Audit technology

Audit technology is the use of computer technology to improve an audit. Audit technology is used by accounting firms to improve the efficiency of the external audit procedures they perform.

General background
Audit technology is a general term used for computer-aided audit techniques (CAATs) used by accounting firms to enhance an engagement. These techniques improve the efficiency and effectiveness of audit findings by allowing auditors to analyze much larger sets of data, sometimes using entire populations of data, rather than taking a sample. As information technology has grown and developed in recent years, so has audit technology. With more advanced programs, artificial intelligence, and stronger computing power, audit technology has allowed for more informed decision making and determinations during an engagement.

History
Audit technology has a relatively short history seeing as technological advancements have occurred rapidly. Information technology has largely begun to advance over the timeline of about the last twenty years. Prior to the development of modern day audit technology, audit opinions were determined with much less reliable evidence. Testing methods relied more heavily on manual calculations and were subject to a large possibility of human error. In addition to being less accurate, manual audits were also much more time consuming. Thanks to the recent advancements in information technology that are being applied to the field of auditing, audits are conducted more efficiently and the opinions are much more accurate. Firms that are continually expanding their use of audit technology over time in recent history are able to charge a higher rate and deliver a more quality service to their clients. Since computers were first used in accounting systems, technology’s involvement in an audit has grown continuously.

The 1940s
While World War II created a hiatus in the development of audit technologies, in 1947 to 1948, two specific commentaries were made which required audit technology to advance. The first stemmed from a new distinction between gaining an understanding of internal controls and providing reasonable assurance that internal controls are in effect and operating as planned. This meant that auditors could not only just understand internal controls, but would now have to test them as well. The second was a requirement for audits to be performed with regard for the risk of material misstatement, meaning there needed to be ways of gaining more reliable audit evidence.

The 1950s and onwards
The 1950s followed the prior decade directly as it saw the introduction of statistical sampling becoming more widely used among auditors. This new audit tool was the first of its kind, in that most other tools of the time came simply from the wisdom of experienced auditors, while this one came from another discipline entirely: mathematics. From here, more and more audit tools were created based on other fields of study.

In 1966 Analytical Auditing by R.M. Skinner and R.J. Anderson was published. This document provided the first widely accepted explanation of flowcharting. Related to the previous decade, this is another audit tool which derives from a discipline other than auditing. Systems analysis was another growing field at the time, and adjustments had to be made to the accepted system of flowcharting to make it acceptable for auditing needs.

By the mid 1970s, new approaches to audit research were found in other fields. For example, in the branch of psychology, auditors began using human information processing to yield more useful and accurate findings. These findings led the way to new tools that enhanced auditors’ decision making processes for the next few decades.

The year 1983 saw the first fully stated form of the audit risk model which was applied to audit sampling and audits as a whole. This model can be stated as: AR = IR x CR x DR.


 * Audit risk (AR) is the risk that the auditor’s opinion is wrong
 * Inherent risk (IR) is the risk that the accounting system of the client will fail, disregarding internal controls
 * Control risk (CR) is the risk that the client’s internal controls will fail to prevent or detect a misstatement
 * Detection risk (DR) is the risk that a misstatement that is not prevented or detected by the client’s internal controls is also not detected by the auditor’s substantive tests

Auditors assess these risks based on their observations of the client under audit and their understanding of their own audit procedures. This model contributed, and continues to contribute, greatly to the decision making process of an audit and it is blended with the more advanced techniques and technologies that are in use today.

Electronic data processing
Electronic data processing (EDP) has had a massive impact on auditing throughout the last half century. Not only did it change the way audits were done, but it also made possible new tools to keep up with an evolving environment. After signing with the Systems Development Corporation to act as a consultant in 1965, the AICPA formed a task force designated to the understanding of EDP in the auditing profession. This led to the publishing of Auditing & EDP which provided guidance on the topic and is referenced in the Statements on Auditing Standards (SAS).

With more powerful computers, the environment saw a number of changes that are now commonly accepted practices in business. For example, accounting controls were implemented directly into computer programs; records and data were stored in digital form, which limited the amount of hard copy reports; input documents, which were common prior to this, were becoming more rare since information was being entered directly into the systems. These, and many other evolving practices, made “working around the computer” more and more difficult for clients with complex integrations. Two needs were identified: (1) concepts for evaluating programmed application controls had to be developed, and (2) the power of the computer had to be integrated into the audit.

