According to a December 2021 report, approximately one-third of the audits examined in 2021 exhibited deficiencies.
The proposal includes updating aspects of AS 1105, Audit Evidence, and AS 2301, The Auditor's Responses to the Risks of Material Misstatement. The new proposal aims to improve audit quality by reducing the likelihood that an auditor using technology-assisted analysis will issue an opinion without obtaining appropriate audit evidence. In particular, the proposal would bring greater clarity to auditor responsibilities in the following areas:
- Technology-assisted analysis usually involves analyzing huge amounts of information in electronic format. The proposal would emphasize auditor responsibilities when evaluating the reliability of such information. For example, when auditors test a company's controls over electronic information, their testing should include controls over the company's information technology related to the data collected.
- Technology-assisted analysis can provide audit evidence for various purposes in an audit. For example, performing risk assessment procedures when planning an audit and performing substantive procedures in response to the auditor's risk assessment. The proposal would specify that if an auditor uses audit evidence from an audit procedure for more than one purpose, the auditor should design and perform the procedure to achieve each of the relevant objectives.
- Auditors can use technology-assisted analysis to identify transactions and balances that meet certain criteria and warrant further investigation when designing and performing substantive procedures. For example, auditors can identify all transactions within an account processed by a certain individual or exceeding a certain amount. The proposal would clarify the factors the auditor should consider as part of that investigation, including whether the identified items represent a misstatement, a control deficiency, or a need for the auditor to modify its risk assessment or planned procedures.
How audit analytics can help auditors avoid regulatory scrutiny
An essential aspect of audit analytics is data's independent access and extraction. Data provided by clients must be tested for accuracy and completeness before it can be relied upon. Although data security and confidentiality are always concerns, SafePaaS' secure audit vault ensures that data is always timely, complete, and accurate.
By using audit analytics, auditors can test the entire data set, improving the coverage of audit procedures. This reduces or eliminates sampling risks and provides a higher level of assurance. This is particularly beneficial in areas with high transaction volumes but relatively low individual transactional value or where repetitive transactions are common.
SafePaaS simplifies the extraction of data from multiple sources. Auditors can efficiently run analyses tailored to their client's specific risk profiles. Client organizations often use multiple systems for processing and recording transactions, and auditors can better understand data flow within the organization while identifying potential weaknesses that could lead to material misstatements.
When analyzing the results of analytics, there is an opportunity for client management to engage in collaborative discussions. This helps raise awareness of any exceptions or weaknesses identified within the business. Client accounting staff can also benefit from auditors extracting data directly, relieving them of the burden of providing data and reports to auditors.
Numerous advantages are already being realized as data analytics gradually becomes integral to auditing. With ongoing technological advances and a continuous emphasis on quality-driven audits, data analytics will play an even more important role for both auditors and clients during audits.
Top 5 audit analytics capabilities to consider when auditing digital platforms
The audit analytics solution provided by SafePaaS incorporates robust data analytics features that empower your audit team to enhance productivity, ensure quality, and deliver added benefits to your clients.
Access to data
The number one challenge in auditing a digital platform is access to data. Sampling has always been in the auditor’s toolkit. Sampling is a way to predict the hypothesis that a control is effective. Verifying every transaction is an expense rarely justifiable to shareholders.
Sampling is no longer practical. As the technology landscape expands and cloud adoption increases, auditors need new and improved ways to extract 100% of the data. Basing decisions on sampling methods is too big a risk.
SafePaaS is cloud-based and instantly provides auditors full access to apply controls across a complete data set. SafePaaS provides verified, timely data on demand.
Many audits are still performed in tools like Excel. These tools are error-prone, and maintaining data integrity is nearly impossible. Auditors need access to data from the source to make informed decisions based on 100% of the data.
Auditors require proactive and periodic data analysis to ensure organizations address growing threats to business applications and IT systems to support hybrid, agile, and hyper-automation business needs.
Traditional business intelligence and reporting tools cannot cross-link changes to complex security meta-data against the fragmented, de-centralized provisioning process. Effective analysis requires auditors to review privileges assigned to employees and third parties, service accounts, and BOTs to ensure compliance with access governance policies.
SafePaaS Advanced Analytics enables auditors to analyze volumes of data straight from the source to “find the needle in the haystack” by using discrete and fuzzy logic to filter historical data sets stored in SafePaaS and perform What-if analysis to predict potential risks that would impact business applications and IT systems. Advanced data comparison options ensure that requested corrective actions to security are completed timely. Changes introduced by third-party application providers are detected, and alerts are routed to IT security personnel for examination and remediation. Auditors can ensure that access controls are operating effectively by analyzing ITSM request logs against the fulfillment records in business and IT systems. Application administrators can ensure that the user access to applications is terminated when employee job assignments are changed or terminated in HR systems to prevent orphaned or dormant access.
Ideally, the auditor and customer should work off the same data set and share reports within a secure platform, eliminating error-prone manual work and maintaining data integrity. For example, how do you prove that there are three purchase orders outside the purchasing limit? Doing this through work papers (papers that support the assertion) isn’t effective.
SafePaaS provides an online platform where the customer and auditor can collaborate and communicate using a complete audit trail. SafePaaS is a secure, collaborative, workflow-enabled platform allowing auditors and customers to work better together.
A critical factor for auditors is completing the audit plan within scope and budget. SafePaaS streamlines the whole process - from beginning to end - from planning to execution and output.
Audit analytics empowers auditors with data-driven insights and enhances their ability to plan audits effectively, allocate resources efficiently, and identify areas of potential risk or concern. Analytics helps auditors make informed decisions and prioritize audit procedures, ultimately enhancing the quality and effectiveness of the audit process.
The year ahead holds tremendous change for auditors as financial regulators escalate their endeavors to tackle audit quality and modernize antiquated auditing standards. By embracing emerging digital capabilities and adapting to the dynamic landscape, auditors will enhance their readiness to fulfill the rising expectations for audit quality and effectively maneuver through the ever-evolving regulatory landscape in 2023 and the future.
External Auditors face new regulatory pressure
Hold onto your calculator, auditors; 2023 is shaping up to be an unprecedented year. Since the pandemic, there has been a notable surge in the efforts of financial and accounting regulators to address audit quality. Moreover, they are actively pursuing the modernization of outdated auditing standards.
Advanced Control Analytics
Advanced analytics focuses on anticipating future outcomes based on historical data. Retailers can apply statistical modeling and machine learning to obtain a rearview mirror of company performance. Advanced analytics allow retailers to project revenue and earnings that better forecast their business and control their resources to meet growth and margin requirements.
Mitigate Financial Misstatement Risk
How can your enterprise protect itself from the risk of too much responsibility residing with one person? This ebook will discuss the Segregation ofDuties (SoD) and its critical role in enabling businesses to minimize the risk of financial misstatement.