Data analytics and the auditor

This article provides some insight into the matters which need to be considered by auditors when using data analytics. The Advanced Audit and Assurance syllabus includes the following learning outcomes:

  • Assess and describe how IT can be used to assist the auditor and recommend the use of Computer-assisted audit techniques (CAATs) and data analytics where appropriate, and
  • Discuss current developments in emerging technologies, including big data and the use of data analytics and the potential impact on the conduct of an audit and audit quality.

In addition, candidates are expected to have a broad understanding of what is meant by the term 'data analytics', how it may be used in the audit and how it can improve audit efficiency.

What is data analytics?

Data analytics has been around in various forms for a long time, but businesses are finding increasingly sophisticated and timely methods to utilise data analytics to enhance their operations. Data analytics enable businesses to identify new opportunities, to harness costs savings and to enable faster more effective decision making. Whether it is the ability to identify potential for new products and services or to detect the potential loss of clients in order to direct efforts to encourage them to stay, data analytics is everywhere in business today.

At a basic level data analytics is examining the data available to draw conclusions. This isn’t a new concept but there are growing trends towards more integrated and more timely use of data from multiple sources to help inform business decisions or to draw conclusions. The data used by companies is likely to be both internal and external and include quantitative and qualitative data. This is often aided by specialised software which may have to be developed to enable the information from many different sources and formats to be first combined and then analysed. In some cases the formats covered include audio and visual analysis in addition to the usual text and number formats.

What are the uses of data analytics?

The possible uses for data analytics are as diverse as the businesses that use them. They can be as simple as production of Key Performance Indicators from underlying data to the statistical interrogation of scientific results to test hypotheses. Firms may use data analytics to predict market trends or to influence consumer behaviour. Data mining of customer feedback for repeated common phrases might give insights into where improvements in customer service are needed or to which competitor customers may be most likely to move to. Voice pattern recognition can be used to identify areas of customer dissatisfaction. Police forces can collate crime reports to identify repeat frauds across regions or even countries, enabling consolidated overview to be taken. The possibilities with data analytics can appear limitless as emerging artificial intelligence can allow for faster analysis and adaptation than humans can undertake.

How can data analytics be used by audit firms?

The IAASB defines data analytics for audit as the science and art of discovering and analysing patterns, deviations and inconsistencies, and extracting other useful information in the data underlying or related to the subject matter of an audit through analysis, modelling and visualisation for the purpose of planning and performing the audit

The larger audit firms and increasingly smaller firms utilise data analytics as part of their audit offering to reduce risk and to add value to the client. Bigger firms often have the resources to create their own data analytics platforms whereas smaller firms may opt to acquire an off the shelf package. There is no one universal audit data analytics tool but there are many forms developed inhouse by firms. These tools are generally developed by specialist staff and use visual methods such as graphs to present data to help identify trends and correlations.

For auditors, the main driver of using data analytics is to improve audit quality. It allows auditors to more effectively audit the large amounts of data held and processed in IT systems in larger clients. Auditors can extract and manipulate client data and analyse it. By doing so they can better understand the client’s information and better identify the risks. Data analytics tools have the power to turn all the data into pre-structured forms/presentations that are understandable to both auditors and clients and even to generate audit programmes tailored to client-specific risks or to provide data directly into computerised audit procedures thus allowing the auditor to more efficiently arrive at the result.

Examples of the use of data analytics to perform audit procedures include:

 
* NRV testing – comparing the last time an inventory item was purchased with the last time it was sold and at what price

* Analysis of revenue trends by product and region

* Matching purchase orders to invoices and payments

* Segregation of duties testing by identifying combinations of users involved in processing transactions from the metadata attached to transactions

Benefits of data analytics

The increased access and manipulation of data and the consistency of application of data analytics tools should increase audit quality and efficiency through:

  • increased business understanding through a more thorough analysis of a client’s data and the use of visual output such as dashboard displays rather than text or numerical information allows auditors to better understand the trends and patterns of the business and makes it easier to identify anomalies or outliers