The problem with the first need was that confusion arose around whether it was necessary to test EDP general controls (access, system-development, and program-change) along with the application controls. SAS no. 48 describes their relationship as “interdependence,” but does not require the testing of general controls. This confusion caused concepts for evaluating controls to be developed at a slower pace than the actual application of computers in the auditing world.

By the early 1970s, there were so many audit software packages on the market that articles were written instructing people on how to choose the right one. The main problem auditors struggled with was how to use the computer to access their clients’ data files and programs.

An early solution to this saw auditors process data that had already been tested through the client’s computer and compare these results to the original results from the client's computer. Auditors also had programs created that access and test computerized data, but more generalized audit software soon offered a similar approach. This software was able to perform calculations, read and compare computer files to each other, and report on information specified by the auditor. It was also able to speed up audit techniques like preparing accounts receivable confirmation requests and evaluating statistical samples. The latter of which caused statistical sampling and computers to go hand in hand in the coming decades.

These efficiencies took a step further with the introduction of the microcomputer. These smaller, more portable computers allowed auditors to perform similar calculations at the audit site, rather than waiting to go back to the office. By the mid-1980s these had become a common tool in most audits.

CAATS
Audit technology used today is the computer-aided auditing tools (CAATS) used in public accounting that help improve the overall effectiveness and efficiency of an audit. More specifically, auditors can use their arsenal of information generated by these software to more effectively perform risk assessments, design more appropriate auditing procedures and strategies, and help investigate outliers in the data in a more timely fashion that may have been left unseen if the auditor were to resort to sampling instead. Auditing technology software use CAATS according to their audit strategy to aid in their overall audit. CAATS provide many advantages compared to typical audit techniques and improve overall efficiency of the audit by continuously monitoring large amounts of data in limited time. There are many different types of CAATS that a firm will use when completing their audit.

Software
CAAT’s generally refer to any software that improves upon the audit process. However, it is often more specifically used to represent software that aid in data extraction and analysis. One of the most prominent software used today is Generalized Audit Software (GAS), like:


 * Statistical Analysis System (SAS)
 * ACL
 * IDEA

GAS’s are one of the most heavily used CAAT’s in modern day audits. GAS is a packaged auditing software that allows the auditors to conduct analyses on widespread databases and software on extracted or live data sets. Specialized GAS auditing tools offer different opportunities for the auditor.

Statistical Analysis System (SAS)
SAS is a software suite created by SAS Institute, and has been in development since as early as 1966. SAS assists in the collection of statistical data and analysis by mining, altering, managing, and retrieving data, to identify trends and patterns for the user to review. Since its stable release in 2020, SAS has added fourteen new features to its suite including tools to aid in not only statistical analysis, but also quality control, data mining, and operations research. These additional software suite components are as listed below:


 * Base SAS – Basic procedures and data management
 * SAS/STAT – Statistical analysis
 * SAS/GRAPH – Graphics and presentation
 * SAS/OR – Operations research
 * SAS/ETS – Econometrics and Time Series Analysis
 * SAS/IML – Interactive matrix language
 * SAS/AF – Applications facility
 * SAS/QC – Quality control
 * SAS/INSIGHT – Data Mining
 * SAS/PH – Clinical Trial analysis
 * Enterprise Miner – data mining
 * Enterprise Guide – GUI based code editor & project manager
 * SAS EBI – Suite of Business Intelligence Applications
 * SAS Grid Manager – Manager of SAS grid computing environment

Technology in the Big Four
The “Big Four '' Accounting firms, Deloitte, PricewaterhouseCoopers (PwC), Ernst & Young (EY), and KPMG all use a combination of audit technologies including machine learning, artificial intelligence, robotics, and visualizations to test more data in a more efficient and effective manner. Many accounting firms use their own comprehensive auditing software to deliver a seamless experience for their clients. Examples of auditing software used by the “Big Four” firms are: Aura (PwC), Clara (KPMG), Omnia (Deloitte), and Canvas, Helix and Atlas (EY). While each of these software are tailored to each firm’s particular audit strategy, there are most definitely commonalities across them all.

