The PCAOB released an update Thursday on its thinking about how to use data analytics and related technologies in financial audits, and it seems that the regulator will maintain for now its belief that no new auditing standards to address technology are necessary.
For several years now, the PCAOB has run a small task force considering how advances in technology can affect corporate audits — say, by analyzing more transactions, or rooting out more subtle examples of bias in management judgments. This latest report is more a summary of how audit firms are using technology to perform their jobs, rather than any definitive statement about whether the PCAOB should update its standards.
“To date, the results of our activities continue to indicate that PCAOB auditing standards do not preclude audit firms’ use of technology-based tools during an audit,” the report said. “We have heard, however, and we continue to acknowledge, that our current standards do not explicitly encourage the use of such tools, indicate when their use may or may not be appropriate, or highlight related risks or possible pitfalls associated with their use.”
Ummm, OK. So what will the PCAOB do next?
“PCAOB staff will continue to gather input on advancements in technology and changes in how auditors use technology,” the report continued. “We will consider the effects of those changes on audit quality and determine any implications for our standards.”
Corporate audit and financial compliance teams are affected by the PCAOB’s approach to data technology only indirectly. The PCAOB regulates how audit firms use technology; and that, in turn, guides how your external auditor interacts with you as the auditor asks for troves of data, reaches conclusions about internal controls, and decides what to put in its audit report.
For now, it seems, the PCAOB will continue to let auditors rely on existing standards as they bring data analytics and other cutting-edge technologies to bear in their work with your business.
Where Analytics Is Happening
Today’s report is more interesting for its overview of how audit firms are using technology today. In many cases, those advanced technologies are clear improvements over historical approaches to auditing.
For example, to test a company’s revenue management processes, some audit firms use software that matches revenue transactions against subsequent cash receipts. That is, the audit firm examines all transactions to find anomalies; rather than the traditional approach of studying a sample of transactions to get a sense of how well the process works.
Some firms also now use technology for better detection of management bias. For example, they can identify instances where management consistently selects prices from the upper end of a range when valuing securities. That’s a nifty capability to have, considering how often management estimates turn up in accounting fraud enforcement actions.
Another item, perhaps more dear to the hearts of internal auditors: how audit firms are using technology to test controls. The PCAOB found that using technology tools to test all attributes of a control still isn’t common practice, but some auditors do use technology to test certain aspects of a control’s design (say, user access rights or segregation of duties) or its operating effectiveness (such as the completeness and accuracy of a system-generated report).
Technology could also have a pronounced effect on the auditing of inventory. The PCAOB said that some businesses are trying to embrace inventory management systems, to optimize and monitor the movement, counting, and recording of inventory. That’s great unto itself, but if you’re overhauling the technology and processes you use for inventory management, that has implications for the audit of said inventory.
For example, the company itself might need to design new procedures and controls for inventory management. That means auditors will need to spend time understanding those procedures and controls, and probably change their own audit procedures and testing in response. Or if your inventory management system allows more accurate and frequent counts of inventory, your audit firm might also change its own frequency of inventory observations.
And then there’s my personal favorite — inventory inspection by drone! That’s not a wholly new concept, but the idea took flight (yep, pun intended) during the pandemic, when auditors’ access to physical locations was quite limited.
Drone inspections are perfectly fine to do, but the PCAOB did warn that audit firms will still need to assure that what they’re seeing is accurate. For example, if the inspection is being conducted by a professional drone pilot, the audit team may want to assess the pilot’s credentials and expertise.
The Bigger Picture
A perennial complaint among internal auditors, financial compliance teams, and CFOs is the cost of the audit. So my question about technology is this: Will new technology cut the costs of the audit, or leave prices high but improve the quality of the audit?
It seems to me that we can’t complain about audits getting more sophisticated at uncovering fraud, mistakes, weaknesses, or waste. That’s a good thing. But it does bring a cost as people code up that software, develop new analytics techniques, study more data, or even just practice their drone piloting skills.
Internal audit and compliance executives also need to beware that the more sophisticated those audits can be, the more capable you’ll need to be at providing evidence of effective internal controls, and more responsive to more precise and probing questions. Keeping up with those needs hasn’t necessarily happened, according to a few surveys I’ve seen here and there.