  • better focus on risk. This increase in understanding, aids the identification of risks associated with a client, enabling testing to be better directed at those areas. This is further enhanced by freeing up auditor time from analysing routine data so that more time can be spent on areas of risk

  • increased consistency across group audits where all auditors are using the same technology and process, enabling the group auditor to direct specific tools for use in component audits and to execute testing across the group. This would require appropriate consent from all component companies but if granted enables a more holistic view of a group to be undertaken

  • increased efficiency through the use of computer programmes to perform very fast processing of large volumes of data and provide analysis to auditors on which to base their conclusion, saving time within the audit and allowing better focus on judgemental and risk areas. For example much larger samples can be tested, often 100% testing is possible using data analytics, improving the coverage of audit procedures and reducing or eliminating sampling risk

  • data can be more easily manipulated by the auditor as part of audit testing, for example performing sensitivity analysis on management assumptions

  • increased fraud detection through the ability to interrogate all data and to test segregation of duties, and

  • information obtained through data analytics can be shared with the client, adding value to the audit and providing a real benefit to management in that they are provided with useful information perhaps from a different perspective.

Challenges of data analytics

The introduction of data analytics for audit firms isn’t without challenges to overcome. At present there is a lack of consistency or a widely accepted standard across firms and even within a firm*. At present there is no specific regulation or guidance which covers all the uses of data analytics within an audit. This results in difficulty establishing quality guidelines. It also means that firms with the resources to develop their own data analytics tools may have a competitive advantage in the market place effectively increasing the gap between the largest firms and smaller firms, reducing effective competition in the audit industry.  Other issues which can arise with the introduction of data analytics as an audit tool include:

  • data privacy and confidentiality. The copying and storage of client data risks breach of confidentiality and data protection laws as the audit firm now stores a copy of large amounts of detailed client data. This data could be misused by the firms or illegal access obtained if the firm’s data security is weak or hacked which may result in serious legal and reputational consequences

  • for a variety of reasons, including the above, and also due to a perception that it may be disruptive to business, the audit client may be reluctant to allow the audit firm sufficient access to their systems to perform audit data analytics

  • completeness and integrity of the extracted client data may not be guaranteed. Specialists are often required to perform the extraction and there may be limitations to the data extraction where either the firm does not have the appropriate tools or understanding of the client data to ensure that all data is collected. This may especially be the case where multiple data systems are used by a client. In addition, it may be possible for clients to only make selected data accessible or to manipulate the data available for extraction 

  • compatibility issues with client systems may render standard tests ineffective if data is not available in the expected formats

  • audit staff may not be competent to understand the exact nature of the data and output to draw appropriate conclusions, training will need to be provided which can be expensive

  • insufficient or inappropriate evidence retained on file due to failure to understand or document the procedures and inputs fully. For example, a screen shot on file of the results of an audit procedure performed by the data analytic tool may not record the input conditions and detail of the testing*, and

  • practice management issues arise relating to data storage and accessibility for the duration of the required retention period for audit evidence. The data obtained must be held for several years in a form which can be retested. As large volumes will be required firms may need to invest in hardware to support such storage or outsource data storage which compounds the risk of lost data or privacy issues

  • an expectation gap among stakeholders who think that because the auditor is testing 100% of transactions in a specific area, the client’s data must be 100% correct.

Conclusion

Data analytics tools which can interact directly with client systems to extract data have the ability to allow every transaction and balance to be analysed and reported. The increase in computerisation and the volumes of transactions has moved audit away from an interrogation of every transaction and every balance and the risk-based approach which was adopted increased the expectation gap further.

With data analytics, there is a chance to redress some of this balance and for auditors to have the ability to test more transactions and balances. This may increase the chances of detecting certain types of fraud or the ability to identify inefficiencies and opportunities for a clients’ business however as yet it still can’t predict the future and the need for auditors to assess judgements and the future of the firm as well as the past means auditors aren’t replaced by computers just yet.

Written by a member of the AAA examining team