Focus on AI and robotics
As technology has progressed over the years and subsequently made the process of an audit much more simple, smart machines are now beginning to redefine how audits are done, as well as their quality and timeliness. Public accounting firms across the globe now race to power their audits with machines, robots, and AI-powered systems to become the leaders in auditing. With this rapid increase in the use of automated machines to complete large sections of audits, a recent analysis by PricewaterhouseCoopers (PwC) now suggests that up to 30% of UK jobs could be at risk by the early 2030's, across all industries, due to the ability of these machines to work with minimal supervision at a fraction of the cost. But what does this mean for the process of an audit? All of the Big 4 Accounting firms, including PwC, are making every effort to use this automation to make audits faster, smarter and with less error. For PwC, this led to the creation of their Aura auditing system, which is currently used by every auditor in PwC's network to record and integrate audit activities. This AI software ensures that everyone working on an audit works to the same methodology and allows for easy monitoring of audit procedures in real time to ensure audit quality. Although AI-enhanced auditing is in its infancy, it is already being used to spot patterns and anomalies in large structured data sets, remember them, and learn from them to apply it to the next set of data.

Robotics are also beginning to play a heavy role in increasing audit efficiency as with the use of drones in stock counts of assets. This process being able to be completed by drones saved the public accounting firm time and money as the auditors will no longer have to physically travel to locations to inspect inventory and other assets. Additionally, drones can be used to map areas such as farms or mines to quickly assess the physical state, similar to performing stock counts.

Technological aid, not replacement
While audit technology is being used at rates higher than ever to help improve the timeliness and effectiveness of audit procedures, it is important to note that these analysis tools are merely an aid for auditors to help in making final decisions. Public accounting firms must be sure to act with professional judgment throughout the entire scope of the audit process. The development and implementation of these audit technologies in the public accounting profession makes it much easier for auditors to identify deviations from expectations and trace or vouch to their source documents in order to more quickly make their professional judgment decisions, however, it is essential that these tools do not replace an auditors level of professional skepticism. For example, if a public accounting firm was integrating the use of artificial intelligence software into their audit to enhance the overall quality, and this software were to identify an anomaly that occurred in a ratio such as inventory turnover, it is still the responsibility of the audit team to decide whether the variance is a true deviation and to identify the cause.

Background on artificial intelligence technology
With more advanced implementations of technologies, the audit process will become increasingly more efficient. For example, KPMG announced the implementation of IBM’s Watson to provide professional services including analyzing extensive volumes of financial statements and other financial data for any misstatements or oddities through the process of Artificial Intelligence.

History of AI
The initial research projects for artificial intelligence (AI) began with the work and research conducted by McCarthy, J., M. L. Minsky, N. Rochester, and C. E. Shannon. They worked together in an eight-week program called the Dartmouth Summer Research Project on Artificial Intelligence (DSRPAI), a semi-annual research event designated strictly for researching, understanding, and developing artificial intelligence. One of the earliest successes of AI is the ELIZA computer program. This program, created by Joseph Weizenbaum at MIT, was the first rendition of a natural language processor that simulated human conversation. The use of this technology in the accounting system has been helpful for the industry.

Industry is adopting AI on a large scale
Artificial intelligence accounting systems (ALIAS) are a way to minimize the accountants engagement on an audit by providing a number of processes including uploading source documentation, providing the correct accounts, doing certain testing, and more. This process will deliver more information to the auditor and the client faster and with the help of expert systems validating documentation to aid the decision making process, AI can revolutionize the time of the audit process. Due to the nature of this industry, this technology cannot be interpreted without proper validation. The more the technology is used, the more it will be able to understand what documents are required to validate other documents, what processes should be followed for filing and reporting certain documentation, and other processes that will overall keep personal auditor engagement down in order to minimize the errors of the audit and increase the accuracy.

Blockchain
Future use of the blockchain networks can completely eliminate financial statement misconduct and can rapidly increase the auditors process.

An emerging technology that has been increasing in popularity since the use of cryptocurrency is the use of Blockchain. Blockchain networks are a decentralized public ledger that maintain the transaction records made with Bitcoin. Since this ledger is decentralized, it is difficult for the transactions to be fraudulent meaning that auditors can verify these transactions without the use of an intermediary. Since this system is based entirely online, it opens the door for collaborators that can work on the audit of this technology and the transactions occurring within it to ultimately increase productivity of the audit process. If companies can begin to recognize these cryptocurrencies as assets, the use of crypto will force audit technology to adapt along with the rules and regulations on retrieving audit evidence from these assets.

There are many issues that still need to be worked out for this technology to be used consistently. For example, the data security of these transactions is still in question. Since there is no need for confirmations from external sources such as invoices, accounts receivable confirmations,  or analyst reports, auditors need to rely on the security that is placed within the blockchain network. Since this technology is relatively new, more research needs to be done in order to see how secure these networks are. Once the security and control of that security is confirmed, auditors can use all the evidence that comes from the blockchain network in order to do the proper audit proceedings.